My first reaction when I saw the news of the settlement was that this will probably kill any attempts to open source Java. The settlement includes patent cross licensing. What are the terms of this cross licensing? I have no idea, and the terms will probably never be published, but Sun's lawyers would have to spend a lot of time going through that agreement before they can open source anything now. The case they have to worry about is if the Java(tm) implementation contains something covered under a patent which falls under this cross-licensing agreement, especially if some little bit of Microsoft's technology has crept into the Java implementation somehow. Given the very broad patents that are being granted by the US PTO these days, it would not be surprising at all if Sun's lawyers said "we just can't be sure there isn't something from MS in here among these million lines of code."
If we want an open source Java, I think the right thing to pursue is Kaffe, gcj, and Gnu CLASSPATH. I would love it if Sun did open source Java and such an action may be the best way to ensure Java's long-term survival, but somehow I have a feeling that Scott and the Sun lawyers won't have the guts or the will to take the risks and do this.
A Buran Energia could lift up to 170 tons into orbit. If we could more than double that capacity, it would be enough to lift this boring machine and a nuclear reactor to power it into orbit. While in flight, we could use spent fuel from the reactor to sterilize everything before we plonk it on Europa. The Europan ice is only a few miles thick, less thick than the length of the Chunnel, so this is the best, most realistic way of finding out what's down there. Then we can go ice fishing with a great view of Jupiter.
OpenBSD has had "W^X" for quite a while now, and it sounds like that is what Bill is talking about. It is a great idea. There is just no reason for a program to ever modify its own executable code, with a very few exceptions such as Java's JIT compiler. For once it sounds like he is talking about security that protects his customers, not "security" such as DRM which reduces the capabilities of the product.
The technology is all there. AC Propulsion just took a trip from LA to Vegas in a lithium-battery car. That's all the range we need for a practical car. They did it using thousands of off-the-shelf mobile device lithium batteries. How much would it cost if automotive-size lithium batteries were mass-produced? I'm guessing prices would be competitive with the price of a new ICE car, except that electric drivers won't ever have to worry about gas going to $3/gal.
Also I hope that cities start being designed to be anti-car, meaning they are designed to be accessed on foot or by public transit systems. If you've ever been to Singapore you know what I'm talking about.
There seem to be too many social networking sites these days. How many can one person possibly belong to? What would be cool is an open source search engine, although I don't know if that project is still active. One thing to consider is that open source works well for "products" like GNU/Linux but does not work as well for services like a social networking site. Even a service like our beloved Slashdot may use open source software but it is a commercially-operated ad-sponsored business.
Have you ever tested the performance difference between a package and something built from source with all the right optimization flags? I would be surprised if there is much of a performance difference, if any. And even if there is a measurable performance difference, how much does that matter in your application? Are these computers so overloaded that a 10% (or even a 50%) difference in application speed will matter? I was just looking at Penguincomputing and a basic dual Opteron server starts at about $2500.
It seems like computer people tend to think about performance while business people think about reliability.
If you're going to do any formatting at all, especially for the LDP, it should be in CSS. This is why:
All the main Linux browsers today support CSS.
CSS looks better than the old style of using nested tables and spacer graphics.
CSS is accessible. A CSS page looks ok on Lynx, whereas any other formatting system doesn't work on Lynx.
Users who don't like formatting or CSS can turn it off and still access the sites.
CSS formatted pages can be viewed on some wireless devices and can be transformed for all wireless devices. Ever need to look something up so you could get the computer on the net?
It's easy to do. Just create the CSS sheets and then put in the link at the beginning of the documents and it should mostly work.
This is getting off-topic here but it's something I must address. China doesn't need to do anything to install a crypto backdoor into WAP (the most common wireless web protocol). Why? Because in WAP the phone transmits (encrypted) WTLS (Wireless Transport Layer Security) to the gateway (almost always a box at the telco). The gateway then decrypts the WTLS session and re-encrypts it to plain old SSL and sends it on as an HTTP request to the "WAP" server (which is really just a plain old http server serving appropriate content). So in all "encrypted" WAP sessions there is actually one hop of plaintext in the middle which just happens to be at the telco's facility. It is a secure but tap-friendly protocol, inasmuch as such a thing can exist.
The main advantage of having wireless blogging in a place like China is simply that so many more people have phones than computers so it is easier to get the word out. Also phones are more private because, unlike computers, they are not shared among multiple users and are not in semi-public places like schools, a family home, etc.
