> So this GNU thing to me sounds kind of like the same thing
Not exactly, though in principle it's quite similar. The difference is that the Berkeley license _mandated_ it, and the FSF just raves endlessly about it.
This is however a particular interesting point given that even today I am not aware of any complete working distribution that uses only Gnu stuff and the Linux kernel. In particular, unless I am gravely mistaken, every major distro would be totally crippled if you took out parts derived from BSD. It would make as much sense to call it BSD/Linux as Gnu/Linux. Then there are the various BSDs, most of which use gcc and other pieces of Gnu, so why are we picking on Linux-based systems, when systems that use a BSD kernel can be called FooBSD with no mention of the substantial amount of Gnu software in their distribution, and nary a complaint from RMS? It's inconsistent, that's what it is. He should be screaming for Gnu/FreeBSD and Gnu/OpenBSD and so on and so forth, or he should shut up about the _name_ and go back to talking about freedom.
The fact that most people call the system "Linux" is basically an historical accident -- Torvalds didn't originally plan to call even his kernel that, much less any entire distribution that included it, but somebody else thought it was a good name, and it stuck, probably because it _is_ a catchy name. Gnu, on the other hand, is such a pain to pronounce that even after the Hurd finally comes out, and Debian faithfully calls it Gnu/Hurd, it seems obvious to me that normal people are going to drop the Gnu and just call them Hurd systems. Then we can have flamewars about which is better, Linux or Hurd, and drag out the old crusty microkernel/macrokernel arguments once again, oh, joy, oh bliss.
> Not to say I think Microsoft will ever go away. > It's going to change drastically though.
Technologically speaking, it already has. The dropping of the Win9x line is, in terms of tech, a huge step forward. Okay, so it took them three years to do it once they decided, but they _did_ it. And if you think they weren't thinking even then about adding stability because it was a weakness relative to Unix systems, you are most probably mistaken. They added a GUI because it was a weakness relative to Apple, didn't they? Never admitted that, but we all know it's true.
They're not done changing in responce to other OSes, but they've already started long ago.
Perhaps you meant MS would change in ways other than their technology or product...
> If you drop dead tomorrow and the company isn't terribly injured, > you were doing a good job.
I can go along with that. The skilled admins get paid to sit around and read usenet and mailing lists (related to security and/or to development) or work on pet development projects most of the time, because they _can_, because things are _working_ by themselves. Backups, for example, are sufficiently automated that all you gotta do is change the tape. Security means looking over the logs each morning when you get your mail, and patching anything you find out about from reading security fora. Maintenance happens when there is hardware failure...
This is not possible with all operating systems, of course.
What is this strange concept, "enough"? Today's cards are so primitive, they can't even do raytracing at _all_, much less at a decent framerate, or with any nice effects. I want a video card that produces such quality, I can take a screen shot and compare it against competition-quality raytraced images... and I want a framerate that can keep up with my monitor's refresh rate. And I want all that by 2050, so get cracking...
> Heat. Between my video card, my processor, and my hard drive, > eh.. Let's just say that I'm surprised a bunch of hobos aren't > standing around my box to warm their hands.
I've got the side of my case open and a box fan blowing in, aimed right into the side... works wonders, let me tell you. Nothing moves air like a twenty-inch fan...
(Normally this is not necessary, as I only have a PII/233 and a Matrox card with 4MB WRAM, and the faster of two hard drives is 7200 RPM, but we've had an especially warm year around here this year, and the alarm on my CPU (which prior to this summer I never new even _had_ such an alarm) kept going off if I ran it over 50% utilisation (say, if I compiled anything) without the fan. (And yes, I checked the CPU fan, and it's still going, though I have no way to measure its speed.) Part of the problem is that ambient temp in my room was something like 95F for most of August.)
> Yes, you can be the first on your block to have a graphics card > that runs its own operating system!
Not enough. I want a video card that runs an entire cluster and can raytrace frames fast enough to keep up with my monitor's refresh rate, even with nice effects like mist, water, refraction, and so on, and thousands of objects, fractal-generated vapour clouds, lifelike trees and plants,...
Yeah, that's what I'll be looking to buy... in 2050 or so...
> My 1MB trident SVGA card works just fine. Enlightenment looks > great in 800x600x16bit
Hmmm... I can see the difference between 16bit and 24bit colour. I'd say it's worth getting a card that can do 24-bit at a decent resolution. So, what, 2-4MB?
I _don't_ understand the value of 3D cards... they can't do 3D that looks _good_ (i.e., raytracing) anyway.
> Look at those last two paragraphs - I get more Nigerian scam than > I get actual spam anymore. I probably get between 10-12 of the > Nigerian emails *a day*.
Dude, if 10-12 a day is 50%... what you're saying is, you don't get enough spam to even be discussing the issue.
> In this case, the address mikeaba@mail.com is at, of course, > mail.com. Surely mail.com must have gotten dozens, if not > hundreds, of spam reports altering them that a mail.com > address was being used for a scam.
