Bah../. needs to have submit be preview... accidentally hit enter and *poof* off it goes.
anyway, i've noticed that people have a habit of "picking on" source-release commercial packages. That is, people find bugs in the source and keep them to themselves (it is a commercial environment, after all--you must pay for anything). There are two major reasons the Free software (i don't side with RMS or ESR on this, both are extreme, both have good points.):
- Users feel an obligation to the community - Users get an ego trip out of doing the most
The second one is probably more of a reason to fix things than the first, as it's more powerful.
In a commercial environment, users lack that incentive. The primary motivator is money, so it doesn't make sense to just "give away" something that benefits Sun. I think this explains the restrictive license.
But there is one group that will find this to be a boon: crackers. Having the source code to a package makes it easier to crack if you know what you're doing. For example, look at all the TCP/IP DoS attacks Linux has been through. But those were found and fixed by people within the Community. Why? probably for the ego boost and a sense of duty. Crackers don't like revealing their technique to begin with, but they have a Real Ego Problem. So the ego trip really helps get their secrets out into the open. The Sun model doesn't really provide for this ego trip.
What i'm getting at is this: expect to see Solaris get cracked a lot more Real Soon Now. Unless they bothered to do security Right the first time, which seems to be less than probable.
send flames, comments, thoughts, etc to spam@jbm.strlen.net, as this has made me think. i'll get back to you with my Real Address from there;^)
There is an UnOfficial OSCAR implementation. It is used by a few clients. Again, naim is the most common OSCAR client that i know of, thought cLAIM (link not handy) has been around for awhile. naim uses libfaim, which is a tolerable implementation of the OSCAR protocol.
Also, gaim has been released as an oscar client. I need to read the freshmeat newsletters more often;^)
There is no buffer overflow in AIM that AOL exploits as client verification. If there was, the Free OSCAR clients would not work. This does not include gaim, which uses TOC; TOC is an "open" wrapper to OSCAR, not a native AIM client per se. The Free OSCAR clients include cLAIM, gtkFAIM, and naim. I know that at least naim works, and mfaim (in development) works. None of these have the buffer overflow, yet they continue to work. Therefore, it is very unlikely that AOL is screening people out through a buffer overflow.
For future reference, could we please make a distinction between OSCAR and TOC? They are two totally different protocols. TOC stores all your settings on an AOL server, and the client just interfaces with that "proxying server," for lack of a better term. OSCAR stores all your settings locally and interfaces with the Real AIM Servers. AOL loves it when we use TOC, because it keeps all the power in their hands. Which is why i spend my time working on an OSCAR client;^)
For more info on naim, check out http://naim.n.ml.org, and http://www.auk.cx/faim/protocol/ has good (and very incomplete) info on the AIM protocol. And, as a side note, there are preliminary steps for gaim to use OSCAR as well, but that's still in progress.
This is the first time i've seen the Community listen to blatant M$ hype, and quite frankly, i'm disappointed.
Slashdot Mirror
Bah.. /. needs to have submit be preview... accidentally hit enter and *poof* off it goes.
;^)
anyway, i've noticed that people have a habit of "picking on" source-release commercial packages. That is, people find bugs in the source and keep them to themselves (it is a commercial environment, after all--you must pay for anything). There are two major reasons the Free software (i don't side with RMS or ESR on this, both are extreme, both have good points.):
- Users feel an obligation to the community
- Users get an ego trip out of doing the most
The second one is probably more of a reason to fix things than the first, as it's more powerful.
In a commercial environment, users lack that incentive. The primary motivator is money, so it doesn't make sense to just "give away" something that benefits Sun. I think this explains the restrictive license.
But there is one group that will find this to be a boon: crackers. Having the source code to a package makes it easier to crack if you know what you're doing. For example, look at all the TCP/IP DoS attacks Linux has been through. But those were found and fixed by people within the Community. Why? probably for the ego boost and a sense of duty. Crackers don't like revealing their technique to begin with, but they have a Real Ego Problem. So the ego trip really helps get their secrets out into the open. The Sun model doesn't really provide for this ego trip.
What i'm getting at is this: expect to see Solaris get cracked a lot more Real Soon Now. Unless they bothered to do security Right the first time, which seems to be less than probable.
send flames, comments, thoughts, etc to spam@jbm.strlen.net, as this has made me think. i'll get back to you with my Real Address from there
(again, sorry for the double posts.)
I'm a bit confused by this--does he mean weirdos like us, or is he implying that we're actually normal?
Not to imply that slashdotters aren't normal or anything..
/jbm
There is an UnOfficial OSCAR implementation. It is used by a few clients. Again, naim is the most common OSCAR client that i know of, thought cLAIM (link not handy) has been around for awhile. naim uses libfaim, which is a tolerable implementation of the OSCAR protocol.
;^)
Also, gaim has been released as an oscar client. I need to read the freshmeat newsletters more often
oh the joys of being OT
/jbm
There is no buffer overflow in AIM that AOL exploits as client verification. If there was, the Free OSCAR clients would not work. This does not include gaim, which uses TOC; TOC is an "open" wrapper to OSCAR, not a native AIM client per se. The Free OSCAR clients include cLAIM, gtkFAIM, and naim. I know that at least naim works, and mfaim (in development) works. None of these have the buffer overflow, yet they continue to work. Therefore, it is very unlikely that AOL is screening people out through a buffer overflow.
;^)
For future reference, could we please make a distinction between OSCAR and TOC? They are two totally different protocols. TOC stores all your settings on an AOL server, and the client just interfaces with that "proxying server," for lack of a better term. OSCAR stores all your settings locally and interfaces with the Real AIM Servers. AOL loves it when we use TOC, because it keeps all the power in their hands. Which is why i spend my time working on an OSCAR client
For more info on naim, check out http://naim.n.ml.org, and http://www.auk.cx/faim/protocol/ has good (and very incomplete) info on the AIM protocol. And, as a side note, there are preliminary steps for gaim to use OSCAR as well, but that's still in progress.
This is the first time i've seen the Community listen to blatant M$ hype, and quite frankly, i'm disappointed.
/jbm