Re:Microsoft Passport vs. Liberty Alliance...
on
WinXP Security Flaw
·
· Score: 3, Insightful
You aren't bugged as much if you uninstall Windows Messenger (ignoring that Microsoft says you're SOL if you're not running Home Edition.) Then again, you also aren't bugged if you take Windows XP off the system completely, which also helps you with today's little bug as well. I'm glad I did last week, even though I only used it for games and DVDs...
Steve Gibson rather enjoys making mountains out of molehills. His rants are often accompanied by much apocalyptic hand-wringing. XP is no less secure than any previous Microsoft OS wrt raw sockets.
Ironically, he did "stay quiet". Notice that Scott Culp is practically peeing his pants in admiration of how he didn't publish details on how this is exploited.
The article, and several of the comments here, seem to be confusing the issue to an extreme.
Software companies, whether they're selling you a license or whether they're free software companies, will have continued operating expenses if they are supporting your software. There is, IMO, absolutely nothing wrong with requiring continued payments to keep up support, since there is an ongoing expense. But some people here seem to think that is evil, for reasons I cannot fathom.
What is unacceptable is software that just stops working (note that "oh, I upgraded to WinFUBAR-2005-SpecialEdition-2.11 and they want me to pay for an upgrade to support it, those greedy bastards!" is not software that stopped working.) Timebombs are bad, and probably shouldn't even be legal.
Bottom line: if you want someone to support and update something into the future, you should be prepared to pay for it into the future. If you just want it to continue to work as it always has, paying someone a subscription is ridiculous.
Or perhaps, as a rule, more Linux administrators than Windows administrators know (a) when they're running a webserver, and (b) how to take care of it properly?
I'd also stretch it so far to say that a closed information policy (closely related to closed source) can make even a phenomenally good administrator not be able to effectively care for his boxen.
Bad analogy. The bank does not distribute copies of its safe to its customers, all locked with the same combination. Its customers are not responsible for the security.
We'd all have to have our own vaults and be responsible for them. And if I'm going to be responsible for my vault, I sure as hell want to know when something like this is discovered, and I want to be able to test it for myself before deciding that I am now protected.
Scale is irrevelant. Much more damage has been caused because there have been many more broken Windows installations.
I don't believe that Windows as a piece of software is fundamentally more insecure. However, as a general rule, it is less well-understood and administered by those who are less well-equipped to handle security. That is why Windows is more of a risk. The vulnerabilities exploited by the worms are equivalent.
Whether the incapacity of Windows administrators to take care of security is Microsoft's fault is another point entirely.
It's true in the same sense that "Hitler, Mahatma Ghandi, and Mother Teresa were collectively responsible for the deaths of 6 million Jews" is a true statement.
With Solaris or Linux, your odds are better, but they're not immune. His statement is factual.
Did they come from Berkeley? (I should know, but I don't.) If so, the advertising clause is null and void by order of the Regents, and so it is therefore a non-issue.
...waiting for the 2-minute mandatory posting waiting period to clear...thanks, Slashdot, for discriminating against those who can think and type quickly...
You're right, of course. The point I'm trying to make, though, is that in order for software to become part of a GPL'd project, it must itself become GPL'd in one form or another. In the case of Moz code, the [MN]PL and LGPL are shed when it is linked with GPL-only code.
I'm right behind your hopes, and I think you'll find that most reasonable people are too.
The relicensing is really a one-way gift. Contrast "Hi, I know you are a GPL zealot or want to use code written by same; with this licensing scheme you can also use Mozilla code in your software." with "Hi, I am a GPL zealot and as a result, you cannot use any of my code in anything licensed with anything other than the GPL."
The bottom line is that the triple-licensed Mozilla code, when linked with GPL-licensed code, effectively becomes GPL-licensed, but GPL-licensed code cannot find its way into Mozilla unless Mozilla stops using the [MN]PL entirely.
Feel free to correct me if I'm wrong.
Re:This is just so wrong that it's bound to succee
on
Parrot: For Real
·
· Score: 3, Insightful
Wait a minute. I thought that Parrot (the package, not the April Fool's Joke) was supposed to be the common VM for Perl and Python, or at least that's what I gathered from the mailing list postings I read about it some time back.
The joke was about merging the syntax from the languages, but the real Parrot is about the VM. I think.:-) The details are really sketchy, and I don't have time to look at the code today (esp. since I'm on Solaris and I doubt it'd even compile).
I guess what I'm trying to figure out wrt all this is really, how hard is it for someone with a decent R&D lab to reverse-engineer all the clever things these chips are supposedly doing? It seems to me that all they're accomplishing is making it impossible for their hardware to be supported by free software, while only making their competitors take a little more time to figure it out (and from my software experience, reverse-engineering can often give you a better understanding of a process than just peeking at the source code.)
Then again, I'm a pretty uninformed kind of guy.:-)
Erm, I'm not entirely sure what you're asking -- your public key is already at the server, so your signing (or decryption, as someone else pointed out... I'm no expert so I am not sure which one...) is validated against the server's copy of your public key. Is that what you were wondering?
Slashdot Mirror
You aren't bugged as much if you uninstall Windows Messenger (ignoring that Microsoft says you're SOL if you're not running Home Edition.) Then again, you also aren't bugged if you take Windows XP off the system completely, which also helps you with today's little bug as well. I'm glad I did last week, even though I only used it for games and DVDs...