Yes, probably, but...
> What I don't understand is how on earth that address didn't > get taken offline by mail.com [...] Can someone explain what > I'm missing here?
In terms of taking a stand against spam, mail.com is infamous for being very... I'll give them the benefit of the doubt and say they're merely lethargic in the matter. But they are sufficiently lethargic about it that some people have speculated that they may be an actual factual spamhaus.
> Having a single sign on means that security has a single point > of failure. Is this what consumers really want?
It's not what geeks want, but it would suit nearly everyone else just fine. Most people I know want to walk into the bank, be recognised by the teller, and not need to sign anything, enter any PINs, or any other annoying red tape. My sister, who is more computer literate than average, considers anything that requires a password to be the antithesis of user-friendliness. If the family PC required a password on startup, my family be annoyed; if the screen saver were password protected, they'd riot. The idea of _changing_ a password on a regular basis scares most people out of their minds. If I try to explain to my mom (who works in a hospital) that using the name of a close relative as a password on the hospital system is insecure, she responds the way you would respond to someone telling you that running a quarter mile a day isn't good enough exercise and you should run twenty miles a day instead.
It's the same as slang. There are cases where you allow it, but you have to make darn sure they know the difference between that and standard formal usage. It goes along with teaching them to cite sources and follow a consistent style (e.g., MLA, but in the lower grades you start simple by just making them doublespace, then as the grades go by you add more involved requirements) and avoid the second person (and, in research work, the first person as well). It's not that the slang (or the 1337 speak) is wrong _per se_ but that it is out of place in some contexts, and so students must learn to avoid it at times.
Journalists learn to write in a style that avoids passive voice like the plague; researchers use the passive voice as a sort of tonic to cure the ills of first and second person. Field jargon is necessary in technical writing but is often better avoided in writing intended for laypersons. It's all about context. Yes, schools should of course be teaching students this concept.
Then you have artistic license, wherein it is occasionally useful to violate deliberately the usual rules of a given context for effect, but you can't do that effectively until you have mastered the usual rules. For example, clever use of sarcasm in a formal research document is an art not easily learned, because it requires complete mastery of both the subtle nuances of sarcasm and the formal style of research documentation, as well as an excellent sense of timing. Pulling it off effectively is neigh unto genius.
> Here's a version of the Lord's Prayer > published in 1611.
Are you sure? That looks an _aweful_ lot like the 1877 (or whatever year it was) revision. That was at least the second time it was revised, so that people would actually be able to read it. (It was also revised in the 1700s.) If you get your hands on an _actual_ 1611, you'll know it. If you just pick up a garden variety "King James Version", it's not the 1611 by a long shot.
The most recent time it was revised, in the twentieth century, the word "New" was prefixed, but the previous times that was not done. I think the reason they did add the "New" the most recent time is because other translations (NIV, NASB) had gained wide acceptance; the previous times that was not the case, and they worried that letting people know it was changed would shake their faith in the translation.
As a point of trivia, the Authorised Version had some trouble gaining acceptance very early on, because the legalists complained that it differed in some ways from the Geneva Bible, and therefore must not be accurate. (People who do not have a good understanding of how languages differ never understand the concept of translation in any era.)
> Or are you just talking about the cost of purchase, not the TCO? > In the enterprise, Linux is more expensive to run on the desktop > than Windows is, because the most basic tools for Windows > (Outlook, for one) don't exist in a usable form on Linux.
Outlook has very high TCO, higher than Windows and Linux combined and any other office software you want to name into the bargain. It roughly triples the number of times you have to reinstall Windows. No sane admin would ever willingly permit Outlook in a multiseat setting where TCO mattered.
Yeah, what we need to solve this problem is a nitroglycerine cooling system. Or was that liquid nitrogen? Whatever, I'm sure it'll work. They're both weird chemicals after all...
> "Should a closed source vendor be able to look over GPLd software > code to see how something was done with the intention of using it > in their products?" > > No of course not and neither should anyone else be able to steal > code.
Stealing code is one thing, and looking "to see how something was done" is something else again. There's a _huge_ difference between copying actual code (copyright infringement) and copying an algorithm (possible patent infringement only if the algorithm is patented).
Now, granted, if you have looked at code that you can't legally copy, then when you subsequently implement the same thing you have to be careful to implement it from scratch, not just copy the code you saw. Minor changes would even fall into the category of paraphrase -- you really have to write the thing totally from scratch, not plagiarize. But that's possible, provided you're careful, and if you're working in a different programming language from the original it may even be easy.
> My point is, obscurity is not security, and shouldn't be confused > for such.
That's why copy protection doesn't work, why DRM won't work. Because copy protection has always relied on obscurity, on your need for a certain piece of software in order to get at the content -- a certain piece of software that will only do certain things, which do not include making unobscured copies.
