I find the hot water running out after the fourth person hops out of the shower to be rather inconvenient. Gas is definitely the way to go if you can get it.
You fit 4 people in a shower? I hope they're not family members:).
The fact that Lawrence Lessig exists, and is so well known for his knowledge of how law and technology interact is a sign that easily proves the story's point.
Enough lawyers should have a good grasp on technical issues that a) this kind of move would never be made in such a fashion, and b) that Lawrence Lessig should not have to stand out as few amoungst the masses.
Stereotypes aside, in general, the story is right. I doubt Lawrence Lessig would be overly miffed if the world changed tomorrow and there were more tech-savvy lawyers, although it might dry up some of his income stream.
Sadly, I doubt we're approaching any kind of golden age of technical understanding from the general public any time soon.
Exactly. MD5's collision issue has been known for a while, infact you could even download tools that will simultaneously generate a 'good' and 'bad' version of something with the same (yet arbitrary) MD5sum (look up stripwire on google).
This doesn't stop MD5 from being useful, however, IF you have a pre-existing trust in a document, and already know its MD5sum. This typically requires a 'Second pre-image' style attack, whereas collisions are best used in 'Birthday party' attacks.
A 'Second pre-image' requires the attacker to find a document matching the md5sum for an existing document. 'Birthday party' attacks allow them to generate both documents, with an arbitrary (but identical) MD5sum. This is the basis that still makes things like tripwire useful (when used properly), but at the same time, it means you need to trust the vendor far more, as a malicious vendor could give you a trojan in place of a normal binary as an undocumented part of an update.
That said, MD5's relatively small keyspace makes it less desirable, since it's slowly becoming possible to brute force it in 'reasonable' amounts of time with 'reasonably' pricey hardware. Jacking up the keyspace's size is a wise, future proofing move. (provided you do it with a well known, trusted, algorithm, not some proprietary crap)
The company you're looking for is now called tarentella, aka, [old]SCO. They aren't quite as sharp however, and they did sell some parts of their licenses to [new]SCO.
[new]SCO are the people currently involved in this amusement park sideshow.
You know, i'd agree, except IBM isn't donating any software AT ALL here. They're donating IP about the process, not software that implements the process, from what I can see.
(fwiw, there's already a UML framework being built for eclipse for other utilities to build upon. not a complete UML modelling tool yet, however, by any means)
My mother was the unfortunate sufferer of a stomach ulcer for almost 30 years of her life.
One day, her doctor finds out she has it (after all, who keeps trying to fix a 30 year old condition that hasn't killed you yet?), and gives her the newly recognised course of broad-spectrum anti-biotics & neutralisers (since the stomach is kinda hard to treat, acidic n all, tends to destroy the anti-biotics before they have an effect;) ), and a month later, she's fine!
It's scary how long it took for the standard opinion to get torn down, and how simple the final answer really was! In hindsight, the original theory sounds decidedly suspicious. Stress, indeed.
This isn't actually as useful as it sounds. A few years back, I ran into someone who had proof of concept code for a kernel-module rootkit that analysed UDP packets that come in on the wire (don't even have to be for the right address, firewall didn't matter) that was able to force the system to do all kinds of things.
Of course, he ruined it by claiming this was a massive security hole in linux (it wasn't, it needed root privs to get in, natch, it was still just a rootkit.) It was also highly kernel specific. Running a non-stock kernel would probably screw over any would-be-kitter.
But long story short, one doesn't actually need a set of utilities listening on a random udp/tcp port in order to have a remote rootkit installed. Using things like SELinux and friends to remove the system's ability to load modules (and deny access to root to modify/dev/kmem, etc) should help in this department tho.
There's also just recently been a bunch of them. Second or so one since eclipse went opensource, and a whole bunch of organisations that jumped on board are starting to show off cool stuff (including the eclipse foundation themselves, there's been a number of nifty improvements)
I've also been recently poking at Jmock and CGLib for my testing system as well.
Jmock's built on top of junit, so it uses the same mechanisms, and can produce test cases the same way (ie, it works in eclipse's junit view:) ).
Using JMock, one can create mock objects for interfaces that expect various functions to be called some number of times with particular sets of arguments. I believe they can even be configured to throw various exceptions
This is handy in the junit sense so that you can test classes in isolation.
Of course, this only works for classes with predefined java interfaces. So toss cglib into the mix, and jmock will happily use that to create mock classes out of concrete classes instead! (basically by using an alternative to the java reflections api). Doesn't require native libraries either, still all java based, and still all opensource.
Like I say, looking very handy for my next major project which we're just finishing the design stage of at uni:).