Steve Gibson rather enjoys making mountains out of molehills. His rants are often accompanied by much apocalyptic hand-wringing. XP is no less secure than any previous Microsoft OS wrt raw sockets.
Ironically, he did "stay quiet". Notice that Scott Culp is practically peeing his pants in admiration of how he didn't publish details on how this is exploited.
The article, and several of the comments here, seem to be confusing the issue to an extreme.
Software companies, whether they're selling you a license or whether they're free software companies, will have continued operating expenses if they are supporting your software. There is, IMO, absolutely nothing wrong with requiring continued payments to keep up support, since there is an ongoing expense. But some people here seem to think that is evil, for reasons I cannot fathom.
What is unacceptable is software that just stops working (note that "oh, I upgraded to WinFUBAR-2005-SpecialEdition-2.11 and they want me to pay for an upgrade to support it, those greedy bastards!" is not software that stopped working.) Timebombs are bad, and probably shouldn't even be legal.
Bottom line: if you want someone to support and update something into the future, you should be prepared to pay for it into the future. If you just want it to continue to work as it always has, paying someone a subscription is ridiculous.
The war in Afghanistan has nothing to do with US law. It has to do with fanatics crashing planes into buildings and killing lots of people.
Your point about the DMCA is 100% accurate, though.
I believe that was "Mad Movies with the L.A. Connection"...? That title sticks in my head for some reason.
I beg to differ. Insurrection was very good. It made sense. It was entertaining. And watching Data's head float around was cool :-)
If you want a bad recent ST movie, try First Contact. Absolutely destroyed the Borg mythos in one fell swoop.
He didn't tack flamebait onto your story. He's 100% correct.
Hmm. Does this mean that existing free software, provided it is not explicitly modified to copy movies and music, is OK to distribute?
No, you weren't. You were trolled. And you don't know how to reply to a post.
Of course they do. Ever hear of corporate espionage?
Or perhaps, as a rule, more Linux administrators than Windows administrators know (a) when they're running a webserver, and (b) how to take care of it properly?
I'd also stretch it so far to say that a closed information policy (closely related to closed source) can make even a phenomenally good administrator not be able to effectively care for his boxen.
Bad analogy. The bank does not distribute copies of its safe to its customers, all locked with the same combination. Its customers are not responsible for the security.
We'd all have to have our own vaults and be responsible for them. And if I'm going to be responsible for my vault, I sure as hell want to know when something like this is discovered, and I want to be able to test it for myself before deciding that I am now protected.
Which is actually dictatorial. But this is nitpicking.
Scale is irrevelant. Much more damage has been caused because there have been many more broken Windows installations.
I don't believe that Windows as a piece of software is fundamentally more insecure. However, as a general rule, it is less well-understood and administered by those who are less well-equipped to handle security. That is why Windows is more of a risk. The vulnerabilities exploited by the worms are equivalent.
Whether the incapacity of Windows administrators to take care of security is Microsoft's fault is another point entirely.
With Solaris or Linux, your odds are better, but they're not immune. His statement is factual.
I think most people missed the humor here... :-)
Did they come from Berkeley? (I should know, but I don't.) If so, the advertising clause is null and void by order of the Regents, and so it is therefore a non-issue.
...waiting for the 2-minute mandatory posting waiting period to clear...thanks, Slashdot, for discriminating against those who can think and type quickly...
You're right, of course. The point I'm trying to make, though, is that in order for software to become part of a GPL'd project, it must itself become GPL'd in one form or another. In the case of Moz code, the [MN]PL and LGPL are shed when it is linked with GPL-only code.
I'm right behind your hopes, and I think you'll find that most reasonable people are too.
My guess is no.
The relicensing is really a one-way gift. Contrast "Hi, I know you are a GPL zealot or want to use code written by same; with this licensing scheme you can also use Mozilla code in your software." with "Hi, I am a GPL zealot and as a result, you cannot use any of my code in anything licensed with anything other than the GPL."
The bottom line is that the triple-licensed Mozilla code, when linked with GPL-licensed code, effectively becomes GPL-licensed, but GPL-licensed code cannot find its way into Mozilla unless Mozilla stops using the [MN]PL entirely.
Feel free to correct me if I'm wrong.
Wait a minute. I thought that Parrot (the package, not the April Fool's Joke) was supposed to be the common VM for Perl and Python, or at least that's what I gathered from the mailing list postings I read about it some time back.
The joke was about merging the syntax from the languages, but the real Parrot is about the VM. I think. :-) The details are really sketchy, and I don't have time to look at the code today (esp. since I'm on Solaris and I doubt it'd even compile).
No kidding. It amazes me that there are still people who read MozillaQuest for reasons other than a good laugh.
/.'s record on accuracy in reporting, MozillaQuest is a good fit...
Of course, given
I guess what I'm trying to figure out wrt all this is really, how hard is it for someone with a decent R&D lab to reverse-engineer all the clever things these chips are supposedly doing? It seems to me that all they're accomplishing is making it impossible for their hardware to be supported by free software, while only making their competitors take a little more time to figure it out (and from my software experience, reverse-engineering can often give you a better understanding of a process than just peeking at the source code.)
Then again, I'm a pretty uninformed kind of guy. :-)
Heh, check it out, 20.63% off if you buy 5.
I think I'll hold out for 20.64%, personally.
Erm, I'm not entirely sure what you're asking -- your public key is already at the server, so your signing (or decryption, as someone else pointed out... I'm no expert so I am not sure which one...) is validated against the server's copy of your public key. Is that what you were wondering?