At present, it's the only way of getting flash on FreeBSD for amd64. I believe that flash still hasn't been ported to Linux on amd64 either.
I've used nspluginwrapper successfuly on 64-bit Mandriva for Flash (comes setup and installed by default with the Flash plugin so no messy fiddling around) and it's website says it's compatable with FreeBSD (although haven't used FreeBSD so can't confirm it).
I think there is a business plan there -- especially for open source/free software. Be a trusted entity that will compile, sign, and delivery binaries for the end user. Building that trust is difficult, but I bet one of the major distributions, like Red Hat, could do it.
How is this different from what happens now? My distro vendor (be it Redhat, Mandriva, Ubuntu, Debian whoever) compiles the packages, signs them with their GPG key and puts the binaries in their repositories and install DVDs for us to use. There's no need to 'build trust' anymore than they have now - after all any Linux distro vendor who started shipping trojaned packages would be quickly out of business, same as MS or Apple would if they did the same.
So what part of this requires Trusted Computing? Wouldn't it be enough to (finally) have a proper package management system on Windows, perhaps with a repository of applications that have been 'blessed' by MS?
There certainly aren't any working.spec (RPM) files available
Nonsense, my Mandriva machine has the RPMs in its 'main' repository: [tim@triton ~]$ sudo urpmq --list | grep virtual dkms-virtualbox virtualbox virtualbox-guest-additions virtualbox-kernel-2.6.24.4-desktop-1mnb virtualbox-kernel-2.6.24.4-desktop-3mnb (...snip list of kernel packages with the binary kernel modules)
You can find all the Mandriva mirrors at easyurpmi.zarb.org, go up a couple of directories and find the SRPM directory if you want the.spec files. And they're in the 'main' repo which means they've been tested and are part of the official released packages from Mandriva bugfix updates, so I'd say there's a pretty good chance they'll be working.
Yet that's exactly how it works on Linux. Looking at the menu on my Linux box everything is arranged in proper categories like 'office programs', 'internet' etc. even commercial apps like skype go in theri right place
Re:Clever new tools for kernel config
on
Linux 2.6.26 Out
·
· Score: 1
More classic development distributions like Slackware don't provide 2 gigs of precompiled modules for different kernels (it usually comes with enough to pick up your hard drive, chipsets, etc and boot.
2Gigs!!! There must be something seriously wrong with the Slackware kernel packaging! The Mandriva kernel package on my laptop takes up under 35MB ON DISK (du -sh) and includes all the modules I'd ever need.
Why for the love of god go through all that pain and inconvenience to save a few megs of disk space?
n Denmark (central Copenhagen) one kilowatt hour is priced at 0.44 USD (just reduced from 0.49 this month btw)
Yeah but you Danish get the majority of your power from wind and over renewables don't you? I'd rather pay the high price for that than the situation we have here in the UK now where we just pay a high price and destroy the environemnt
"this is the same country that charges prisoners who have been falsely accused for bed and boarding costs."
Got a decent reference? Seriously, that link is to the 'Daily Mail', the sensationalism in that paper is renowned.
I don't think anyone here bothered to read TFA (although can hardly blame you as the Daily Mail isn't exactly known for factual journalism, or even real journalism at all).
It said he won £250,000 compensation from the govt. (an amount his lawyer said was fair) and then had £12,500 of that taken for board. Not exactly a completely fair outcome but he still got to keep 95% of the proper compensation - it's not like he got nothing but a massive bill for being falsely accused.
I've had 2 Acer laptops now and both have been very good value for money, and reasonably compatible with Linux. The main problem with them is the cosmetics - such as the dodgy 'bluetooth' button on laptops that don't have it (my latest one has the button but no bluetooth too).
The reason I still buy them is that I started my laptop search online and so narrowed it down to the ones with the best specs to cost ratio, and which were not cheap and dodgy no-name ones. The cosmetic issues only came into consideration at the end and by then I was willing to live with them.
