From my experience, project ownership is a big thing in the open source community. If you are running a project, it is your project. People will usually value your input over any other voices. Normally you must be a very bad project maintainer for a very long time in order to provoke a fork.
The key to successful open source project management is the project's mailing list. It is essential that you review patches and contributions rapidly on the list, and comment on them where necessary. Also, if there are patches you do not understand, they are neither properly written nor commented, and should not go in at this point in time. Hand them back, and ask specific questions, let the contributor rework the patch.
Finally, if you have a vision, or goals with your project, you probably have a whitepaper which explains them, and the architecture you plan. If you haven't, you do not have a vision, but some vague plans. Writing the paper will help you to flesh out these plans and produce a clear development target. The paper should be long enough to communicate your ideas and sync your contributors with your plans.
>Project Majestic Mix: A Tribute to Nobuo >Uematsu' is the combined effort a group of >musicians from around the world, connected >only through the Internet. Together, they >have created the first legal, fan-made, >fan-financed game music album to be released >in America.
Actually, this is not a first. I have here in my CD-rack two yellow MUSENET audio CD from 1992. These are the first two audio CD which have been recorded by people on the internet (USENET, actually), using the Internet as a transport medium for the final sounds. The only mention I have found about this is at the bottom of http://www.outsideshore.com/recordings/marc.htm.
Sun's relationship to the OSS community is extremely difficult. Within Sun there is a lively corporate culture and a will to produce a high quality, performant and comfortable UNIX system. Unfortunately, the very same culture also fosters a special kind of NIH syndrome - what pain it was to get Sun to include current popular OSS tools like Perl, Bash and the like into their standard OS distribution!
From a strategic POV, Sun is being increasingly cannibalized in the low end market by Linux and BSD solutions, and at the same time forced to include stuff for free that is differentiating them from Linux like SDS, Sunscreen, ACLs and similar because Microsoft offers such features in their OS for free as well.
At the same time, Sun is not ready to embrace the OSS movement like, for example, IBM does. They fear that giving away code and ideas that they see as differentiation and advantage in an increasingly difficult market would harm their position and they would like to have some security and control, which the OSS process inherently cannot offer at all.
So basically what we have here is a corporation with a fear to "let go" coming under more and more pressure in a difficult economic situation.
I wonder if it would be practical to associate absolute CPU time limits or CPU usage percentages with a security context id in order to prevent a certain security context from hogging all CPU ressources.
A similar thing would be desireable for resident set size (real RAM usage) and virtual size (process size) per security context.
Already adfree, but will subscribe
on
Slashdot Updates
·
· Score: 2
Being a webwasher user for several years now, Slashdot already is adfree for me and always has been, as has the rest of the internet. In fact, with icons turned off and Konquerors superfast table rendering, the site is completely text based and fast as hell for me.
Still I like the idea of a subscription system and I certainly will subscribe if the fee is reasonable. Also, I would like to see unobtrusive, nonblinking, nonanimated text ads that are related to the article category and me preferences somehow. Do the Google thing, be nonstupid.
Afghanistan has seen nothing but destruction and fanatism in the last 15 to 20 years. The people growing up there and taking up weapons have learned nothing but war, and they have nothing anymore to lose.
The key sentences from the article are:
He learned this his first day in Afghanistan when he entered a family's hut. The poverty was more than he could fathom. There was no furniture. No light. The only object inside was a copy of the Koran, tucked into an alcove.
"I asked an old man, 'Why do you live in such conditions? Don't you want to do something to improve your lot?' " Lisinenko said. "But the man replied, 'Don't you understand that the worse we live in this world, the better our lives will be in paradise? We don't want the same things in life that you want.' "
If the US want to win their war in Afghanistan, they should adapt and retry a strategy that has worked before, in my country. It could even work with minimal killings on all sides: Go there, rebuild the country, build schools, hospitals, roads, power plants and factories. Create a local industry, and local people that actually have something to lose in/this/ world.
