Under all that scrutiny, a back door would be unlikely to escape detection for even four *days*. Anybody competent enough to try inserting a back door in Apache knows this in their bones. So it would be pointless to try, and won't be tried.
Keep telling people that, and eventually they will stop looking at the source code for the software they use. Someone will include a hard-to-see security hole, on purpose, and then exploit it selectively several days later. It won't make slashdot, because the software won't be apache (enough paranoid people run apache), but it will happen.
Most of the machines I see people putting on the net are rootable out of the box and never changed. And most of those machines are Red Hat linux (opensource, yay! *cough* *cough*).
Well, "rootable" boxes do tend to run unix variants.
Plenty of people are complaining about people distributing this kind of stuff via email. I agree, it sucks. but what is a better grassroots, universally accessible kind of way to share? Something like ICQ is pretty good, but not everyone uses it. Web has the problem that 1) not everyone has/can use a web page and 2) servers get overloaded (like when they get/.ed).
Freenet? It doesn't waste lots of bandwidth outside of a given network if lots of people inside the network request it, and it doesn't get overloaded unless a huge number of people request one file at the same time. Of course, not a lot of people use it right now, but this animation could be good, legal reason to get lots of people to try it out (as Ian Clarke was hoping at the end of yesterday's slashdot interview.
I have no User Account with them, and I wish I didn't have to have one for *EVERY* frickin' web site I ever visit.
Some websites need logins/passwords to identify users to each other. Slashdot does this. IRC (yeah, I know, not a website) generally does not do this adequately.
Some websites are completely static, so unless they're charging you, it doesn't make sense for them to ask you for a l/p. Most of these sites don't ask you for one.
Many websites let you set up preferences about what you see. Many of these sites (such as www.msn.com) only give cookies. Many (such as my.yahoo.com) require you to register with a login/password. Having to make up and remember a login/password is annoying, but so is trying to move preferences from one computer to another without one. These websites should use cookies and give users the option to create a login/password combination, but AFAIK, none do.
(I don't know which category www.the-times.co.uk falls under -- I'm just saying this in general.)
If they're "encourag[ing] viewers to distribute the animated films by e-mail," I don't see why someone couldn't re-encode the films using a more open standard. Of course, some quality will be lost as the movie is moved from one lossy format to another, but at least you'll be able to see it.
It even displays a "devil" icon right before the link to microsoft in this article on its front page. And the comments at the top say something about orgasms.
Thus, people are encouraged to see if anyone else is having the same problems they have themselves,
What would really fix that is a karma system:) Lose some points if your bug gets marked as invalid or as a duplicate, gain some if others get their bugs marked as duplicates of yours or if you get voted for. with some amount of karma, you would be able to post bugs as "new", and with some more, you would be able to edit most fields of a bug. subliminal message: vote for my bugs.
and the time developers have to spend on finding duplicates decreases.
Some net-community people (including me) do search for dups among bugs they haven't reported themselves, and I hope that saves the engineers some time keeping the bugzilla system clean and also reducing the change of duplicated coding work.
The problem is, Celera and its friends are going to be the only companies with the full genome available for several months. Patent law says you can't patent something obvious to someone experienced in the field, but while the genome isn't widely available, Celera may be able to circumvent that clause temporarily.
What I'm sure many people are wondering right now is: once the HGP completes its sequence, will these patents on medical knowledge derived from Celera's work be revoked on the grounds that the method has become obvious through independent public research?
Now we'll have the source code to all those cpu-exploding virii floating around! CPUs are going to be exploding left and right! The world is going to end! Oh well, I'll be fine, because as soon as I finish posting this comment, I'm going to dive into my millennium bunker (I built mine early because although the Leader told me the world would end at the end of the Millennium, I thought some people might misinterpret him and start looting right after Y2K). Moderators -- do whatever you want, because my account will probably have expired by the time I come out of the bunker. If the andover.net bunker isn't too close to the site of the End, that is.
Basically this goes back to the old "shouting fire in a crowded theater" bit. Sure you can say a lot, but you can't say anything you want to.
Another good analogy for posting computer virus code is posting instructions for building bombs. In both cases, you're explaining to somebody how to (most likely illegally) destroy something using tools that are more or less available: fertilizer or floppy disks. There was plenty of discussion about bomb-building intructions after columbine (maybe even on slashdot).. I don't remember the arguments and outcome of that debate, though.
In the malicious-code case, you're also potentially helping to curb violence by informing users and anti-virus companies how to protect themselves. For the explosives, you're more likely to protect people by telling them what chemicals not to mix together without thinking. (My science teacher once allowed paper towels and several chemical components of gunpowder to collect in a trashcan. Someone didn't put a match out completely before throwing it away, and as a result there is a large black circle in the cieling of his old room.)