Malware is software deliberately designed to do something malicious, a security bug is just that - a mistake that someone's made that inadvertently opens a security hole.
What 'intent' can you discern from the actions of the Debian packagers? That they're being responsible by checking their changes with the upstream project? They did their jobs correctly so the issue got found sooner than it would have otherwise.
This discussion was about people deliberately inserting malware into open-source projects and/or software repositories, which the Debian-OpenSSL bug clearly is not an example of.
Probably a lot quicker than for a similar closed-source app. Besides the openssl story you linked to isn't about someone inserting malware into an open source project, it's about a security hole someone accidentally introduced. So yes, it's bad that there was a hole in the first place, but no complex software is without security issues, and at least it can be quickly pushed down to users.
, since someone could poison the upstream source of software(which already happened in the past [slashdot.org]) and the maintainer would have no clue.
True, but once the upstream project discovers the problem the distro repo. maintainer can release the fixed version as an update, which will automatically apply to all users of their distro.
With random Windows apps I'd have to keep checking their websites or news sites myself to keep track of these issues, or any other security issues with the app. And then manually download it.
The current method adopted by many Windows apps of each having their own 'update manager' process running in the tray is not a sustainable in any way.
Except for those admins too lazy to make sure SELinux us working.
Should read "except for anyone who's deliberately hacked their samba configuration to run as root". Considering there's no need to do this, and all distros package samba to create and run as it's own unprivileged uid, this will be pretty much nobody. And anyone who has done that has only themselves to blame.
Everything I can screw up on the computer should have an Undo-- that's what the Recycle Bin (or Trash Can for Mac users) is there for, although it's a bit more awkward than pressing control-Z.
Both KDE and GNOME have this built-in. In KDE there isn't even an option in the right-click menus anymore (unless you know to hold down the shift key) to properly delete something - it always goes to the trash can.
What would be even more ironic is if the Blu-Ray group collapses themselves in a few years due to lack of demand. That would be a good laugh.
I was browsing a local video/music store here yesterday and saw they're trying to flog each Blu-Ray movie for about £27! That's unbelievable for just a movie, even the crappy ones. Hopefully it will fail and they'll have to drop their prices. Prices like that actively discourage me from ever touching anything to do with bluray.
Re:127.0.0.1 doesn't have an 8-bit mask
on
One Step Closer to IPv6
·
· Score: 3, Informative
ocalhost (127.0.0.1) has a 32-bit subnet mask, so 127.0.0.1/32
It may be setup this way on your computer's network settings but the RFC says the whole/8 is valid is part of the loopback: http://www.faqs.org/rfcs/rfc3330.html
ANYONE above the age of 12, in a CIVILIZED FIRST WORLD COUNTRY, would LACK THESE SKILLS, tells me all I need to know about how "educated" and "enlightened" westerners truly are as compared to how much they THINK they are.
In Australia they went to greate efforts to teach us first aid (mainly focused on resuscitation - think little brother or sister who's fallen in the backyard swimming pool) in school at the age of 11.
Actually (and to my complete amazement) I got a positive response from one of these UK govt. e-petitions. It was about a road rules bill that would have made it compulsory for cyclists to ride in special 'bike lanes' whereever available. On the face of it that sounds fair but actually get on a bike in London and you'll see that some are just downright dangerous. They push you onto a narrow strip on the footpath for 50 metres (where you *will* hit any pedestrians as there just isn't space) before dumping you back onto the road. Much safer to just ride on the road half the time, not that I don't use them when they're placed properly as a 'mini-lane' on the edge of the road.
Anyway the point is I got a reply saying the bill had been ammended to say that cyclists where only obligated to use the 'lanes' when they were safe for all concerned.
That's because in spite of band-aids like Yum, the user experience for RPM still sucks.
Yum (or Mandriva's urpmi) are no more band-aids on top of RPM than apt is a band-aid on top of DEB. The user-experience of using dpkg sucks too, but no desktop user would ever need to even think of using it on a system with Synaptic installed any more than a desktop user on Mandriva would need use anything else but RPMDrake (the graphical tool for urpmi).