Mere encryption doesn't allow for copy protection; with normal encryption, anyone who can decrypt the content can make unencrypted copies if he so desires. To make DRM work, you have to have more than encryption: you have to have obscurity. And that, as you point out, is so insecure that schoolboys routinely break it the first week the things is out, and distribute copies to all of their friends. That's why copy protection has never worked and will never work.
OSS DRM doesn't add up, and here's why: yes, you
can have OSS encryption, controlling _who_ can have
access to the data (answer: only he who has the
correct key), but DRM goes beyond encryption and
beyond controlling _who_ can access the data. DRM
is about controlling what you can do with the data
that you can access. That won't work in an OSS
context, because you can modify the source so that
it lets you do additional stuff beyond what you're
supposed to be able to do. Furthermore, someone
is sure to distribute patches and precompiled
binaries that remove the restrictions, so that
anyone with the privileges to view the content
once can make unrestricted copies.
Although in practice I don't think closed-source
DRM will work either, for the same reasons. It may
make it _inconvenient_ to access the content, but
it's not going to prevent additional viewings,
unauthorized copying, and so on. Only one dweeb
has to crack the thing open once and redistribute
it, and you've got warez. Copy protection has not
EVER, in the entire history of computing, even
ONCE been implemented in a way that kept pirates
from pirating (though certainly it's not for lack
of trying). That's not going to change just
because the industry continues to do what it has
always done, throw endless resources at the problem
that would be better spent on developing something
useful. DRM is basically copy protection on big
steriods, and it'll be the same: it will be a big
pain for legitimate users (and developers), who
will have to jump through hoops to view the content
that they pay for, but it will never stop the
pirates from making illegal copies for all their
friends.
> Isn't the point of being a CS major of being able to learn > new languages quickly and on your own?
Yes. Once you've learned a language from each major category, you pick up new languages very quickly. The curriculum needs C, because C is ubiquitous, and that covers your procedural paradigm in the bargain, plus lexical scope, compilation, and linking. Then you need an object-oriented langauge (and OOP design), a list-based language (lisp, Scheme, or something along those lines -- these will also cover dynamic typing and dynamic scope into the bargain), a functional language, an idiomatic language (e.g., Perl), a data markup language (such as XML), at least one interpreted language (Perl covers this nicely), a langauge that compiles to a VM (Java and Inform are both good choices), an event-driven language (e.g., Tcl), a verbose language, a discipline language (Pascal probably), an assembly language (probably x86), a database language (probably SQL) and so on -- every major category. Toss in data structures and algorithm analysis, a class in operating systems, a class in hardware, a class in the history of computer science, and some electives, and you've got a computer science major.
"The more languages the better"? Yeah, sure, but the important thing is not how many languages, but how many _different_ ones. If you're already learning C++, which I think is a safe assumption, C# adds little. Instead, teach something that's very different from C++, such as Inform or Scheme. The student will be able to pick up C# on his own if he has the need, but it's similar enough to C++ that it doesn't really teach new concepts; whereas, if you teach Smalltalk, you break some actual new ground.
> The new course would be an addition to the curriculm, it wasn't > replacing anything.
Don't be so incredibly naive. Is the total number of credits required for graduation increasing? I thought not. This would be a required class, right? So how exactly is it "not replacing anything"? Sure, other classes aren't being _removed_ from the curriculum, but they are being _displaced_ from the set of courses that any given student will actually take, which in practice amounts to the same thing.
Furthermore, the only reason to teach C# is because it is tied to one platform, and Microsoft is willing to pay to have more people trained in technologies that can _only_ be used on that one platform. Redmond forfend that the school should teach technologies that apply to _all_ platforms and are thus useful in _all_ situations. _That_ would supply trained labour to industries that haven't capitulated to all Microsoft's demands, on equal footing with those that have. It would ensure that a CSI student's training prepares him just as well for working with Unix as it does for working with Windows -- we can't HAVE that. Nevermind that the student would be better trained and more generally educated; he would be able to work with non-MS systems, and Microsoft is willing to pay to prevent that.
Taking money from Microsoft for the development of curriculum elements that are viable only for students who go on to work with Microsoft systems exclusively _does_ say bad things about the school's academic integrity, regardless of how many committees approve it.
C# doesn't give you anything that C++ doesn't give you, _except_ the complete inability to code in a cross-platform fashion. (Not that I'm a big fan of C++ either, but that's another discussion entirely.) Yes, yes, it gives you.NET support -- but what's that? It boils down to programming in such a way that your code will _only_ work on Microsoft systems. It does not give you any new abilities, or any new programming paradigm, or anything that might be useful, just more limits on portability.
The demonstration doesn't work for me. Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2a) Gecko/20020910
Maybe it's something about the way I'm using tabbed browsing, or my cache settings (once per session), but I can't get the demo to work at all. It always gives the URL of the demo as referer. Yes, I have cookies enabled (though I limit their max lifespan).
> Eh, how precisely is this magical encryption supposed to > take place without any key exchange?
