iTunes isn't an open standard. If Palm wants to add music syncing to their product, they can do it themselves, or use another product that they're allowed to use.
By extension, you're suggesting that a Pre owner is "not allowed" to use iTunes and their Pre together. Bullshit.
Writing a capable music player/syncing app is not the trivial task you make it out to be. And even if it was, obviously making a *good* app of that type is not trivial, considering that most of them suck pretty hard, and even iTunes is only just decent.
Now, that's not an excuse for Palm, but why *shouldn't* they support iTunes sync support if they can? If their motive for doing so is to tempt current iPhone users with an easier conversion path, more the better. Now, it's best if they have another sync method that's easy to use, since of course they can't *depend* on their iTunes interop. But frankly Apple is just being their usual dickish selves by doing their best to lock out the Pre with every update. My sympathy is firmly with Palm here. I do love Apple products (I'm typing on one now and have another in my pocket), but Apple as a company... their exclusionary policies make them look like a selfish 4-year-old most of the time.
Look at it this way: we all like open standards and common protocols, right? Well, I wouldn't bet that Apple will embrace one, ever. But if Palm can tire Apple out enough so they give up and "allow" (having to use that word grates on me) the Pre to interoperate with iTunes, that's better for the community as a whole.
My only issue with Palm is that is that using Apple's vendor/product IDs seems a bit sketchy, but, frankly... what harm does it actually do? If, for all intents and purposes, the Pre *behaves* like an iPod/iPhone when any piece of software tries to treat it as such, what does it matter? You can get all up in arms in the purist/idealist sense, but I'm too much of a pragmatist to care in this instance.
My understanding of Chinese culture is that there is something similar to the "Japanese honor" concept, but in China it's more a matter of "saving face." Not quite the same as the "honor" idea, more along the lines of dignity and being allowed to cover for or make up for embarrassment. More a matter of public reputation than personal honor. Wikipedia actually has an article about it. It's very hard for a foreigner to fully understand it, I think (and as a foreigner I don't claim to really understand it myself). Don't mistake it for the similar Western idea of face-saving... it goes much deeper and is more nuanced in China.
Your post actually reminds me of a question I've always had. It seems -- and this probably has to do with random bias -- that whenever people talk out in favor of OpenBSD, it always starts with "I've been running OpenBSD as my firewall..."
What other things do people deploy OpenBSD as, and can we consider it just as secure in those applications?
Saying "secure in the default install" is fine, but may not be useful if your default install doesn't have what many people need.
I'm not trolling here or trying to respond negatively to what you said; I'm just genuinely curious.
Taking that stance is fine -- that the OS is written for the developers, and people who don't contribute code may benefit, but not to expect a benefit, and not to complain when things don't work... unless you're willing to work on fixing it yourself.
I'm totally on board with that attitude.
However, that doesn't mean you're not an asshole. Saying, "If you read [the docs] and didn't understand them you're a lamer," is pretty much the textbook definition of being an elitist asshole. Telling people to "fuck off" may mean you are an asshole.
From what I've read of de Raadt (both his own writing, and people writing about him), I'd totally believe that he ignored a handshake from Bruce Perens (not saying it happened or not; I have no idea, just that I'd believe it).
As for theo.c... obviously all of that stuff has no context whatsoever, but (while, admittedly, some of it is indeed pretty funny) some of it does sound pretty asshole-ish. And that's fine. But being somehow "proud" of theo.c takes the assholery to a new level.
Now, again, I'm not coming down negatively on the idea of being an asshole. I can be an asshole sometimes too. Sometimes being an asshole is a useful way of getting things done. But don't hide behind some facade based on pretending to be a nice, respectful guy if you aren't. That's just dishonest.
So, you have a million confusion projects going on based on the code all, called "Linux". How many versions of "OpenBSD" are there out there? Umm, ONE. Sure, someone could go and make their own userland and such, but it cannot be called OpenBSD. So, before you go on a rant about how many times BSD has been forked, please get your facts straight.
