>and that they haven't even *released* a finished >client for the Mac!
Interesting you mention this, since Distributed.net did recently release a new Mac client (finally), one that is capable of running CSC. However, what is ironic is that you promote dcypher, which I would love to run, but a quick look at their clients shows no MacOS client, nor even a LinuxPPC client. In fact, it does not seem that they have a non-x86 platfom mentioned.
You're right. I missed the fact that distributed.net actually released a final client and not the buggy and barely workable beta clients they'd let the Mac users have as a stopgap measure. Still, the fact that CSC had already hit 85% completion by that time (whatever 85% means in distributed.net land) says something.
You mention that Dcypher is running CSC about 2.5 times faster than Distributed, but fail to mention that Distributed has RC5 running about twice as fast on Altivec-based MacOS machines. Can you imagine a Dcypher-based, Altivec-aware CSC client? Well, it will take imagination since they do not have one.
Yes, I realize that Dcypher is working with only a few coders and is trying to get a Mac client out the door, but at the rate they are going at, do you really thing they will get one out before CSC is done?
No, I'm sure they won't get one out before CSC is done...but you have to realize two things. First off, not only does dcypher have fewer coders, and no Macintoshes to work on (anyone at Apple want to lend them one?), but they have so far done a much better job than distributed of actually optimizing the hell out of their clients--hence 2.5 times as fast--which, of course, means it takes longer to write a port for a completely different architecture. But more importantly, unlike distributed.net, they didn't already have a mac client to upgrade. Updating an existing client to support a new contest, and completely writing an entire client from scratch, are simply not comparable tasks. I'd wager that dcypher supports more OS/architecture configurations now than distributed.net did 2 months after launch, and that they'll continue to expand their list as quickly as they can.
For a web page that so often has such an anti-monopoly, anti-Wintel stance, Slashdot's hatred of Distributed and love of Dcypher seems strange.
Here we really disagree. (For one thing, I fail to see how you can identify dcypher as a "monopoly" and distributed presumably as the nimble and superior underdog, but I digress.) First off, if I were to characterize what/. really supports, it wouldn't be Linux, or alternate platforms, or even open-source--and it certainly wouldn't be "anti" anything. Rather, I frequent/. because the community seems to promote above all solutions that work, no matter if they're the most popular. By this criteria,/.'s continued support of distributed over dcypher (and yes, when/. posts a bug report for distributed, but doesn't post the existence of an entirely new project for dcypher, they're supporting distributed) is pretty hard to defend.
While I really really want to like distributed, and they're certainly the pioneer in the field, they've simply screwed up too many times recently to be considered a solution that works. And even without the screwups, I have to say that distributed.net doesn't meet the "/. test" of something that works. Their CSC core, despite being months late, simply does not work--when speed is the only relevent criteria, 40% == broken. And their stats, which are the core of their webpage, even if they managed to be accurate, are similarly broken: once a day updates that require 2 hours of downtime are simply not acceptable. And it's been months and months since they announced that they'd do OGR, killing the existing project--and there's still no OGR core in sight.
When an upstart project with 1 client coder and 1 web coder can produce a product which fixes all three of these ridiculous flaws--substandard cores, once-a-day stats, and preannounced new projects that take a year to be released--then that really says something.
Anyone who's been following their.plans for the past month and a half or so knows that this is just the latest in a ridiculous string of fuckups. While they haven't lost any blocks (yet), they've had stats down for days at a time, screwed up participant ID's, and misplaced and miscounted blocks left and right. True, none of these incidents has been too big a deal, but when you have to check the d.net.plans every day just to make sure you still belong to the same team, something's amiss.
Wait--did I say this was the latest in their string of fuckups? Well guess what--as several hours had passed without a new bug report coming out of distributed.net, wouldn't you know it, now it turns out that they haven't actually completed 91% of the CSC project after all.
Yep, you read that correctly. Oh, but don't worry--it's not a bug, it's a feature. For those of you who won't take the time to click on the last link, here's how dbaker's latest.plan update begins:
As we near the 100% mark of CSC keyspace completion, I think it's time to explain what that CSC statistics mean, and how they are determined.
It is perhaps a common misconception that each CSC work unit completed is unique...
He goes on to describe the fact that they've implemented redundancy checking to weed out hacked clients with the CSC project--a very good if a bit overdue move (although perhaps they could have disclosed this earlier?)--and that they've decided to give everyone full credit for all their blocks, even redundant ones--also a good idea--and so therefore there's obviously absolutely no way that they could avoid the actual keyspace being more than 100% of the reported "keyspace". Obviously. And this was the plan all along. Which is why they even wrote up not one but two new scripts which (falsely) calculate that the "keyspace" will be exhausted in only 2 days now. Obviously.
And of course it's perfectly fine that they just hoped that the project would get solved before it his 100%, so that they wouldn't have to inform their users that they've implemented redundancy checking. And no, they're not going to tell us how many percents are actually in the keyspace (105%? 110%?), or how many days it will actually take before we check all the keys and get to find out if they've somehow managed to fuck up yet again. Why should we be entitled to know silly information like that??
Meanwhile, dcypher.net has sprung up, and, in only a couple months, and with what certainly seems to be fewer people working for them than distributed.net has debugging their database they've:
come out with a CSC client which is 250% faster than distributed (on x86, at least).
Yes, that's 2.5 times as fast.
had stats which (gasp!) don't break or have new bugs in them every couple days and (gasp!) don't have a 2 hour scheduled downtime to update every night and even (gasp!) update in real time, almost like real databases do!
started the Gamma Flux project which, while not personally my cup of tea, is certainly the first distributed computing project which is actually useful (it helps calculate ideal containment solutions for nuclear waste).
promised to pass on the entire share of the CSC winnings to the person who wins, as opposed to distributed.net's 20% (10% if you join a team).
But what finally pissed me off the most was reading this post earlier in this thread from Decibel at distributed.net, in response to an admittedly pretty hostile post from Armin Lenz at dcypher.net, in which he has the gall to imply that dcypher shouldn't have done CSC at all because distributed had "announced" that they intended to work on it soon after the contest was announced, way back in May. Of course, Decibel doesn't mention the fact that they didn't launch the project until November 17, 2 weeks *after* dcypher.net, and only then with a broken client (yes, a brute force program that's 2.5 times slower than it should be is certainly broken), and that they haven't even *released* a finished client for the Mac!
And furthermore, he doesn't even understand that making the argument that "we announced first" isn't likely to garner too much respect at/. Guess what, Decibel--there's a word for preannouncing programs months before you plan to release them so as to scare off any potential competitors. It's called "FUD", and it's a particularly disgusting kind; in fact, even Microsoft's backed off a bit from that sort of thing lately.
And despite all that, he still says "we did CSC because it was relatively easy to add". Well I'd hate to see how badly they can screw up a project that's a little "hard".
I'm hoping I won't get the chance with OGR. Despite everything, I think OGR is a pretty cool project, and I just might be persuaded to stick with distributed.net if they (finally) come out with their OGR client, and it works, and isn't orders of magnitude slower than competing clients, and they fix their stats and get their act together. I suppose in the end I was always a sucker for the moo.
But distributed has a lot of lost trust to earn back.
Dunno if this counts, but Boris Yeltsin just resigned about 10 minutes ago as President of Russia. Offtopic, right? Well...maybe it's just me, but has anyone else noticed that he looks remarkably like a (poorly-debugged drunken) cyborg??
And after all, if the Russians can't be trusted to fix their nuclear missile launch systems for Y2K, why do we think they would waste their time on a non-critical system like Yeltsin? And for him to malfunction like this, with just...lemmee see...42 minutes to go before the next millennium hits er, the uninhabited Pacific island of Karibata??
Coincidence???
Eh????
On a somewhat related note (failed early cyborg prototypes?), Larry King is about to kick off CNN's 100 hour coverage of the new millennium with an in depth interview on what the next 1000 years will bring with our favorite visionary...Bill Gates.
WIN2000 will still run under WIN32, no? WIN2000 will still run under DOS, no?
Disclaimer: I'm probably wrong, so flame me before I mess up again.
Yes, you are wrong.
If MS used normal version numbers instead of marketese, Win2K would be Win NT 5.0. (Well, actually it would be NT 3.0, because the first NTs were called 3.x so as not to have a lower version number than the then current Windows 3.x IIRC. But I digress.) Windows NT has never been based on DOS, even in 93 or 94 or whenever it was that it first came out. Indeed, that's what the NT stands for--not anything to do with NeTworking or something, but rather "New Technology": i.e. no DOS. If anything, the worst that can be said of NT is that it's the bastard stepchild of VMS, simply because the lead designer for NT was the guy who did VMS (forgot his name)...but the similarities aren't that deep, and besides, I'd much rather base my OS on VMS than DOS.
Now, Win32 will still run under W2K (not the other way around; NT actually has a relatively small kernal space on top of which several different architectures--Win32 is one, their POSIX-compliant (mostly) architecture is another--run). But from what I hear, Win32 isn't usually the cause of your crashes in Win9x; it's the fact that Win9x is still burdened by trying to support Win16 and DOS, with their abhorant memory addressing schemes among other things, that causes much of the trouble.
Hope that clears all that up.
In any case, it doesn't really go to the heart of my point. What I meant by patched-up 3 year old software was just that there's a big difference between a new release and and old release with a service pack on top. Service packs tend to be cruft-filled conglomerations of bug-fixes that may or may not introduce more bugs than they stop, and which, in any case, never represent a from the ground up examination of the main code. While WinNT 4 SP6 may be an improvement in many ways over vanilla WinNT 4 (although not if you want to run it on low-end hardware), for the most part NT has been treading water since it was released. Win2K may still have leftover 7 year old NT 3.51 code for a lot of its innards...but so what? Solaris, IRIX, Tru64, *BSD, and any other real Unix is still based on leftover 30 year old code (and Linux is largely composed of leftover 8 year old code that was a reverse engineer of 30 year old code!); you wouldn't call any of them "patched-up 30 year old software."
While it may introduce a whole slew of new bugs and cruft (although most everyone's experience with the public beta, especially once they got to release candidate status, has been quite positive on the stability front), my main point is that Win2000 introduces many important new features and usability improvements, as well as the added stability that comes from having a fully tested new release as opposed to yet another stop-gap service pack.
Now, for running a firewall or a mail server on a cheap old machine, of course Linux (or FreeBSD) is still the only choice. But, believe me, that's not the sort of thing that got Linux all this hype as "the OS of the future"--important though that stuff is, it ain't glamourous. For a multi-purpose server, the choice has now gotten tougher--there's no question that Win2K is a major improvement over NT 4, which has several important advantages over Linux anyways (and many deficencies).
Win2K is worthy competition. Most/.ers will still prefer Linux for most stuff, and for many good reasons, but W2K will stop many others from switching to Linux, and they'll have good reasons too.
Anyways, I think it'll just serve to make Linux improve faster in the long run. But you're kidding yourself if you think Win2000 isn't a significant hurdle on the old road to World Domination (tm).
Haven't taken the time to read the report yet, but I have to say that if the synopsis here is accurate, I'd tend to agree. But I'm assuming that the biggest reason Linux'll fall out of the "next-big-thing" spot is not just because all hype runs its course (although that'll have a lot to do with it), but because of Win2000.
And it's not just because, come Feb. 17, the same clueless media types babbling about Linux today will be talking up Win2K equally cluelessly. Hate to say it (well actually I don't hate to say it at all), but from all reports it looks as if MS has finally put together a competent OS. Now that they've reportedly fixed most all of the glaringly laughable faults of NT 4 (low uptime under strenuous use, DLL hell, forced reboots after minor reconfigurations, etc.), Linux will have to compete more on philosophical issues--open vs. closed source; full control and modularity vs. one consistent interface--than on obvious superiorities.
