Thats fantastic, I wish I'd seen that before. If this is as good as it looks (I wonder how it gets on with dependencies etc.) then I'll be rpm'ing and archiving every source install I do - great if I need to do a fast rebuild of something.
Mandrake packages are on rpmfind, you need both
checkinstall and
libcheckinstall1 [Note they seem to have a circular dependency so you need to install one --nodeps]
I'd say that is a specific problem of RPM (or the way it's used in practice).
You're right, it is a specific problem with the way its used in practice. But on the other hand it could also be argued that the fact such a situation can occur is down to flawed design.
It could simple look for an executable perl$PERLVERSION in $PATH, or even test the output of perl --version or something.
It could but that would be horrendous to implement so that it worked for everything any package might depend on (-v --version -version etc. etc. and then parsing the output!).
I'd be interested to know whether this is just a problem for rpm (after all rpm is probably supported by more distros than any other solution)or whether other package management systems suffer the same problem. For example can you install Debian packages on other distros that use apt-get (without running into dependency problems etc.)?
P.S. I quite like rpm (but then I have used Solaris pkgadd, at least with rpm the package names give some clue about what they contain!)
There's little point standardising on rpm (because thats what the LSB says) or any other package management system unless packages are named consistently. I can't pick a Red Hat rpm and have confidence that I would be able to install it on Mandrake or SuSe or... because I can't be sure that the dependencies will be satisfied as some packages have different names (one example perl-base-5.8.0 on Mandrake is called perl-base-5.800 on RedHat, enough to screw up a dependency check)
This doesn't really bother me because I'm quite happy to build from source (or even make my own rpms if I've got many installs to do) - but to be honest unless a package management system can be relied upon to work always then its isn't working properly and that is a bug (even if its a design bug rather than an implementation one) not a feature.
I guess maybe a solution is for rpm (or whatever) to save version numbers for each file it installs and for dependency checks to be strictly only on files rather than packages. A more sophisticated rpm wrapper (like urpmi) could then map failed dependencies back onto the appropriate package for the distribution. I suspect this is nowhere near as trivial as it sounds!
I understand, and regularly use all of the above. I'm quite comfortable compiling from source & I have no 'fear' of the console - in fact I prefer the console. But my point was in relation to 'standardisation' (The subject of the article!) that the standardisation of a package management system doesn't work unless the packages themselves have standard names.
Unless we have a way of managing binary packages which works with all packages on all [binary] distributions and developers can rely on producing one rpm (or deb or whatever) that can be easily installed on all mainstream distros then we do not have standardisation
P.S. The part of...
$./configure
$ su
# make
# make install...that I don't understand is how it relates to my post about difficulty installing a PERL program.
Along similar lines, LSB specifies rpm as the standard package management system. This is a good idea (to have a standard system, not necessarily that it should be rpm - but lets not get into that whole rpm vs. apt-get thing) - but it will never work properly until the distros standardise the packages, you won't be able to install a Red Hat package properly on Mandake (for example) unless all the dependencies are named and packaged identically on both distros. [Yes I know all about --no-deps, but that presupposes a level of knowledge on the part of the user which we should not do].
One recent example, I recently needed to install a package under Mandrake 9 which was only available as a Red Hat rpm. The package failed on dependencies because Mandrake had named several perl packages differently. The program I was installing was written entirely in perl - so there should have been no issues with installing a red hat package on Mandrake - but the install was unneccessarily complicated by the dependency issues.
Re:Brewing beer since I was 6
on
Do You Homebrew?
·
· Score: 2, Funny
The archive itself fitted on two laser discs, but there were many copies of these discs - my local library (and presumably most other UK libraries) had a copy. I remember spending time in the late eighties looking through the information that was available. I remember being impressed by the technology [or at least how big and shiny the disks were], but as far as I recall the data was mostly remarkable for being unremarkable. In common with most records of contemporary society its only likely to become interesting when it ceases to be the mundane of the present. I imagine I would find it much more interesting now.