I agree. Two members of my family who had life-threatening illnesses in the last few years went to the public hospital, even though the private one was literally directly across the road and we had full private insurance. The reason is that the public hospital is bigger, has far more equipment and staff and is setup for handling anything.
In Australia private hospitals seem more like private clinics - they often don't even seem to have an 'emergency room' (they are usually build next to public ones which, of course, do). When I had to have my wisdom teeth out I used my insurance to get into the private hospital - and avoided the waiting lists, got my own room for the overnight stay etc.
Despite it's faults I think it's a great system - all the essential stuff is covered for everybody through taxes and the extra stuff can be paid for privately if you want it. We effectively get the best of both worlds.
Thanks for the link, I see that my claims may not have been true. Still, how does this become compliant with the GPL? Redhat distributes the OS (the source form) on the terms of the GPL. This allows me full redistribution rights, as long as I comply with the trademarks and copyright laws. In other words, I can use it to clone other systems internally and can install the software as I see fit on any other server in the organisation.
This is where it get's confusing. I think (at a guess, IANAL and all that) that Redhat owns copyright on the distribution itself, ie. the thing taken as a whole. This is how they can put that 'Subcription Agreement' on it that prevents you from doing all sorts of things. It's the individual packages that are covered by the GPL and Redhat satisfies the requirements of the GPL by posting the source packages on their FTP site, which is what CentOS is built from.
Re:Does anyone even use this OS?
on
CentOS 5 Released
·
· Score: 3, Informative
Read sections 3.1 and 5.1 in particular. In 5.1 they are saying that you must notify them if the number of installed systems exceeds the number of subscriptions you have, and they will bill you for the extra systems etc.: Client will promptly notify Red Hat if the number of Installed Systems exceeds the number of Installed Systems for which Client has paid the applicable fee. In its notice, Client will include both the number of additional Installed Systems and the date(s) on which such Installed Systems were put into use. Red Hat will invoice Client for the applicable Services for such Installed Systems on a pro-rata basis and Client will pay for such Services in accordance with this Agreement.
This is why Centos is so useful, you can have as many dev/test/uat/whatever machines as you like without having to worry about subscriptions.
you dont have and need at least x.y.z version of package name XXX to continue, do you want to continue?
They're not and never have been, use the --nodeps option. The default behaviour is to demand depedencies because if a program has a depedency of X that generally means it needs X to be installed to function properly.
3. every package should have versioning support. You install 0.1.1 but retain 0.1.0, so that you can revert if you need to.
the option should be voluntary.
This would be a very nifty feature (as long as its optional as it would take up a lot of space).
The rest of the ease of use stuff is already covered by the full package management systems like urpmi/RPMDrake, YAST and yum.
As for actually making them it is already very simple to make a simple RPM that basically just packages up the results of a./configure && make && make install - see the Mandriva RPM Howto for eg.
Slashdot Mirror
At present, it's the only way of getting flash on FreeBSD for amd64. I believe that flash still hasn't been ported to Linux on amd64 either.
I've used nspluginwrapper successfuly on 64-bit Mandriva for Flash (comes setup and installed by default with the Flash plugin so no messy fiddling around) and it's website says it's compatable with FreeBSD (although haven't used FreeBSD so can't confirm it).
I think there is a business plan there -- especially for open source/free software. Be a trusted entity that will compile, sign, and delivery binaries for the end user. Building that trust is difficult, but I bet one of the major distributions, like Red Hat, could do it.
How is this different from what happens now? My distro vendor (be it Redhat, Mandriva, Ubuntu, Debian whoever) compiles the packages, signs them with their GPG key and puts the binaries in their repositories and install DVDs for us to use. There's no need to 'build trust' anymore than they have now - after all any Linux distro vendor who started shipping trojaned packages would be quickly out of business, same as MS or Apple would if they did the same.
