In defense of Rails...
on
GitHub Hacked
·
· Score: 1
In defense of Rails, this isn't a bug, vulnerability, exploit or weakness of RoR its self. The "update_attributes" functionality on a model (which writes new values to a database row) has to be used very carefully. Anybody worth their salt with RoR should know that. If you blindly pass a unsanitized/unfiltered hash directly from the submission from a user to update_attributes, you are definitely asking for trouble and/or are lazy/ignorant at best, imho.
There's a certain element of quality of life to be taken into consideration, too. My father died of brain cancer but participated in a study to see if an unusually higher use of chemo might improve the odds of survival. It's hard to say if the cancer or the drugs were what caused more suffering. Being really, really sick can sometimes be worse than death I would have to believe, especially if the odds for recovery are slim. So while the "why not give it a shot?" attitude has a certain bit of logic to it, it still gets a bit more complicated than that from an ethical point of view.
Seems that users who are too lazy to upgrade their default browser might be the same people who would rush through the test just to get the Starbucks gift card or whatever the incentive was. This compared to somebody who is OCD who has to use the latest nightly build of some obscure browser.
Rotate admins between systems/responsibilities and have a third party do random audits.
In the end, logs can be falsified and nasty activity hidden. You have to trust your admins at some point. At least by rotating admins they can basically keep an eye on each other and cover for each other as needed. As an IT guy for a small company, I welcomed having others that I trust do some IT stuff for me while I'm busy or gone. Be wary of admins who get defensive when asked to allow somebody else to take over for them from time to time. Admins who feel they need 'job security' or are allowed to 'play' on their own too much can be dangerous.
As a CS prof told us, "You'll spend the first year of your job trying to get root, and the rest of your career trying to get rid of it.";')
Lastly, if you are paranoid, do random third party audits. I've been through a few detailed audits, and I actually enjoyed having an outside source confirm I'm doing things right (or wrong). They can actually be empowering as they can justify an increase in IT budgets that otherwise would be a hard sell. Again an admin who goes apesh!t at the idea of having somebody else check their work is a bad sign.
Anybody who has used Stumble Upon (or similar) knows how much people swipe from other sites to put on their own to make money from adwords and the like. I even Stumble Upon'ed a picture I took of my own cat that somebody found from my personal site and put captions on and published. It was ranked #7 in the top 100 on the site which I found rather amusing.
We may not be doing lots of long-hand calculations on paper, but we certainly do use the concepts of set-theory, calculus and general math every day. When it becomes a necessity to keep tabs on, say, how much money you have in the bank, or understanding what the speedometer in your car means, or that jumping off a cliff will mean you accelerate until you hit the bottom, you stop thinking of it as 'math' and as just common sense. And while I admit to being a bit of a nerd, I may not sit down with a math book, I do enjoy some aspects of physics and it becomes more fulfilling to at least have a rough understanding of the math in the books I read or the lectures I watch.
It sounds simple that American companies could 'fix' the problem of China's poor working conditions, but in reality that job belongs to China its self. Besides, say you assemble devices in the US instead of China. What about the parts in them? OK, manufacture and make the parts in the US. What about the materials to make the parts? Oh, well, we can try to be completely self-reliant on rare-earth metals and the like, but it just isn't a realistic concept. It's a global economy and China needs to take care of its own people, it's not up to American companies to do that.
And, thankfully, content providers still want their stuff to work on computing devices (like iPhones and iPads) that don't support Flash and so are providing non-Flash alternatives. That's not just good for Apple customers, but everybody in the long run.
Unless the person applying for the patent wrote in the additions to Linux to begin with, wouldn't the fact that the functionality exists be proof of prior art? In other words, Linux has features included for the purpose of being used. Even if the features were used in an unusual combination, the fact that the features are able to be used in such a combination meant that the authors intended for there to be such flexibility for that to happen, and therefore even if not physically done before, at least the general idea and concept had been thought of and implemented in code... therefore prior art.
I understand there's probably more to the patent, such as hardware design and such, but I just find it interesting that somebody could patent, even in part, the functionality in Linux.