I wonder what happened to all the disks and readers, were they scrapped or are they to be found in the deepest darkest corner of the library stores?
It would be good if they could put this all on line - especially for the embarassment of all those who were children at the time and contributed to the project through their schools.
Now if every open source developer had something along the following outline in their crontab...
ftp sources from ftp distribution server
diff against known good copy
mail if different
Maybe not practical for the biggest projects, but for the rest?
Idea 2 - responsible mirroring
Mirrors shouldn't accept changed sources without an accompanying bump in the version/release number in the filename - this would make it much easier to spot trojaned versions
Okay that relies on developers being careful to bump the release no. after every change (doc updates etc.)
Hmmm, but isn't this new tool a backend which permits new interfaces to kernel configuration to be built which interact with it?
Surely then, it is a logical step for someone (with __lots__ of time) to build a frontend which scans the machine's hardware and automatically makes the right choices? Perhaps even preventing configurations which would prevent the kernel from booting?
Even if he hadn't trademarked it other actors wouldn't be able to call themselves Leonardo di Caprio, because Equity (the actors union) doesn't allow more than one actor with the same stage name. Thats why Michael Caine isn't acting under his real name of Maurice Micklewhite (or something like that!) there was already a Maurice Micklewhite out there!
I'd guess trademarking his name was more to do with controlling and profiting from the merchandise business for Leo.
Note that W32/Bugbear-A tries to copy itself to all types of shared network resource, including printers. Printers cannot become infected, but they will attempt to print out the raw binary data of W32/Bugbear-A's executable code. This usually results in many wasted pages.
Judging from the questions I've had over the past two days (from users, about incoming emails which have been 'disinfected') its also worth noting...
the worm can spoof the From and Reply To fields in the emails it sends. [Like Klez & YaHa do]
We use MailScanner along with a Sophos engine to filter our incoming mail - and we've caught dozens of this worm in the last two days. Remembering the trouble from Nimda last year I'd recommend MailScanner to everyone, its free & can be used with a variety of engines. [I'm not associated wuth the MailScanner project BTW]
Thats my point really - Even if the tech sites all linked to such a site it might not help. Techies are relatively savvy, so you're largely preaching to the converted. What's needed is some way of approaching the mass of users - who access the web for email & the content delivered by the portal they haven't worked out how to change from being their home page!
[I'm British, so this proposed law doesn't affect me as much as many/.ers, but the British government is usually pretty good at copying any stupid laws they can find.]
Almost everyone I've told about Palladium, DRM, software patents, Microsofts latest EULA clauses etc. has been astounded & disgusted. The problem is that it takes a huge number of people to speak out, but it is almost impossible to widely disseminate the truth about these initiatives, because most people obtain their information & opinions from the mainstream media (ie those who have the most to gain). Web sites don't work because they have to be found & the majority of people just won't be looking or have their web content spoon fed to them through portals like AOL & MSN who clearly have a vested interest in these matters.
How can we spread the word? The only idea I can think of right now is a well worded email chain letter - unfortunately I (and I would guess most/. readers) have a problem with chain letters. But in these cases would the means justify the ends? Does anyone have any other ideas?
[BTW I'm British, so this proposed law doesn't affect me as much as many/.ers, but the British government is usually pretty good at copying any stupid laws they can find. Where America leads we follow like sheep, and digital rights are a global issue]
I thought everyone knew that 2.5 was followed by 6 for unix systems (Solaris!) [Although it looks like 9 might be followed by 3...] This will be fine so long as we adopt the cunning plan of refferring to it internally as 5.6 no matter what the actual version number.
Now if we really wanted confusion perhaps we could persuade all the distros to use different numbering schemes.</SARCASM>
G-data's GnuPG plugin is good as far as it goes. unfortunately it only goes as far as a rather inadequate (& ugly) frontend to gpg and has somewhat limited integration into Outlook.