People who have something to lose in this world will not wage war on their country, and will not tolerate terrorists near their homes. They will instead want the same things in life as you want, they will in parts copy your values and culture, and as time goes by, they will become another and peaceful version of you.
... learn a language first. Command line, no tools. Just you, an editor and a compiler.
Learn C first, then move on to Java. Then choose your IDE.
Unless you have seen the machinery and worked between the wheels and pistons, you cannot expect to get a clue how the system really works on the inside, and which approaches to debugging make sense. Only after such an experience, you'll be able to choose a proper environment for yourself, and be free to leave it, should it become necessary in the process of coding or debugging.
The most important thing for Linux is always market penetration, especially market penetrations in large companies. The best and simplest thing IBM can do for Linux is to sell it, especially sell it to large companies.
Then there are a lot of interesting things that are part of AIX. These ideas are usually ahead of their time and they are badly implemented.
Take the AIX system administration tool SMIT for example. It is using a binary registry for much configuration data which is a pain in the ass to maintain - text files and a binary cache regenerated from the text files dynamically, as KDE does it, is much better.
But SMIT is the only system administration tool which I have ever used which is actually helpful and easily extensible. SMIT is based on a number of command line programs to edit system configuration, things like adduser and deluser, but for anything on the system. SMIT generates command lines to execute system administration functions and you can preview these command lines before they are executed. So while SMIT is a GUI tool for the inexperienced user, at the same time it educates this user and brings the user onto the path to automated system administration.
SMIT has menus, and these menus are nowhere hardcoded. If you know the SMIT extension API, you can add menus and functions to SMIT and integrate your own software into the tool. That makes SMIT a truly universal administration tool, which can be taylored to a sites needs.
And finally SMIT keeps a log of all changed done to the system in the form of an endless shell script. So if you actually use SMIT to do your everyday system administration, you get a complete protocol of all changes to the system since the last install.
SMIT comes in two variants, SMIT with an X interface and SMITTY, with a tty interface. Both have a command line interface which allows you to shortcut into any menu screen from the command line so that you do not need to navigate through a menu hierarchy for the 1000st time, but can jump directly into medias res.
SMIT is broken in current AIX, but it can be fixed - get rid of the binary object database aka registry and enter a KDE style binary cache for textual configuration file to speed access to large parseable text files.
Also, SMIT was lacking cryptographically authenticated and encrypted remote administration capabilities the last time I checked (early AIX 4.x releases), so you still had to rlogin in order to administrate a remote station. A mass administration utility that can remotely control each single remote workstation as well as groups of them would be a great extension to SMIT.
There are other parts of AIX which are worth a very close look and evaluation. Much of it does not really fit the current Unix model as it is, but is extremely interesting and just needs a good ripoff session and a heavy dose of realworldly interaction in order to become a great addition to Linux.
The current groups of people against CPRM can be divided into two camps. One camp is the OSS camp, which is against CPRM on principle. The other group of people against CPRM is against it because the implementation is bad and violates basic principles of operating system design. This second group includes at the moment companies like Microsoft.
CPRM can be made to "work" in a way that the second group is - massively - in favor of it and I expect it to become so in about five years. In order for the second group to adopt CPRM it is necessary to make a CPRM-like mechanism compliant with the file system abstraction. This is easily done as soon as you abandon the sector based ATA concept for a file based storage device.
Imagine a lot more intelligence as part of your hard disk, and imagine the hard disk running an operating system independent file system abstraction on the hard disk electronics itself. In fact, only the lower half of a file system abstraction is needed, that is, free space management and block-to-file mapping. The upper half of the file system, name space management, is not sensitive to copy control and can remain in an untrusted device.
In such a device CPRM would run on top of the filesystem abstraction and therefore not interfere with it. Currently, CPRM runs below a filesystem abstraction and inhibits low level reorganisational operations. A device implementing file level access at the device itself would offer a standardized interface for such operations which would be able to deal with the details of copy control management in the context of such operations on the device itself.
