Has anyone considered the possibility that Microsoft deliberately left the symbol in, to reveal NSA's presence without risking liability? Or is it just easier for you to blindly attack Microsoft given the slightest excuse?
Replace Microsoft in that sentence with any other major corporation -- Occham's Razor still applies. I could possibly buy that this was deliberate on the part of an individual employee, but I find it highly improbable that the management of ANY large company would make that sort of decision.
1. As much as he whines, RMS isn't legally obligating anyone to use the GNU/ prefix... it's certainly not written into the GPL
2. Any Linux distribution I've seen is the GNU system with some BSD tools and a Linux kernel. It's certainly not inappropriate to call it GNU/Linux.
3. The BSD tools are a minimal part of the system, though -- if you put the GNU tools on a FreeBSD system, you don't get GNU/FreeBSD -- it works the other way around, too.
4. This also means that if someone took FreeBSD and replaced only the kernel with Linux, you could legitimately call it BSD/Linux. (and probably ought to, to avoid confusion!) Berlin--http://www.berlin-consortium.org
It would be vary slow but may me in the law because nothing is leaving.
Nope, the data is still being sent -- it's just encoded in the ACK sequences then. In fact, modulating ACKs is one popular way to quietly get data out of non-airwalled "secure" networks, hence we use fun devices like NLS pumps to prevent that.
[ n.b. if you actually care about something, don't ever put it on a machine even remotely near an open network, firewalls, NLS pumps or no. Airwalls are the only way. (and even then they're not totally secure due to human factors) ]
How many people actually USE the cryptoAPI? It seems to me that unless you're using this stuff, all of this has no effect.
Pretty much everyone and everything under Windows, directly or indirectly... ActiveX code signing, Outlook, Internet Explorer... authentication, I think... you name it.
"What the @#$% do those 3 lines of code do? Hrmmm, oh well, doesn't look like the section I was trying to find anyway . .."
One thing you're forgetting -- generally when package maintainers (Linus, for instance) are reviewing a patch for inclusion in the distribution, they won't accept it unless they understand all the code involved.
If you tried something clever like spreading the changes across several patches, that wouldn't really work either.
[Judas] Here's my patch to fix the support for the/dev/blah device [Maintainer] Hrm. I'll have a look. ... [Maintainer] What's this little bit of code here do? I think you could probably shave a couple hundred instructions off here if you left it out, and it looks completely unnecessary. [Judas] There's something screwy with the timing; that was the only way I could get it to work [Maintainer] Hrm. That seems like a kind of awkward hack to me -- I'd like a solution I could understand better. I just replaced this with a delay loop -- I don't have the blah hardware myself though... (to mailing list) Hey, could someone with blah hardware give this a try with my modification and see if it still works? [Mailing List] Okay... it seems fine. In fact, one of us tried it without the delay loop, and there weren't any problems. [Maintainer] (to Judas) I applied your patch; it seems to work fine without the bit of code though, so I just left that part out. [Judas] Curses, foiled again!
As a modest package maintainer myself, I personally read every patch I get. Even if the patch author isn't malicious, the patch could still potentially fail in a catastrophic way due to a stupid logic error or invalid assumptions.
One thing that some people don't seem to understand about Open Source is that just because some Joe Schmoe produces some code doesn't mean that it'll end up in the official distribution.
It might be easy to read the code in the official distribution, and it might be easy to modify the code in your own copy, but it's nontrivial to quietly modify the official distribution. To submit a patch is to submit that patch to a lot of direct public scrutiny.
Last time, Amiga was released from the hospital after a miraculous recovery from total paralysis and amnesia to be reuinted with Jim, her husband. The couple decided to adopt the little orphan Linux. Now, on their first night together after the car accident that separated them, she finds Jim cold and distant...
[Amiga] What's the matter, Jim? Don't you love me? [Jim] No... Amiga... I'm sorry, but you're just not the same woman I fell in love with... not since the accident... [Amiga] It's that hussy Apple, isn't it?! Her and those flashy G4s... [Jim] I... I... [Amiga] ADMIT IT!@#$ [Jim] I can't lie to you... your vaporware just can't compare to her firmware... yes, yes, I'm having an affair with Apple! [Amiga] You bastard! GET OUT#(@$&*(@# GET OUT OF MY HOUSE(#@*($#@ * Jim slams the door * Amiga sobs
Tune in tomorrow for another episode of As The Workbench Turns...