Frankly, folks, we have to realize that a big part of the reason Linux got its day in the sun this past year-and-a-half is because NT 5^H^H^H^HWin2K was about...a year-and-a-half late. Now, I think in that time Linux has made some important and irreversible changes for the better in the computer industry. For one thing, you can bet that without any credible server-side competition, Win2K would be a lot less polished than it will be now, and that's a change for the better. For another, I think even MS has to think twice nowadays about trying to fool the public into adopting new, closed standards (witness their recent support of XML in Office 2000 and elsewhere). Finally, I think the old "you can't get fired for buying Microsoft" climate is beginning to be questioned in many if not most companies.
But, suddenly Linux won't have the advantage of competing with patched-up 3-year old software. Now, on the other hand, three years from now Win2K will probably be on SP 6 or 7, awaiting the next much-delayed overhaul, while Linux (or perhaps some other free unix-alike? HURD perhaps??) will be chugging along with its steady organic improvements.
But for the next little while, Linux will have some real competition. And, while it may slow up corporate adoption in the short term, that's a Good Thing. I know most all of us here believe in the superiority of open-source development. Now it'll have the chance to really prove itself.
Yes, if you can copy it, you don't need to read it.
However a lot of piracy concerns would be over other formats (eg MPEG) that are more easily copied/downloaded, and you do need to decrypt to put the data into those formats.
Yes and no. Perhaps the funniest thing about this whole story (although with a story as absurd as this, it's hard to choose) is that according to this article over at 2600, a program already exists precisely to save DVD video in other formats. In fact, it's been around since 1997.
Of course you're right that the data has to be decrypted before this can happen. But, of course, the data is decrypted before it's sent off to your video driver, which is exactly where this hack sits. So even without DeCSS, pirates can make both bit-for-bit copies and format conversion copies of any DVD they want, provided they have a licensed DVD decrypting player to begin with.
On the other hand, I can't seem to find a copy of this program (in 5 minutes of searching), but the point is that, just like with all those SDMI proposals to steal back digital music...as long as it has to be sent to open hardware--your video card in this case; your sound card in the case of digital audio--it can be copied. When they start getting closed hardware inside your box--like they have with the advent of DVD players--then it's time to start worrying.
If anything deserves to be moderated up in this godforsaken thread, it's this post--I've been looking for a functional mirror on and off all day. Not that I expect this movie'll be all that good, but I keep getting timed out from the mirror at Newgrounds and at this point I just want to see what I've been wasting all this time on. But, since I don't have any moderator points, I guess the least I can do is give it my +1 bonus.
--begin repost-- Alternate vendetta link - same codec (Score:1) by localman on 01:03 AM December 19th, 1999 CST (#231) (User Info) http://www.binadopta.com/
Hey all. I'm (one of) the idiot(s) responsible for Vendetta. I'm currently visiting family, and my server is on the other side of the country. It is dead. There is another copy of the entire film at my machine at work - we'll see how long that one survives. I am truly sorry about the sorenson thing - I had no idea anyone would watch it at all, let alone the entire slashdot community. If anyone can convert it to another format, they are welcome to do so. Peace, Happy holidays, and thanks. --end repost--
I know the Willie Horton issue was raised initially by a Democrat; I believe (but could be mistaken) that it was Al Gore's campaign that used it first.
Yes and no. Mostly no. As explained about a month ago in thi s little article in Slate, Gore was in fact the first person to bring up the Willie Horton issue--that a convicted murderer had raped someone while on a state-sponsered furlough from prison, and that Dukakis had not immediately cancelled the furlough program. Which, as the guy in Slate notes, was a salient point to make.
But what he didn't do was saturate the airwaves with sensationalistic commercials that played on white America's racial fears, which is what the Bush campaign did. In fact, he only brought up the issue once, at a debate, and didn't mention the fact that Horton was black, or even mention him by name.
The reason the Willie Horton ads marked a lowpoint in American democracy wasn't because there wasn't a substantive issue there--there was--but because the Bush campaign paraded the image of the "scary black homocidal rapist" around to draw the votes of skittish whites. It was absolutely racist marketing, and it worked.
On the other hand, nowhere in the Slate article does it give George W. any particular credit for the Willie Horton ads, so they may have had little to do with him.
The distributed.net network is currently crunching keys 8 times faster than dcypher.
That's because the distributed.net network currently has over 15 times as many computers working on it than dcypher.net. (Compare here and here; I compared the number of clients which reported in the last day, since I figure that's the most relevent number to compare to current keyrate.) Furthmore, I'd guess that since dcypher.net is so new, distributed has an even higher proportion of the big-iron/large subnets working for it.
I waited, patiently, for over 6 months for distributed to come out with a new project--and when they release OGR, I'll probably come back. But after seeing my dismal keyrate running their CSC core, I decided to give dcypher.net a try.
On my machine (PII-350), the dcypher.net client is roughly 250% faster than distributed's CSC core. It's CSC keyrate is even about 10% faster than my rc-5 keyrate was with distributed.
Furthermore, their stats engine updates in real time, instead of distributed's absurd daily updates during which stats are completely down for an hour and a half. While both web sites are pretty poorly designed, distributed.net has been at times nearly unnavigable (this is getting a bit better).
But the important thing is, dcypher has accomplished all this and they've been around for a month! I can't imagine how you guys can complain about the fact that it took dcypher an extra 3 weeks to come out with a Linux client when it's taken distributed, a much larger organization with presumably much larger resources, months and months to build any clients at all for CSC or OGR (and the one they came up with is infernally slow).
At the time of this writing, d.net is the only network which seems to be able to solve this contest in time (remember that CSC is time-limited, any solution found after March 17, 2000 is void).
Obviously, that's just because 15 times as many people are going with the much more poorly coded, less efficient solution. It's more than a bit ironic to find people on/. advocating the use of a particular program even though it's demonstrably substandard, just because a majority of the ignorant masses are using it.
What's worse is that distributed takes the position that since they have so many loyal lemmings, they can release an unoptimized core and it won't matter because enough people will still run it. It's that arrogant attitude that turned me (and, I'd guess, many others) off of SETI@home.
If these comparisons largely depend on the graphics card (and possibly its drivers) instead of the processor, then you are not getting the whole picture.
If these comparisons depended largely on the graphics card, then they would show the same results at all processor speeds. Which they didn't. Ergo, the comparisons don't depend largely on the graphics card. I'm not sure why that was so difficult.
Now, it is true that in one specific case, out of seven benchmarks posted (note that it was *not* Q3:A, which scaled almost linearly with the CPU), the video card was the limiting factor. Of course, that situation is (obviously) liable to happen, and if Tom didn't show that, then he wouldn't be giving you the whole picture.
And, as noted before, the idea that anyone in their right minds would spend $2500 for an 80 pound supercooled computer and play games on it with anything less than the best video card is patently ludicrous.
I guess that's why I'd rather get my benchmarks from Tom than from you.
Indeed, 24bpp is about the limit of the eye's perception for color variations. The 32bpp is to accomidate computers, not people. Modern consumer processors are used to slinging numbers around in 32 bit chunks. At 32bpp, the processor (whether the CPU or the videocard's) can easily address one pixel at a time. In 24bpp, more work must be done to grab to 32bit space enclosing the pixel and then extract the pixel. 24bpp is generally used to try to squeeze a more pixels out of a specific amount of VRAM. In today's market, the monitor is often more of a limiting factor on resolution than the video card's memory is, so most programs just go for the faster 32bpp.
Well, no.
"32-bit color" pixels in games do indeed only have 24-bits of color--8 bits each for red, green and blue. The extra 8 bits are an alpha channel--stuff that gets used for fog, transparencies, that sort of thing. The extra 8 bits are not in any way wasted, and have absolutely nothing at all to do with "modern consumer processors", "enclosing and extracting pixels" or any such thing.
As for the monitor being more of a limiting factor on game resolution than the video card's "memory"...well, you're wrong here, twice. First off, the limiting factor on resolution is the video card's fill-rate--the number of pixels/texels it can push out in a second. The video card's memory is primarily the limiting factor for the resolution of the textures used in the game, which is completely different from the resolution of the game as a whole.
The monitor is a limiting factor for absolutely nothing. Even the fastest Athlon with a brand new GeForce card is barely playable for deathmatch at 1024*768 (playable is defined as around 60fps, and no, that's not even close to overkill). It'll probably take one of those obscene $600 Voodoo5's, which don't come out until March, to run 1280*1024 well. Obviously, anyone who spends $600 on a video card has a monitor which can handle 1280*1024 just fine...
Someone please tell Roblimo to stop posting about Windows viruses. They're neither news for nerds, nor stuff that matters. Slashdot readers are extremely likely to know about the dangers of viruses, and what measures to take to prevent catching them. Most of us just sit and watch in amusement as the MS world infects itself. It really isn't interesting, so why post about it?
I couldn't disagree more. Now, there are lots of reasons why I think this is interesting and worth talking about, but disregarding all of those, the simple fact is that/. is not a Linux site, or even a non-MS site. Even if most/.ers hate their guts, a very large portion of them works with Windows networks as part of their job, and even more are employed at places where most of their coworkers use Windows. Important viruses like Bubbleboy are vital news for a large contingent of/. readers.
Beyond that, Bubbleboy isn't just any old virus; it's the first self-executing email virus, and probably the closest any virus has come to the 'ideal' of infecting a machine despite the user not doing anything wrong (no, running Windows doesn't count). Indeed, your assertion that "Slashdot readers are extremely likely to know about the dangers of viruses, and what measures to take to prevent catching them," is precisely why this story needs to be run--because Bubbleboy turns the conventional wisdom on viruses on its head a little bit. (Of course, one could argue that that's because most viruses don't actually target OS bugs, but rather legitimate functions; in some sense, Bubbleboy is more of an exploit than a virus.)
In the end, I think (and not that I haven't felt like posting "does this really belong on/." posts every once in a while) that, with the possible exception of the decision to interview John Vranesevich, it's usually not too appropriate to second guess the/. staff for posting an article. If you don't find it interesting, don't read it, and post on it. If lots of people don't find it interesting, then there won't be many posts on that subject, and eventually Rob and Roblimo and Hemos will figure it out. Furthermore, if the discourse of whatever posts there are is no good, they'll eventually catch on to that, too. And they'll be less likely to post on that subject on the future.
The thing is, it doesn't hurt you one bit for this article to be here. If the subject doesn't interest you, then fine: move along. But don't automatically presume that everyone agrees with you. Just because (wow--just clicked on your user info) you were around when/. was just a couple thousand strong doesn't mean that you automatically speak for the entire/. community now. Just because this may not have been "the sort of thing that got posted in the olden days" doesn't mean it's not what should get posted now. Besides, I may not have been around as long as you, but I've frequented/. for a decent amount of time, and certainly wouldn't have been at all surprised to see this story, or even a similar but less important one posted, say, a year ago.
I suppose what I'm trying to say is, let the people in charge of/. do their job. I think we'll both agree they make the right decisions most of the time, and when they don't, they're good enough to figure it out on their own.
Ok, first note that I am so far from being a lawyer that it's rather humorous. Oh, and also note that I didn't think of this idea myself; it came from this rather fascinating article in Salon a couple months back. (Yes, it made/. at the time, but only as an update to an article about a new Beowulf for running GP.) And, yes, this is very offtopic.
But basically, the idea is this:
1. A prerequisite for an idea to be patented is that it's not obvious, even to the best experts in the field. That is, there needs to be some flash of creativity involved--some something that no one else can be expected to think of. This is why patents are supposed to be in the public's best interest--better to have the ability to use the idea in a "limited" amount of time (currently 95 years and counting) than to potentially never have anyone else think of it again. In the case of a patent on an algorithm (which covers just about any software patent), it's not enough that the problem the patent solves be novel--indeed, it should be relatively obvious; what needs to contain that unique insight is the algorithm itself. (Yes, this is how it's supposed to work, even though just about all the absurd patents/. links to seem to be precisely the opposite.)