It works fine, so long as the signature is in the body of the mail. Unfortunately if the signature is provided as an attachment (which is how Evolution signs mail, for example) G-data's plugin won't recognise it.
This is a shame, personally I'd rather Evolution put the sig in the body (to encourage the ignorant to ask...) but the G-data plugin should really recognise digital signatures which are attachments. You can't expect everyone to use a standard when different implementations won't co-operate (Yes, unless you're Microsoft, of course - but lets not go there right now).
I sign personal mail by default, not because much I send has any particular value, but because I want to spread the word. I would encourage everyone to do the same.
I am irritated that none of the online banks I have used have ever bothered to even sign their mail. How can we expect to convince the public at large that encryption and siging is a good thing if even the banks don't appear to take this on board?
If you really want to make a difference, why not sponsor a child in some 3rd world country?
Don't get me wrong, I'm all in favour of helping the third world, but sponsoring children is not the best way to go about it. There are a number of problems...
1) Many groups (for example, hunter gatherer groups) exist on a communal basis, sharing the food they gather (or hunt...) and working together for the common good. Sponsoring a child in one of these communities can make one family materially better off than the others and this can cause a breakdown of their community.
2) The groups promoting this child sponsorship are often missionary organisations (although they are not always keen on presenting this in their publicity). There is therefore an incentive for familys to 'embrace' Christianity in order to gain sponsorship. This destroys traditional religion & community identity. You may feel that promoting Christianity is a good thing, but ask yourself whether bribary is a 'Christian way' to go about it.
3) We (as a western society) are vulnerable to images of suffering children. But it is the communities that need our help, so they can provide for their own children. We also should be careful not to send the message to these desperate people that it is necessary to have a child to get help.
This information is not based on journalism or conjecture but based on a report (I think by a UN body or something similar) about the activities of such charities, notably World Vision, in the Amazon area.
I would encourage you to make whatever contributions you can to help people in desperate circumstances (in your own country or abroad) but please target your donations carefully.
My bank requires a password. For 'additional security' they also require my mothers maiden name, my fathers first name, my place of birth and the name of my first school. The terms and conditions were recently changed to state that if these any of these 'security details' should become known to anyone else I must inform them immediately. Naturally I immediately phoned them to point out that the name of my first school was well known to many people and that the other three were in fact matters of public record. They didn't seem to think this was a problem.
There seems to be great confusion about what actually constitutes 'secure'. There needs to be consensus which solutions can be measured against before any single sign on solution can be widely accepted. Perhaps the biggest worry is making any solution future proof, undoubtably this will be hampered by governments who like to outlaw strong cryptography.
We don't need single sign on
on
Passport vs. Plan 9
·
· Score: 2, Interesting
What we do need is some consitency between the information sites ask for. If sites were consistent about asking for, say, a 10 character mixed case username, a 10 character mixed case alphanumeric password, a 6 digit numeric passcode or whatever (the numbers are arbitary & not intended to represent any ideal of security) then it would be easy to just have a few passwords etc. which are used for different trust levels.
I guess most people do this already, but I'm always getting thrown by being asked for subtle variants of this information. Now if the sites were kind enough to display a number of my choosing on the login screen(to remind me which password to use) and maybe the date I last changed my password life would be much more simple. There are some sites that I have lost count of how many times I have registered because I can't recall which varient of my username I entered.
The chief problem would be keeping usernames unique - although I'm not convinced this is a problem so long as the combined credentials are unique(?)
Forget the shrink wrap, follow this through and they'll be saying GM reverse engineered Ford because they create vehicles which look similar. Well maybe they did, but how can you have any kind of competition if the resulting product has to be totally original?
Slashdot Mirror
Thats fantastic, I wish I'd seen that before. If this is as good as it looks (I wonder how it gets on with dependencies etc.) then I'll be rpm'ing and archiving every source install I do - great if I need to do a fast rebuild of something.