Disclaimer: I am personally a GPL fan, and I largely agree with you. However...
Notice however, the most important things run under FreeBSD are GPLed: gcc, Apache, Samba, etc.
Apache is not GPLed, it's under a BSD-ish license.
He is right. They can't [GPL FreeBSD]. Them the brakes.
Unless I am much mistaken, the whole point of the BSD license versus the GPL was that you could relicense the code to yourself for incorporation in a commercial product without requiring the intervetion of the copyright holders. This is the point that comes up most commonly in GPL v.s. BSD license discussions. Commercial (proprietary) licensing arrangements are considerably more restrictive than the GPL -- if this is the case, then they very well can relicence it to the GPL if they wanted.
Now, whether they should... that's another matter. I would just as soon see the *BSDs remain under their current license.
FreeBSD is a Dead End You never know.
That was just a cheap shot. "X is a Dead End./You never know."... classic FUD.
> The Mailing List and Newsgroup just aren't an adequate security model. If you don't trust a patch floating around a mailing list/newsgroup, fine. They will eventually get looked at by the (trusted) maintainers, who will personally review the patch and likely include it in the standard distribution. It's not as if joe schmoe can magically write some code, post it on a newsgroup, and *bam*, it's in the distro. It doesn't work like that. Code has to go through an EXTENSIVE public review process before it gets merged into the main tree. That's a more than adequate security model, and better than most proprietary software vendors. If getting patches from an untrusted source in a newsgroup bothers you, then you can wait for them to get reviewed and either be rejected (and the functionality added in some other way), or make their way into the standard distribution. I don't see what's so hard about that. You obviously haven't actually had any direct experience with the way these projects work. Berlin--http://www.berlin-consortium.org
[apprunner] crashes silently at the end of its startup spiel.
No, just the first time you run it, you actually run the installation wizard, which exits when it is done. When you start apprunner the next time (and all subsequent times), it will start up the browser.
"No", the patches are not cumulative, "yes," you'll need to get and apply all the intermediate patches in order. Berlin--http://www.berlin-consortium.org
In case you haven't noticed, the majority of Alpha sales have been OpenVMS and DG-UX kits, not NT. There actually hasn't been that much demand for NT on Alpha, so I think Compaq is just doing the savvy thing -- they're just dropping a less profitable (for them) OS.
Slashdot Mirror
Stalin was a priest.
Hrm. Can you offer documentation of this?
Berlin-- http://www.berlin-consortium.org
Why is NSA public key pre-installed on the Operating System?
I was wondering that too, except the key is not pre-installed, it is hard-coded .
Berlin-- http://www.berlin-consortium.org
...enh, basicaly an "astroturfer", from what I can figure.
Berlin-- http://www.berlin-consortium.org
Has anyone considered the possibility that Microsoft deliberately left the symbol in, to reveal NSA's presence without risking liability? Or is it just easier for you to blindly attack Microsoft given the slightest excuse?
Replace Microsoft in that sentence with any other major corporation -- Occham's Razor still applies. I could possibly buy that this was deliberate on the part of an individual employee, but I find it highly improbable that the management of ANY large company would make that sort of decision.
Berlin-- http://www.berlin-consortium.org
the Nazi party was "National Socialist" how could they be "right wingers"?
Technically, they were [are] fascist, regardless of what they called themselves.
Honestly, totalitarianism or statism is totalitarianism or statism, regardless of which side of the aisle you choose to stick it on.
Whether it's conservatism or liberalism that you take too far, you invariably end up at the same place. The political spectrum is circular.
Berlin-- http://www.berlin-consortium.org
1. As much as he whines, RMS isn't legally obligating anyone to use the GNU/ prefix ... it's certainly not written into the GPL
2. Any Linux distribution I've seen is the GNU system with some BSD tools and a Linux kernel. It's certainly not inappropriate to call it GNU/Linux.