Wireless blogging is going to be a way to get around many restrictions. Of course this doesn't help if they are blocking the servers. Fortunately these days there are a vast number of hosting companies which provide blog hosting. And wireless net is huge in China, with hundreds of millions of WAP-enabled phones. I think that the government will at some point just give up on this and realize that free expression is not that much of a threat. They should look over at the example of Singapore, where the government is very strict, but it tolerates a little joking commentary. The PRC will realize that people complaining is not the same thing as a real challenge.
It's in this new Fedora release, it's also in the Mandrake 10 "community" release (I just got my DVD last week) and it's in the upcoming Mandrake 9.1 release, which you can pre-order from Amazon even though you can't actually find it by searching in Amazon. Too many choices! Oh and OpenBSD 3.5 is coming, too.
I think terraforming Mars is inevitable if it's possible to do it at all. Even if a group of scientists convened by NASA all decide that it's ethically wrong, there is no way for that decision to bind all the other countries which have the capability of doing it. If it's possible, someone will do it. This is a similar situation to the non-proliferation treaty. We have this treaty, and a big chunk of the world's population, including its most powerful country, want to maintain the NPT, but were unable to enforce it. Unlike non-proliferation, stopping terraforming on Mars is unlikely to ever be a top foreign policy issue for any country, so if it's possible for it to happen and if any country has a motive to do it (like having a population of 1.2 billion people) then it will be done.
So the question is, how can it be done in the least destructive way? That's what they should be asking. I'm guessing that the best thing would be to do as much exobiology research on it as possible before anyone starts thinking about terraforming. We may not be able to stop terraforming but at least we could learn as much as possible before the Mars environment is thoroughly corrupted with Earth biology.
Also, terraforming may be a long and slow process. Earth and Mars organisms could coexist for a long time during this process. In fact, if Mars organisms are related to Earth organisms, they might play a role in terraforming.
It's a Microsoft Windows worm. I am also on the Internet right now and my Windows platform (X Windows) cannot be infected by this worm. Get it straight. Windows is a generic English word and a generic computer marketing term.
It is too much trouble to tweak Linux to run correctly on many notebooks, because things like software suspend are tricky and very hardware-dependent. Hopefully HP will give us some notebook choices that come with everything set up correctly. That is enough to make my purchasing decision. One thing I hope they do not do is charge the same price for the same notebook with Linux vs. MS Windows. If they do that, Linux customers are essentially paying for an MS Windows license that they aren't receiving, which is wrong. We should be able to buy hardware without a MS Windows license and also not pay for the MS Windows license. I personally prefer the X brand of Windows, not the MS brand of Windows.
Long-term, OOo is going to offer fierce competition for any product like Frame, and even MS Office. OOo already has a FrameMaker type of document model. By using an open XML fileformat, it means that it will be possible to write tools that interact with OOo documents easily. It will probably end up with a more powerful templating system than MS Office, and it will definitely end up with more powerful macro options (Python, etc). OOo will also win in cross platform abilities, with native ports to OSX and KDE in various stages. OOo is the one to beat these days. MS Office will always have a niche in processing of legacy documents, but it and FrameMaker, PageMaker and the others are in trouble.
So strong I've never heard of it, and looking through the websites, all the faqs are simply lists of links to other faqs, and when I finally get to one that isn't a list of links, it just gives me some information about problems I might be having with Rexx executables, with no info anywhere about what Rexx is. Let's see, there's Java, C++, C, perl, Python, Intercal and a host of other languages with clear and obvious purposes and faqs, and therefore I should care about Rexx because? Maybe this would be a good opportunity for a/. editor to put some comment in there like "Rexx is a [functional | procedural | object oriented | portable | braindead] language?
Does anyone have some tips for running these under Wine? I know that I can install Outlook XP under Crossover, with full support in Crossover 3.0 which is coming out soon, but I'm not sure if it supports these viruses yet. I know that Wine supports Sircam, but unfortunately there isn't a virus section in the appdb yet. I think the Wine devs don't get it. We run Wine for the full "MS Windows Experience", not just the software.
No, I'm not trolling. I can summarize your whole post in one sentence: "Don't make mistakes and everything will be fine!" We've been hearing that for years. The best C security coders in the world are the OpenBSD team and guess what, they make mistakes. They fail to validate input sometimes. They have had exploitable bugs in their code. And what are they doing now? They are moving to models like privsep, w^x and systrace which are all forms of sandboxing or hole containment. Eventually if they take that far enough, they'll end up running bufferless code in a VM, which would give me a sense of deja vu.