Well, while you are correct in the distinction between the BSDs being full package-deal OSes, whereas Linux is just a kernel, and the better comparison would be between the BSDs and the various LInux-based distros, there's another way of looking at it, which I suspect the original poster was actually talking about.
The three main BSD *kernels* (Free, Open, Net... and should we count Dragonfly too?) are all forks of an original BSD kernel. They've diverged quite a lot, and in the unlikely event that they wanted to reunify, it would take many years of work to combine them all into a single kernel... if it's even possible.
On the other hand, there is really just one Linux kernel. Yes, there are small, (comparatively) short-lived forks. Most distros ship patched kernels, and some independent patchsets exist, but they tend not to diverge too much, or, when they do, usually diverge due to patches and driver support backported from later kernel versions. Many patches in distro kernels get pushed upstream. While they are technically forks in the real definition of the term, they're not anywhere in the same league as the differences between the various BSD kernels.
So while it's not true to say Linux-based OSes don't fork all the time (there are hundreds of them), it is, for practical purposes, safe to say that there is pretty much one Linux kernel. You can't say the same thing where BSD kernels are concerned.
Whether or not this really matters for any practical purpose is up to the reader to decide; it may just be an academic exercise to recognise the difference.
Sorry, but "unintended and innocent" changes the meaning of "lock in" so completely that it's useless. The term "lock in" is almost always used to describe the intentional, malicious action of one party to prevent another from using a competing product/service/whatever. If you take out the malice and make it unintended and innocent, then it's hard to call it lock in with a straight face.
But if you still insist on calling it lock in, then I say... who cares? If it's unintended and innocent, you can usually fix this problem through gentle prodding and education. (Hint: there's a compiler flag for gcc that will make it not accept GNU extensions.) If a software maintainer doesn't want to accept a patch ("well everyone uses gcc, so why should I clutter my code with this patch?"), then that's the direct fault of the developer, not of gcc.
And hell, many GNU extensions are useful. I'd imagine that LLVM's compiler backends might want to borrow some of them. (And sorry, childish "we don't want to copy gcc" isn't a valid reason for not implementing them if the extension truly is useful.)
You do realise we're discussing an article about Theo de Raadt, right? From what I've read, he's just as much of a BSD kook and idealist as RMS is. Just he gets less flak for it because he (currently, at least) is much more respected for his *engineering* contributions than RMS is.
Over the years I've learned that BSD developers are engineers while GPL developers are ideologues - ie. wackos and nutcases.
Wow, so I'm a wacko and a nutcase, and not real engineer? Sorry, not buying it.
Thank god BSD is well on their way to ridding themselves of GCC and already have the amazing LLVM compiler tech building the system. The efforts the GNU crowd has done to keep open source developers locked into their compiler is sickening from anyone who likes to believe the open source world is some sort of technological marketplace of ideas compared to the Microsoft world.
Yes, because everyone is just so completely *required* to use gcc. You can't use icc, Sun cc, MSVC, or anything else once you've even *touched* gcc. The fact that until recently there hasn't been another good open source compiler around says more to the quality of gcc and the lack of commitment or desire on the part of other potential compiler writers than anything negative about gcc. I'm sure LLVM is great, but apparently no one "needed" it until recently.
Man, too bad my mod points from yesterday didn't expire. -1 Flamebait, Troll, Misinformed-Idiot.`
Since when did you get bug fixes with any software *without* upgrading?
There's nothing stopping an interested party in cherry-picking bug fixes from newer versions and backporting patches. The fact that you haven't done so yourself means you either don't care enough, or are incapable (both of which turns your complaint into entitlement-laced whining).
And I'm not really sure how writing C++ code and compiling with gcc locks you in to gcc. My C++ code (on the sad occasion I need to use C++ for work) compiles just fine with both gcc and MSVC with a minimum of #ifdefs. If yours doesn't, perhaps you're just not a very good C++ programmer.
It's funny that you've painted the parent as a Linux user when he said no such thing. He also stated very little about his motivations for wanting said Windows machines to self-destruct, aside from suggesting that it might make people pay attention to security a bit more. Which is a good thing, even if the trigger for it is a bit painful. Please, there's no need to put words in people's mouths.