I bought World of Goo and let a few of my friends copy it. I wanted to be nice and give some payback to 2D Boy, so I bought some 2D Boy tshirts (they are fairly expensive, btw). That way they got some payment for the 2-3 friends who I let borrow the game, but I get something practical instead of a few more useless discs and packaging. Technically, though, I guess I still pirated the game (or at least let my friends pirate it)?
I'm guessing that most of the 'pirates' who really are downloading the game for free and not giving anything back are folks who played about 10 minutes of the game and junked it. Or gave something back in some other way. Still though, 90% seems high. Where did they get that number from?
Anyways, it's the same old argument that's been kicking around for years. Because somebody downloaded it for free means it is a 'lost' sale? Hardly. I know friends who got obsessed with downloading gazillions of MP3s off the 'net, most of which they probably will never listen to. They never would have purchased most of them anyways.
Reminds me of the crashed flying saucers that were recovered at Roswell which was truthfully reported by the military and then later called a weather balloon. For the interesting story from a physicist, check out lecture Tue 3/6/2007 of Physics for Future Presidents:
That makes sense, but I would argue that that output may not be under GPL, but the output is providing a service to the (presumably) public. Therefore, the GPLed code and theme should be open-sourced as the argument would go.
What do you mean by "providing a service"?
IANAL, but my interpretation is that under the terms of the GPLv2 (thanks for clarifying that WP was under that license), there's no onus on a person running a GPLed program on a server to provide code unless they distribute code.
Now if you're talking about "service" as in Software as a Service, then yes, many people including the FSF believe that people should be privy to the software that they run, whether the software is running on a personal machine, on a remote piece of hardware, or even running on a virtualized server. But that's a philosophical argument, and doesn't have any direct bearing on the GPLv2.
OK, what I mean by a 'service' is providing remote access to the binary app, but not downloadable, per say. Sorry, not clear, I'll explain.
Say you provided copies of binaries. That would be a violation (WP/theme issue aside, just modified GPL code for this argument), right? Say, instead, you simply kept the 'privately modified' GPL app on a server but allowed the world to HTTP/SSH/Telnet/etc. to use the app. That could be seen as the same thing. You are supplying useful access to the binary.
Here's another practical example: What about you remotely access modified GPL code, but it was in a box. Say a Linksys router you purchased? But that's a 'server' of sorts. How does it differ from a remote server? Same thing. It's basically a locked down thing you can put wherever you want in your home, but isn't that still violating the license? Say, they gave the routers away for free, for whatever reason, does that get around the issue. No, of course not.
I'm not sure if it matters, but WP is under GPLv2.
Thanks for clarifying.
Anyways, I was thinking of the case where I take the GPLed sample config file and customize it (which is where the authentication keys, database login creds and other info are). It seems as though technically, that file (when used for a public web site) would need to be open sourced since it is a derivative work and I don't see an exception in the license for that file.
First, you don't distribute the config file (at least I hope you don't!), nor do you distribute code from within it. As a result, if there's no act of distribution, there's no need for the distribution clauses of the GPLv2 to kick in.
Second, even if the license were AGPL, you don't have to distribute your authentication keys, login credentials, and other site-specific data along with the code. You just need to provide the code necessary for someone else to run the code with their own data.
Right, true on both points. The curiosity is that a GPLed config file may be required to be open-sourced when it doesn't fall under the 'does not have to be open-sourced if for private use' clause. I have since read/learned that configuration settings may very well fall outside of the scope of modifying/innovating a project. Thankfully my/etc directories on my servers seem safe.;')
But, interestingly, distribution may be moot if the web site running the GPLed code is publicly accessible. The GPL FAQ says:
It is essential for people to have the freedom to make modifications and use them privately, without ever publishing those modifications. However, putting the program on a server machine for the public to talk to is hardly “private” use, so it would be legitimate to require release of the source code in that special case.
The GPL is a copyright license. As far as WordPress goes, the GPL is covering the code at the heart of WordPress and any derivative works of that code.
I'm not a lawyer and haven't spent much time analyzing this particular case (the WordPress engine + themes), but even if the WP templates are derivative works, I don't see a problem here.
The WP templates aren't directly being distributed when they're used on a website. What's being distributed is the output of running the PHP theme code. Note the following from the GPL FAQ:
In what cases is the output of a GPL program covered by the GPL too?