3. The BSD tools are a minimal part of the system, though -- if you put the GNU tools on a FreeBSD system, you don't get GNU/FreeBSD -- it works the other way around, too.
4. This also means that if someone took FreeBSD and replaced only the kernel with Linux, you could legitimately call it BSD/Linux. (and probably ought to, to avoid confusion!)
Berlin-- http://www.berlin-consortium.org
I'm a rabid GPL advocate and all, but the reprocussions of this I'm seeing down the road just make me ill...
Berlin-- http://www.berlin-consortium.org
At the end of each line, you could put a checksum digit. Then, if the OCR fails on that line, it can be flagged for checking by the human operator.
This was done for the PGP book and others.
Berlin-- http://www.berlin-consortium.org
It would be vary slow but may me in the law because nothing is leaving.
Nope, the data is still being sent -- it's just encoded in the ACK sequences then. In fact, modulating ACKs is one popular way to quietly get data out of non-airwalled "secure" networks, hence we use fun devices like NLS pumps to prevent that.
[ n.b. if you actually care about something, don't ever put it on a machine even remotely near an open network, firewalls, NLS pumps or no. Airwalls are the only way. (and even then they're not totally secure due to human factors) ]
Berlin-- http://www.berlin-consortium.org
shipping a nuclear bomb overseas, one tiny little piece at a time? I don't think the feds would let that one slip through the cracks. :-)
Certainly not, if they ever found out, which is the point of this whole discussion in the first place.
Berlin-- http://www.berlin-consortium.org
How many people actually USE the cryptoAPI? It seems to me that unless you're using this stuff, all of this has no effect.
Pretty much everyone and everything under Windows, directly or indirectly ... ActiveX code signing, Outlook, Internet Explorer ... authentication, I think ... you name it.
Berlin-- http://www.berlin-consortium.org
"What the @#$% do those 3 lines of code do? Hrmmm, oh well, doesn't look like the section I was trying to find anyway . . ."
One thing you're forgetting -- generally when package maintainers (Linus, for instance) are reviewing a patch for inclusion in the distribution, they won't accept it unless they understand all the code involved.
If you tried something clever like spreading the changes across several patches, that wouldn't really work either.
[Judas] Here's my patch to fix the support for the[Maintainer] Hrm. I'll have a look.
[Maintainer] What's this little bit of code here do? I think you could probably shave a couple hundred instructions off here if you left it out, and it looks completely unnecessary.
[Judas] There's something screwy with the timing; that was the only way I could get it to work
[Maintainer] Hrm. That seems like a kind of awkward hack to me -- I'd like a solution I could understand better. I just replaced this with a delay loop -- I don't have the blah hardware myself though
[Mailing List] Okay... it seems fine. In fact, one of us tried it without the delay loop, and there weren't any problems.
[Maintainer] (to Judas) I applied your patch; it seems to work fine without the bit of code though, so I just left that part out.
[Judas] Curses, foiled again!
As a modest package maintainer myself, I personally read every patch I get. Even if the patch author isn't malicious, the patch could still potentially fail in a catastrophic way due to a stupid logic error or invalid assumptions.
One thing that some people don't seem to understand about Open Source is that just because some Joe Schmoe produces some code doesn't mean that it'll end up in the official distribution.
It might be easy to read the code in the official distribution, and it might be easy to modify the code in your own copy, but it's nontrivial to quietly modify the official distribution. To submit a patch is to submit that patch to a lot of direct public scrutiny.
Berlin-- http://www.berlin-consortium.org
Since MS's TrueType fonts aren't free, does anyone know where I can get free/gpl versions of the common TrueType fonts (arial, times new roman, etc)?
If you mean free as in beer, then you ought to check out http://www.microsoft.com/t ypography/fontpack/default.htm. You can use infozip on the self-extracting archives. Work quite nicely with xfstt.
Berlin-- http://www.berlin-consortium.org
Except of course that Jay Miner is still dead... Who else could they get?
Still dead, you say? Ahh, but that's what Transmeta's really working on!