If AOL users all use Netscape, then IE can't be considered the sole "standard" and web sites might actually have to...
Remember "this site is aol-friendly"? "AOL users click here"? I'm sure it won't be that bad this time because lots of people other than aolers will be using the gecko, but the initial reaction of "Why should I change my website to work on for AOL [users|lamers], again" might slow down acceptance among some website authors.
... adhere to *real* open standards.
Just because the mozilla layout engine is open-source doesn't make it an "open standard" that can be followed easily. The engine will have quirks, just like any other that is intended (with varying amounts of emphasis and hype) to conform to standards that don't specify exactly what happens when the standard is broken.
On the other hand, if "bug 6211" gets implemented, website authors will be able to validate their HTML in the browser itself -- not as being mozilla-friendly, but as unambiguously conforming to a specified version of a standard.
When it is finished, it will not be called "Netscape" anything, it will be "Mozilla." [bold mine]
What do you mean by "when it is finished"? When mozilla is "finished"? When the first nonbeta of Netscape 6 is released?
My expectation is that there will be more or less continuous releases of mozilla (nightlies or weeklies), and that netscape will also keep releasing new branded versions that include proprietary code.
Keyboard shortcuts are in bug 22529 (bug 26373, which specifically mentions alt-left, was marked as a duplicate to be included in 22529).
I don't know why keyboard shortcuts aren't given a higher priority, though - developers and power users get frustrated easily when their navigation keys don't work, but can live with silly misrenderings.
On the shuttle? If they do something interesting enough (save mir, go to Mars, etc), the public will be watching. And reading the newspaper. And talking to each other about who is sponsoring the mission (remember the EDS "herding cats" ad during the superbowl?).
you might be hit by more than enough bogons to neutralize the computrons. Whether bogons are dangerous by themselves is an open question, but I would suggest that you avoid driving for a week or so.
MS stocks had dropped like a rock (clue enough, IMO, that everyone knows they are guilty as sin)
You probably used the wrong simile there unintentionally, but the way you worded that, it sounds like people dropped sold their Microsoft stocks because they knew MS was evil, or because they knew that MS had been anticompetitive in an illegal way. I doubt either of those is the case -- why would the stockholders wait until the day of the announcement to hold their stock?
Instead, stockholders saw that that the government and Microsoft had reached an impasse in their settlement talks. They drew the conclusion that Microsoft was likely to be convicted; they had already decided whether or not they saw the company as unethical, immoral, or anti-competitive.
A Microsoft (MSFT) lawyer outlined the company's appeal strategy, telling call participants that its defeat included "no mysteries here -- it's what we all expected."
That's the first time in a while I haven't heard a spokesperson from the "losing" side use the word "disappointed". Is it possible that the ruling might have been less harsh than Microsoft really expected it to be?
Can the DoJ and Microsoft settle outside of court, or are they prohibited from settling except under mediation? Remember, they originally had until April 6 to settle.
It sounds like someone needs to volunteer a little effort towards the Mozilla Project! That's a benefit of open source.
I don't get it. Lots of slashdot users have replied to my comments on this article, telling me that the only way to "contribute" to open source is to write code. That I'm not really contributing to mozilla by finding and reporting "bugs": security holes that have existed for several browser versions but are taken for granted, minor user-interface quirks, and requests for the interface to be more customizable and more friendly. At the same time, the slashdot community is frustrated by the lack of good user interfaces in open source software.
Is there any chance that this attitude about "contribution" is a part of the reason why interfaces of open-source programs often suck?
Actually, they are all security related. Many aren't stated as security problems, but it's clear that each of them can at least disable the user's browser. The one you referred to as talking about porn does so because porn sites are the sites most likely to exploit the hole.
Slashdot Mirror
Keep telling people that, and eventually they will stop looking at the source code for the software they use. Someone will include a hard-to-see security hole, on purpose, and then exploit it selectively several days later. It won't make slashdot, because the software won't be apache (enough paranoid people run apache), but it will happen.
--
Well, "rootable" boxes do tend to run unix variants.
--
Freenet? It doesn't waste lots of bandwidth outside of a given network if lots of people inside the network request it, and it doesn't get overloaded unless a huge number of people request one file at the same time. Of course, not a lot of people use it right now, but this animation could be good, legal reason to get lots of people to try it out (as Ian Clarke was hoping at the end of yesterday's slashdot interview.
--
Some websites need logins/passwords to identify users to each other. Slashdot does this. IRC (yeah, I know, not a website) generally does not do this adequately.
Some websites are completely static, so unless they're charging you, it doesn't make sense for them to ask you for a l/p. Most of these sites don't ask you for one.
Many websites let you set up preferences about what you see. Many of these sites (such as www.msn.com) only give cookies. Many (such as my.yahoo.com) require you to register with a login/password. Having to make up and remember a login/password is annoying, but so is trying to move preferences from one computer to another without one. These websites should use cookies and give users the option to create a login/password combination, but AFAIK, none do.