Only when the program copies part of itself into the output.
Though the themes may contain PHP code that is tightly coupled with the WordPress code, I believe that the simple HTML markup generated by ( WordPress + theme ) is quite separate.
That makes sense, but I would argue that that output may not be under GPL, but the output is providing a service to the (presumably) public. Therefore, the GPLed code and theme should be open-sourced as the argument would go.
BTW- I wonder about the config file. To be legit, do I have to release my authentication keys, too?
Even if you were to release code online using the AGPL, you wouldn't have to release your personal keys. Per the GPL FAQ again:
I use public key cryptography to sign my code to assure its authenticity. Is it true that GPLv3 forces me to release my private signing keys?
No. The only time you would be required to release signing keys is if you conveyed GPLed software inside a User Product, and its hardware checked the software for a valid cryptographic signature before it would function.
In that specific case, you would be required to provide anyone who owned the device, on demand, with the key to sign and install modified software on his device so that it will run. If each instance of the device uses a different key, then you need only give each purchaser the key for his instance.
I'm not sure if it matters, but WP is under GPLv2. Anyways, I was thinking of the case where I take the GPLed sample config file and customize it (which is where the authentication keys, database login creds and other info are). It seems as though technically, that file (when used for a public web site) would need to be open sourced since it is a derivative work and I don't see an exception in the license for that file.
A company is running a modified version of a GPL'ed program on a web site. Does the GPL say they must release their modified sources?
The GPL permits anyone to make a modified version and use it without ever distributing it to others. What this company is doing is a special case of that. Therefore, the company does not have to release the modified sources.
It is essential for people to have the freedom to make modifications and use them privately, without ever publishing those modifications. However, putting the program on a server machine for the public to talk to is hardly “private” use, so it would be legitimate to require release of the source code in that special case. Developers who wish to address this might want to use the GNU Affero GPL for programs designed for network server use.
IANAL, but it seems as though all end-users creating custom themes may be breaking the license terms?
BTW- I wonder about the config file. To be legit, do I have to release my authentication keys, too?
One argument that seems to come up over and over again when the topic of security comes up is that Windows is targeted because it's more popular. The fact is that modern networked equipment, from routers to printers to VoIP gateways, to gaming consoles, to cable modems, to smart phones, etc. run an OS with a network stack. Often many of these devices go for years without patches. I would argue that there are more non-Windows based networked computing devices than Windows PCs. I would also argue that hackers would love to sink their teeth into all those identical game consoles and other devices so they can skim CC #s and do the usual botnet activities of spam and DoS attacks.
Yet, it's rare that we hear of an exploit for those devices, while at the same time, it's so common to have a Windows computer get infected with something that it's almost considered a normal occurrence. From one point of view, it could be seen that Windows PCs have more general utility and therefore more security risks, particularly for attacks that rely on the user to do something to enable the attack. But, on the flip side, lots of identical appliances only need one attack vector to make them all susceptible and they are less likely to have the ability to phone home for security updates.
Microsoft's track record is horrible, and it's complicated by the fact that they not only make it a hassle to get updates, but there's often little incentive in the way of new features or assurance that it won't break something. Window's security problems may also stem from the history of the OS not putting a priority on networking and therefore, security (remember Bill saying the Internet was a fab and just a home-shoplifting-network?).
As they wrapped up the video they did admit that this little kink is going to be the determining factor in whether or not it's a useful design. "Why can't they just tap some of the power off the input shaft to manage the control rods?" I thought. Then it occurred to me, the speed would need to be continuously variable, and that's the whole problem they're trying to solve. So, what we have here is a continuously variable mechanism, so long as we can already provide a continuously variable mechanism. (all his D-Drive needs to complete it is, another D-Drive, which would of course need another D-Drive....) Sounds terribly recursive to me. But he didn't go into any detail as to the requirements of this control system, but from what I can tell, it needs to be continuously variable also. He dismissed it as being easy to achieve with something such as an electric motor, which one could argue the same is true of his entire invention...