That said, I haven't tried anything too complex with it yet, and the mock objects toss out some weird error messages if you mistype a function name or parameter:) )
At ~$14USD per server, it's amazing how cheap personal information has become. $14 USD? You got ripped off.
A few years back, some guy wearing a workmans uniform and holding a clipboard wandered into the (iirc) customs building here in Australia. Carted off one of the servers from a machine room, and no-one stopped them, or remembered what they looked like. Slashdot remembers:)
Interestingly, Australia's had plastic-based 5, 10, 20, 50 and 100 dollar notes for a while now (1 and 2 dollars are coins instead). The money's also surprisingly durable.
I'd be curious to know how that's affected counterfeiting here.
It'd have definently taken printers out of the equation tho, but I wonder how hard it is to create replacements.
I haven't heard of any major busts, but that doesn't mean it's not happening.
Wait... aren't there really nasty byproducts from the construction of solid-state stuff like peltiers?
I know that there's some horrible chemicals used in the production of sillicon wafers (including solar cells, generally, iirc), but is the situation the same for peltier devices?
You may also keep in mind that debian was in freeze for a while. It could just be newish packages rolling down the line that couldn't enter unstable before now.
This is probably secondary to the gcc 4.0 migration and X.org however.:)
Even with the patch it's barely explicit (of course, I'm not as pathetically reactionary as a self-righteous American lobby group:) ). I tried the patch out, and didn't see any overt genitals, just pantomimes of the acts, still with clothes on.
Giving someone's trousers a blowjob doesn't count as sex for me.:)
If you've played the game, btw, you'll know that there's an S&M vibe in some parts. One out of two of those doesn't show up even with censorship off from what I saw. I don't know about the other, tho, I didn't test it.
What I find entertaining is when that kind of stuff started to become prevalent, the people using it tried to claim they were saving bandwidth on IRC.
Nevermind that they would have to have used about 4 times more characters in order to actually fill up the minimum size of an IP packet, typically. Learning to type effectively would clearly benefit these people far more than using slang.
Mobile phones are a different matter, since typing with a number pad can be painful and tedious.
I still use proper english when using SMS personally, however. My own sense of good taste won't let me use slang, even if it does take ages to send an SMS message (cheap phone without spelling completion:( ).
Also the these tools are not perfect, nor by any means ubiquitous (I don't see any red squiggly underlines in the slashdot comment form).
You're using the wrong browser then.
Konqueror's had the ability to spellcheck form content for a while. I'm only surprised it hasn't caught on with firefox/mozilla (perhaps it already has as a plugin).
Of course, it's annoying, because my friends are all born and bred in the damned SMS generation, so if I quote them in a forum post, it has a good cry about their spelling, as if it's mine. I really should start using '[sic]' on them.:)
IIRC, those are claims because of things said about redhat, and in the case of ibm, of sco claiming that the GPL is invalid, yet using ibm's copyrighted gear released under the gpl.
of course, it's more complex than that. i'm more interested in someone suing them over their statements about linux itself.
Of course, the lawsuit did huge amounts of damage to BSD's status within the community, and within business-oriented minds.
'BSD is getting sued by AT&T? To hell with that!'
The only difference between BSD then and Linux now is that SCO is not the titan AT&T was in it's heyday, nor are they making credible threats. Infact, despite all of the press releases to the contrary, SCO's lawsuit has boiled down to a contract dispute with IBM.
Personally, I can't wait for the countersuits to roll in. I'm surprised that someone hasn't called them on their press statements that made false allegations against Linux.
Also, We now have the benefit that Linux's mainstream appeal has managed to build enough of a community that groklaw was possible, where the FUD is easily exposed.
BSD isn't anywhere near the titan it should/could/would have been if AT&T hadn't stymied development for many years while the lawsuit ground on, to an inevitably inconclusive halt.
You realise, of course, one can use apache+webdav to act as an adhoc (sort of), calendar server, within a smaller organisation, at least.
Personally, I'm extremely happy with Evolution 2.2, so far as scheduling has been concerned. worked well with my palm pilot (an ancient m100) back in the day when that dear thing still lived (it consumes batteries far too quickly and doesn't self charge, so i eventually discarded it)
I'll be interested if/when novell follow through on their 'lets port evolution to win32' idea. That would be a great move, imho, since i already use imap for mail, i could easily move to using webdav or ldap or something for contacts and calendaring to go with it, no matter what i'm using at the time.
This is completely Off topic, but I have to comment on your signature.
The language, of course, came first. This doesn't even come close to Chicken Vs. Egg.