This is a very scary idea, and it will be much harder to lobby against it, because the OSS lobby will not have backing of the software industry that time.
Since my wife is one of the persons on the list of people actually working on this, I may add a few words to it. Marit has a publications list online.
How does it work? Well, have a look at project anonymity and unobservability on the Internet. A MIX network is like a system of remailers, just for IP packets. There are several kinds of attacks against a MIX network ("nix the MIX") and they are categorized and discussed in that paper.
Specifically, the problem of cooperating MIX network node operators is being discussed. Have a look at the properties of ideal MIXes: It is sufficient for the MIX network to have a single trustworthy node in your path in order to protect your anonymity (section 1.2 of that paper).
The advantages of Apache over IIS are for most
web hosters:
delegation of configuration
knowing users can configure their part of Apache themselves using.htaccess files. This is completely controllable by the administrator.
As an added plus, each users authentication data is kept in separate password files, and independent of the system authentication data. This is crucial in a hosting environment.
self-healing process model
The Apache process modell with a single manager process accepting requests and delegating them to a farm of worker processes is built with the idea of unstable or unsafe modules being present in the worker processes. Apache can recover from core'ing or memleaking worker processes and keeps your server online, albeit with higher system load.
Both properties are priceless in a hosting environment and are the main reason why Apache is consistently chosen in mass hostings over IIS. The completely scriptable configuration is another plus, too. So is the abundance of useful modules and server extensions. Price is secondary.
Of course, such an option to run only signed code is completely useless even when it is turned on in any Microsoft operating system. Remember we are talking a system here where any document can also be an application. That is, you can write a Microsoft word document that does a complete Linux install in VBA macros, including formatting the hard disk.
Unless turning on this option also disabled the WSH, all macro capabilities in all programming languages and certain other options (such as being able to call RUNDLL), turning on this option will NOT prevent the next Melissa and will NOT increase your systems security.
DNS is doomed. It has to many flaws that make it unsuited for the task at hand:
- DNS is being used at the moment as a search engine. It has no proper search criteria and attributes, though.
- It is not secured against spoofing. Anybody can easily set up arbitrary adresses or inject fake entries into the current system.
- It does not handle Unicode properly at all. Instead a number of workarounds with hideous character encodings are proposed.
- Also, the current system of maintaining the namespace is hosed.
What we really need is a viable, worldwide directory service as an alternative to DNS, and as a preinstalled default in major operating systems. LDAP has the potential. Check it out.
Slashdot Mirror
From my experience, project ownership is a big thing in the open source community. If you are running a project, it is your project. People will usually value your input over any other voices. Normally you must be a very bad project maintainer for a very long time in order to provoke a fork.
The key to successful open source project management is the project's mailing list. It is essential that you review patches and contributions rapidly on the list, and comment on them where necessary. Also, if there are patches you do not understand, they are neither properly written nor commented, and should not go in at this point in time. Hand them back, and ask specific questions, let the contributor rework the patch.
Finally, if you have a vision, or goals with your project, you probably have a whitepaper which explains them, and the architecture you plan. If you haven't, you do not have a vision, but some vague plans. Writing the paper will help you to flesh out these plans and produce a clear development target. The paper should be long enough to communicate your ideas and sync your contributors with your plans.
You do not want BLOBs in a MySQL store, at least not unless MySQLs BLOB API changed a lot since I looked last (which has been some time, admittedly).
MySQL limits BLOB size to max-packet (1 MB per default), which is very small and stupid anyway.
MySQL has no proper BLOB API which allows you to download a BLOB only partially. You cannot read bytes 10.000 to 20.000 of a BLOB in MySQL.
MySQL tables perform abysmal with BLOBs of varying size being part of the table.