You are exactly right. If you look at how a traditional automatic transmission works, it's pretty much the same as his model (planetary gears, and basically the same as his 'control shafts'). The difference being that he moved the problem of using friction clutches on the control shafts, to electric motors hanging off the back of his model.
The leap of faith here is that the control shafts have little load, but in reality if you were to reach out and grab that output shaft and try to stop it, the torque would back right up his control shafts.
The video is a bit sensationalistic, but if you go back and watch it with the audio off, you can see that it's actually a simple gear system. He's designed away the problem of variable power in his control shafts and seems to openly acknowledge that it's another engineer's problem to figure that out.
I just don't see how he could patent something so simple, to be honest. There are already 17,000+ US (I know he's an Aussie) patents on planetary gear transmissions from my quick search.
I was really hoping the Slate would at least get a little competition with the iPad going. Competition drives innovation.
It seemed pretty obvious to me, though, that creating a neat piece of hardware is only half (maybe even less) of what's important. The OS, software, app-store, etc. really give the iPad its strengths. It's a 'closed' platform, but doing so ensures quality and battery-life (no Flash, only hardware based video decoding).
Throwing Windows 7 Home Edition onto the Slate seemed like a ridiculously lazy thing to do, and overkill. Apple's tack at treating the iPad as an information appliance and not a computer gives it focus and makes it very good for what it was intended to do.
Still, like those who love Android over the relatively simpler iPhone, I think there's a market. Trolling the forums certainly turns up a lot of users who want a touch tablet but bristle any time an iProduct or Apple is mentioned.
I followed the event online, it was very strange (check out that ugly ass bus!) The presentation right down to the clothes was odd. The phones are pretty ugly (imho) and the packaging looks like cheap body spray would be inside.
The interview was also interesting. My favorite quote:
Bach: From a marketplace standpoint, there's certainly a video and music marketplace. There isn't an app marketplace...
In other words, they don't have the money or effort to create a competitive app store, but it's a hell of a lot easier to sell the existing catalog of video and music.
Keep in mind this was only 2 year project (can't find the reference to that again, though...) and might have had some financial backing from the big social sites which are featured on the phones (Twitter, Facebook, and MySpace). They are basically simple, cheap phones for teenagers (they mention giving them to a 13 and 17 year girls to use).
I doubt it would be as much of an issue if Adobe could make Flash not send the cpu to 100% at times, crash (often taking the browser with it), and be insecure (by coincidence, Adobe Acrobat/PDF is the other popular attack vector).
Most people probably blame Apple each time the browser crashes. Imagine putting this same crappy implementation of Flash on a mobile device and having the device's batteries run down fast, it gets hot, and crashes a lot. Apple can read the writing on the wall, and they say "Do not want!" Adobe ran out the clock when given the chance to fix Flash. So Apple says, "Too bad, with an open alternative we'd rather support HTML5 instead of Flash."
I would also have to imagine that Adobe could have done more over the years evolving Flash into an open standard, being either what we now call HTML5 or something else. Having to use their closed proprietary, buggy, insecure plugin sucks.
When Apple introduced iPhone OS 4 with Ad support, it seemed to be another big gotcha: do we allow Flash? If we do, you know the ads (which users are already going to hate) are going to crash, use up the batteries, etc. I don't think Apple had a choice but put down the hammer and say, no, we're going HTML5 only. It's a no-win for users, developers, and Apple.
What are the benefits of having Flash supported? Well, there is existing content that uses it... Games, ads, and skinned video players, mostly. The games are keyboard and/or mouse/pointer centric generally, so they are sort of useless. Ads, well, most people wouldn't mind those going away anyways. Videos sites like YouTube are migrating to HTML5, but there are some other niche video sites (*cough*) that are Flash-only. Lastly, sites that are entirely Flash or use Flash for embellishment generally should have a static equivalence when the plug-in isn't available anyways.
That said, I'd still like the option of trying Flash on the iPhone or iPad, but still many people who might opt-in if such a thing existed would still blame Apple for the problems it causes, so I can understand how Steve might take the hard line on this.
It might be interesting to see what would come out of such a lawsuit, but as others have stated, I can't think of a legitimate reason why Adobe could sue unless there is some contract between Adobe and Apple we don't know about?