PGP and GPG work on public-key principles. In brief, there are _two_ keys, one used to do the mangling and the other used to do the unmangling. One of these two keys is public, and the other is (supposed to be) not shared. If you encrypt with your private key, then anyone can read it (with the public key, which is shared), but they can verify that it was encrypted by the holder of the private key. If you want only one party to be able to read it, you get his public key (which is publically shared) and encrypt with that, and then his private key (which you don't have) is needed to read it.
The thing holding common encryption of email back is plain and simple: to almost everyone, the privacy of encrypted mail is unnecessary, but knowing that the recipient will be able to read the message (whether his mail client knows about encryption or not) is important. Encrypted mail is really only useful if the person you're sending the message to maintains a publically available public key and keeps his private key private on a secure system. No amount of client support will change that. However, client support _does_ mean that people who specifically want to exchange encrypted mail with one another can, without a lot of technical knowledge. But people who don't need the privacy of encrypted mail still won't bother, and I don't see how that's a bad thing. People who don't mind getting phone calls don't have unlisted numbers, either. Some of us just don't have a lot of really sensitive information that would be any huge disaster if random people found out about it. Those of you who do can use the feature when exchanging mail with one another, and the rest of us can ignore it.
Just wait until the spammers get the wrong idea and start sending encrypted messages, advertising encryption software like as not...
Hello. I'm a cross-platform advocate. Now that we've got _that_ settled...
> but this is the real question... Does it effect Apache for > Windows and other platforms? Perhaps the media is immefiately > associating Apache with Linux- something that it is not really > even part of.
The slapper worm appears to specifically look for Linux systems running Apache, or so the article seems to indicate, but the vulnerability (which was covered on/. a while back IIRC) is in OpenSSL, if I understand correctly. So it does affect other systems than just Linux, but not most Windows systems. (With Cygwin, it is possible to run an OpenSSL server on Windows, but that's another can of worms.)
> I would suspect that the worm would possibly effect the ports > too. Does anyone have any info on that?
Whether Slapper does or (more likely) doesn't, the vulnerability that makes the worm _possible_ is an issue for any system that uses OpenSSL. Therefore, if you use OpenSSL on a system that has secure ports open to the internet, you should either patch it or upgrade it. Known vulnerabilities should be fixed, whether or not there's an exploit in the wild. That's basic security practice, right up there with turning off unused services.
Didn't Apple release a security update for 10.1.5 that fixes the OpenSSL issue? Or was that the OpenSSH issue? Or was it the same issue? I'm confused now...
> Invent a language that uses only the keys on the top row of > the keyboard
Huh? I thought the point of Perl was to use all the keys on the keyboard, so that none of them would get worn out faster than the others. Sure, it uses toprow keys, but it uses all the others too.
> Logic is not on your side. Punishments are not based on the amount > of "unhappiness" the criminals cause, but the severity of their > crimes. And this is how it should be.
You are taking the wrong approach, repeating your own argument that didn't convince him before. The utilitarian can only be defeated by a more consistent application of his _own_ argument.
To wit, if sending a hillion jillion spams is worse than killing one person, because it causes more unhappiness (albeit in small increments), then capital punition (killing one person) is an inadequate retribution. To properly compensate society, the offender must be subjected to the same amount of unhappiness he caused. This is why the hand-written apology letters are a suitable punishment: the severity of the penalty is directly proportional to the extent of the crime of which the offender is convicted. A penalty of death won't do, because being a _constant_ penalty it does not fit the magnitude of the crime. The spammer who sends a hillion jillion spams (and thus causes a hillion jillion units of unhappiness) must hand-write a hillion jillion apologies (and thus incur a hillion jillion units of unhappiness, and transmit to the victims a hillion jillion satisfactions, one per offense). This is very just, even if it is also somewhat cruel. _And_ it puts happiness back into society: I for one would be very pleased to receive a hand-written apology from a convicted spammer.
No, the envelopes. The envelopes are much worse than the the stamps. While you're at it, make them hand-address the envelopes too, with a complete (and accurate) return address.
Alternately, we could make them send each apology individually by telnetting into port 80, on a client that doesn't support copy and paste. Did I mention the "individually" part, wherein only one recipient address may be entered each time the message is typed? Just wanted to be clear about that. Extra bonus points for making them do it on a laptop keyboard, over a connection with a lot of latency.
In all seriousness, the idea of hand-written apology letters is truly wonderful. It says, in essence, "give back the time you took from us", which, the cost of bandwidth notwitstanding, is the real issue with spam as far as I'm concerned.
> So this GNU thing to me sounds kind of like the same thing
Not exactly, though in principle it's quite similar. The difference
is that the Berkeley license _mandated_ it, and the FSF just raves
endlessly about it.