Berlin-- http://www.berlin-consortium.org
Last time, Amiga was released from the hospital after a miraculous recovery from total paralysis and amnesia to be reuinted with Jim, her husband. The couple decided to adopt the little orphan Linux. Now, on their first night together after the car accident that separated them, she finds Jim cold and distant...
[Amiga] What's the matter, Jim? Don't you love me?[Jim] No... Amiga... I'm sorry, but you're just not the same woman I fell in love with
[Amiga] It's that hussy Apple, isn't it?! Her and those flashy G4s...
[Jim] I
[Amiga] ADMIT IT!@#$
[Jim] I can't lie to you
[Amiga] You bastard! GET OUT#(@$&*(@# GET OUT OF MY HOUSE(#@*($#@
* Jim slams the door
* Amiga sobs
Tune in tomorrow for another episode of As The Workbench Turns...
Berlin-- http://www.berlin-consortium.org
Disclaimer: I am personally a GPL fan, and I largely agree with you. However...
Notice however, the most important things run under FreeBSD are GPLed: gcc, Apache, Samba, etc.
Apache is not GPLed, it's under a BSD-ish license.
He is right. They can't [GPL FreeBSD]. Them the brakes.
Unless I am much mistaken, the whole point of the BSD license versus the GPL was that you could relicense the code to yourself for incorporation in a commercial product without requiring the intervetion of the copyright holders. This is the point that comes up most commonly in GPL v.s. BSD license discussions. Commercial (proprietary) licensing arrangements are considerably more restrictive than the GPL -- if this is the case, then they very well can relicence it to the GPL if they wanted.
Now, whether they should ... that's another matter. I would just as soon see the *BSDs remain under their current license.
FreeBSD is a Dead End
You never know.
That was just a cheap shot. "X is a Dead End./You never know." ... classic FUD.
Berlin-- http://www.berlin-consortium.org
tsia.
Berlin-- http://www.berlin-consortium.org
> The Mailing List and Newsgroup just aren't an adequate security model.
If you don't trust a patch floating around a mailing list/newsgroup, fine. They will eventually get looked at by the (trusted) maintainers, who will personally review the patch and likely include it in the standard distribution. It's not as if joe schmoe can magically write some code, post it on a newsgroup, and *bam*, it's in the distro. It doesn't work like that. Code has to go through an EXTENSIVE public review process before it gets merged into the main tree. That's a more than adequate security model, and better than most proprietary software vendors.
If getting patches from an untrusted source in a newsgroup bothers you, then you can wait for them to get reviewed and either be rejected (and the functionality added in some other way), or make their way into the standard distribution. I don't see what's so hard about that.
You obviously haven't actually had any direct experience with the way these projects work.
Berlin-- http://www.berlin-consortium.org
I wouldn't worry about it, myself. It'd be the proveribal drop -- no, molecule -- in the bucket.
Berlin-- http://www.berlin-consortium.org
[apprunner] crashes silently at the end of its startup spiel.
No, just the first time you run it, you actually run the installation wizard, which exits when it is done. When you start apprunner the next time (and all subsequent times), it will start up the browser.
Berlin-- http://www.berlin-consortium.org
If you don't like something, you really can fix it without having to wade through reams and reams of mediocre eighties code.
Er, there's not really any of that "mediocre eighties code" left...
Berlin-- http://www.berlin-consortium.org
Let's just hope that journalists don't start hounding him on c.o.l and linux-kernel...
Berlin-- http://www.berlin-consortium.org
~just a little bit~
~just a little bit~
S-A-R-C-A-S-M
(to the tune of "RESPECT")
Berlin-- http://www.berlin-consortium.org
"No", the patches are not cumulative, "yes," you'll need to get and apply all the intermediate patches in order.
Berlin-- http://www.berlin-consortium.org
In case you haven't noticed, the majority of Alpha sales have been OpenVMS and DG-UX kits, not NT. There actually hasn't been that much demand for NT on Alpha, so I think Compaq is just doing the savvy thing -- they're just dropping a less profitable (for them) OS.
Dropping NT is not going to have that significant an effect on Alpha sales.
Berlin-- http://www.berlin-consortium.org