Slashdot Mirror
In defense of Rails, this isn't a bug, vulnerability, exploit or weakness of RoR its self. The "update_attributes" functionality on a model (which writes new values to a database row) has to be used very carefully. Anybody worth their salt with RoR should know that. If you blindly pass a unsanitized/unfiltered hash directly from the submission from a user to update_attributes, you are definitely asking for trouble and/or are lazy/ignorant at best, imho.
There's a certain element of quality of life to be taken into consideration, too. My father died of brain cancer but participated in a study to see if an unusually higher use of chemo might improve the odds of survival. It's hard to say if the cancer or the drugs were what caused more suffering. Being really, really sick can sometimes be worse than death I would have to believe, especially if the odds for recovery are slim. So while the "why not give it a shot?" attitude has a certain bit of logic to it, it still gets a bit more complicated than that from an ethical point of view.
Seems that users who are too lazy to upgrade their default browser might be the same people who would rush through the test just to get the Starbucks gift card or whatever the incentive was. This compared to somebody who is OCD who has to use the latest nightly build of some obscure browser.
Rotate admins between systems/responsibilities and have a third party do random audits.
In the end, logs can be falsified and nasty activity hidden. You have to trust your admins at some point. At least by rotating admins they can basically keep an eye on each other and cover for each other as needed. As an IT guy for a small company, I welcomed having others that I trust do some IT stuff for me while I'm busy or gone. Be wary of admins who get defensive when asked to allow somebody else to take over for them from time to time. Admins who feel they need 'job security' or are allowed to 'play' on their own too much can be dangerous.
As a CS prof told us, "You'll spend the first year of your job trying to get root, and the rest of your career trying to get rid of it." ;')
Lastly, if you are paranoid, do random third party audits. I've been through a few detailed audits, and I actually enjoyed having an outside source confirm I'm doing things right (or wrong). They can actually be empowering as they can justify an increase in IT budgets that otherwise would be a hard sell. Again an admin who goes apesh!t at the idea of having somebody else check their work is a bad sign.
Anybody who has used Stumble Upon (or similar) knows how much people swipe from other sites to put on their own to make money from adwords and the like. I even Stumble Upon'ed a picture I took of my own cat that somebody found from my personal site and put captions on and published. It was ranked #7 in the top 100 on the site which I found rather amusing.
We may not be doing lots of long-hand calculations on paper, but we certainly do use the concepts of set-theory, calculus and general math every day. When it becomes a necessity to keep tabs on, say, how much money you have in the bank, or understanding what the speedometer in your car means, or that jumping off a cliff will mean you accelerate until you hit the bottom, you stop thinking of it as 'math' and as just common sense. And while I admit to being a bit of a nerd, I may not sit down with a math book, I do enjoy some aspects of physics and it becomes more fulfilling to at least have a rough understanding of the math in the books I read or the lectures I watch.
It sounds simple that American companies could 'fix' the problem of China's poor working conditions, but in reality that job belongs to China its self. Besides, say you assemble devices in the US instead of China. What about the parts in them? OK, manufacture and make the parts in the US. What about the materials to make the parts? Oh, well, we can try to be completely self-reliant on rare-earth metals and the like, but it just isn't a realistic concept. It's a global economy and China needs to take care of its own people, it's not up to American companies to do that.
And, thankfully, content providers still want their stuff to work on computing devices (like iPhones and iPads) that don't support Flash and so are providing non-Flash alternatives. That's not just good for Apple customers, but everybody in the long run.
Unless the person applying for the patent wrote in the additions to Linux to begin with, wouldn't the fact that the functionality exists be proof of prior art? In other words, Linux has features included for the purpose of being used. Even if the features were used in an unusual combination, the fact that the features are able to be used in such a combination meant that the authors intended for there to be such flexibility for that to happen, and therefore even if not physically done before, at least the general idea and concept had been thought of and implemented in code... therefore prior art.
I understand there's probably more to the patent, such as hardware design and such, but I just find it interesting that somebody could patent, even in part, the functionality in Linux.
I bought World of Goo and let a few of my friends copy it. I wanted to be nice and give some payback to 2D Boy, so I bought some 2D Boy tshirts (they are fairly expensive, btw). That way they got some payment for the 2-3 friends who I let borrow the game, but I get something practical instead of a few more useless discs and packaging. Technically, though, I guess I still pirated the game (or at least let my friends pirate it)?