2. A good genetic programming environment--like this one, if it becomes successful--will theoretically be able to come up with an algorithm that implements any "solution" one would feed into it. A great one would even find an *optimized* solution. (Indeed, in the Salon article, it talks about genetic programs which have produced algorithms or schematics identical to 21 existing patents, and one which even lead to the discovery of a new rule in quantum theory!)
3. A computer program, even one that implements genetic programming, is a mechanical process. It is entirely deterministic, and can be simulated by anyone, assuming they have the CPU resources (especially if the program's open source!). Thus, anything this program thinks up cannot possibly be "nonobvious"; a nonintelligent computer just came up with it.
4. Thus, any algorithm this program can duplicate is nonpatentable. It may even be that any old patent this program can duplicate without specific knowledge should be retroactively unpatented, since if it's "obvious" now, it had to have been obvious then; that is, if the machine is not true AI (which of course this isn't), then it's not intelligent always; it's not like it can be "intelligent by 1950's standards but not by today's".
So...an interesting strategy to fight evil software patents. And indeed, perhaps to fight all patents, although of course it's much less obvious how to get a computer to create a non-software process.
Of course, it'll prolly be a ways off before a genetically created algorithm nullifies a patent. Still, I wouldn't be surprised if some time surprisingly soon, the entire idea of patents is very substantially curtailed, if not eliminated, due to this sort of thing...
Re:Greedy Corporate Scumfucks
on
Copyright!
·
· Score: 2
OK class todays essay question is: In a world without IP protection, how do you protect someone from using your code in a commercial product? You can't. OSS seems intimately tied to IP in my mind.
I don't feel like taking the time to refute all the logical inconsistencies you've popped off in this thread, but I figure this one'll be quick, so, what the hell. The answer to this stumper, teach, is that in your world without IP protection, there wouldn't be closed-source products, by definition. As for "commercial" products, GPLed code *can* be used in those. Off the top of my head...lessee, I'm sure I can think of an example. Hmm. Ah yes: Red Hat Linux. I'm guessing there may even be one or two others.
The fault in your syllogism, in case you're interested, lies here: adimarco said "I consider OSS to be a kind of backlash against the current IP model," which, to me at least, seems patently obvious. But instead you conclusively (and quite derisively I might add) shred this little theory of his with the damning evidence that "OSS seems intimately tied to IP."
Well gee. So a backlash against something would be intimately related to that something that it's a backlash against. Imagine.
Of course the GPL (which is what you're talking about here; BSD-style licenses actually aren't tied into the idea of intellectual property at all) is imtimately tied to IP. It was explicitly designed to subvert the closed-source world by taking advantage of the same poorly-thought out laws that up till then had only served to promote closed-source software at the expense of users. Not, of course, to say that the causes are morally equivalent, but this is reminiscent of many of the tactics of the civil rights movement: the NAACP (and others) fought Jim Crow by challenging it in court; they attacked an oppressive legal system by using...the legal system. And, of course, there are lots of other examples of this sort of thing.
The point is, GPL advocates use the GPL as a means to a goal. The goal isn't "a world where no one can make any money in the software business", but rather "a world where programmers have access to all of each others' ideas and code, because that's what works the best." Not to speak for him, but I have a snaking suspicion that in your world without IP "rights", even RMS would release his code under a BSD-type license; there'd be no reason not to.
Despite the suggestion to the contrary in the MSNBC story, gravitational waves have already been shown to exist.
That's all well and good (actually, it was a very informative post), except that there was no such suggestion in the article.
Here's what it actually said: "There is evidence that the waves exist, but technology has not been powerful enough to detect them." And that's exactly true: we have evidence that they "must" exist--because we see energy radiated away from a binary star system at the predicted rate--but we have not actually directly detected them yet, which this experiment is designed to do.
On the other hand, I agree that the article didn't do too much to clear up the point.
I totally contest the notion that feature rich email is here to stay. Email is _WORDS_. There's no justification for damaging the ability for people to openly communicate just to add stuff that can more sensibly be done in another medium.
Telegraphs are just words, too. People don't use them too much anymore because new technologies have come along that have allowed people to communicate more effectively. May it be the same for email.
No, not even that. It *will* be the same for email, whether old fuddy-duddies like you like it or not. Plain text email was an incredible technology when it was invented 30 something years ago. It's still incredibly useful today, but it makes use of almost none of the enormous technological advances computers have undergone since email was invented, and I think there's little doubt that it could be even more useful if it *did* make use of those advances.
Now, I'm thinking that a large part of our disagreement may lie in definitions of terms more than anything else. You admit that feature-rich/interactive communication can sensibly be done, just "in another medium". Essentially, I'm not so sure what the distinction is. Now, whether we call an interactive draft of a document written in a Java-enabled markup language (or some such thing)--along with, say, an embedded video of yourself explaining the feedback you're seeking--that's delivered to a friend or coworker's computer over the internet "an email" or "a whatchamabob" doesn't seem to make too much difference to me. The point is, that (and other, better examples; I'm not being too creative today) is where we're headed, and that's a damn good thing.
Whether the current email infrastructure is the right way to handle communications that are slowly evolving towards that end is another question, but, I think you'll agree, one that doesn't impact our discussion from an end-user perspective very much.
Email should be like the telephone- no matter how unpleasant somebody's words may be, they cannot cause your hard disk to erase itself. A telemarketer can try to get you to buy maple syrup, but cannot start pumping 10,000 gallons of maple syrup through the phone in case you want it.
Yes, interactive content carries with it greater responsibilities to protect privacy and security. But, while these new responsibilities may create growing pains while the technology is still new (eg. this virus), they are nearly always solved, and the end result is for the betterment of society. Take your telephone analogy, for example: compared to the telegraph, the telephone was considerably more invasive of one's privacy: telemarketers can call during dinner, for example. However, that just led to solutions, like caller ID, or answering machines so that you can screen your calls. The end result is, of course, that no one in their right mind would dispute that the advantages offered by the telephone weren't worth the potential loss of privacy.
Or, take your teleporting telephone analogy. Now I, for one, would *love* to have a phone that could spit out 10,000 gallons of maple syrup (well, assuming it could also spit out other stuff). Think how awesome and useful that would be! It'd be like Star Trek or something. No half-hour wait when you order pizza! Now, of course, I'd want some security mechanism to ensure that I wouldn't recieve anything without my permission...but that doesn't mean we shouldn't try to invent teleporting technology, or that it isn't an overall good.
Same thing with feature-rich email. Or, if you wish, "feature-rich person-to-person electronic communication". The thing is, different versions of that are getting implemented today, mainly on corporate intranets, and also with applications like telemedicine, etc. And, once the internet as a whole has the bandwidth to support this sort of stuff, I think there's very little doubt that everyone will use it in some form, and that it will make our lives more convenient, however slightly.
Hitting a few bumps along the way is to be expected--especially when MS is the one driving. But it's no reason to stick with outdated technology.
-Dave
Oh, and as for Netscape HTML email being immune, you are indeed wrong. If you recall, about a year and a half ago there was a spate of Javascript email exploits that were uncovered. Now, unlike this bug, they required the user to click on a link in an HTML email...but IIRC, Netscape's email reader fell prey to even *more* of them than did Outlook (although they were both awfully terrible. Eudora was considerably better, although it had its share as well).
Sorry for the repost; forgot to include the link...
One nitpick on an otherwise very insightful comment:
Besides, all of Microsoft's really good OS people are on NT(Win2000) which doesn't have this particular problem.
Actually, Win2000 *does* have this problem, according to the advisory that was up at Network Associates' website (even though the McAfee page referenced here says it's Win98 only...hmm), because it shares Win98's use of IE 5 and Windows Scripting Host. Or, at least, Win2000 Beta 3 has this problem; of course, the final version will obviously include the patch for this exploit, which as noted earlier, has been out for about a month now.
So...either NA's advisory was wrong, and Win2000 doesn't have this hole even though it has all the components which enable it installed (IE 5 and WSH), or Win2000's security model has a big strike against it from the beginning. As you noted, that's completely to be expected with any new operating system, and *nix has certainly been there before. Still, it does make you wonder how long it will take before we can trust W2k...
One nitpick on an otherwise very insightful comment:
Besides, all of Microsoft's really good OS people are on NT(Win2000) which doesn't have this particular problem.
Actually, Win2000 *does* have this problem, according to the advisory that was up at Network Associates' website (even though the McAfee page referenced here says it's Win98 only...hmm), because it shares Win98's use of IE 5 and Windows Scripting Host. Or, at least, Win2000 Beta 3 has this problem; of course, the final version will obviously include the patch for this exploit, which as noted earlier, has been out for about a month now.
So...either NA's advisory was wrong, and Win2000 doesn't have this hole even though it has all the components which enable it installed (IE 5 and WSH), or Win2000's security model has a big strike against it from the beginning. As you noted, that's completely to be expected with any new operating system, and *nix has certainly been there before. Still, it does make you wonder how long it will take before we can trust W2k...
at the same time security minded people wouldn't be using OE in the first place.
There is a difference between being "security minded" and not wanting your machine to run arbitrary code just from you reading an email. I would assume that every computer user in the world, even those for whom Outlook Express is a good choice, would fall into the latter category. The point is, tens if not hundreds of millions of people *do* use OE, and even relatively smart ones (me, for example), and tens if not hundreds of millions more use Outlook--I'd be surprised if a majority of office workers in the US didn't have Outlook as their standard email program. Suddenly they can get a virus without doing anything wrong themselves. This is emphatically *not* just another email virus. The change from having to actively do something stupid to just recieving an email is a change in kind, not in degree.
I'm hoping MS's vision of putting ActiveX+HTML EVERYWHERE vision is dead.
Very fortunately, this vision is *not* dead, although hopefully this virus will be the final nail in the coffin of this particular implementation. Rather, I think it's a given that something very like this vision--I'd guess it will instead be XML + A Future, More Capable Version Of Java--is exactly what will run the web, and yes, even email, in the future.
I think too often we lose sight of the idea that the internet is exactly what its name implies--a full fledged network. Just because up 'till now technological restrictions (both bandwidth and processor related) have kept it limited mostly to just the exchanging of documents doesn't mean that it can't do much much more. I'm often aggravated by the fact that just because many/.ers were around for the "good old days" (and that the rest of us usually like to pretend we were), we often as a group tend to take the existence of problems with an emerging paradigm to mean that things are better off the way they were.
IMO, ActiveX was and is a fabulous idea. Unfortunately, the reason for its creation at MS was to counter the threat Java presented to the Windows monopoly. As such, it was expressly not cross-platform (and thus ethically on shaky grounds at best), and it was rushed out with the intent to have features Java couldn't yet match. Both the rushing and the feature bloat led to the myriad security problems that have made ActiveX a scary joke.
But...none of this means that the web should just be HTML and email should just be plain text. Computers are general purpose tools, and very powerful ones at that. Limiting the standard way one computer user can communicate to another--that's all email is, after all--to just the exchange of plain text is backwards and stupid.
Yes, there are security concerns to work out. But they can be worked out. Interactivity is a Good Thing, and I'm looking forward to the day when standard HTML email, not to mention plain text email, looks quaintly anachronistic. And, IMO, if the leaders and coders of the open-source movement aren't looking forward to that day and many others like it, then open-source will be doomed only to follow where commercial software has already led.
August?!? AUGUST! Why the hell wasn't a patch to repair the error relased in August then? When a monopoly has no competition, they have no motivation to repair errors until they become huge issues for their software....