To write a programming language, one needs a grammar. The grammar provides syntax and form for the language (and also governs the language's capabilities), but the grammar is not a compiler by itself.
Once one has a grammar (and hence, a language), one can write a parser/compiler, not before.
(although possibly during, but even then, the partial representation of the language still preceeds the compiler, since one has to write the compiler to parse the language, before one can use it to parse the language:) )
ashridah PS, the egg came first too, if one accepts the theories of evolution. After all, whatever creature laid the first egg may have been something other than a classical chicken, and the first chicken may have come from an evolved/viably mutated egg, or the byproduct of an odd breeding pair.
The electrons don't just vanish. If they did, the energy released would probably turn us into miniature suns the moment we turned one of these on.
It's more likely that the now unstable glucose molecules will break down into carbon dioxide and urea, consuming some oxygen in the process, much like it does when consumed by a normal cell. One presumes the spent potential from the electrons will result in the electrons returning to the blood stream.
And yeah, pushing this too hard would probably fairly easily kill the user, (read, a laptop at 60-100Watts? i doubt it. maybe a trickle charger for the battery:) ). A well controlled system could easily result in an acceptable increase in energy consumption, which would result in weight loss, without actually exercising (also, not a good thing, since the muscles aren't going to develop, but the fat will be consumed, leaving the user with no way to keep warm). One presumes that anyone using a device like this would be on a strict high-glucose intake diet.
of course, this is conjecture, i've only done basic biology and chemistry:)
They don't use Lithium poly. They use standard Lithium ion (unless they changed recently). I can remember people bitching about the short lifespan of the battery, with no replacement plan.
Your mobile phone battery will be in a hard sealed pack, and water isn't sharp enough to cut it. Ipod's don't have this, since they're not user-servicable. It'll short, and burn out the over-current protective circuitry tho. (they should have used lithium polymer. better life-span and safer)
It'd be highly entertaining watching you swear about it, mind you:)
Slashdot Mirror
I find the hot water running out after the fourth person hops out of the shower to be rather inconvenient. Gas is definitely the way to go if you can get it.
:).
You fit 4 people in a shower? I hope they're not family members
ash
The fact that Lawrence Lessig exists, and is so well known for his knowledge of how law and technology interact is a sign that easily proves the story's point.
Enough lawyers should have a good grasp on technical issues that a) this kind of move would never be made in such a fashion, and b) that Lawrence Lessig should not have to stand out as few amoungst the masses.
Stereotypes aside, in general, the story is right. I doubt Lawrence Lessig would be overly miffed if the world changed tomorrow and there were more tech-savvy lawyers, although it might dry up some of his income stream.
Sadly, I doubt we're approaching any kind of golden age of technical understanding from the general public any time soon.
ash
Exactly.
MD5's collision issue has been known for a while, infact you could even download tools that will simultaneously generate a 'good' and 'bad' version of something with the same (yet arbitrary) MD5sum (look up stripwire on google).
This doesn't stop MD5 from being useful, however, IF you have a pre-existing trust in a document, and already know its MD5sum. This typically requires a 'Second pre-image' style attack, whereas collisions are best used in 'Birthday party' attacks.
A 'Second pre-image' requires the attacker to find a document matching the md5sum for an existing document. 'Birthday party' attacks allow them to generate both documents, with an arbitrary (but identical) MD5sum. This is the basis that still makes things like tripwire useful (when used properly), but at the same time, it means you need to trust the vendor far more, as a malicious vendor could give you a trojan in place of a normal binary as an undocumented part of an update.
That said, MD5's relatively small keyspace makes it less desirable, since it's slowly becoming possible to brute force it in 'reasonable' amounts of time with 'reasonably' pricey hardware. Jacking up the keyspace's size is a wise, future proofing move. (provided you do it with a well known, trusted, algorithm, not some proprietary crap)
ash
The company you're looking for is now called tarentella, aka, [old]SCO. They aren't quite as sharp however, and they did sell some parts of their licenses to [new]SCO.
[new]SCO are the people currently involved in this amusement park sideshow.
You know, i'd agree, except IBM isn't donating any software AT ALL here. They're donating IP about the process, not software that implements the process, from what I can see.
(fwiw, there's already a UML framework being built for eclipse for other utilities to build upon. not a complete UML modelling tool yet, however, by any means)
ash
About time this happened.
;) ), and a month later, she's fine!
My mother was the unfortunate sufferer of a stomach ulcer for almost 30 years of her life.