This is however a particular interesting point given that even today
I am not aware of any complete working distribution that uses only
Gnu stuff and the Linux kernel. In particular, unless I am gravely
mistaken, every major distro would be totally crippled if you took
out parts derived from BSD. It would make as much sense to call it
BSD/Linux as Gnu/Linux. Then there are the various BSDs, most of
which use gcc and other pieces of Gnu, so why are we picking on
Linux-based systems, when systems that use a BSD kernel can be
called FooBSD with no mention of the substantial amount of Gnu
software in their distribution, and nary a complaint from RMS?
It's inconsistent, that's what it is. He should be screaming for
Gnu/FreeBSD and Gnu/OpenBSD and so on and so forth, or he should
shut up about the _name_ and go back to talking about freedom.
The fact that most people call the system "Linux" is basically
an historical accident -- Torvalds didn't originally plan to
call even his kernel that, much less any entire distribution
that included it, but somebody else thought it was a good name,
and it stuck, probably because it _is_ a catchy name. Gnu, on
the other hand, is such a pain to pronounce that even after the
Hurd finally comes out, and Debian faithfully calls it Gnu/Hurd,
it seems obvious to me that normal people are going to drop the
Gnu and just call them Hurd systems. Then we can have flamewars
about which is better, Linux or Hurd, and drag out the old crusty
microkernel/macrokernel arguments once again, oh, joy, oh bliss.
> Not to say I think Microsoft will ever go away.
> It's going to change drastically though.
Technologically speaking, it already has. The
dropping of the Win9x line is, in terms of tech,
a huge step forward. Okay, so it took them three
years to do it once they decided, but they _did_
it. And if you think they weren't thinking even
then about adding stability because it was a
weakness relative to Unix systems, you are most
probably mistaken. They added a GUI because it
was a weakness relative to Apple, didn't they?
Never admitted that, but we all know it's true.
They're not done changing in responce to other
OSes, but they've already started long ago.
Perhaps you meant MS would change in ways other
than their technology or product...
> If you drop dead tomorrow and the company isn't terribly injured,
> you were doing a good job.
I can go along with that. The skilled admins get paid to sit around
and read usenet and mailing lists (related to security and/or to
development) or work on pet development projects most of the time,
because they _can_, because things are _working_ by themselves.
Backups, for example, are sufficiently automated that all you gotta
do is change the tape. Security means looking over the logs each
morning when you get your mail, and patching anything you find out
about from reading security fora. Maintenance happens when there
is hardware failure...
This is not possible with all operating systems, of course.
What is this strange concept, "enough"? Today's cards are so
primitive, they can't even do raytracing at _all_, much less
at a decent framerate, or with any nice effects. I want a
video card that produces such quality, I can take a screen
shot and compare it against competition-quality raytraced
images... and I want a framerate that can keep up with my
monitor's refresh rate. And I want all that by 2050, so get
cracking...
> Heat. Between my video card, my processor, and my hard drive,
> eh.. Let's just say that I'm surprised a bunch of hobos aren't
> standing around my box to warm their hands.
I've got the side of my case open and a box fan blowing in,
aimed right into the side... works wonders, let me tell you.
Nothing moves air like a twenty-inch fan...
(Normally this is not necessary, as I only have a PII/233 and
a Matrox card with 4MB WRAM, and the faster of two hard drives
is 7200 RPM, but we've had an especially warm year around here
this year, and the alarm on my CPU (which prior to this summer
I never new even _had_ such an alarm) kept going off if I ran
it over 50% utilisation (say, if I compiled anything) without
the fan. (And yes, I checked the CPU fan, and it's still
going, though I have no way to measure its speed.) Part of
the problem is that ambient temp in my room was something
like 95F for most of August.)
> Yes, you can be the first on your block to have a graphics card
...
> that runs its own operating system!
Not enough. I want a video card that runs an entire cluster
and can raytrace frames fast enough to keep up with my monitor's
refresh rate, even with nice effects like mist, water, refraction,
and so on, and thousands of objects, fractal-generated vapour
clouds, lifelike trees and plants,
Yeah, that's what I'll be looking to buy... in 2050 or so...
> My 1MB trident SVGA card works just fine. Enlightenment looks
> great in 800x600x16bit
Hmmm... I can see the difference between 16bit and 24bit colour.
I'd say it's worth getting a card that can do 24-bit at a decent
resolution. So, what, 2-4MB?
I _don't_ understand the value of 3D cards... they can't do
3D that looks _good_ (i.e., raytracing) anyway.
> Look at those last two paragraphs - I get more Nigerian scam than
> I get actual spam anymore. I probably get between 10-12 of the
> Nigerian emails *a day*.
Dude, if 10-12 a day is 50%... what you're saying is, you don't
get enough spam to even be discussing the issue.
> In this case, the address mikeaba@mail.com is at, of course,
> mail.com. Surely mail.com must have gotten dozens, if not
> hundreds, of spam reports altering them that a mail.com
> address was being used for a scam.
Yes, probably, but...
> What I don't understand is how on earth that address didn't
> get taken offline by mail.com [...] Can someone explain what
> I'm missing here?