Actually, they have released a patch to repair the error. Here's the security bulletin detailing the problem; it was last updated on October 12, which I'm pretty sure is the day the patch to fix this problem was considered safe enough to be released for download at the Windows Update site, where it was indeed marked a critical update. (IIRC, they released a beta patch a couple days after the flaw was discovered.)
Now, there's no question that someone at MS was insanely stupid to give untrused sources permissions to use ActiveX controls that could write to the Startup directory (that's how this sucker works), and you can argue that the fact that it took 6 weeks before their fix was trusted enough to get on Windows Update is pretty shady as well. But it has been fixed by now.
That is, it runs on its own, without the recipient having to open any attachments. All they have to do is open the email itself (or, in Outlook Express, just point at the email so that it shows up in the preview pane), and they're infected.
This is a big deal.
Melissa made it so that we couldn't just tell our less tech-minded brethren/co-workers, "for the last time, you'll be ok if you just don't open any frickin' attachments from people you don't frickin' know!" This one means we can't even tell them "you'll be ok if you don't open any attechments."
Now, this particular virus (well, technically it's more of a worm) isn't too malicious (except that, like Melissa, it could clog the hell out of mail servers), and mails itself under a goofy subject line so that you can be on the lookout for it. (Of course, I'm not sure what being on the lookout for it would accompish if you're running Outlook Express, since there's really no way to delete it from your inbox without first selecting it...which is enough to run the virus.)
But it's a proof-of-concept, and a scary one at that. It just changes the name and organization your computer is registered to and forwards itself to your address book, but the point is that it was screwing around with your registry, and it could have done whatever the hell it wanted to.
Now...there is some good news here.
Namely, this is perhaps the first time in history when Microsoft actually had a patch for a new exploit *before it was released to the public*!! Yes, that's right, this email virus works in exactly the same manner as one of those web-page exploits a couple months back, for which MS has had a critical update patch on Windows Update for several weeks now. Essentially what it does is take advantage of some very very stupidly permissioned ActiveX commands that lets an untrusted source save a certain type of file (.HTA) to your Startup directory...thus allowing them to run arbitrary code upon reboot (shouldn't have to wait too long...ok, so that was a cheap shot).
So, the good news is that my Win98 partition was already immune from this exploit, and hopefully so are many other people's. Of course, I can understand people not wanting to be on the bleeding edge of MS's security patches, because running everything MS throws at you can get you burned as well.
As for what I'm sure the mainstream/. response to this will be--i.e., this sort of thing is inevitable with HTML email, why can't everyone just use Pine for email and ftp instead of attachments, and while we're at it let's replace all our PC's with teletypes hooked up to a PDP-11--I'm not so sure. IMO, it's a Good Thing that feature-rich email is here to stay, and in the long run there's not so much reason for email to be any more secure than browsing; if a computer can be compromised through its browser, then that's unacceptable right there.
On the other hand, I have very little doubt that, as we expand into XML and all these other new technologies, short-sided security permissions are going to bite us (especially those of us that use MS products) in the ass again and again and again, probably with no end in sight until we stop coming up with new features. It's a rather scary trade-off to have to make, and even scarier that 95% of the world has Microsoft making all the decisions for them...
The article doesn't exactly get it right (of course, it's from the Chronicle of Higher Education, so technical accuracy probably isn't to be expected). These files were all on students' personal computers, and shared via Windows networking. Furthermore, many of them were password protected, although only those folders which the university deemed to be "not really" password protected--ones with password "mp3", or with instructions on how to get the password in the readme--were broken into.
Frankly, I think the best analogy I've seen for this was the poster a few threads back who said that this was the same as busting students for using the university's hallways to share cds from room to room. Of course, this analogy misses the rather important point that mp3s tend to leave copies when they're borrowed, unlike cds. Still, the fact is that unlike the implications of using ~/public_html folders on university servers, the only CMU resource used is its internal network bandwidth--not university server space nor internet bandwidth--and that the files are only available to those members of the university who have a password to the folder--not the general public at large, by a long shot.
As much as I think journalistic standards and ethics have jumped into the shitter recently, I should admit that online news sites have far more more fluffy and "throw-a-away" content than in the real world.
Yes, but...
The real world doesn't have hypertext. The beauty of the web is, you get to only read the news you want, whenever you want it. If you're watching the news on TV, and there's a badly reported story, or just one you're not interested in, you have (assuming you have a whole bunch of channels) at most 6 or 7 other choices at any given time, and chances are they're not appreciably different from what you're watching.
The newspaper is a bit better, but it's day-old news, and assuming you only get one newspaper, you only get one perspective on any given story.
These days on the internet, you can get the full text of every major newspaper in the world (except The Wall Street Journal), the full text of many of the world's best magazines, and coverage of nearly every story any of the national TV news programs do as well. So you've already got nearly the entire "real world" media there at your fingertips--completely free, available anytime, and a whole lot easier to get to.
Plus, you've got dozens and dozens of web-only sources providing often very insightful, informative, and thought-provoking takes on the news that the mainstream media generally misses. Plus, there's the interactivity of the web: while the message boards at most internet news sites are worthwhile only to demonstrate how little intelligence it takes to use the internet, feedback from users makes web journalism noticably closer to the sorts of ideals journalism should aspire to. In a couple cases (well, ok, mostly just/.), the interactivity of the web leads to a new emergent phenomenon which is arguably more worthwhile than the original story itself.
I'm rambling here, but the point is, if you don't like it, point your browser someplace else. There may be more fluff on the web, but only because there's a whole lot more meat there as well.
I found my fabled internet killer app a few days ago.
Well, ok, that's not true; I already had four or five (hell: what would life be without/.??), but that's not the point.
This thing is cool, it could save me oodles of money, and best of all, unlike those previous four or five killer apps, this one was actually useful (sorry/.).
I'm talking, of course, about dialpad.com, the site that lets you make absopositively free (wherein free is used to refer to lots and lots of always-on-top banner ads) phone calls to any damn one in the whole US. Well, so long as they don't, um, have call waiting. Or expect to be called during the hours when people like to talk on the phone.
But I digress--this idea is damn cool. For a college student with lots of close friends spread across the country (hint: me), it's a godsend.
And luckily for all the Linux users out there, it's coded in Java.
Windows-only Java.
Yep.
Now, I have to admit I'm in Win98 most of the time anyways. Still, it's damn annoying to see, and even more annoying that I emailed all my friends, including Linux/Mac users, about it, without even realizing that there was a chance they wouldn't be able to use it. I mean...it's Java! Java is platform independent!! Right?? Platform independent!!! Write Once Run Anywhere!!!!!
Grr...
Now, I'm sure you all will be happy to note that this buggy little Windows-specific Java program freezes my computer with remarkable abandon. And, they say they're working on a Mac/Linux compatible version, so that's nice. Although it does make one wonder why they decided to go with WinJava in the first place...
But the point is, this and other websites like it are very very useful. While we all know and use and love the internet for a whole lot of things that *will* continue to be platform independent, the fact is that the web is becoming a lot less markup language and a lot more code--and not just database code run back at the server, but real, interoperable client-side code. This is a good thing. And with broadband it'll only better. But unless we fight damn hard (and unless alternative OS's continue to get the attention they've recieved the past year or so), most websites are going to take the easy way out and make that code Windows code.
The sad thing is, it's all up to them. Not to take anything away from Mozilla, which I'm quite looking forward to (if mostly from an ethical standpoint; I do have to say that (when it's not running that damned buggy-ass phone applet!) IE 5 is a damned decent browser that suits my rather heavy browsing needs quite well), but the guy who wrote this article kind missed the point when he said that contributing to Mozilla is the solution.
Having the most standards compliant browser in the world isn't going to put all those windows-only websites onto poor Trish's Linux box. Standards compliance generally just refers to making sure everything on a page is displayed the way it's defined to be displayed. It's important, yes--and it *will* add some pages to Linux's repertoire, although only because Netscape 4.x has been such a piss-poor awful mess of noncompliance. (Side note: it's awful slow too.) But the important web pages--the ones that take the web from its current state as an often useful but mainly just endlessly diverting morass of fascinating and inane information, into that ever persistant thing that changes all of our lives, are going to depend on code. Having a port of the best browser in the world won't help a bit.
Now, of course it's not at all hopeless. Java is out there, and it's quite capable, and it can very easily be done correctly. But (and not that you shouldn't all go out and contribute to Mozilla; go--do that), what's going to make sure that Linux doesn't miss out on a lot of the net isn't nearly as complicated as everyone rushing out and working on Mozilla. We just need to get a bit vocal (intelligently and politely, as always) when sites on the supposedly platform independent web go Windows only. After all, we seem to get in a big huff whenever some obscure hack computer journalist writes a brilliant investigative piece that reveals that "Linux only comes in green text on black backgrounds!!"--which is the sort of thing that will have absolutely no bearing on whether Linux makes it in the long run.
This whole bit about logging every CD and MP3 played was MADE UP BY UNINFORMED SLASHDOT KIDDIES in this thread. There is absolutely no basis in fact for this assumption that I have read. In fact, RealNetworks goes so far as to point out that this information is NOT stored. It is simply sent, analyzed, and whatever aggregate information (genre, for instance) is gleamed from it.
Or, rather, those "UNINFORMED SLASHDOT KIDDIES" at the New York Times. As the article says, every time RealJukebox is started it sends "the number of songs stored on the user's hard drive; the kind of file formats -- RealAudio or MP3 -- the songs are stored in; the quality level of the recordings; the user's preferred music genre [emphasis mine--how do you think they determine the genre of the music without also transmitting the titles of songs?], and the type of portable music player, if any, that the user has connected to the computer.... What is more, if RealJukebox is used with its default settings, it automatically loads each time a CD is inserted in the CD-ROM drive, and if the computer is connected to the Internet, the title of the CD is sent, together with the GUID, to RealNetworks." As has been pointed out, the idea that CDDB similarly matches queries to the people making them (which the Real spokesperson claimed) is a complete lie.
And, while even the NY Times gets it wrong sometimes, it's worthwhile to note that their source on this article, Richard Smith, generally knows what he's talking about. An UNINFORMED SLASHDOT KIDDIE, he's very definitely not.
Or, if the point you were trying to make is that the information is sent, but it's just not logged--because Real says so--then you, sir, are a far more trusting soul than I. How you could trust a single word they say after they deliberately left the little bit about the spying out of both their privacy statement and the EULA for RealJukebox boggles the mind. Oh, and after they've accused CDDB of doing the same thing they do. And that whole thing that's landed them on the RBL for the past couple years.
The fact is, a detailed database of a person's individual music preferences, usage data, and CD and mp3 collections, which can be matched to an email address, is worth a whole whole whole whole lot of money. The idea that it wouldn't be worth the disk space used to store it is absurd. Many companies would--and, you can bet, already have--pay millions for this stuff. As for the idea that it's not worth their while to match listening profiles to individual people, that's just plain naive. There are many, many companies out there who believe that the entire promise of e-commerce, databases and the internet is the ability to target people individually based on their known preferences. They would kill for that information which would just sit there "wasting VOLUMES of disk space".
And even if it is aggregate, Real is still stealing information worth millions of dollars to them off of their users' machines without their knowledge or consent. In fact, they have blatently and I'm sure even you'd agree deliberately denied that they were doing so until they got caught red-handed. That is so clearly unethical and illegal that I have no idea what you are doing defending it. "Whether or not this in itself is a violation of privacy" is not worthy of another debate; it is furiously obvious. If that AIWA stereo you just bought had a secret radio transmitter that told AIWA the name of every CD you played on it, and they never mentioned that fact, you'd be pretty pissed too.
And, furthermore, while I seriously doubt it will be implemented now that they've been caught, I have trouble doubting that once watermarking of mp3s became pervasive, Real wouldn't compile statistics on pirated mp3s on their users' computers, possibly (what the hell) to sell to the RIAA. We've just found out that the infrastructure to do so is clearly already in place. We've also discovered that they have no qualms about lying in their privacy policies and EULA's, and trying to surreptitiously change them after the fact when they get caught.