Sure, it's entirely possible to write perfect C code with no mistakes, and it's possible to not validate input on Java code and make plenty of mistakes. You gave a great example: SQL injection attacks. Java has some great defenses against that: Use java.sql.PreparedStatement instead of java.sql.Statement. Even better, use something like JDO to give an abstracted OO view of the data.
Here's where C breaks down: The human mind doesn't think in the right way to use C safely. We can't change the human mind (yet), but we can change which language we use. Humans just don't spot out-of-range errors, for example, but out-of -range errors are all trapped in Java and also because Java collections know their size (unlike C arrays/pointers) out-of-range errors are much more obvious.
Also, saying that "if you validate your input you can run it at any priv level you want" is just the wrong way to think about this. Mistakes will happen in any sufficiently large system (ie, any system that is large enough to be useful today). The only reasonable thing to do is to contain those mistakes, which means isolate processes and functions.
Or you can keep on repeating "nothing bad would ever happen if we didn't make any mistakes!" I guess if that's what you think, I can't change your mind.
I'm bored of these OpenSSL advisories. On and on they go. An unchecked null and an out-of-bounds read. Someday, people will realize that unsafe data (anything that comes in over the net) really can't be safely manipulated in a language like C. If OpenSSL had been implemented in Java, there types of errors couldn't exist, or if they did exist, they would throw exceptions which could be caught and handled in some reasonable way.
Rule #1: Unsafe data should be handled in sandboxed languages.
Rule #2: Programs that are exposed to unsafe data (server processes) should run at some minimum and constrained privilege level, not as root. The "must be root to bind to ports less than 1024" rule on Unix is almost exactly the opposite of what the rule should be.
I'm sure many people who don't understand these issues will flame me or say I am trolling, but oh well, someone needs to keep bringing this up until it sinks in.
It looks like there is more emphasis on Gnome than on KDE in this press release. As a KDE fan, that concerns me a bit. Suse has always been a great KDE distro. I hope that Novell + Ximian + Suse does not mean Suse -> Gnome, although it seems inevitable.
Let's see, OpenBSD+SMP is out soon, Mandrake 10 is here, and now Suse 9.1 with Linux 2.6 KDE 3.2.1 is out. I'm in "new OS overload" here. I think I'll install Redhat 7.3 and VMWare and then I can install them all.
My dream system for security work would be a thin SMP OpenBSD environment with a Java runtime on it. That way there would be a solid, very security OS, with a sandboxed VM environment to run the server code, resulting in strong security at every level. I am looking forward to this. Now, if it can run KDE 3.2 and OOo 1.1 and Evolution, that is all I need in a desktop and development system. I've been using OpenBSD for years but I switched to Linux when it pulled ahead on desktop functionality, but maybe it's time to take another look at OpenBSD.
On the Mandrake subject, I just ordered Mandrake 10 to check out the awesomeness of Linus' latest offspring, plus KDE 3.2. If HP would ship that on a laptop, that would make my buying decision right there.
Notice how they are always talking about using these bots to "ferry supplies"? Have you ever seen the DoD say something about using these bots in actual combat roles? That is somehow never mentioned.
I can't believe this thread has gone on so long with no one mentioning lutein. Lutein is a natural anti-oxidant nutrient found in leafy vegetables. Very few of us get enough of it in our diets naturally. All the opthamologists I know take it every day. It is the best thing we know of for prevening macular degeneration, something which frequently causes blindness in old people. This isn't crackpot new-age herbal stuff. If you don't believe this, ask any opthamologist if he has heard of lutein and what he thinks of it.
-----------
Does your hosting company offer WAP hosting?
Slashdot Mirror
If we want an open source Java, I think the right thing to pursue is Kaffe, gcj, and Gnu CLASSPATH. I would love it if Sun did open source Java and such an action may be the best way to ensure Java's long-term survival, but somehow I have a feeling that Scott and the Sun lawyers won't have the guts or the will to take the risks and do this.
--------
Create a WAP server
A Buran Energia could lift up to 170 tons into orbit. If we could more than double that capacity, it would be enough to lift this boring machine and a nuclear reactor to power it into orbit. While in flight, we could use spent fuel from the reactor to sterilize everything before we plonk it on Europa. The Europan ice is only a few miles thick, less thick than the length of the Chunnel, so this is the best, most realistic way of finding out what's down there. Then we can go ice fishing with a great view of Jupiter.
--------
Create a WAP server
Also I hope that cities start being designed to be anti-car, meaning they are designed to be accessed on foot or by public transit systems. If you've ever been to Singapore you know what I'm talking about.
---------
Create a wireless web site
---------
Create your wireless web site
It seems like computer people tend to think about performance while business people think about reliability.