Only that the iButton from Dallas Semiconductor already has been broken several years ago by ... right, the very same Ross Anderson and Markus Kuhn.
Kristian
defiant.theo-physik.uni-kiel.de
The European Paradise server! Those were the times. Greetings, Emperor Achim!
Kristian
>Project Majestic Mix: A Tribute to Nobuo
>Uematsu' is the combined effort a group of
>musicians from around the world, connected
>only through the Internet. Together, they
>have created the first legal, fan-made,
>fan-financed game music album to be released
>in America.
Actually, this is not a first. I have here in my CD-rack two yellow MUSENET audio CD from 1992. These are the first two audio CD which have been recorded by people on the internet (USENET, actually), using the Internet as a transport medium for the final sounds. The only mention I have found about this is at the bottom of http://www.outsideshore.com/recordings/marc.htm.
Sun's relationship to the OSS community is extremely difficult. Within Sun there is a lively corporate culture and a will to produce a high quality, performant and comfortable UNIX system. Unfortunately, the very same culture also fosters a special kind of NIH syndrome - what pain it was to get Sun to include current popular OSS tools like Perl, Bash and the like into their standard OS distribution!
From a strategic POV, Sun is being increasingly cannibalized in the low end market by Linux and BSD solutions, and at the same time forced to include stuff for free that is differentiating them from Linux like SDS, Sunscreen, ACLs and similar because Microsoft offers such features in their OS for free as well.
At the same time, Sun is not ready to embrace the OSS movement like, for example, IBM does. They fear that giving away code and ideas that they see as differentiation and advantage in an increasingly difficult market would harm their position and they would like to have some security and control, which the OSS process inherently cannot offer at all.
So basically what we have here is a corporation with a fear to "let go" coming under more and more pressure in a difficult economic situation.
Please disregard the .signature under the previous post. Unfortunately there is no way for me to selectively post without a .sig on Slashdot.
#define NINODE 50 /* number of in core inodes */
/* max number of processes */"
/usr/include/sys/param.h
#define NPROC 30
-- Version 7 UNIX fuer PDP 11,
I wonder if it would be practical to associate absolute CPU time limits or CPU usage percentages with a security context id in order to prevent a certain security context from hogging all CPU ressources.
A similar thing would be desireable for resident set size (real RAM usage) and virtual size (process size) per security context.
To become a registered company in Germany, you need to get a license. In the smallest case, that's going to cost you all of 15 DM ($7.50).
What a stupid and useless move at the side of Thawte...
http://www.koehntopp.de/kris/artikel/rating_does_n ot_work/ has the detailed reasoning and background.
Being a webwasher user for several years now, Slashdot already is adfree for me and always has been, as has the rest of the internet. In fact, with icons turned off and Konquerors superfast table rendering, the site is completely text based and fast as hell for me.
Still I like the idea of a subscription system and I certainly will subscribe if the fee is reasonable. Also, I would like to see unobtrusive, nonblinking, nonanimated text ads that are related to the article category and me preferences somehow. Do the Google thing, be nonstupid.
Afghanistan has seen nothing but destruction and fanatism in the last 15 to 20 years. The people growing up there and taking up weapons have learned nothing but war, and they have nothing anymore to lose.
/this/ world.
The key sentences from the article are:
He learned this his first day in Afghanistan when he entered a family's hut. The poverty was more than he could fathom. There was no furniture. No light. The only object inside was a copy of the Koran, tucked into an alcove.
"I asked an old man, 'Why do you live in such conditions? Don't you want to do something to improve your lot?' " Lisinenko said. "But the man replied, 'Don't you understand that the worse we live in this world, the better our lives will be in paradise? We don't want the same things in life that you want.' "
If the US want to win their war in Afghanistan, they should adapt and retry a strategy that has worked before, in my country. It could even work with minimal killings on all sides: Go there, rebuild the country, build schools, hospitals, roads, power plants and factories. Create a local industry, and local people that actually have something to lose in
People who have something to lose in this world will not wage war on their country, and will not tolerate terrorists near their homes. They will instead want the same things in life as you want, they will in parts copy your values and culture, and as time goes by, they will become another and peaceful version of you.