And when did "my computer got wiped" count as "suffering"? I'd be pretty upset if it happened to me, but I don't think suffering is quite the right word.
Oh, and you can blame MS all you want but the truth is that Linux, if as widely adopted and used by ordinary computer illiterate users, and as targeted by the malware writers as Windows is, wouldn't be a whole lot batter.
[citation needed]
(Though if that batter makes some nice cake, who am I to argue?)
Point is, my data is not that important and there are multiple copies of the stuff that is important, in particular my CV, just because I keep switching computers or copying stuff to other machines in the course of normal activity.
So basically you're saying... you do backups. Even if you don't have a specific "back up these files" activity, what you do amounts to having backups.
As another poster mentioned, if they're not making regular backups, they're at risk for losing their data for a variety of other reasons.
But to answer your question, yes, it *is* their fault that Windows is fucked up. The collective "yes, Windows sucks, but I'm going to tolerate it," attitude in the world is exactly why Window is as fucked up as it is. If thousands (tens of thousands? millions?) of computers get wiped because of this, that's the fault of everyone who runs Windows and doesn't care enough about security to keep themselves safe (either through backups, or constant attention to security).
Sorry, but Windows users need to accept some responsibility for the platform they've chosen. I won't delight in all these people losing data, but if it causes people to wise up and be more concerned about security, I'll consider it a net win.
The "security" advantages you so easily dismiss are the things that tend to safeguard your data. Most desktop X servers out there run with network access disabled. At least this way if someone breaks into your machine via other means, they can't find a vulnerability in the X server to gain root.
Most attackers don't break into your machine to trash your data. They're there to take over it and turn it into a zombie for their botnet. Trashing your data is actually counter-productive; they want to hide their intrusion.
I am not sure that this is the right solution. Not running it as root is good, but running it as me - I don't know. I'd rather that the user that runneth the X server is some sort of 'xserver' user - to whose process I connect. That 'xserver' user then has the right to push my screen into VGA mode and all that.
As another poster mentioned, this makes multi-user X a bit more difficult. What's the issue of having your user ID doing all this? If you're allowed to log into the console, then you're presumably allowed to run X (or not; you can still lock down the machine so particular users can't run X or access the graphics hardware). If you can run X, you can talk to the graphics hardware. Note that this doesn't give you carte-blanche to fiddle with the graphics card's registers to try to make the machine crash: you only get certain actions as provided by the DRI interface.
Also, this doesn't fix all those other services (that gnome has, for example) that allow my X programs to mount stuff etc. Which is, again, a security risk by itself.
No, you just don't understand how it works. X apps do not mount things. HAL (or, soon, DeviceKit-disks) mounts things on behalf of authenticated requests from X apps (or console apps, even). HAL/DeviceKit are system daemons that have no GUI. Frameworks like PolicyKit and ConsoleKit ensure that you aren't mounting or unmounting things you shouldn't be.
That's already been the case for the more mainstream cards (nvidia, AMD, Intel) for many years now. They all require a kernel piece for 3D support. nvidia, at least, has a single driver core that they use for multiple OSes, with a little translation layer for the particular kernel. I don't know what the others do.
Well, if the flaw is in an X *library*, it doesn't matter, as only the clients (running as the regular user) use those. The X server doesn't need or use libX11, libXrandr, libXext, etc. at all.
But yes, true -- any exploitable flaw in the X server itself (or any of the extensions compiled into or loaded dynamically by the server) could result in root access.
I'm not disagreeing with the premise of the two tags, just that it seems that in the real world, most web authors use them to mean "render with italics" or "render bold weight". I guess that turns out to be ok, though.
Slashdot Mirror
iTunes isn't an open standard. If Palm wants to add music syncing to their product, they can do it themselves, or use another product that they're allowed to use.
By extension, you're suggesting that a Pre owner is "not allowed" to use iTunes and their Pre together. Bullshit.
Writing a capable music player/syncing app is not the trivial task you make it out to be. And even if it was, obviously making a *good* app of that type is not trivial, considering that most of them suck pretty hard, and even iTunes is only just decent.