I'm guessing that most of the 'pirates' who really are downloading the game for free and not giving anything back are folks who played about 10 minutes of the game and junked it. Or gave something back in some other way. Still though, 90% seems high. Where did they get that number from?
Anyways, it's the same old argument that's been kicking around for years. Because somebody downloaded it for free means it is a 'lost' sale? Hardly. I know friends who got obsessed with downloading gazillions of MP3s off the 'net, most of which they probably will never listen to. They never would have purchased most of them anyways.
Reminds me of the crashed flying saucers that were recovered at Roswell which was truthfully reported by the military and then later called a weather balloon. For the interesting story from a physicist, check out lecture Tue 3/6/2007 of Physics for Future Presidents:
Lectures of Physics for Future Presidents, Spring 2007
(Spoiler: no aliens, but still interesting.)
That makes sense, but I would argue that that output may not be under GPL, but the output is providing a service to the (presumably) public. Therefore, the GPLed code and theme should be open-sourced as the argument would go.
What do you mean by "providing a service"?
IANAL, but my interpretation is that under the terms of the GPLv2 (thanks for clarifying that WP was under that license), there's no onus on a person running a GPLed program on a server to provide code unless they distribute code.
Now if you're talking about "service" as in Software as a Service, then yes, many people including the FSF believe that people should be privy to the software that they run, whether the software is running on a personal machine, on a remote piece of hardware, or even running on a virtualized server. But that's a philosophical argument, and doesn't have any direct bearing on the GPLv2.
OK, what I mean by a 'service' is providing remote access to the binary app, but not downloadable, per say. Sorry, not clear, I'll explain.
Say you provided copies of binaries. That would be a violation (WP/theme issue aside, just modified GPL code for this argument), right? Say, instead, you simply kept the 'privately modified' GPL app on a server but allowed the world to HTTP/SSH/Telnet/etc. to use the app. That could be seen as the same thing. You are supplying useful access to the binary.
Here's another practical example: What about you remotely access modified GPL code, but it was in a box. Say a Linksys router you purchased? But that's a 'server' of sorts. How does it differ from a remote server? Same thing. It's basically a locked down thing you can put wherever you want in your home, but isn't that still violating the license? Say, they gave the routers away for free, for whatever reason, does that get around the issue. No, of course not.
I'm not sure if it matters, but WP is under GPLv2.
Thanks for clarifying.
Anyways, I was thinking of the case where I take the GPLed sample config file and customize it (which is where the authentication keys, database login creds and other info are). It seems as though technically, that file (when used for a public web site) would need to be open sourced since it is a derivative work and I don't see an exception in the license for that file.
First, you don't distribute the config file (at least I hope you don't!), nor do you distribute code from within it. As a result, if there's no act of distribution, there's no need for the distribution clauses of the GPLv2 to kick in.
Second, even if the license were AGPL, you don't have to distribute your authentication keys, login credentials, and other site-specific data along with the code. You just need to provide the code necessary for someone else to run the code with their own data.
Right, true on both points. The curiosity is that a GPLed config file may be required to be open-sourced when it doesn't fall under the 'does not have to be open-sourced if for private use' clause. I have since read/learned that configuration settings may very well fall outside of the scope of modifying/innovating a project. Thankfully my /etc directories on my servers seem safe. ;')
But, interestingly, distribution may be moot if the web site running the GPLed code is publicly accessible. The GPL FAQ says:
Thoughtful reply, thank you!
The GPL is a copyright license. As far as WordPress goes, the GPL is covering the code at the heart of WordPress and any derivative works of that code.
I'm not a lawyer and haven't spent much time analyzing this particular case (the WordPress engine + themes), but even if the WP templates are derivative works, I don't see a problem here.
The WP templates aren't directly being distributed when they're used on a website. What's being distributed is the output of running the PHP theme code. Note the following from the GPL FAQ:
In what cases is the output of a GPL program covered by the GPL too?
Only when the program copies part of itself into the output.