It worked in Germany before.
... learn a language first. Command line, no tools. Just you, an editor and a compiler.
Learn C first, then move on to Java. Then choose your IDE.
Unless you have seen the machinery and worked between the wheels and pistons, you cannot expect to get a clue how the system really works on the inside, and which approaches to debugging make sense. Only after such an experience, you'll be able to choose a proper environment for yourself, and be free to leave it, should it become necessary in the process of coding or debugging.
© Copyright 2000 Kristian Köhntopp
All rights reserved.
Damn good Internet security.
© Copyright 2000 Kristian Köhntopp
All rights reserved.
Of course they behave as if they were selling something. If they were actually licensing something under German law, there would be a continous liability of the licenser to the licensee. This is a situation where Microsoft would not like to find itself in, given their quality of code.
© Copyright 2000 Kristian Köhntopp
All rights reserved.
they now be called the Philistines, as they allow
Quake, but ban Playboy?
© Copyright 2000 Kristian Köhntopp
All rights reserved.
The most important thing for Linux is always market penetration, especially market penetrations in large companies. The best and simplest thing IBM can do for Linux is to sell it, especially sell it to large companies.
Then there are a lot of interesting things that are part of AIX. These ideas are usually ahead of their time and they are badly implemented.
Take the AIX system administration tool SMIT for example. It is using a binary registry for much configuration data which is a pain in the ass to maintain - text files and a binary cache regenerated from the text files dynamically, as KDE does it, is much better.
But SMIT is the only system administration tool which I have ever used which is actually helpful and easily extensible. SMIT is based on a number of command line programs to edit system configuration, things like adduser and deluser, but for anything on the system. SMIT generates command lines to execute system administration functions and you can preview these command lines before they are executed. So while SMIT is a GUI tool for the inexperienced user, at the same time it educates this user and brings the user onto the path to automated system administration.
SMIT has menus, and these menus are nowhere hardcoded. If you know the SMIT extension API, you can add menus and functions to SMIT and integrate your own software into the tool. That makes SMIT a truly universal administration tool, which can be taylored to a sites needs.
And finally SMIT keeps a log of all changed done to the system in the form of an endless shell script. So if you actually use SMIT to do your everyday system administration, you get a complete protocol of all changes to the system since the last install.
SMIT comes in two variants, SMIT with an X interface and SMITTY, with a tty interface. Both have a command line interface which allows you to shortcut into any menu screen from the command line so that you do not need to navigate through a menu hierarchy for the 1000st time, but can jump directly into medias res.
SMIT is broken in current AIX, but it can be fixed - get rid of the binary object database aka registry and enter a KDE style binary cache for textual configuration file to speed access to large parseable text files.
Also, SMIT was lacking cryptographically authenticated and encrypted remote administration capabilities the last time I checked (early AIX 4.x releases), so you still had to rlogin in order to administrate a remote station. A mass administration utility that can remotely control each single remote workstation as well as groups of them would be a great extension to SMIT.
There are other parts of AIX which are worth a very close look and evaluation. Much of it does not really fit the current Unix model as it is, but is extremely interesting and just needs a good ripoff session and a heavy dose of realworldly interaction in order to become a great addition to Linux.
© Copyright 2000 Kristian Köhntopp
All rights reserved.
The current groups of people against CPRM can be divided into two camps. One camp is the OSS camp, which is against CPRM on principle. The other group of people against CPRM is against it because the implementation is bad and violates basic principles of operating system design. This second group includes at the moment companies like Microsoft.
CPRM can be made to "work" in a way that the second group is - massively - in favor of it and I expect it to become so in about five years. In order for the second group to adopt CPRM it is necessary to make a CPRM-like mechanism compliant with the file system abstraction. This is easily done as soon as you abandon the sector based ATA concept for a file based storage device.