Now, that's not an excuse for Palm, but why *shouldn't* they support iTunes sync support if they can? If their motive for doing so is to tempt current iPhone users with an easier conversion path, more the better. Now, it's best if they have another sync method that's easy to use, since of course they can't *depend* on their iTunes interop. But frankly Apple is just being their usual dickish selves by doing their best to lock out the Pre with every update. My sympathy is firmly with Palm here. I do love Apple products (I'm typing on one now and have another in my pocket), but Apple as a company... their exclusionary policies make them look like a selfish 4-year-old most of the time.
Look at it this way: we all like open standards and common protocols, right? Well, I wouldn't bet that Apple will embrace one, ever. But if Palm can tire Apple out enough so they give up and "allow" (having to use that word grates on me) the Pre to interoperate with iTunes, that's better for the community as a whole.
My only issue with Palm is that is that using Apple's vendor/product IDs seems a bit sketchy, but, frankly... what harm does it actually do? If, for all intents and purposes, the Pre *behaves* like an iPod/iPhone when any piece of software tries to treat it as such, what does it matter? You can get all up in arms in the purist/idealist sense, but I'm too much of a pragmatist to care in this instance.
My understanding of Chinese culture is that there is something similar to the "Japanese honor" concept, but in China it's more a matter of "saving face." Not quite the same as the "honor" idea, more along the lines of dignity and being allowed to cover for or make up for embarrassment. More a matter of public reputation than personal honor. Wikipedia actually has an article about it. It's very hard for a foreigner to fully understand it, I think (and as a foreigner I don't claim to really understand it myself). Don't mistake it for the similar Western idea of face-saving... it goes much deeper and is more nuanced in China.
That still doesn't make it actual property, and that still doesn't equate copyright infringement with physical theft.
He may not be ok with that. But that still doesn't make copyright infringement the equivalent of theft of a physical item.
Your post actually reminds me of a question I've always had. It seems -- and this probably has to do with random bias -- that whenever people talk out in favor of OpenBSD, it always starts with "I've been running OpenBSD as my firewall..."
What other things do people deploy OpenBSD as, and can we consider it just as secure in those applications?
Saying "secure in the default install" is fine, but may not be useful if your default install doesn't have what many people need.
I'm not trolling here or trying to respond negatively to what you said; I'm just genuinely curious.
I look at it the other way around... I'm too lazy to watch a video, would rather read text.
Taking that stance is fine -- that the OS is written for the developers, and people who don't contribute code may benefit, but not to expect a benefit, and not to complain when things don't work... unless you're willing to work on fixing it yourself.
I'm totally on board with that attitude.
However, that doesn't mean you're not an asshole. Saying, "If you read [the docs] and didn't understand them you're a lamer," is pretty much the textbook definition of being an elitist asshole. Telling people to "fuck off" may mean you are an asshole.
From what I've read of de Raadt (both his own writing, and people writing about him), I'd totally believe that he ignored a handshake from Bruce Perens (not saying it happened or not; I have no idea, just that I'd believe it).
As for theo.c... obviously all of that stuff has no context whatsoever, but (while, admittedly, some of it is indeed pretty funny) some of it does sound pretty asshole-ish. And that's fine. But being somehow "proud" of theo.c takes the assholery to a new level.
Now, again, I'm not coming down negatively on the idea of being an asshole. I can be an asshole sometimes too. Sometimes being an asshole is a useful way of getting things done. But don't hide behind some facade based on pretending to be a nice, respectful guy if you aren't. That's just dishonest.
So, you have a million confusion projects going on based on the code all, called "Linux". How many versions of "OpenBSD" are there out there? Umm, ONE. Sure, someone could go and make their own userland and such, but it cannot be called OpenBSD. So, before you go on a rant about how many times BSD has been forked, please get your facts straight.
Well, while you are correct in the distinction between the BSDs being full package-deal OSes, whereas Linux is just a kernel, and the better comparison would be between the BSDs and the various LInux-based distros, there's another way of looking at it, which I suspect the original poster was actually talking about.