In terms of taking a stand against spam, mail.com is infamous
for being very... I'll give them the benefit of the doubt
and say they're merely lethargic in the matter. But they are
sufficiently lethargic about it that some people have speculated
that they may be an actual factual spamhaus.
> Having a single sign on means that security has a single point
> of failure. Is this what consumers really want?
It's not what geeks want, but it would suit nearly everyone else
just fine. Most people I know want to walk into the bank, be
recognised by the teller, and not need to sign anything, enter
any PINs, or any other annoying red tape. My sister, who is more
computer literate than average, considers anything that requires
a password to be the antithesis of user-friendliness. If the
family PC required a password on startup, my family be annoyed;
if the screen saver were password protected, they'd riot. The
idea of _changing_ a password on a regular basis scares most
people out of their minds. If I try to explain to my mom (who
works in a hospital) that using the name of a close relative as
a password on the hospital system is insecure, she responds the
way you would respond to someone telling you that running a
quarter mile a day isn't good enough exercise and you should
run twenty miles a day instead.
It's the same as slang. There are cases where you allow it, but
you have to make darn sure they know the difference between that
and standard formal usage. It goes along with teaching them to
cite sources and follow a consistent style (e.g., MLA, but in the
lower grades you start simple by just making them doublespace, then
as the grades go by you add more involved requirements) and avoid
the second person (and, in research work, the first person as well).
It's not that the slang (or the 1337 speak) is wrong _per se_ but
that it is out of place in some contexts, and so students must
learn to avoid it at times.
Journalists learn to write in a style that avoids passive voice
like the plague; researchers use the passive voice as a sort of
tonic to cure the ills of first and second person. Field jargon
is necessary in technical writing but is often better avoided in
writing intended for laypersons. It's all about context. Yes,
schools should of course be teaching students this concept.
Then you have artistic license, wherein it is occasionally useful
to violate deliberately the usual rules of a given context for
effect, but you can't do that effectively until you have mastered
the usual rules. For example, clever use of sarcasm in a formal
research document is an art not easily learned, because it requires
complete mastery of both the subtle nuances of sarcasm and the
formal style of research documentation, as well as an excellent
sense of timing. Pulling it off effectively is neigh unto genius.
> Here's a version of the Lord's Prayer
> published in 1611.
Are you sure? That looks an _aweful_ lot like
the 1877 (or whatever year it was) revision. That
was at least the second time it was revised, so
that people would actually be able to read it.
(It was also revised in the 1700s.) If you get
your hands on an _actual_ 1611, you'll know it.
If you just pick up a garden variety "King James
Version", it's not the 1611 by a long shot.
The most recent time it was revised, in the
twentieth century, the word "New" was prefixed,
but the previous times that was not done. I
think the reason they did add the "New" the most
recent time is because other translations (NIV,
NASB) had gained wide acceptance; the previous
times that was not the case, and they worried
that letting people know it was changed would
shake their faith in the translation.
As a point of trivia, the Authorised Version had
some trouble gaining acceptance very early on,
because the legalists complained that it differed
in some ways from the Geneva Bible, and therefore
must not be accurate. (People who do not have a
good understanding of how languages differ never
understand the concept of translation in any era.)
> Or are you just talking about the cost of purchase, not the TCO?
> In the enterprise, Linux is more expensive to run on the desktop
> than Windows is, because the most basic tools for Windows
> (Outlook, for one) don't exist in a usable form on Linux.
Outlook has very high TCO, higher than Windows and Linux combined
and any other office software you want to name into the bargain.
It roughly triples the number of times you have to reinstall Windows.
No sane admin would ever willingly permit Outlook in a multiseat
setting where TCO mattered.
Yeah, what we need to solve this problem is a
nitroglycerine cooling system. Or was that liquid
nitrogen? Whatever, I'm sure it'll work. They're
both weird chemicals after all...
> "Should a closed source vendor be able to look over GPLd software
> code to see how something was done with the intention of using it
> in their products?"
>
> No of course not and neither should anyone else be able to steal
> code.
Stealing code is one thing, and looking "to see how something was
done" is something else again. There's a _huge_ difference between
copying actual code (copyright infringement) and copying an algorithm
(possible patent infringement only if the algorithm is patented).
Now, granted, if you have looked at code that you can't legally
copy, then when you subsequently implement the same thing you
have to be careful to implement it from scratch, not just copy
the code you saw. Minor changes would even fall into the category
of paraphrase -- you really have to write the thing totally from
scratch, not plagiarize. But that's possible, provided you're
careful, and if you're working in a different programming language
from the original it may even be easy.
> My point is, obscurity is not security, and shouldn't be confused
> for such.
That's why copy protection doesn't work, why DRM won't work. Because
copy protection has always relied on obscurity, on your need for a
certain piece of software in order to get at the content -- a certain
piece of software that will only do certain things, which do not
include making unobscured copies.