Mandrake packages are on rpmfind, you need both checkinstall and libcheckinstall1 [Note they seem to have a circular dependency so you need to install one --nodeps]
I'd say that is a specific problem of RPM (or the way it's used in practice).
You're right, it is a specific problem with the way its used in practice. But on the other hand it could also be argued that the fact such a situation can occur is down to flawed design.
It could simple look for an executable perl$PERLVERSION in $PATH, or even test the output of perl --version or something.
It could but that would be horrendous to implement so that it worked for everything any package might depend on (-v --version -version etc. etc. and then parsing the output!).
I'd be interested to know whether this is just a problem for rpm (after all rpm is probably supported by more distros than any other solution)or whether other package management systems suffer the same problem. For example can you install Debian packages on other distros that use apt-get (without running into dependency problems etc.)? P.S. I quite like rpm (but then I have used Solaris pkgadd, at least with rpm the package names give some clue about what they contain!)
There's little point standardising on rpm (because thats what the LSB says) or any other package management system unless packages are named consistently. I can't pick a Red Hat rpm and have confidence that I would be able to install it on Mandrake or SuSe or ... because I can't be sure that the dependencies will be satisfied as some packages have different names (one example perl-base-5.8.0 on Mandrake is called perl-base-5.800 on RedHat, enough to screw up a dependency check)
This doesn't really bother me because I'm quite happy to build from source (or even make my own rpms if I've got many installs to do) - but to be honest unless a package management system can be relied upon to work always then its isn't working properly and that is a bug (even if its a design bug rather than an implementation one) not a feature.
I guess maybe a solution is for rpm (or whatever) to save version numbers for each file it installs and for dependency checks to be strictly only on files rather than packages. A more sophisticated rpm wrapper (like urpmi) could then map failed dependencies back onto the appropriate package for the distribution. I suspect this is nowhere near as trivial as it sounds!
1 ??????? 2 ??????? 3 Profit!
I understand, and regularly use all of the above. I'm quite comfortable compiling from source & I have no 'fear' of the console - in fact I prefer the console. But my point was in relation to 'standardisation' (The subject of the article!) that the standardisation of a package management system doesn't work unless the packages themselves have standard names.
...that I don't understand is how it relates to my post about difficulty installing a PERL program.
Unless we have a way of managing binary packages which works with all packages on all [binary] distributions and developers can rely on producing one rpm (or deb or whatever) that can be easily installed on all mainstream distros then we do not have standardisation
P.S. The part of... $./configure $ su # make # make install
Along similar lines, LSB specifies rpm as the standard package management system. This is a good idea (to have a standard system, not necessarily that it should be rpm - but lets not get into that whole rpm vs. apt-get thing) - but it will never work properly until the distros standardise the packages, you won't be able to install a Red Hat package properly on Mandake (for example) unless all the dependencies are named and packaged identically on both distros. [Yes I know all about --no-deps, but that presupposes a level of knowledge on the part of the user which we should not do].
One recent example, I recently needed to install a package under Mandrake 9 which was only available as a Red Hat rpm. The package failed on dependencies because Mandrake had named several perl packages differently. The program I was installing was written entirely in perl - so there should have been no issues with installing a red hat package on Mandrake - but the install was unneccessarily complicated by the dependency issues.
This is true, and they're all staffed by Aussies!
The archive itself fitted on two laser discs, but there were many copies of these discs - my local library (and presumably most other UK libraries) had a copy. I remember spending time in the late eighties looking through the information that was available. I remember being impressed by the technology [or at least how big and shiny the disks were], but as far as I recall the data was mostly remarkable for being unremarkable. In common with most records of contemporary society its only likely to become interesting when it ceases to be the mundane of the present. I imagine I would find it much more interesting now.
I wonder what happened to all the disks and readers, were they scrapped or are they to be found in the deepest darkest corner of the library stores?
It would be good if they could put this all on line - especially for the embarassment of all those who were children at the time and contributed to the project through their schools.