The three main BSD *kernels* (Free, Open, Net... and should we count Dragonfly too?) are all forks of an original BSD kernel. They've diverged quite a lot, and in the unlikely event that they wanted to reunify, it would take many years of work to combine them all into a single kernel... if it's even possible.
On the other hand, there is really just one Linux kernel. Yes, there are small, (comparatively) short-lived forks. Most distros ship patched kernels, and some independent patchsets exist, but they tend not to diverge too much, or, when they do, usually diverge due to patches and driver support backported from later kernel versions. Many patches in distro kernels get pushed upstream. While they are technically forks in the real definition of the term, they're not anywhere in the same league as the differences between the various BSD kernels.
So while it's not true to say Linux-based OSes don't fork all the time (there are hundreds of them), it is, for practical purposes, safe to say that there is pretty much one Linux kernel. You can't say the same thing where BSD kernels are concerned.
Whether or not this really matters for any practical purpose is up to the reader to decide; it may just be an academic exercise to recognise the difference.
Sorry, but "unintended and innocent" changes the meaning of "lock in" so completely that it's useless. The term "lock in" is almost always used to describe the intentional, malicious action of one party to prevent another from using a competing product/service/whatever. If you take out the malice and make it unintended and innocent, then it's hard to call it lock in with a straight face.
But if you still insist on calling it lock in, then I say... who cares? If it's unintended and innocent, you can usually fix this problem through gentle prodding and education. (Hint: there's a compiler flag for gcc that will make it not accept GNU extensions.) If a software maintainer doesn't want to accept a patch ("well everyone uses gcc, so why should I clutter my code with this patch?"), then that's the direct fault of the developer, not of gcc.
And hell, many GNU extensions are useful. I'd imagine that LLVM's compiler backends might want to borrow some of them. (And sorry, childish "we don't want to copy gcc" isn't a valid reason for not implementing them if the extension truly is useful.)
No wacky and nutty GPL kooks.
No screaming diatribes over 'purity' of ideology.
You do realise we're discussing an article about Theo de Raadt, right? From what I've read, he's just as much of a BSD kook and idealist as RMS is. Just he gets less flak for it because he (currently, at least) is much more respected for his *engineering* contributions than RMS is.
Over the years I've learned that BSD developers are engineers while GPL developers are ideologues - ie. wackos and nutcases.
Wow, so I'm a wacko and a nutcase, and not real engineer? Sorry, not buying it.
Thank god BSD is well on their way to ridding themselves of GCC and already have the amazing LLVM compiler tech building the system. The efforts the GNU crowd has done to keep open source developers locked into their compiler is sickening from anyone who likes to believe the open source world is some sort of technological marketplace of ideas compared to the Microsoft world.
Yes, because everyone is just so completely *required* to use gcc. You can't use icc, Sun cc, MSVC, or anything else once you've even *touched* gcc. The fact that until recently there hasn't been another good open source compiler around says more to the quality of gcc and the lack of commitment or desire on the part of other potential compiler writers than anything negative about gcc. I'm sure LLVM is great, but apparently no one "needed" it until recently.
Man, too bad my mod points from yesterday didn't expire. -1 Flamebait, Troll, Misinformed-Idiot.`
Since when did you get bug fixes with any software *without* upgrading?
There's nothing stopping an interested party in cherry-picking bug fixes from newer versions and backporting patches. The fact that you haven't done so yourself means you either don't care enough, or are incapable (both of which turns your complaint into entitlement-laced whining).
And I'm not really sure how writing C++ code and compiling with gcc locks you in to gcc. My C++ code (on the sad occasion I need to use C++ for work) compiles just fine with both gcc and MSVC with a minimum of #ifdefs. If yours doesn't, perhaps you're just not a very good C++ programmer.
So you find one single example and decide I'm wrong? Nice try.
... which is pretty irrelevant: blocking 86 IP addresses will also block any machines masquerading behind them.
It's funny that you've painted the parent as a Linux user when he said no such thing. He also stated very little about his motivations for wanting said Windows machines to self-destruct, aside from suggesting that it might make people pay attention to security a bit more. Which is a good thing, even if the trigger for it is a bit painful. Please, there's no need to put words in people's mouths.