Mere encryption doesn't allow for copy protection; with normal
encryption, anyone who can decrypt the content can make unencrypted
copies if he so desires. To make DRM work, you have to have more
than encryption: you have to have obscurity. And that, as you point
out, is so insecure that schoolboys routinely break it the first week
the things is out, and distribute copies to all of their friends.
That's why copy protection has never worked and will never work.
OSS DRM doesn't add up, and here's why: yes, you can have OSS encryption, controlling _who_ can have access to the data (answer: only he who has the correct key), but DRM goes beyond encryption and beyond controlling _who_ can access the data. DRM is about controlling what you can do with the data that you can access. That won't work in an OSS context, because you can modify the source so that it lets you do additional stuff beyond what you're supposed to be able to do. Furthermore, someone is sure to distribute patches and precompiled binaries that remove the restrictions, so that anyone with the privileges to view the content once can make unrestricted copies.
Although in practice I don't think closed-source DRM will work either, for the same reasons. It may make it _inconvenient_ to access the content, but it's not going to prevent additional viewings, unauthorized copying, and so on. Only one dweeb has to crack the thing open once and redistribute it, and you've got warez. Copy protection has not EVER, in the entire history of computing, even ONCE been implemented in a way that kept pirates from pirating (though certainly it's not for lack of trying). That's not going to change just because the industry continues to do what it has always done, throw endless resources at the problem that would be better spent on developing something useful. DRM is basically copy protection on big steriods, and it'll be the same: it will be a big pain for legitimate users (and developers), who will have to jump through hoops to view the content that they pay for, but it will never stop the pirates from making illegal copies for all their friends.
> Isn't the point of being a CS major of being able to learn
> new languages quickly and on your own?
Yes. Once you've learned a language from each major category,
you pick up new languages very quickly. The curriculum needs
C, because C is ubiquitous, and that covers your procedural
paradigm in the bargain, plus lexical scope, compilation, and
linking. Then you need an object-oriented langauge (and OOP
design), a list-based language (lisp, Scheme, or something along
those lines -- these will also cover dynamic typing and dynamic
scope into the bargain), a functional language, an idiomatic
language (e.g., Perl), a data markup language (such as XML),
at least one interpreted language (Perl covers this nicely),
a langauge that compiles to a VM (Java and Inform are both good
choices), an event-driven language (e.g., Tcl), a verbose language,
a discipline language (Pascal probably), an assembly language
(probably x86), a database language (probably SQL) and so on --
every major category. Toss in data structures and algorithm
analysis, a class in operating systems, a class in hardware, a class
in the history of computer science, and some electives, and you've
got a computer science major.
"The more languages the better"? Yeah, sure, but the important
thing is not how many languages, but how many _different_ ones.
If you're already learning C++, which I think is a safe assumption,
C# adds little. Instead, teach something that's very different
from C++, such as Inform or Scheme. The student will be able to
pick up C# on his own if he has the need, but it's similar enough
to C++ that it doesn't really teach new concepts; whereas, if you
teach Smalltalk, you break some actual new ground.
> The new course would be an addition to the curriculm, it wasn't
.NET support --
> replacing anything.
Don't be so incredibly naive. Is the total number of credits
required for graduation increasing? I thought not. This would
be a required class, right? So how exactly is it "not replacing
anything"? Sure, other classes aren't being _removed_ from the
curriculum, but they are being _displaced_ from the set of
courses that any given student will actually take, which in
practice amounts to the same thing.
Furthermore, the only reason to teach C# is because it is tied
to one platform, and Microsoft is willing to pay to have more
people trained in technologies that can _only_ be used on that
one platform. Redmond forfend that the school should teach
technologies that apply to _all_ platforms and are thus useful
in _all_ situations. _That_ would supply trained labour to
industries that haven't capitulated to all Microsoft's demands,
on equal footing with those that have. It would ensure that
a CSI student's training prepares him just as well for working
with Unix as it does for working with Windows -- we can't HAVE
that. Nevermind that the student would be better trained and
more generally educated; he would be able to work with non-MS
systems, and Microsoft is willing to pay to prevent that.
Taking money from Microsoft for the development of curriculum
elements that are viable only for students who go on to work
with Microsoft systems exclusively _does_ say bad things about
the school's academic integrity, regardless of how many
committees approve it.
C# doesn't give you anything that C++ doesn't give you, _except_
the complete inability to code in a cross-platform fashion.
(Not that I'm a big fan of C++ either, but that's another
discussion entirely.) Yes, yes, it gives you
but what's that? It boils down to programming in such a way
that your code will _only_ work on Microsoft systems. It does
not give you any new abilities, or any new programming paradigm,
or anything that might be useful, just more limits on portability.
The demonstration doesn't work for me.
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2a) Gecko/20020910
Maybe it's something about the way I'm using tabbed browsing, or
my cache settings (once per session), but I can't get the demo
to work at all. It always gives the URL of the demo as referer.
Yes, I have cookies enabled (though I limit their max lifespan).