Imagine a lot more intelligence as part of your hard disk, and imagine the hard disk running an operating system independent file system abstraction on the hard disk electronics itself. In fact, only the lower half of a file system abstraction is needed, that is, free space management and block-to-file mapping. The upper half of the file system, name space management, is not sensitive to copy control and can remain in an untrusted device.
In such a device CPRM would run on top of the filesystem abstraction and therefore not interfere with it. Currently, CPRM runs below a filesystem abstraction and inhibits low level reorganisational operations. A device implementing file level access at the device itself would offer a standardized interface for such operations which would be able to deal with the details of copy control management in the context of such operations on the device itself.
This is a very scary idea, and it will be much harder to lobby against it, because the OSS lobby will not have backing of the software industry that time.
© Copyright 2000 Kristian Köhntopp
All rights reserved.
Since my wife is one of the persons on the list of people actually working on this, I may add a few words to it. Marit has a publications list online.
How does it work? Well, have a look at project anonymity and unobservability on the Internet. A MIX network is like a system of remailers, just for IP packets. There are several kinds of attacks against a MIX network ("nix the MIX") and they are categorized and discussed in that paper.
Specifically, the problem of cooperating MIX network node operators is being discussed. Have a look at the properties of ideal MIXes: It is sufficient for the MIX network to have a single trustworthy node in your path in order to protect your anonymity (section 1.2 of that paper).
Marit has a paper on anonymity terminology online, too (txt version of that paper). Have a look at it in order to get your vocabulary. Additionally, there is a web page on identity management on her server. This relates P3P and anonymity/pseudonymity.
© Copyright 2000 Kristian Köhntopp
All rights reserved.
Throw them into a tar pit. This keeps them online, and makes them vulnerable as they are a target as long as they are connected.
© Copyright 2000 Kristian Köhntopp
All rights reserved.
web hosters:
knowing users can configure their part of Apache themselves using
As an added plus, each users authentication data is kept in separate password files, and independent of the system authentication data. This is crucial in a hosting environment.
The Apache process modell with a single manager process accepting requests and delegating them to a farm of worker processes is built with the idea of unstable or unsafe modules being present in the worker processes. Apache can recover from core'ing or memleaking worker processes and keeps your server online, albeit with higher system load.
Both properties are priceless in a hosting environment and are the main reason why Apache is consistently chosen in mass hostings over IIS. The completely scriptable configuration is another plus, too. So is the abundance of useful modules and server extensions. Price is secondary.
© Copyright 2000 Kristian Köhntopp
All rights reserved.
My French is awful, but I do want to learn the language.
If your french were okay, you would not need the language...
© Copyright 2000 Kristian Köhntopp
All rights reserved.
Of course, such an option to run only signed code is completely useless even when it is turned on in any Microsoft operating system. Remember we are talking a system here where any document can also be an application. That is, you can write a Microsoft word document that does a complete Linux install in VBA macros, including formatting the hard disk.
Unless turning on this option also disabled the WSH, all macro capabilities in all programming languages and certain other options (such as being able to call RUNDLL), turning on this option will NOT prevent the next Melissa and will NOT increase your systems security.
© Copyright 2000 Kristian Köhntopp
DNS is doomed. It has to many flaws that make it unsuited for the task at hand:
- DNS is being used at the moment as a search engine. It has no proper search criteria and attributes, though.
- It is not secured against spoofing. Anybody can easily set up arbitrary adresses or inject fake entries into the current system.
- It does not handle Unicode properly at all. Instead a number of workarounds with hideous character encodings are proposed.
- Also, the current system of maintaining the namespace is hosed.
What we really need is a viable, worldwide directory service as an alternative to DNS, and as a preinstalled default in major operating systems. LDAP has the potential. Check it out.
© Copyright 2000 Kristian Köhntopp