One day, her doctor finds out she has it (after all, who keeps trying to fix a 30 year old condition that hasn't killed you yet?), and gives her the newly recognised course of broad-spectrum anti-biotics & neutralisers (since the stomach is kinda hard to treat, acidic n all, tends to destroy the anti-biotics before they have an effect
It's scary how long it took for the standard opinion to get torn down, and how simple the final answer really was! In hindsight, the original theory sounds decidedly suspicious. Stress, indeed.
ashridah
This isn't actually as useful as it sounds. A few years back, I ran into someone who had proof of concept code for a kernel-module rootkit that analysed UDP packets that come in on the wire (don't even have to be for the right address, firewall didn't matter) that was able to force the system to do all kinds of things.
/dev/kmem, etc) should help in this department tho.
Of course, he ruined it by claiming this was a massive security hole in linux (it wasn't, it needed root privs to get in, natch, it was still just a rootkit.) It was also highly kernel specific. Running a non-stock kernel would probably screw over any would-be-kitter.
But long story short, one doesn't actually need a set of utilities listening on a random udp/tcp port in order to have a remote rootkit installed.
Using things like SELinux and friends to remove the system's ability to load modules (and deny access to root to modify
ashridah
Yeah, they do.
Eclipse Con 2006
There's also just recently been a bunch of them. Second or so one since eclipse went opensource, and a whole bunch of organisations that jumped on board are starting to show off cool stuff
(including the eclipse foundation themselves, there's been a number of nifty improvements)
I've also been recently poking at Jmock and CGLib for my testing system as well.
Jmock's built on top of junit, so it uses the same mechanisms, and can produce test cases the same way (ie, it works in eclipse's junit view :) ).
Using JMock, one can create mock objects for interfaces that expect various functions to be called some number of times with particular sets of arguments. I believe they can even be configured to throw various exceptions
This is handy in the junit sense so that you can test classes in isolation.
Of course, this only works for classes with predefined java interfaces. So toss cglib into the mix, and jmock will happily use that to create mock classes out of concrete classes instead! (basically by using an alternative to the java reflections api). Doesn't require native libraries either, still all java based, and still all opensource.
Like I say, looking very handy for my next major project which we're just finishing the design stage of at uni :).
That said, I haven't tried anything too complex with it yet, and the mock objects toss out some weird error messages if you mistype a function name or parameter :) )
ashridah
Y'know, it's interesting to note that all our greatest heroes are thieves and brigands. Go Aussie!
speak for yourself, My hero is tridge!
At ~$14USD per server, it's amazing how cheap personal information has become.
:)
:)
$14 USD? You got ripped off.
A few years back, some guy wearing a workmans uniform and holding a clipboard wandered into the (iirc) customs building here in Australia. Carted off one of the servers from a machine room, and no-one stopped them, or remembered what they looked like.
Slashdot remembers
Makes me proud to be an aussie sometimes
Interestingly, Australia's had plastic-based 5, 10, 20, 50 and 100 dollar notes for a while now (1 and 2 dollars are coins instead). The money's also surprisingly durable.
I'd be curious to know how that's affected counterfeiting here.
It'd have definently taken printers out of the equation tho, but I wonder how hard it is to create replacements.
I haven't heard of any major busts, but that doesn't mean it's not happening.
ash
Wait... aren't there really nasty byproducts from the construction of solid-state stuff like peltiers?
I know that there's some horrible chemicals used in the production of sillicon wafers (including solar cells, generally, iirc), but is the situation the same for peltier devices?
ash
You may also keep in mind that debian was in freeze for a while. It could just be newish packages rolling down the line that couldn't enter unstable before now.
:)
This is probably secondary to the gcc 4.0 migration and X.org however.
ash
Even with the patch it's barely explicit (of course, I'm not as pathetically reactionary as a self-righteous American lobby group :) ). I tried the patch out, and didn't see any overt genitals, just pantomimes of the acts, still with clothes on.
:)
Giving someone's trousers a blowjob doesn't count as sex for me.
If you've played the game, btw, you'll know that there's an S&M vibe in some parts. One out of two of those doesn't show up even with censorship off from what I saw. I don't know about the other, tho, I didn't test it.
What I find entertaining is when that kind of stuff started to become prevalent, the people using it tried to claim they were saving bandwidth on IRC.
:( ).
Nevermind that they would have to have used about 4 times more characters in order to actually fill up the minimum size of an IP packet, typically. Learning to type effectively would clearly benefit these people far more than using slang.
Mobile phones are a different matter, since typing with a number pad can be painful and tedious.