Weird.
> Eh, how precisely is this magical encryption supposed to
> take place without any key exchange?
PGP and GPG work on public-key principles. In brief, there
are _two_ keys, one used to do the mangling and the other used
to do the unmangling. One of these two keys is public, and the
other is (supposed to be) not shared. If you encrypt with your
private key, then anyone can read it (with the public key, which
is shared), but they can verify that it was encrypted by the
holder of the private key. If you want only one party to be
able to read it, you get his public key (which is publically
shared) and encrypt with that, and then his private key (which
you don't have) is needed to read it.
The thing holding common encryption of email back is plain
and simple: to almost everyone, the privacy of encrypted
mail is unnecessary, but knowing that the recipient will be
able to read the message (whether his mail client knows
about encryption or not) is important. Encrypted mail is
really only useful if the person you're sending the message
to maintains a publically available public key and keeps
his private key private on a secure system. No amount of
client support will change that. However, client support
_does_ mean that people who specifically want to exchange
encrypted mail with one another can, without a lot of
technical knowledge. But people who don't need the privacy
of encrypted mail still won't bother, and I don't see how
that's a bad thing. People who don't mind getting phone
calls don't have unlisted numbers, either. Some of us just
don't have a lot of really sensitive information that would
be any huge disaster if random people found out about it.
Those of you who do can use the feature when exchanging
mail with one another, and the rest of us can ignore it.
Just wait until the spammers get the wrong idea and start
sending encrypted messages, advertising encryption software
like as not...
> I might be a Linux advocate,
/. a while back IIRC) is in
Hello. I'm a cross-platform advocate. Now that we've got _that_
settled...
> but this is the real question... Does it effect Apache for
> Windows and other platforms? Perhaps the media is immefiately
> associating Apache with Linux- something that it is not really
> even part of.
The slapper worm appears to specifically look for Linux systems
running Apache, or so the article seems to indicate, but the
vulnerability (which was covered on
OpenSSL, if I understand correctly. So it does affect other
systems than just Linux, but not most Windows systems. (With
Cygwin, it is possible to run an OpenSSL server on Windows, but
that's another can of worms.)
> I would suspect that the worm would possibly effect the ports
> too. Does anyone have any info on that?
Whether Slapper does or (more likely) doesn't, the vulnerability
that makes the worm _possible_ is an issue for any system that
uses OpenSSL. Therefore, if you use OpenSSL on a system that
has secure ports open to the internet, you should either patch
it or upgrade it. Known vulnerabilities should be fixed, whether
or not there's an exploit in the wild. That's basic security
practice, right up there with turning off unused services.
Didn't Apple release a security update for 10.1.5 that fixes
the OpenSSL issue? Or was that the OpenSSH issue? Or was it
the same issue? I'm confused now...
> Invent a language that uses only the keys on the top row of
> the keyboard
Huh? I thought the point of Perl was to use all the keys on the
keyboard, so that none of them would get worn out faster than the
others. Sure, it uses toprow keys, but it uses all the others too.
> Logic is not on your side. Punishments are not based on the amount
> of "unhappiness" the criminals cause, but the severity of their
> crimes. And this is how it should be.
You are taking the wrong approach, repeating your own argument
that didn't convince him before. The utilitarian can only be
defeated by a more consistent application of his _own_ argument.
To wit, if sending a hillion jillion spams is worse than killing
one person, because it causes more unhappiness (albeit in small
increments), then capital punition (killing one person) is an
inadequate retribution. To properly compensate society, the
offender must be subjected to the same amount of unhappiness
he caused. This is why the hand-written apology letters are
a suitable punishment: the severity of the penalty is directly
proportional to the extent of the crime of which the offender
is convicted. A penalty of death won't do, because being a
_constant_ penalty it does not fit the magnitude of the crime.
The spammer who sends a hillion jillion spams (and thus causes
a hillion jillion units of unhappiness) must hand-write a
hillion jillion apologies (and thus incur a hillion jillion
units of unhappiness, and transmit to the victims a hillion
jillion satisfactions, one per offense). This is very just,
even if it is also somewhat cruel. _And_ it puts happiness
back into society: I for one would be very pleased to receive
a hand-written apology from a convicted spammer.
> or make them LICK the stamps
No, the envelopes. The envelopes are much worse than the the stamps.
While you're at it, make them hand-address the envelopes too, with a
complete (and accurate) return address.
Alternately, we could make them send each apology individually
by telnetting into port 80, on a client that doesn't support
copy and paste. Did I mention the "individually" part, wherein
only one recipient address may be entered each time the message
is typed? Just wanted to be clear about that. Extra bonus points
for making them do it on a laptop keyboard, over a connection with
a lot of latency.
In all seriousness, the idea of hand-written apology letters is
truly wonderful. It says, in essence, "give back the time you
took from us", which, the cost of bandwidth notwitstanding, is
the real issue with spam as far as I'm concerned.