Though the themes may contain PHP code that is tightly coupled with the WordPress code, I believe that the simple HTML markup generated by ( WordPress + theme ) is quite separate.
That makes sense, but I would argue that that output may not be under GPL, but the output is providing a service to the (presumably) public. Therefore, the GPLed code and theme should be open-sourced as the argument would go.
BTW- I wonder about the config file. To be legit, do I have to release my authentication keys, too?
Even if you were to release code online using the AGPL, you wouldn't have to release your personal keys. Per the GPL FAQ again:
I use public key cryptography to sign my code to assure its authenticity. Is it true that GPLv3 forces me to release my private signing keys?
No. The only time you would be required to release signing keys is if you conveyed GPLed software inside a User Product, and its hardware checked the software for a valid cryptographic signature before it would function.
In that specific case, you would be required to provide anyone who owned the device, on demand, with the key to sign and install modified software on his device so that it will run. If each instance of the device uses a different key, then you need only give each purchaser the key for his instance.
I'm not sure if it matters, but WP is under GPLv2. Anyways, I was thinking of the case where I take the GPLed sample config file and customize it (which is where the authentication keys, database login creds and other info are). It seems as though technically, that file (when used for a public web site) would need to be open sourced since it is a derivative work and I don't see an exception in the license for that file.
IANAL, but it seems as though all end-users creating custom themes may be breaking the license terms?
BTW- I wonder about the config file. To be legit, do I have to release my authentication keys, too?
Chipworks had some interesting eye-candy die photos and a breakdown of the iPad and A4 for those who haven't seen that yet:
iPad Teardown
True.
One argument that seems to come up over and over again when the topic of security comes up is that Windows is targeted because it's more popular. The fact is that modern networked equipment, from routers to printers to VoIP gateways, to gaming consoles, to cable modems, to smart phones, etc. run an OS with a network stack. Often many of these devices go for years without patches. I would argue that there are more non-Windows based networked computing devices than Windows PCs. I would also argue that hackers would love to sink their teeth into all those identical game consoles and other devices so they can skim CC #s and do the usual botnet activities of spam and DoS attacks.
Yet, it's rare that we hear of an exploit for those devices, while at the same time, it's so common to have a Windows computer get infected with something that it's almost considered a normal occurrence. From one point of view, it could be seen that Windows PCs have more general utility and therefore more security risks, particularly for attacks that rely on the user to do something to enable the attack. But, on the flip side, lots of identical appliances only need one attack vector to make them all susceptible and they are less likely to have the ability to phone home for security updates.
Microsoft's track record is horrible, and it's complicated by the fact that they not only make it a hassle to get updates, but there's often little incentive in the way of new features or assurance that it won't break something. Window's security problems may also stem from the history of the OS not putting a priority on networking and therefore, security (remember Bill saying the Internet was a fab and just a home-shoplifting-network?).
As they wrapped up the video they did admit that this little kink is going to be the determining factor in whether or not it's a useful design. "Why can't they just tap some of the power off the input shaft to manage the control rods?" I thought. Then it occurred to me, the speed would need to be continuously variable, and that's the whole problem they're trying to solve. So, what we have here is a continuously variable mechanism, so long as we can already provide a continuously variable mechanism. (all his D-Drive needs to complete it is, another D-Drive, which would of course need another D-Drive....) Sounds terribly recursive to me. But he didn't go into any detail as to the requirements of this control system, but from what I can tell, it needs to be continuously variable also. He dismissed it as being easy to achieve with something such as an electric motor, which one could argue the same is true of his entire invention...
You are exactly right. If you look at how a traditional automatic transmission works, it's pretty much the same as his model (planetary gears, and basically the same as his 'control shafts'). The difference being that he moved the problem of using friction clutches on the control shafts, to electric motors hanging off the back of his model.
The leap of faith here is that the control shafts have little load, but in reality if you were to reach out and grab that output shaft and try to stop it, the torque would back right up his control shafts.
The video is a bit sensationalistic, but if you go back and watch it with the audio off, you can see that it's actually a simple gear system. He's designed away the problem of variable power in his control shafts and seems to openly acknowledge that it's another engineer's problem to figure that out.