Frankly, I'm guessing that the only reason this story doesn't scare the hell out of you is that, unlike me, you didn't have a copy of RealJukebox lying around on your computer when you read it.
Slashdot Mirror
>and that they haven't even *released* a finished
>client for the Mac!
Interesting you mention this, since Distributed.net did recently release a new Mac client (finally), one that is capable of running CSC. However, what is ironic is that you promote dcypher, which I would love to run, but a quick look at their clients shows no MacOS client, nor even a LinuxPPC client. In fact, it does not seem that they have a non-x86 platfom mentioned.
You're right. I missed the fact that distributed.net actually released a final client and not the buggy and barely workable beta clients they'd let the Mac users have as a stopgap measure. Still, the fact that CSC had already hit 85% completion by that time (whatever 85% means in distributed.net land) says something.
You mention that Dcypher is running CSC about 2.5 times faster than Distributed, but fail to mention that Distributed has RC5 running about twice as fast on Altivec-based MacOS machines. Can you imagine a Dcypher-based, Altivec-aware CSC client? Well, it will take imagination since they do not have one.
Yes, I realize that Dcypher is working with only a few coders and is trying to get a Mac client out the door, but at the rate they are going at, do you really thing they will get one out before CSC is done?
No, I'm sure they won't get one out before CSC is done...but you have to realize two things. First off, not only does dcypher have fewer coders, and no Macintoshes to work on (anyone at Apple want to lend them one?), but they have so far done a much better job than distributed of actually optimizing the hell out of their clients--hence 2.5 times as fast--which, of course, means it takes longer to write a port for a completely different architecture. But more importantly, unlike distributed.net, they didn't already have a mac client to upgrade. Updating an existing client to support a new contest, and completely writing an entire client from scratch, are simply not comparable tasks. I'd wager that dcypher supports more OS/architecture configurations now than distributed.net did 2 months after launch, and that they'll continue to expand their list as quickly as they can.
For a web page that so often has such an anti-monopoly, anti-Wintel stance, Slashdot's hatred of Distributed and love of Dcypher seems strange.
Here we really disagree. (For one thing, I fail to see how you can identify dcypher as a "monopoly" and distributed presumably as the nimble and superior underdog, but I digress.) First off, if I were to characterize what
While I really really want to like distributed, and they're certainly the pioneer in the field, they've simply screwed up too many times recently to be considered a solution that works. And even without the screwups, I have to say that distributed.net doesn't meet the "/. test" of something that works. Their CSC core, despite being months late, simply does not work--when speed is the only relevent criteria, 40% == broken. And their stats, which are the core of their webpage, even if they managed to be accurate, are similarly broken: once a day updates that require 2 hours of downtime are simply not acceptable. And it's been months and months since they announced that they'd do OGR, killing the existing project--and there's still no OGR core in sight.
When an upstart project with 1 client coder and 1 web coder can produce a product which fixes all three of these ridiculous flaws--substandard cores, once-a-day stats, and preannounced new projects that take a year to be released--then that really says something.
Even if they do run their website on IIS.
Anyone who's been following their
Wait--did I say this was the latest in their string of fuckups? Well guess what--as several hours had passed without a new bug report coming out of distributed.net, wouldn't you know it, now it turns out that they haven't actually completed 91% of the CSC project after all.
Yep, you read that correctly. Oh, but don't worry--it's not a bug, it's a feature. For those of you who won't take the time to click on the last link, here's how dbaker's latest
As we near the 100% mark of CSC keyspace completion, I think it's
time to explain what that CSC statistics mean, and how they are
determined.
It is perhaps a common misconception that each CSC work unit
completed is unique...
He goes on to describe the fact that they've implemented redundancy checking to weed out hacked clients with the CSC project--a very good if a bit overdue move (although perhaps they could have disclosed this earlier?)--and that they've decided to give everyone full credit for all their blocks, even redundant ones--also a good idea--and so therefore there's obviously absolutely no way that they could avoid the actual keyspace being more than 100% of the reported "keyspace". Obviously. And this was the plan all along. Which is why they even wrote up not one but two new scripts which (falsely) calculate that the "keyspace" will be exhausted in only 2 days now. Obviously.
And of course it's perfectly fine that they just hoped that the project would get solved before it his 100%, so that they wouldn't have to inform their users that they've implemented redundancy checking. And no, they're not going to tell us how many percents are actually in the keyspace (105%? 110%?), or how many days it will actually take before we check all the keys and get to find out if they've somehow managed to fuck up yet again. Why should we be entitled to know silly information like that??
Meanwhile, dcypher.net has sprung up, and, in only a couple months, and with what certainly seems to be fewer people working for them than distributed.net has debugging their database they've:
come out with a CSC client which is 250% faster than distributed (on x86, at least).
Yes, that's 2.5 times as fast.
had stats which (gasp!) don't break or have new bugs in them every couple days and (gasp!) don't have a 2 hour scheduled downtime to update every night and even (gasp!) update in real time, almost like real databases do!
started the Gamma Flux project which, while not personally my cup of tea, is certainly the first distributed computing project which is actually useful (it helps calculate ideal containment solutions for nuclear waste).
promised to pass on the entire share of the CSC winnings to the person who wins, as opposed to distributed.net's 20% (10% if you join a team).
/. Guess what, Decibel--there's a word for preannouncing programs months before you plan to release them so as to scare off any potential competitors. It's called "FUD", and it's a particularly disgusting kind; in fact, even Microsoft's backed off a bit from that sort of thing lately.
But what finally pissed me off the most was reading this post earlier in this thread from Decibel at distributed.net, in response to an admittedly pretty hostile post from Armin Lenz at dcypher.net, in which he has the gall to imply that dcypher shouldn't have done CSC at all because distributed had "announced" that they intended to work on it soon after the contest was announced, way back in May. Of course, Decibel doesn't mention the fact that they didn't launch the project until November 17, 2 weeks *after* dcypher.net, and only then with a broken client (yes, a brute force program that's 2.5 times slower than it should be is certainly broken), and that they haven't even *released* a finished client for the Mac!
And furthermore, he doesn't even understand that making the argument that "we announced first" isn't likely to garner too much respect at
And despite all that, he still says "we did CSC because it was relatively easy to add". Well I'd hate to see how badly they can screw up a project that's a little "hard".
I'm hoping I won't get the chance with OGR. Despite everything, I think OGR is a pretty cool project, and I just might be persuaded to stick with distributed.net if they (finally) come out with their OGR client, and it works, and isn't orders of magnitude slower than competing clients, and they fix their stats and get their act together. I suppose in the end I was always a sucker for the moo.
But distributed has a lot of lost trust to earn back.
Dunno if this counts, but Boris Yeltsin just resigned about 10 minutes ago as President of Russia. Offtopic, right? Well...maybe it's just me, but has anyone else noticed that he looks remarkably like a (poorly-debugged drunken) cyborg??
And after all, if the Russians can't be trusted to fix their nuclear missile launch systems for Y2K, why do we think they would waste their time on a non-critical system like Yeltsin? And for him to malfunction like this, with just...lemmee see...42 minutes to go before the next millennium hits er, the uninhabited Pacific island of Karibata??
Coincidence???
Eh????
On a somewhat related note (failed early cyborg prototypes?), Larry King is about to kick off CNN's 100 hour coverage of the new millennium with an in depth interview on what the next 1000 years will bring with our favorite visionary...Bill Gates.
Perhaps it's time I get to bed.
WIN2000 will still run under WIN32, no?
/.ers will still prefer Linux for most stuff, and for many good reasons, but W2K will stop many others from switching to Linux, and they'll have good reasons too.
WIN2000 will still run under DOS, no?
Disclaimer: I'm probably wrong, so flame me before I mess up again.
Yes, you are wrong.
If MS used normal version numbers instead of marketese, Win2K would be Win NT 5.0. (Well, actually it would be NT 3.0, because the first NTs were called 3.x so as not to have a lower version number than the then current Windows 3.x IIRC. But I digress.) Windows NT has never been based on DOS, even in 93 or 94 or whenever it was that it first came out. Indeed, that's what the NT stands for--not anything to do with NeTworking or something, but rather "New Technology": i.e. no DOS. If anything, the worst that can be said of NT is that it's the bastard stepchild of VMS, simply because the lead designer for NT was the guy who did VMS (forgot his name)...but the similarities aren't that deep, and besides, I'd much rather base my OS on VMS than DOS.
Now, Win32 will still run under W2K (not the other way around; NT actually has a relatively small kernal space on top of which several different architectures--Win32 is one, their POSIX-compliant (mostly) architecture is another--run). But from what I hear, Win32 isn't usually the cause of your crashes in Win9x; it's the fact that Win9x is still burdened by trying to support Win16 and DOS, with their abhorant memory addressing schemes among other things, that causes much of the trouble.
Hope that clears all that up.
In any case, it doesn't really go to the heart of my point. What I meant by patched-up 3 year old software was just that there's a big difference between a new release and and old release with a service pack on top. Service packs tend to be cruft-filled conglomerations of bug-fixes that may or may not introduce more bugs than they stop, and which, in any case, never represent a from the ground up examination of the main code. While WinNT 4 SP6 may be an improvement in many ways over vanilla WinNT 4 (although not if you want to run it on low-end hardware), for the most part NT has been treading water since it was released. Win2K may still have leftover 7 year old NT 3.51 code for a lot of its innards...but so what? Solaris, IRIX, Tru64, *BSD, and any other real Unix is still based on leftover 30 year old code (and Linux is largely composed of leftover 8 year old code that was a reverse engineer of 30 year old code!); you wouldn't call any of them "patched-up 30 year old software."
While it may introduce a whole slew of new bugs and cruft (although most everyone's experience with the public beta, especially once they got to release candidate status, has been quite positive on the stability front), my main point is that Win2000 introduces many important new features and usability improvements, as well as the added stability that comes from having a fully tested new release as opposed to yet another stop-gap service pack.
Now, for running a firewall or a mail server on a cheap old machine, of course Linux (or FreeBSD) is still the only choice. But, believe me, that's not the sort of thing that got Linux all this hype as "the OS of the future"--important though that stuff is, it ain't glamourous. For a multi-purpose server, the choice has now gotten tougher--there's no question that Win2K is a major improvement over NT 4, which has several important advantages over Linux anyways (and many deficencies).
Win2K is worthy competition. Most
Anyways, I think it'll just serve to make Linux improve faster in the long run. But you're kidding yourself if you think Win2000 isn't a significant hurdle on the old road to World Domination (tm).
Haven't taken the time to read the report yet, but I have to say that if the synopsis here is accurate, I'd tend to agree. But I'm assuming that the biggest reason Linux'll fall out of the "next-big-thing" spot is not just because all hype runs its course (although that'll have a lot to do with it), but because of Win2000.
And it's not just because, come Feb. 17, the same clueless media types babbling about Linux today will be talking up Win2K equally cluelessly. Hate to say it (well actually I don't hate to say it at all), but from all reports it looks as if MS has finally put together a competent OS. Now that they've reportedly fixed most all of the glaringly laughable faults of NT 4 (low uptime under strenuous use, DLL hell, forced reboots after minor reconfigurations, etc.), Linux will have to compete more on philosophical issues--open vs. closed source; full control and modularity vs. one consistent interface--than on obvious superiorities.
Frankly, folks, we have to realize that a big part of the reason Linux got its day in the sun this past year-and-a-half is because NT 5^H^H^H^HWin2K was about...a year-and-a-half late. Now, I think in that time Linux has made some important and irreversible changes for the better in the computer industry. For one thing, you can bet that without any credible server-side competition, Win2K would be a lot less polished than it will be now, and that's a change for the better. For another, I think even MS has to think twice nowadays about trying to fool the public into adopting new, closed standards (witness their recent support of XML in Office 2000 and elsewhere). Finally, I think the old "you can't get fired for buying Microsoft" climate is beginning to be questioned in many if not most companies.