And when did "my computer got wiped" count as "suffering"? I'd be pretty upset if it happened to me, but I don't think suffering is quite the right word.
Oh, and you can blame MS all you want but the truth is that Linux, if as widely adopted and used by ordinary computer illiterate users, and as targeted by the malware writers as Windows is, wouldn't be a whole lot batter.
[citation needed] (Though if that batter makes some nice cake, who am I to argue?)
Point is, my data is not that important and there are multiple copies of the stuff that is important, in particular my CV, just because I keep switching computers or copying stuff to other machines in the course of normal activity.
So basically you're saying... you do backups. Even if you don't have a specific "back up these files" activity, what you do amounts to having backups.
As another poster mentioned, if they're not making regular backups, they're at risk for losing their data for a variety of other reasons.
But to answer your question, yes, it *is* their fault that Windows is fucked up. The collective "yes, Windows sucks, but I'm going to tolerate it," attitude in the world is exactly why Window is as fucked up as it is. If thousands (tens of thousands? millions?) of computers get wiped because of this, that's the fault of everyone who runs Windows and doesn't care enough about security to keep themselves safe (either through backups, or constant attention to security).
Sorry, but Windows users need to accept some responsibility for the platform they've chosen. I won't delight in all these people losing data, but if it causes people to wise up and be more concerned about security, I'll consider it a net win.
My suspicion is that Kim Jung Il cares about his people
My suspicion is that Kim Jong-il cares about living the high life, in luxury, while a large number of his people live in squalor and die of hunger.
But sure, ignore the reports of torture in concentration camps. It's just my opinion.
The "security" advantages you so easily dismiss are the things that tend to safeguard your data. Most desktop X servers out there run with network access disabled. At least this way if someone breaks into your machine via other means, they can't find a vulnerability in the X server to gain root.
Most attackers don't break into your machine to trash your data. They're there to take over it and turn it into a zombie for their botnet. Trashing your data is actually counter-productive; they want to hide their intrusion.
How is a remote hole going to be exploited given that most (if not all) Linux distros I know about ship X with '-nolisten tcp' set by default?
I am not sure that this is the right solution. Not running it as root is good, but running it as me - I don't know. I'd rather that the user that runneth the X server is some sort of 'xserver' user - to whose process I connect. That 'xserver' user then has the right to push my screen into VGA mode and all that.
As another poster mentioned, this makes multi-user X a bit more difficult. What's the issue of having your user ID doing all this? If you're allowed to log into the console, then you're presumably allowed to run X (or not; you can still lock down the machine so particular users can't run X or access the graphics hardware). If you can run X, you can talk to the graphics hardware. Note that this doesn't give you carte-blanche to fiddle with the graphics card's registers to try to make the machine crash: you only get certain actions as provided by the DRI interface.
Also, this doesn't fix all those other services (that gnome has, for example) that allow my X programs to mount stuff etc. Which is, again, a security risk by itself.
No, you just don't understand how it works. X apps do not mount things. HAL (or, soon, DeviceKit-disks) mounts things on behalf of authenticated requests from X apps (or console apps, even). HAL/DeviceKit are system daemons that have no GUI. Frameworks like PolicyKit and ConsoleKit ensure that you aren't mounting or unmounting things you shouldn't be.
That's already been the case for the more mainstream cards (nvidia, AMD, Intel) for many years now. They all require a kernel piece for 3D support. nvidia, at least, has a single driver core that they use for multiple OSes, with a little translation layer for the particular kernel. I don't know what the others do.
What, people aren't allowed to change their minds about something given 10 years of new information?
Well, if the flaw is in an X *library*, it doesn't matter, as only the clients (running as the regular user) use those. The X server doesn't need or use libX11, libXrandr, libXext, etc. at all.
But yes, true -- any exploitable flaw in the X server itself (or any of the extensions compiled into or loaded dynamically by the server) could result in root access.
I'm not disagreeing with the premise of the two tags, just that it seems that in the real world, most web authors use them to mean "render with italics" or "render bold weight". I guess that turns out to be ok, though.