I just don't see how he could patent something so simple, to be honest. There are already 17,000+ US (I know he's an Aussie) patents on planetary gear transmissions from my quick search.
It appears to be some sort of test suite. It's hard to read, but the small type at the bottom appears to say:
Start Time: Run Bonfire!
Test: Run Bonfire!
Iteration: 0
Action: Run Bonfire!
Battery: 3 percent
(build # or something?) Root - Inf. 1.0
Probably a phone taken from a test bench or something.
I was really hoping the Slate would at least get a little competition with the iPad going. Competition drives innovation.
It seemed pretty obvious to me, though, that creating a neat piece of hardware is only half (maybe even less) of what's important. The OS, software, app-store, etc. really give the iPad its strengths. It's a 'closed' platform, but doing so ensures quality and battery-life (no Flash, only hardware based video decoding).
Throwing Windows 7 Home Edition onto the Slate seemed like a ridiculously lazy thing to do, and overkill. Apple's tack at treating the iPad as an information appliance and not a computer gives it focus and makes it very good for what it was intended to do.
Still, like those who love Android over the relatively simpler iPhone, I think there's a market. Trolling the forums certainly turns up a lot of users who want a touch tablet but bristle any time an iProduct or Apple is mentioned.
Would the economy be OK now? Just asking.....
Maybe if Alan Greenspan was the one obsessed with pr0n...
I found this an interesting watch: Frontline: The Warning
sounds like a real baaad idea to me.
I followed the event online, it was very strange (check out that ugly ass bus!) The presentation right down to the clothes was odd. The phones are pretty ugly (imho) and the packaging looks like cheap body spray would be inside.
The interview was also interesting. My favorite quote:
In other words, they don't have the money or effort to create a competitive app store, but it's a hell of a lot easier to sell the existing catalog of video and music.
Keep in mind this was only 2 year project (can't find the reference to that again, though...) and might have had some financial backing from the big social sites which are featured on the phones (Twitter, Facebook, and MySpace). They are basically simple, cheap phones for teenagers (they mention giving them to a 13 and 17 year girls to use).
I doubt it would be as much of an issue if Adobe could make Flash not send the cpu to 100% at times, crash (often taking the browser with it), and be insecure (by coincidence, Adobe Acrobat/PDF is the other popular attack vector).
Most people probably blame Apple each time the browser crashes. Imagine putting this same crappy implementation of Flash on a mobile device and having the device's batteries run down fast, it gets hot, and crashes a lot. Apple can read the writing on the wall, and they say "Do not want!" Adobe ran out the clock when given the chance to fix Flash. So Apple says, "Too bad, with an open alternative we'd rather support HTML5 instead of Flash."
I would also have to imagine that Adobe could have done more over the years evolving Flash into an open standard, being either what we now call HTML5 or something else. Having to use their closed proprietary, buggy, insecure plugin sucks.
When Apple introduced iPhone OS 4 with Ad support, it seemed to be another big gotcha: do we allow Flash? If we do, you know the ads (which users are already going to hate) are going to crash, use up the batteries, etc. I don't think Apple had a choice but put down the hammer and say, no, we're going HTML5 only. It's a no-win for users, developers, and Apple.
What are the benefits of having Flash supported? Well, there is existing content that uses it... Games, ads, and skinned video players, mostly. The games are keyboard and/or mouse/pointer centric generally, so they are sort of useless. Ads, well, most people wouldn't mind those going away anyways. Videos sites like YouTube are migrating to HTML5, but there are some other niche video sites (*cough*) that are Flash-only. Lastly, sites that are entirely Flash or use Flash for embellishment generally should have a static equivalence when the plug-in isn't available anyways.
That said, I'd still like the option of trying Flash on the iPhone or iPad, but still many people who might opt-in if such a thing existed would still blame Apple for the problems it causes, so I can understand how Steve might take the hard line on this.
It might be interesting to see what would come out of such a lawsuit, but as others have stated, I can't think of a legitimate reason why Adobe could sue unless there is some contract between Adobe and Apple we don't know about?
To avoid a few apps that misbehave, apple now thinks that it should not allow multitasking at user level at all!
I think you forgot that Apple already tried co-operative multitasking on early Macs. It didn't work so well...