But, suddenly Linux won't have the advantage of competing with patched-up 3-year old software. Now, on the other hand, three years from now Win2K will probably be on SP 6 or 7, awaiting the next much-delayed overhaul, while Linux (or perhaps some other free unix-alike? HURD perhaps??) will be chugging along with its steady organic improvements.
But for the next little while, Linux will have some real competition. And, while it may slow up corporate adoption in the short term, that's a Good Thing. I know most all of us here believe in the superiority of open-source development. Now it'll have the chance to really prove itself.
Yes, if you can copy it, you don't need to read it.
However a lot of piracy concerns would be over other formats (eg MPEG) that are more easily copied/downloaded, and you do need to decrypt to put the data into those formats.
Yes and no. Perhaps the funniest thing about this whole story (although with a story as absurd as this, it's hard to choose) is that according to this article over at 2600, a program already exists precisely to save DVD video in other formats. In fact, it's been around since 1997.
Of course you're right that the data has to be decrypted before this can happen. But, of course, the data is decrypted before it's sent off to your video driver, which is exactly where this hack sits. So even without DeCSS, pirates can make both bit-for-bit copies and format conversion copies of any DVD they want, provided they have a licensed DVD decrypting player to begin with.
On the other hand, I can't seem to find a copy of this program (in 5 minutes of searching), but the point is that, just like with all those SDMI proposals to steal back digital music...as long as it has to be sent to open hardware--your video card in this case; your sound card in the case of digital audio--it can be copied. When they start getting closed hardware inside your box--like they have with the advent of DVD players--then it's time to start worrying.
If anything deserves to be moderated up in this godforsaken thread, it's this post--I've been looking for a functional mirror on and off all day. Not that I expect this movie'll be all that good, but I keep getting timed out from the mirror at Newgrounds and at this point I just want to see what I've been wasting all this time on. But, since I don't have any moderator points, I guess the least I can do is give it my +1 bonus.
--begin repost--
Alternate vendetta link - same codec (Score:1)
by localman on 01:03 AM December 19th, 1999 CST (#231)
(User Info) http://www.binadopta.com/
Hey all.
I'm (one of) the idiot(s) responsible for Vendetta.
I'm currently visiting family, and my server is on the other side of the country. It is dead. There is another copy of the entire film at my machine at work - we'll see how long that one survives.
I am truly sorry about the sorenson thing - I had no idea anyone would watch it at all, let alone the entire slashdot community.
If anyone can convert it to another format, they are welcome to do so.
Peace, Happy holidays, and thanks.
--end repost--
I know the Willie Horton issue was raised initially by a Democrat; I believe (but could be mistaken) that it was Al Gore's campaign that used it first.
Yes and no. Mostly no. As explained about a month ago in thi s little article in Slate, Gore was in fact the first person to bring up the Willie Horton issue--that a convicted murderer had raped someone while on a state-sponsered furlough from prison, and that Dukakis had not immediately cancelled the furlough program. Which, as the guy in Slate notes, was a salient point to make.
But what he didn't do was saturate the airwaves with sensationalistic commercials that played on white America's racial fears, which is what the Bush campaign did. In fact, he only brought up the issue once, at a debate, and didn't mention the fact that Horton was black, or even mention him by name.
The reason the Willie Horton ads marked a lowpoint in American democracy wasn't because there wasn't a substantive issue there--there was--but because the Bush campaign paraded the image of the "scary black homocidal rapist" around to draw the votes of skittish whites. It was absolutely racist marketing, and it worked.
On the other hand, nowhere in the Slate article does it give George W. any particular credit for the Willie Horton ads, so they may have had little to do with him.
The distributed.net network is currently crunching keys 8 times faster than dcypher.
/. advocating the use of a particular program even though it's demonstrably substandard, just because a majority of the ignorant masses are using it.
That's because the distributed.net network currently has over 15 times as many computers working on it than dcypher.net. (Compare here and here; I compared the number of clients which reported in the last day, since I figure that's the most relevent number to compare to current keyrate.) Furthmore, I'd guess that since dcypher.net is so new, distributed has an even higher proportion of the big-iron/large subnets working for it.
I waited, patiently, for over 6 months for distributed to come out with a new project--and when they release OGR, I'll probably come back. But after seeing my dismal keyrate running their CSC core, I decided to give dcypher.net a try.
On my machine (PII-350), the dcypher.net client is roughly 250% faster than distributed's CSC core. It's CSC keyrate is even about 10% faster than my rc-5 keyrate was with distributed.
Furthermore, their stats engine updates in real time, instead of distributed's absurd daily updates during which stats are completely down for an hour and a half. While both web sites are pretty poorly designed, distributed.net has been at times nearly unnavigable (this is getting a bit better).
But the important thing is, dcypher has accomplished all this and they've been around for a month! I can't imagine how you guys can complain about the fact that it took dcypher an extra 3 weeks to come out with a Linux client when it's taken distributed, a much larger organization with presumably much larger resources, months and months to build any clients at all for CSC or OGR (and the one they came up with is infernally slow).
At the time of this writing, d.net is the only network which seems to be able to solve this contest in time (remember that CSC is time-limited, any solution found after March 17, 2000 is void).
Obviously, that's just because 15 times as many people are going with the much more poorly coded, less efficient solution. It's more than a bit ironic to find people on
What's worse is that distributed takes the position that since they have so many loyal lemmings, they can release an unoptimized core and it won't matter because enough people will still run it. It's that arrogant attitude that turned me (and, I'd guess, many others) off of SETI@home.
Oh well; to each his own. Happy cracking!
If these comparisons largely depend on the graphics card (and possibly its drivers) instead of the processor, then you are not getting the whole picture.
If these comparisons depended largely on the graphics card, then they would show the same results at all processor speeds. Which they didn't. Ergo, the comparisons don't depend largely on the graphics card. I'm not sure why that was so difficult.
Now, it is true that in one specific case, out of seven benchmarks posted (note that it was *not* Q3:A, which scaled almost linearly with the CPU), the video card was the limiting factor. Of course, that situation is (obviously) liable to happen, and if Tom didn't show that, then he wouldn't be giving you the whole picture.
And, as noted before, the idea that anyone in their right minds would spend $2500 for an 80 pound supercooled computer and play games on it with anything less than the best video card is patently ludicrous.
I guess that's why I'd rather get my benchmarks from Tom than from you.
Indeed, 24bpp is about the limit of the eye's perception for color variations. The 32bpp is to accomidate computers, not people. Modern consumer processors are used to slinging numbers around in 32 bit chunks. At 32bpp, the processor (whether the CPU or the videocard's) can easily address one pixel at a time. In 24bpp, more work must be done to grab to 32bit space enclosing the pixel and then extract the pixel. 24bpp is generally used to try to squeeze a more pixels out of a specific amount of VRAM. In today's market, the monitor is often more of a limiting factor on resolution than the video card's memory is, so most programs just go for the faster 32bpp.
Well, no.
"32-bit color" pixels in games do indeed only have 24-bits of color--8 bits each for red, green and blue. The extra 8 bits are an alpha channel--stuff that gets used for fog, transparencies, that sort of thing. The extra 8 bits are not in any way wasted, and have absolutely nothing at all to do with "modern consumer processors", "enclosing and extracting pixels" or any such thing.
As for the monitor being more of a limiting factor on game resolution than the video card's "memory"...well, you're wrong here, twice. First off, the limiting factor on resolution is the video card's fill-rate--the number of pixels/texels it can push out in a second. The video card's memory is primarily the limiting factor for the resolution of the textures used in the game, which is completely different from the resolution of the game as a whole.
The monitor is a limiting factor for absolutely nothing. Even the fastest Athlon with a brand new GeForce card is barely playable for deathmatch at 1024*768 (playable is defined as around 60fps, and no, that's not even close to overkill). It'll probably take one of those obscene $600 Voodoo5's, which don't come out until March, to run 1280*1024 well. Obviously, anyone who spends $600 on a video card has a monitor which can handle 1280*1024 just fine...
Someone please tell Roblimo to stop posting about Windows viruses. They're neither news for nerds, nor stuff that matters. Slashdot readers are extremely likely to know about the dangers of viruses, and what measures to take to prevent catching them. Most of us just sit and watch in amusement as the MS world infects itself. It really isn't interesting, so why post about it?
/. is not a Linux site, or even a non-MS site. Even if most /.ers hate their guts, a very large portion of them works with Windows networks as part of their job, and even more are employed at places where most of their coworkers use Windows. Important viruses like Bubbleboy are vital news for a large contingent of /. readers.
/." posts every once in a while) that, with the possible exception of the decision to interview John Vranesevich, it's usually not too appropriate to second guess the /. staff for posting an article. If you don't find it interesting, don't read it, and post on it. If lots of people don't find it interesting, then there won't be many posts on that subject, and eventually Rob and Roblimo and Hemos will figure it out. Furthermore, if the discourse of whatever posts there are is no good, they'll eventually catch on to that, too. And they'll be less likely to post on that subject on the future.
/. was just a couple thousand strong doesn't mean that you automatically speak for the entire /. community now. Just because this may not have been "the sort of thing that got posted in the olden days" doesn't mean it's not what should get posted now. Besides, I may not have been around as long as you, but I've frequented /. for a decent amount of time, and certainly wouldn't have been at all surprised to see this story, or even a similar but less important one posted, say, a year ago.
/. do their job. I think we'll both agree they make the right decisions most of the time, and when they don't, they're good enough to figure it out on their own.
I couldn't disagree more. Now, there are lots of reasons why I think this is interesting and worth talking about, but disregarding all of those, the simple fact is that
Beyond that, Bubbleboy isn't just any old virus; it's the first self-executing email virus, and probably the closest any virus has come to the 'ideal' of infecting a machine despite the user not doing anything wrong (no, running Windows doesn't count). Indeed, your assertion that "Slashdot readers are extremely likely to know about the dangers of viruses, and what measures to take to prevent catching them," is precisely why this story needs to be run--because Bubbleboy turns the conventional wisdom on viruses on its head a little bit. (Of course, one could argue that that's because most viruses don't actually target OS bugs, but rather legitimate functions; in some sense, Bubbleboy is more of an exploit than a virus.)
In the end, I think (and not that I haven't felt like posting "does this really belong on
The thing is, it doesn't hurt you one bit for this article to be here. If the subject doesn't interest you, then fine: move along. But don't automatically presume that everyone agrees with you. Just because (wow--just clicked on your user info) you were around when
I suppose what I'm trying to say is, let the people in charge of
Ok, first note that I am so far from being a lawyer that it's rather humorous. Oh, and also note that I didn't think of this idea myself; it came from this rather fascinating article in Salon a couple months back. (Yes, it made /. at the time, but only as an update to an article about a new Beowulf for running GP.) And, yes, this is very offtopic.
/. links to seem to be precisely the opposite.)
But basically, the idea is this:
1. A prerequisite for an idea to be patented is that it's not obvious, even to the best experts in the field. That is, there needs to be some flash of creativity involved--some something that no one else can be expected to think of. This is why patents are supposed to be in the public's best interest--better to have the ability to use the idea in a "limited" amount of time (currently 95 years and counting) than to potentially never have anyone else think of it again. In the case of a patent on an algorithm (which covers just about any software patent), it's not enough that the problem the patent solves be novel--indeed, it should be relatively obvious; what needs to contain that unique insight is the algorithm itself. (Yes, this is how it's supposed to work, even though just about all the absurd patents
2. A good genetic programming environment--like this one, if it becomes successful--will theoretically be able to come up with an algorithm that implements any "solution" one would feed into it. A great one would even find an *optimized* solution. (Indeed, in the Salon article, it talks about genetic programs which have produced algorithms or schematics identical to 21 existing patents, and one which even lead to the discovery of a new rule in quantum theory!)