I still use proper english when using SMS personally, however. My own sense of good taste won't let me use slang, even if it does take ages to send an SMS message (cheap phone without spelling completion
ashridah
Also the these tools are not perfect, nor by any means ubiquitous (I don't see any red squiggly underlines in the slashdot comment form).
:)
You're using the wrong browser then.
Konqueror's had the ability to spellcheck form content for a while. I'm only surprised it hasn't caught on with firefox/mozilla (perhaps it already has as a plugin).
Of course, it's annoying, because my friends are all born and bred in the damned SMS generation, so if I quote them in a forum post, it has a good cry about their spelling, as if it's mine.
I really should start using '[sic]' on them.
ash
IIRC, those are claims because of things said about redhat, and in the case of ibm, of sco claiming that the GPL is invalid, yet using ibm's copyrighted gear released under the gpl.
of course, it's more complex than that. i'm more interested in someone suing them over their statements about linux itself.
ash
Of course, the lawsuit did huge amounts of damage to BSD's status within the community, and within business-oriented minds.
'BSD is getting sued by AT&T? To hell with that!'
The only difference between BSD then and Linux now is that SCO is not the titan AT&T was in it's heyday, nor are they making credible threats. Infact, despite all of the press releases to the contrary, SCO's lawsuit has boiled down to a contract dispute with IBM.
Personally, I can't wait for the countersuits to roll in. I'm surprised that someone hasn't called them on their press statements that made false allegations against Linux.
Also, We now have the benefit that Linux's mainstream appeal has managed to build enough of a community that groklaw was possible, where the FUD is easily exposed.
BSD isn't anywhere near the titan it should/could/would have been if AT&T hadn't stymied development for many years while the lawsuit ground on, to an inevitably inconclusive halt.
ashridah
You realise, of course, one can use apache+webdav to act as an adhoc (sort of), calendar server, within a smaller organisation, at least.
Personally, I'm extremely happy with Evolution 2.2, so far as scheduling has been concerned. worked well with my palm pilot (an ancient m100) back in the day when that dear thing still lived (it consumes batteries far too quickly and doesn't self charge, so i eventually discarded it)
I'll be interested if/when novell follow through on their 'lets port evolution to win32' idea. That would be a great move, imho, since i already use imap for mail, i could easily move to using webdav or ldap or something for contacts and calendaring to go with it, no matter what i'm using at the time.
ashridah
Which came first, the language or the compiler?
:) )
This is completely Off topic, but I have to comment on your signature.
The language, of course, came first. This doesn't even come close to Chicken Vs. Egg.
To write a programming language, one needs a grammar. The grammar provides syntax and form for the language (and also governs the language's capabilities), but the grammar is not a compiler by itself.
Once one has a grammar (and hence, a language), one can write a parser/compiler, not before.
(although possibly during, but even then, the partial representation of the language still preceeds the compiler, since one has to write the compiler to parse the language, before one can use it to parse the language
ashridah
PS, the egg came first too, if one accepts the theories of evolution. After all, whatever creature laid the first egg may have been something other than a classical chicken, and the first chicken may have come from an evolved/viably mutated egg, or the byproduct of an odd breeding pair.
[i]Legal trackers don't go down. How many times did you try to download Slackware 10.1 ISOs and the tracker was down?[/i]
Is that a trick question?
The electrons don't just vanish.
:) ).
:)
If they did, the energy released would probably turn us into miniature suns the moment we turned one of these on.
It's more likely that the now unstable glucose molecules will break down into carbon dioxide and urea, consuming some oxygen in the process, much like it does when consumed by a normal cell. One presumes the spent potential from the electrons will result in the electrons returning to the blood stream.
And yeah, pushing this too hard would probably fairly easily kill the user, (read, a laptop at 60-100Watts? i doubt it. maybe a trickle charger for the battery
A well controlled system could easily result in an acceptable increase in energy consumption, which would result in weight loss, without actually exercising (also, not a good thing, since the muscles aren't going to develop, but the fat will be consumed, leaving the user with no way to keep warm). One presumes that anyone using a device like this would be on a strict high-glucose intake diet.
of course, this is conjecture, i've only done basic biology and chemistry
Andrew
They don't use Lithium poly.
They use standard Lithium ion (unless they changed recently). I can remember people bitching about the short lifespan of the battery, with no replacement plan.
the IRiver H1xx and H3xx's use Lithium poly.
Your mobile phone battery will be in a hard sealed pack, and water isn't sharp enough to cut it. Ipod's don't have this, since they're not user-servicable.
:)
It'll short, and burn out the over-current protective circuitry tho. (they should have used lithium polymer. better life-span and safer)
It'd be highly entertaining watching you swear about it, mind you
ashridah