Now if every open source developer had something along the following outline in their crontab...
ftp sources from ftp distribution server diff against known good copy mail if different
Maybe not practical for the biggest projects, but for the rest?
Idea 2 - responsible mirroring
Mirrors shouldn't accept changed sources without an accompanying bump in the version/release number in the filename - this would make it much easier to spot trojaned versions
Okay that relies on developers being careful to bump the release no. after every change (doc updates etc.)
Hmmm, but isn't this new tool a backend which permits new interfaces to kernel configuration to be built which interact with it?
Surely then, it is a logical step for someone (with __lots__ of time) to build a frontend which scans the machine's hardware and automatically makes the right choices? Perhaps even preventing configurations which would prevent the kernel from booting?
Even if he hadn't trademarked it other actors wouldn't be able to call themselves Leonardo di Caprio, because Equity (the actors union) doesn't allow more than one actor with the same stage name. Thats why Michael Caine isn't acting under his real name of Maurice Micklewhite (or something like that!) there was already a Maurice Micklewhite out there!
I'd guess trademarking his name was more to do with controlling and profiting from the merchandise business for Leo.
Accoring to the analysis by Sophos
Note that W32/Bugbear-A tries to copy itself to all types of shared network resource, including printers. Printers cannot become infected, but they will attempt to print out the raw binary data of W32/Bugbear-A's executable code. This usually results in many wasted pages.
Judging from the questions I've had over the past two days (from users, about incoming emails which have been 'disinfected') its also worth noting...
the worm can spoof the From and Reply To fields in the emails it sends. [Like Klez & YaHa do]
We use MailScanner along with a Sophos engine to filter our incoming mail - and we've caught dozens of this worm in the last two days. Remembering the trouble from Nimda last year I'd recommend MailScanner to everyone, its free & can be used with a variety of engines. [I'm not associated wuth the MailScanner project BTW]
Thats my point really - Even if the tech sites all linked to such a site it might not help. Techies are relatively savvy, so you're largely preaching to the converted. What's needed is some way of approaching the mass of users - who access the web for email & the content delivered by the portal they haven't worked out how to change from being their home page!
[I'm British, so this proposed law doesn't affect me as much as many /.ers, but the British government is usually pretty good at copying any stupid laws they can find.]
/. readers) have a problem with chain letters. But in these cases would the means justify the ends? Does anyone have any other ideas?
/.ers, but the British government is usually pretty good at copying any stupid laws they can find. Where America leads we follow like sheep, and digital rights are a global issue]
Almost everyone I've told about Palladium, DRM, software patents, Microsofts latest EULA clauses etc. has been astounded & disgusted. The problem is that it takes a huge number of people to speak out, but it is almost impossible to widely disseminate the truth about these initiatives, because most people obtain their information & opinions from the mainstream media (ie those who have the most to gain). Web sites don't work because they have to be found & the majority of people just won't be looking or have their web content spoon fed to them through portals like AOL & MSN who clearly have a vested interest in these matters.
How can we spread the word? The only idea I can think of right now is a well worded email chain letter - unfortunately I (and I would guess most
[BTW I'm British, so this proposed law doesn't affect me as much as many
I thought everyone knew that 2.5 was followed by 6 for unix systems (Solaris!) [Although it looks like 9 might be followed by 3...] This will be fine so long as we adopt the cunning plan of refferring to it internally as 5.6 no matter what the actual version number.
Now if we really wanted confusion perhaps we could persuade all the distros to use different numbering schemes.</SARCASM>
G-data's GnuPG plugin is good as far as it goes. unfortunately it only goes as far as a rather inadequate (& ugly) frontend to gpg and has somewhat limited integration into Outlook.
It works fine, so long as the signature is in the body of the mail. Unfortunately if the signature is provided as an attachment (which is how Evolution signs mail, for example) G-data's plugin won't recognise it.