3. A computer program, even one that implements genetic programming, is a mechanical process. It is entirely deterministic, and can be simulated by anyone, assuming they have the CPU resources (especially if the program's open source!). Thus, anything this program thinks up cannot possibly be "nonobvious"; a nonintelligent computer just came up with it.
4. Thus, any algorithm this program can duplicate is nonpatentable. It may even be that any old patent this program can duplicate without specific knowledge should be retroactively unpatented, since if it's "obvious" now, it had to have been obvious then; that is, if the machine is not true AI (which of course this isn't), then it's not intelligent always; it's not like it can be "intelligent by 1950's standards but not by today's".
So...an interesting strategy to fight evil software patents. And indeed, perhaps to fight all patents, although of course it's much less obvious how to get a computer to create a non-software process.
Of course, it'll prolly be a ways off before a genetically created algorithm nullifies a patent. Still, I wouldn't be surprised if some time surprisingly soon, the entire idea of patents is very substantially curtailed, if not eliminated, due to this sort of thing...
OK class todays essay question is: In a world without IP protection, how do you protect someone from using your code in a commercial product? You can't. OSS seems intimately tied to IP in my mind.
I don't feel like taking the time to refute all the logical inconsistencies you've popped off in this thread, but I figure this one'll be quick, so, what the hell. The answer to this stumper, teach, is that in your world without IP protection, there wouldn't be closed-source products, by definition. As for "commercial" products, GPLed code *can* be used in those. Off the top of my head...lessee, I'm sure I can think of an example. Hmm. Ah yes: Red Hat Linux. I'm guessing there may even be one or two others.
The fault in your syllogism, in case you're interested, lies here: adimarco said "I consider OSS to be a kind of backlash against the current IP model," which, to me at least, seems patently obvious. But instead you conclusively (and quite derisively I might add) shred this little theory of his with the damning evidence that "OSS seems intimately tied to IP."
Well gee. So a backlash against something would be intimately related to that something that it's a backlash against. Imagine.
Of course the GPL (which is what you're talking about here; BSD-style licenses actually aren't tied into the idea of intellectual property at all) is imtimately tied to IP. It was explicitly designed to subvert the closed-source world by taking advantage of the same poorly-thought out laws that up till then had only served to promote closed-source software at the expense of users. Not, of course, to say that the causes are morally equivalent, but this is reminiscent of many of the tactics of the civil rights movement: the NAACP (and others) fought Jim Crow by challenging it in court; they attacked an oppressive legal system by using...the legal system. And, of course, there are lots of other examples of this sort of thing.
The point is, GPL advocates use the GPL as a means to a goal. The goal isn't "a world where no one can make any money in the software business", but rather "a world where programmers have access to all of each others' ideas and code, because that's what works the best." Not to speak for him, but I have a snaking suspicion that in your world without IP "rights", even RMS would release his code under a BSD-type license; there'd be no reason not to.
Despite the suggestion to the contrary in the MSNBC story, gravitational waves have already been shown to exist.
That's all well and good (actually, it was a very informative post), except that there was no such suggestion in the article.
Here's what it actually said: "There is evidence that the waves exist, but technology has not been powerful enough to detect them." And that's exactly true: we have evidence that they "must" exist--because we see energy radiated away from a binary star system at the predicted rate--but we have not actually directly detected them yet, which this experiment is designed to do.
On the other hand, I agree that the article didn't do too much to clear up the point.
I totally contest the notion that feature rich email is here to stay. Email is _WORDS_. There's no justification for damaging the ability for people to openly communicate just to add stuff that can more sensibly be done in another medium.
Telegraphs are just words, too. People don't use them too much anymore because new technologies have come along that have allowed people to communicate more effectively. May it be the same for email.
No, not even that. It *will* be the same for email, whether old fuddy-duddies like you like it or not. Plain text email was an incredible technology when it was invented 30 something years ago. It's still incredibly useful today, but it makes use of almost none of the enormous technological advances computers have undergone since email was invented, and I think there's little doubt that it could be even more useful if it *did* make use of those advances.
Now, I'm thinking that a large part of our disagreement may lie in definitions of terms more than anything else. You admit that feature-rich/interactive communication can sensibly be done, just "in another medium". Essentially, I'm not so sure what the distinction is. Now, whether we call an interactive draft of a document written in a Java-enabled markup language (or some such thing)--along with, say, an embedded video of yourself explaining the feedback you're seeking--that's delivered to a friend or coworker's computer over the internet "an email" or "a whatchamabob" doesn't seem to make too much difference to me. The point is, that (and other, better examples; I'm not being too creative today) is where we're headed, and that's a damn good thing.
Whether the current email infrastructure is the right way to handle communications that are slowly evolving towards that end is another question, but, I think you'll agree, one that doesn't impact our discussion from an end-user perspective very much.
Email should be like the telephone- no matter how unpleasant somebody's words may be, they cannot cause your hard disk to erase itself. A telemarketer can try to get you to buy maple syrup, but cannot start pumping 10,000 gallons of maple syrup through the phone in case you want it.
Yes, interactive content carries with it greater responsibilities to protect privacy and security. But, while these new responsibilities may create growing pains while the technology is still new (eg. this virus), they are nearly always solved, and the end result is for the betterment of society. Take your telephone analogy, for example: compared to the telegraph, the telephone was considerably more invasive of one's privacy: telemarketers can call during dinner, for example. However, that just led to solutions, like caller ID, or answering machines so that you can screen your calls. The end result is, of course, that no one in their right mind would dispute that the advantages offered by the telephone weren't worth the potential loss of privacy.
Or, take your teleporting telephone analogy. Now I, for one, would *love* to have a phone that could spit out 10,000 gallons of maple syrup (well, assuming it could also spit out other stuff). Think how awesome and useful that would be! It'd be like Star Trek or something. No half-hour wait when you order pizza! Now, of course, I'd want some security mechanism to ensure that I wouldn't recieve anything without my permission...but that doesn't mean we shouldn't try to invent teleporting technology, or that it isn't an overall good.
Same thing with feature-rich email. Or, if you wish, "feature-rich person-to-person electronic communication". The thing is, different versions of that are getting implemented today, mainly on corporate intranets, and also with applications like telemedicine, etc. And, once the internet as a whole has the bandwidth to support this sort of stuff, I think there's very little doubt that everyone will use it in some form, and that it will make our lives more convenient, however slightly.
Hitting a few bumps along the way is to be expected--especially when MS is the one driving. But it's no reason to stick with outdated technology.
-Dave
Oh, and as for Netscape HTML email being immune, you are indeed wrong. If you recall, about a year and a half ago there was a spate of Javascript email exploits that were uncovered. Now, unlike this bug, they required the user to click on a link in an HTML email...but IIRC, Netscape's email reader fell prey to even *more* of them than did Outlook (although they were both awfully terrible. Eudora was considerably better, although it had its share as well).
Sorry for the repost; forgot to include the link...
One nitpick on an otherwise very insightful comment:
Besides, all of Microsoft's really good OS people are on NT(Win2000) which doesn't have this particular problem.
Actually, Win2000 *does* have this problem, according to the advisory that was up at Network Associates' website (even though the McAfee page referenced here says it's Win98 only...hmm), because it shares Win98's use of IE 5 and Windows Scripting Host. Or, at least, Win2000 Beta 3 has this problem; of course, the final version will obviously include the patch for this exploit, which as noted earlier, has been out for about a month now.
So...either NA's advisory was wrong, and Win2000 doesn't have this hole even though it has all the components which enable it installed (IE 5 and WSH), or Win2000's security model has a big strike against it from the beginning. As you noted, that's completely to be expected with any new operating system, and *nix has certainly been there before. Still, it does make you wonder how long it will take before we can trust W2k...
One nitpick on an otherwise very insightful comment:
Besides, all of Microsoft's really good OS people are on NT(Win2000) which doesn't have this particular problem.
Actually, Win2000 *does* have this problem, according to the advisory that was up at Network Associates' website (even though the McAfee page referenced here says it's Win98 only...hmm), because it shares Win98's use of IE 5 and Windows Scripting Host. Or, at least, Win2000 Beta 3 has this problem; of course, the final version will obviously include the patch for this exploit, which as noted earlier, has been out for about a month now.
So...either NA's advisory was wrong, and Win2000 doesn't have this hole even though it has all the components which enable it installed (IE 5 and WSH), or Win2000's security model has a big strike against it from the beginning. As you noted, that's completely to be expected with any new operating system, and *nix has certainly been there before. Still, it does make you wonder how long it will take before we can trust W2k...
at the same time security minded people wouldn't be using OE in the first place.
/.ers were around for the "good old days" (and that the rest of us usually like to pretend we were), we often as a group tend to take the existence of problems with an emerging paradigm to mean that things are better off the way they were.
There is a difference between being "security minded" and not wanting your machine to run arbitrary code just from you reading an email. I would assume that every computer user in the world, even those for whom Outlook Express is a good choice, would fall into the latter category. The point is, tens if not hundreds of millions of people *do* use OE, and even relatively smart ones (me, for example), and tens if not hundreds of millions more use Outlook--I'd be surprised if a majority of office workers in the US didn't have Outlook as their standard email program. Suddenly they can get a virus without doing anything wrong themselves. This is emphatically *not* just another email virus. The change from having to actively do something stupid to just recieving an email is a change in kind, not in degree.
I'm hoping MS's vision of putting ActiveX+HTML EVERYWHERE vision is dead.
Very fortunately, this vision is *not* dead, although hopefully this virus will be the final nail in the coffin of this particular implementation. Rather, I think it's a given that something very like this vision--I'd guess it will instead be XML + A Future, More Capable Version Of Java--is exactly what will run the web, and yes, even email, in the future.
I think too often we lose sight of the idea that the internet is exactly what its name implies--a full fledged network. Just because up 'till now technological restrictions (both bandwidth and processor related) have kept it limited mostly to just the exchanging of documents doesn't mean that it can't do much much more. I'm often aggravated by the fact that just because many
IMO, ActiveX was and is a fabulous idea. Unfortunately, the reason for its creation at MS was to counter the threat Java presented to the Windows monopoly. As such, it was expressly not cross-platform (and thus ethically on shaky grounds at best), and it was rushed out with the intent to have features Java couldn't yet match. Both the rushing and the feature bloat led to the myriad security problems that have made ActiveX a scary joke.
But...none of this means that the web should just be HTML and email should just be plain text. Computers are general purpose tools, and very powerful ones at that. Limiting the standard way one computer user can communicate to another--that's all email is, after all--to just the exchange of plain text is backwards and stupid.
Yes, there are security concerns to work out. But they can be worked out. Interactivity is a Good Thing, and I'm looking forward to the day when standard HTML email, not to mention plain text email, looks quaintly anachronistic. And, IMO, if the leaders and coders of the open-source movement aren't looking forward to that day and many others like it, then open-source will be doomed only to follow where commercial software has already led.
August?!? AUGUST! Why the hell wasn't a patch to repair the error relased in August then? When a monopoly has no competition, they have no motivation to repair errors until they become huge issues for their software....
Actually, they have released a patch to repair the error. Here's the security bulletin detailing the problem; it was last updated on October 12, which I'm pretty sure is the day the patch to fix this problem was considered safe enough to be released for download at the Windows Update site, where it was indeed marked a critical update. (IIRC, they released a beta patch a couple days after the flaw was discovered.)
Now, there's no question that someone at MS was insanely stupid to give untrused sources permissions to use ActiveX controls that could write to the Startup directory (that's how this sucker works), and you can argue that the fact that it took 6 weeks before their fix was trusted enough to get on Windows Update is pretty shady as well. But it has been fixed by now.