(I don't know which category www.the-times.co.uk falls under -- I'm just saying this in general.)
--
--
--
What would really fix that is a karma system
and the time developers have to spend on finding duplicates decreases.
Some net-community people (including me) do search for dups among bugs they haven't reported themselves, and I hope that saves the engineers some time keeping the bugzilla system clean and also reducing the change of duplicated coding work.
--
Couldn't find it, so I posted it myself. Here ya go.
--
The problem is, Celera and its friends are going to be the only companies with the full genome available for several months. Patent law says you can't patent something obvious to someone experienced in the field, but while the genome isn't widely available, Celera may be able to circumvent that clause temporarily.
What I'm sure many people are wondering right now is: once the HGP completes its sequence, will these patents on medical knowledge derived from Celera's work be revoked on the grounds that the method has become obvious through independent public research?
--
--
Another good analogy for posting computer virus code is posting instructions for building bombs. In both cases, you're explaining to somebody how to (most likely illegally) destroy something using tools that are more or less available: fertilizer or floppy disks. There was plenty of discussion about bomb-building intructions after columbine (maybe even on slashdot).. I don't remember the arguments and outcome of that debate, though.
In the malicious-code case, you're also potentially helping to curb violence by informing users and anti-virus companies how to protect themselves. For the explosives, you're more likely to protect people by telling them what chemicals not to mix together without thinking. (My science teacher once allowed paper towels and several chemical components of gunpowder to collect in a trashcan. Someone didn't put a match out completely before throwing it away, and as a result there is a large black circle in the cieling of his old room.)
--
Well, no wonder netscape 6 runs slowly. That's barely tenth of enough RAM to run today's browsers.
--
Remember "this site is aol-friendly"? "AOL users click here"? I'm sure it won't be that bad this time because lots of people other than aolers will be using the gecko, but the initial reaction of "Why should I change my website to work on for AOL [users|lamers], again" might slow down acceptance among some website authors.
Just because the mozilla layout engine is open-source doesn't make it an "open standard" that can be followed easily. The engine will have quirks, just like any other that is intended (with varying amounts of emphasis and hype) to conform to standards that don't specify exactly what happens when the standard is broken.
On the other hand, if "bug 6211" gets implemented, website authors will be able to validate their HTML in the browser itself -- not as being mozilla-friendly, but as unambiguously conforming to a specified version of a standard.
--
What do you mean by "when it is finished"? When mozilla is "finished"? When the first nonbeta of Netscape 6 is released?
My expectation is that there will be more or less continuous releases of mozilla (nightlies or weeklies), and that netscape will also keep releasing new branded versions that include proprietary code.
--
I don't know why keyboard shortcuts aren't given a higher priority, though - developers and power users get frustrated easily when their navigation keys don't work, but can live with silly misrenderings.
--
On the shuttle? If they do something interesting enough (save mir, go to Mars, etc), the public will be watching. And reading the newspaper. And talking to each other about who is sponsoring the mission (remember the EDS "herding cats" ad during the superbowl?).
--
--
You probably used the wrong simile there unintentionally, but the way you worded that, it sounds like people dropped sold their Microsoft stocks because they knew MS was evil, or because they knew that MS had been anticompetitive in an illegal way. I doubt either of those is the case -- why would the stockholders wait until the day of the announcement to hold their stock?
Instead, stockholders saw that that the government and Microsoft had reached an impasse in their settlement talks. They drew the conclusion that Microsoft was likely to be convicted; they had already decided whether or not they saw the company as unethical, immoral, or anti-competitive.
--
From the wired article:
A Microsoft (MSFT) lawyer outlined the company's appeal strategy, telling call participants that its defeat included "no mysteries here -- it's what we all expected."
That's the first time in a while I haven't heard a spokesperson from the "losing" side use the word "disappointed". Is it possible that the ruling might have been less harsh than Microsoft really expected it to be?
--
According to the wired article:
"In the next few months Jackson will announce what penalties he will impose on Microsoft."
I would expect Microsoft to appeal the penalties instead of the ruling, but I could be wrong.
--
(Older info is also available at the US v. Microsoft page at the the U.S. Department of Justice website)
--
--
--
I don't get it. Lots of slashdot users have replied to my comments on this article, telling me that the only way to "contribute" to open source is to write code. That I'm not really contributing to mozilla by finding and reporting "bugs": security holes that have existed for several browser versions but are taken for granted, minor user-interface quirks, and requests for the interface to be more customizable and more friendly. At the same time, the slashdot community is frustrated by the lack of good user interfaces in open source software.
Is there any chance that this attitude about "contribution" is a part of the reason why interfaces of open-source programs often suck?
--
--