This is a shame, personally I'd rather Evolution put the sig in the body (to encourage the ignorant to ask...) but the G-data plugin should really recognise digital signatures which are attachments. You can't expect everyone to use a standard when different implementations won't co-operate (Yes, unless you're Microsoft, of course - but lets not go there right now).
I sign personal mail by default, not because much I send has any particular value, but because I want to spread the word. I would encourage everyone to do the same.
I am irritated that none of the online banks I have used have ever bothered to even sign their mail. How can we expect to convince the public at large that encryption and siging is a good thing if even the banks don't appear to take this on board?
Also at...k e/Mandr ake/iso/
ftp://sunsite.uio.no/pub/unix/Linux/Mandra
NOTE: this is Mandrake/Mandrake/iso not the promising looking Mandrake-iso directory.
This site is also mirrored on mirror.ac.uk (http or ftp) for those in the UK
I won't - if you don't tell anyone thats what I was linking to... ;)
support for RedHat 7.3 and Mandrake 8.2
Gee thats nice, good job Mandrake 9 isn't due any time soon. Daresay RH8 won't be far behind either.
... a new sig coming on ...
If you really want to make a difference, why not sponsor a child in some 3rd world country?
Don't get me wrong, I'm all in favour of helping the third world, but sponsoring children is not the best way to go about it. There are a number of problems...
1) Many groups (for example, hunter gatherer groups) exist on a communal basis, sharing the food they gather (or hunt...) and working together for the common good. Sponsoring a child in one of these communities can make one family materially better off than the others and this can cause a breakdown of their community.
2) The groups promoting this child sponsorship are often missionary organisations (although they are not always keen on presenting this in their publicity). There is therefore an incentive for familys to 'embrace' Christianity in order to gain sponsorship. This destroys traditional religion & community identity. You may feel that promoting Christianity is a good thing, but ask yourself whether bribary is a 'Christian way' to go about it.
3) We (as a western society) are vulnerable to images of suffering children. But it is the communities that need our help, so they can provide for their own children. We also should be careful not to send the message to these desperate people that it is necessary to have a child to get help.
This information is not based on journalism or conjecture but based on a report (I think by a UN body or something similar) about the activities of such charities, notably World Vision, in the Amazon area.
I would encourage you to make whatever contributions you can to help people in desperate circumstances (in your own country or abroad) but please target your donations carefully.
This is not a troll.
My bank requires a password. For 'additional security' they also require my mothers maiden name, my fathers first name, my place of birth and the name of my first school. The terms and conditions were recently changed to state that if these any of these 'security details' should become known to anyone else I must inform them immediately. Naturally I immediately phoned them to point out that the name of my first school was well known to many people and that the other three were in fact matters of public record. They didn't seem to think this was a problem.
There seems to be great confusion about what actually constitutes 'secure'. There needs to be consensus which solutions can be measured against before any single sign on solution can be widely accepted. Perhaps the biggest worry is making any solution future proof, undoubtably this will be hampered by governments who like to outlaw strong cryptography.
What we do need is some consitency between the information sites ask for. If sites were consistent about asking for, say, a 10 character mixed case username, a 10 character mixed case alphanumeric password, a 6 digit numeric passcode or whatever (the numbers are arbitary & not intended to represent any ideal of security) then it would be easy to just have a few passwords etc. which are used for different trust levels.
I guess most people do this already, but I'm always getting thrown by being asked for subtle variants of this information. Now if the sites were kind enough to display a number of my choosing on the login screen(to remind me which password to use) and maybe the date I last changed my password life would be much more simple. There are some sites that I have lost count of how many times I have registered because I can't recall which varient of my username I entered.
The chief problem would be keeping usernames unique - although I'm not convinced this is a problem so long as the combined credentials are unique(?)
someone was listening!
Forget the shrink wrap, follow this through and they'll be saying GM reverse engineered Ford because they create vehicles which look similar. Well maybe they did, but how can you have any kind of competition if the resulting product has to be totally original?
Most things aren't invented, they evolve.