Read the article, folks. This is the email virus.
/. response to this will be--i.e., this sort of thing is inevitable with HTML email, why can't everyone just use Pine for email and ftp instead of attachments, and while we're at it let's replace all our PC's with teletypes hooked up to a PDP-11--I'm not so sure. IMO, it's a Good Thing that feature-rich email is here to stay, and in the long run there's not so much reason for email to be any more secure than browsing; if a computer can be compromised through its browser, then that's unacceptable right there.
That is, it runs on its own, without the recipient having to open any attachments. All they have to do is open the email itself (or, in Outlook Express, just point at the email so that it shows up in the preview pane), and they're infected.
This is a big deal.
Melissa made it so that we couldn't just tell our less tech-minded brethren/co-workers, "for the last time, you'll be ok if you just don't open any frickin' attachments from people you don't frickin' know!" This one means we can't even tell them "you'll be ok if you don't open any attechments."
Now, this particular virus (well, technically it's more of a worm) isn't too malicious (except that, like Melissa, it could clog the hell out of mail servers), and mails itself under a goofy subject line so that you can be on the lookout for it. (Of course, I'm not sure what being on the lookout for it would accompish if you're running Outlook Express, since there's really no way to delete it from your inbox without first selecting it...which is enough to run the virus.)
But it's a proof-of-concept, and a scary one at that. It just changes the name and organization your computer is registered to and forwards itself to your address book, but the point is that it was screwing around with your registry, and it could have done whatever the hell it wanted to.
Now...there is some good news here.
Namely, this is perhaps the first time in history when Microsoft actually had a patch for a new exploit *before it was released to the public*!! Yes, that's right, this email virus works in exactly the same manner as one of those web-page exploits a couple months back, for which MS has had a critical update patch on Windows Update for several weeks now. Essentially what it does is take advantage of some very very stupidly permissioned ActiveX commands that lets an untrusted source save a certain type of file (.HTA) to your Startup directory...thus allowing them to run arbitrary code upon reboot (shouldn't have to wait too long...ok, so that was a cheap shot).
So, the good news is that my Win98 partition was already immune from this exploit, and hopefully so are many other people's. Of course, I can understand people not wanting to be on the bleeding edge of MS's security patches, because running everything MS throws at you can get you burned as well.
As for what I'm sure the mainstream
On the other hand, I have very little doubt that, as we expand into XML and all these other new technologies, short-sided security permissions are going to bite us (especially those of us that use MS products) in the ass again and again and again, probably with no end in sight until we stop coming up with new features. It's a rather scary trade-off to have to make, and even scarier that 95% of the world has Microsoft making all the decisions for them...
The article doesn't exactly get it right (of course, it's from the Chronicle of Higher Education, so technical accuracy probably isn't to be expected). These files were all on students' personal computers, and shared via Windows networking. Furthermore, many of them were password protected, although only those folders which the university deemed to be "not really" password protected--ones with password "mp3", or with instructions on how to get the password in the readme--were broken into.
Frankly, I think the best analogy I've seen for this was the poster a few threads back who said that this was the same as busting students for using the university's hallways to share cds from room to room. Of course, this analogy misses the rather important point that mp3s tend to leave copies when they're borrowed, unlike cds. Still, the fact is that unlike the implications of using ~/public_html folders on university servers, the only CMU resource used is its internal network bandwidth--not university server space nor internet bandwidth--and that the files are only available to those members of the university who have a password to the folder--not the general public at large, by a long shot.
As much as I think journalistic standards and ethics have jumped into the shitter recently, I should admit that online news sites have far more more fluffy and "throw-a-away" content than in the real world.
/.), the interactivity of the web leads to a new emergent phenomenon which is arguably more worthwhile than the original story itself.
Yes, but...
The real world doesn't have hypertext. The beauty of the web is, you get to only read the news you want, whenever you want it. If you're watching the news on TV, and there's a badly reported story, or just one you're not interested in, you have (assuming you have a whole bunch of channels) at most 6 or 7 other choices at any given time, and chances are they're not appreciably different from what you're watching.
The newspaper is a bit better, but it's day-old news, and assuming you only get one newspaper, you only get one perspective on any given story.
These days on the internet, you can get the full text of every major newspaper in the world (except The Wall Street Journal), the full text of many of the world's best magazines, and coverage of nearly every story any of the national TV news programs do as well. So you've already got nearly the entire "real world" media there at your fingertips--completely free, available anytime, and a whole lot easier to get to.
Plus, you've got dozens and dozens of web-only sources providing often very insightful, informative, and thought-provoking takes on the news that the mainstream media generally misses. Plus, there's the interactivity of the web: while the message boards at most internet news sites are worthwhile only to demonstrate how little intelligence it takes to use the internet, feedback from users makes web journalism noticably closer to the sorts of ideals journalism should aspire to. In a couple cases (well, ok, mostly just
I'm rambling here, but the point is, if you don't like it, point your browser someplace else. There may be more fluff on the web, but only because there's a whole lot more meat there as well.
I found my fabled internet killer app a few days ago.
/.??), but that's not the point.
/.).
Well, ok, that's not true; I already had four or five (hell: what would life be without
This thing is cool, it could save me oodles of money, and best of all, unlike those previous four or five killer apps, this one was actually useful (sorry
I'm talking, of course, about dialpad.com, the site that lets you make absopositively free (wherein free is used to refer to lots and lots of always-on-top banner ads) phone calls to any damn one in the whole US. Well, so long as they don't, um, have call waiting. Or expect to be called during the hours when people like to talk on the phone.
But I digress--this idea is damn cool. For a college student with lots of close friends spread across the country (hint: me), it's a godsend.
And luckily for all the Linux users out there, it's coded in Java.
Windows-only Java.
Yep.
Now, I have to admit I'm in Win98 most of the time anyways. Still, it's damn annoying to see, and even more annoying that I emailed all my friends, including Linux/Mac users, about it, without even realizing that there was a chance they wouldn't be able to use it. I mean...it's Java! Java is platform independent!! Right?? Platform independent!!! Write Once Run Anywhere!!!!!
Grr...
Now, I'm sure you all will be happy to note that this buggy little Windows-specific Java program freezes my computer with remarkable abandon. And, they say they're working on a Mac/Linux compatible version, so that's nice. Although it does make one wonder why they decided to go with WinJava in the first place...
But the point is, this and other websites like it are very very useful. While we all know and use and love the internet for a whole lot of things that *will* continue to be platform independent, the fact is that the web is becoming a lot less markup language and a lot more code--and not just database code run back at the server, but real, interoperable client-side code. This is a good thing. And with broadband it'll only better. But unless we fight damn hard (and unless alternative OS's continue to get the attention they've recieved the past year or so), most websites are going to take the easy way out and make that code Windows code.
The sad thing is, it's all up to them. Not to take anything away from Mozilla, which I'm quite looking forward to (if mostly from an ethical standpoint; I do have to say that (when it's not running that damned buggy-ass phone applet!) IE 5 is a damned decent browser that suits my rather heavy browsing needs quite well), but the guy who wrote this article kind missed the point when he said that contributing to Mozilla is the solution.
Having the most standards compliant browser in the world isn't going to put all those windows-only websites onto poor Trish's Linux box. Standards compliance generally just refers to making sure everything on a page is displayed the way it's defined to be displayed. It's important, yes--and it *will* add some pages to Linux's repertoire, although only because Netscape 4.x has been such a piss-poor awful mess of noncompliance. (Side note: it's awful slow too.) But the important web pages--the ones that take the web from its current state as an often useful but mainly just endlessly diverting morass of fascinating and inane information, into that ever persistant thing that changes all of our lives, are going to depend on code. Having a port of the best browser in the world won't help a bit.
Now, of course it's not at all hopeless. Java is out there, and it's quite capable, and it can very easily be done correctly. But (and not that you shouldn't all go out and contribute to Mozilla; go--do that), what's going to make sure that Linux doesn't miss out on a lot of the net isn't nearly as complicated as everyone rushing out and working on Mozilla. We just need to get a bit vocal (intelligently and politely, as always) when sites on the supposedly platform independent web go Windows only. After all, we seem to get in a big huff whenever some obscure hack computer journalist writes a brilliant investigative piece that reveals that "Linux only comes in green text on black backgrounds!!"--which is the sort of thing that will have absolutely no bearing on whether Linux makes it in the long run.
The proprietization of the internet will.
Advocate.
This whole bit about logging every CD and MP3 played was MADE UP BY UNINFORMED SLASHDOT KIDDIES in this thread. There is absolutely no basis in fact for this assumption that I have read. In fact, RealNetworks goes so far as to point out that this information is NOT stored. It is simply sent, analyzed, and whatever aggregate information (genre, for instance) is gleamed from it.
Or, rather, those "UNINFORMED SLASHDOT KIDDIES" at the New York Times. As the article says, every time RealJukebox is started it sends "the number of songs stored on the user's hard drive; the kind of file formats -- RealAudio or MP3 -- the songs are stored in; the quality level of the recordings; the user's preferred music genre [emphasis mine--how do you think they determine the genre of the music without also transmitting the titles of songs?], and the type of portable music player, if any, that the user has connected to the computer.... What is more, if RealJukebox is used with its default settings, it automatically loads each time a CD is inserted in the CD-ROM drive, and if the computer is connected to the Internet, the title of the CD is sent, together with the GUID, to RealNetworks." As has been pointed out, the idea that CDDB similarly matches queries to the people making them (which the Real spokesperson claimed) is a complete lie.
And, while even the NY Times gets it wrong sometimes, it's worthwhile to note that their source on this article, Richard Smith, generally knows what he's talking about. An UNINFORMED SLASHDOT KIDDIE, he's very definitely not.
Or, if the point you were trying to make is that the information is sent, but it's just not logged--because Real says so--then you, sir, are a far more trusting soul than I. How you could trust a single word they say after they deliberately left the little bit about the spying out of both their privacy statement and the EULA for RealJukebox boggles the mind. Oh, and after they've accused CDDB of doing the same thing they do. And that whole thing that's landed them on the RBL for the past couple years.
The fact is, a detailed database of a person's individual music preferences, usage data, and CD and mp3 collections, which can be matched to an email address, is worth a whole whole whole whole lot of money. The idea that it wouldn't be worth the disk space used to store it is absurd. Many companies would--and, you can bet, already have--pay millions for this stuff. As for the idea that it's not worth their while to match listening profiles to individual people, that's just plain naive. There are many, many companies out there who believe that the entire promise of e-commerce, databases and the internet is the ability to target people individually based on their known preferences. They would kill for that information which would just sit there "wasting VOLUMES of disk space".
And even if it is aggregate, Real is still stealing information worth millions of dollars to them off of their users' machines without their knowledge or consent. In fact, they have blatently and I'm sure even you'd agree deliberately denied that they were doing so until they got caught red-handed. That is so clearly unethical and illegal that I have no idea what you are doing defending it. "Whether or not this in itself is a violation of privacy" is not worthy of another debate; it is furiously obvious. If that AIWA stereo you just bought had a secret radio transmitter that told AIWA the name of every CD you played on it, and they never mentioned that fact, you'd be pretty pissed too.
And, furthermore, while I seriously doubt it will be implemented now that they've been caught, I have trouble doubting that once watermarking of mp3s became pervasive, Real wouldn't compile statistics on pirated mp3s on their users' computers, possibly (what the hell) to sell to the RIAA. We've just found out that the infrastructure to do so is clearly already in place. We've also discovered that they have no qualms about lying in their privacy policies and EULA's, and trying to surreptitiously change them after the fact when they get caught.
Frankly, I'm guessing that the only reason this story doesn't scare the hell out of you is that, unlike me, you didn't have a copy of RealJukebox lying around on your computer when you read it.