---------------
Create a WAP server
The main advantage of having wireless blogging in a place like China is simply that so many more people have phones than computers so it is easier to get the word out. Also phones are more private because, unlike computers, they are not shared among multiple users and are not in semi-public places like schools, a family home, etc.
Wireless blogging is going to be a way to get around many restrictions. Of course this doesn't help if they are blocking the servers. Fortunately these days there are a vast number of hosting companies which provide blog hosting. And wireless net is huge in China, with hundreds of millions of WAP-enabled phones. I think that the government will at some point just give up on this and realize that free expression is not that much of a threat. They should look over at the example of Singapore, where the government is very strict, but it tolerates a little joking commentary. The PRC will realize that people complaining is not the same thing as a real challenge.
It's in this new Fedora release, it's also in the Mandrake 10 "community" release (I just got my DVD last week) and it's in the upcoming Mandrake 9.1 release, which you can pre-order from Amazon even though you can't actually find it by searching in Amazon. Too many choices! Oh and OpenBSD 3.5 is coming, too.
So the question is, how can it be done in the least destructive way? That's what they should be asking. I'm guessing that the best thing would be to do as much exobiology research on it as possible before anyone starts thinking about terraforming. We may not be able to stop terraforming but at least we could learn as much as possible before the Mars environment is thoroughly corrupted with Earth biology.
Also, terraforming may be a long and slow process. Earth and Mars organisms could coexist for a long time during this process. In fact, if Mars organisms are related to Earth organisms, they might play a role in terraforming.
----------
Create a WAP server
--------
Create a WAP server
It's a Microsoft Windows worm. I am also on the Internet right now and my Windows platform (X Windows) cannot be infected by this worm. Get it straight. Windows is a generic English word and a generic computer marketing term.
Create a WAP server
Long-term, OOo is going to offer fierce competition for any product like Frame, and even MS Office. OOo already has a FrameMaker type of document model. By using an open XML fileformat, it means that it will be possible to write tools that interact with OOo documents easily. It will probably end up with a more powerful templating system than MS Office, and it will definitely end up with more powerful macro options (Python, etc). OOo will also win in cross platform abilities, with native ports to OSX and KDE in various stages. OOo is the one to beat these days. MS Office will always have a niche in processing of legacy documents, but it and FrameMaker, PageMaker and the others are in trouble.
----------
Create a WAP server
Does anyone have some tips for running these under Wine? I know that I can install Outlook XP under Crossover, with full support in Crossover 3.0 which is coming out soon, but I'm not sure if it supports these viruses yet. I know that Wine supports Sircam, but unfortunately there isn't a virus section in the appdb yet. I think the Wine devs don't get it. We run Wine for the full "MS Windows Experience", not just the software.
Sure, it's entirely possible to write perfect C code with no mistakes, and it's possible to not validate input on Java code and make plenty of mistakes. You gave a great example: SQL injection attacks. Java has some great defenses against that: Use java.sql.PreparedStatement instead of java.sql.Statement. Even better, use something like JDO to give an abstracted OO view of the data.
Here's where C breaks down: The human mind doesn't think in the right way to use C safely. We can't change the human mind (yet), but we can change which language we use. Humans just don't spot out-of-range errors, for example, but out-of -range errors are all trapped in Java and also because Java collections know their size (unlike C arrays/pointers) out-of-range errors are much more obvious.
Also, saying that "if you validate your input you can run it at any priv level you want" is just the wrong way to think about this. Mistakes will happen in any sufficiently large system (ie, any system that is large enough to be useful today). The only reasonable thing to do is to contain those mistakes, which means isolate processes and functions.
Or you can keep on repeating "nothing bad would ever happen if we didn't make any mistakes!" I guess if that's what you think, I can't change your mind.
Rule #1: Unsafe data should be handled in sandboxed languages.
Rule #2: Programs that are exposed to unsafe data (server processes) should run at some minimum and constrained privilege level, not as root. The "must be root to bind to ports less than 1024" rule on Unix is almost exactly the opposite of what the rule should be.
I'm sure many people who don't understand these issues will flame me or say I am trolling, but oh well, someone needs to keep bringing this up until it sinks in.
------------
Create a WAP server
-----------
Try out WAP hosting
---------
Create a WAP server
--------
Create a WAP server
On the Mandrake subject, I just ordered Mandrake 10 to check out the awesomeness of Linus' latest offspring, plus KDE 3.2. If HP would ship that on a laptop, that would make my buying decision right there.
--------
WAP hosting
-----------
Does your hosting company offer WAP hosting?