So what part of this requires Trusted Computing? Wouldn't it be enough to (finally) have a proper package management system on Windows, perhaps with a repository of applications that have been 'blessed' by MS?
There certainly aren't any working .spec (RPM) files available
Nonsense, my Mandriva machine has the RPMs in its 'main' repository:
[tim@triton ~]$ sudo urpmq --list | grep virtual
dkms-virtualbox
virtualbox
virtualbox-guest-additions
virtualbox-kernel-2.6.24.4-desktop-1mnb
virtualbox-kernel-2.6.24.4-desktop-3mnb
(...snip list of kernel packages with the binary kernel modules)
You can find all the Mandriva mirrors at easyurpmi.zarb.org, go up a couple of directories and find the SRPM directory if you want the .spec files.
And they're in the 'main' repo which means they've been tested and are part of the official released packages from Mandriva bugfix updates, so I'd say there's a pretty good chance they'll be working.
Yet that's exactly how it works on Linux. Looking at the menu on my Linux box everything is arranged in proper categories like 'office programs', 'internet' etc. even commercial apps like skype go in theri right place
More classic development distributions like Slackware don't provide 2 gigs of precompiled modules for different kernels (it usually comes with enough to pick up your hard drive, chipsets, etc and boot.
2Gigs!!! There must be something seriously wrong with the Slackware kernel packaging!
The Mandriva kernel package on my laptop takes up under 35MB ON DISK (du -sh) and includes all the modules I'd ever need.
Why for the love of god go through all that pain and inconvenience to save a few megs of disk space?
Can you use the Tor onion routing to get around this?
n Denmark (central Copenhagen) one kilowatt hour is priced at 0.44 USD (just reduced from 0.49 this month btw)
Yeah but you Danish get the majority of your power from wind and over renewables don't you? I'd rather pay the high price for that than the situation we have here in the UK now where we just pay a high price and destroy the environemnt
"this is the same country that charges prisoners who have been falsely accused for bed and boarding costs."
Got a decent reference? Seriously, that link is to the 'Daily Mail', the sensationalism in that paper is renowned.
I don't think anyone here bothered to read TFA (although can hardly blame you as the Daily Mail isn't exactly known for factual journalism, or even real journalism at all).
It said he won £250,000 compensation from the govt. (an amount his lawyer said was fair) and then had £12,500 of that taken for board. Not exactly a completely fair outcome but he still got to keep 95% of the proper compensation - it's not like he got nothing but a massive bill for being falsely accused.
I've had 2 Acer laptops now and both have been very good value for money, and reasonably compatible with Linux. The main problem with them is the cosmetics - such as the dodgy 'bluetooth' button on laptops that don't have it (my latest one has the button but no bluetooth too).
The reason I still buy them is that I started my laptop search online and so narrowed it down to the ones with the best specs to cost ratio, and which were not cheap and dodgy no-name ones. The cosmetic issues only came into consideration at the end and by then I was willing to live with them.
Malware is software deliberately designed to do something malicious, a security bug is just that - a mistake that someone's made that inadvertently opens a security hole.
What 'intent' can you discern from the actions of the Debian packagers? That they're being responsible by checking their changes with the upstream project? They did their jobs correctly so the issue got found sooner than it would have otherwise.
This discussion was about people deliberately inserting malware into open-source projects and/or software repositories, which the Debian-OpenSSL bug clearly is not an example of.
Probably a lot quicker than for a similar closed-source app. Besides the openssl story you linked to isn't about someone inserting malware into an open source project, it's about a security hole someone accidentally introduced. So yes, it's bad that there was a hole in the first place, but no complex software is without security issues, and at least it can be quickly pushed down to users.
, since someone could poison the upstream source of software(which already happened in the past [slashdot.org]) and the maintainer would have no clue.
True, but once the upstream project discovers the problem the distro repo. maintainer can release the fixed version as an update, which will automatically apply to all users of their distro.
With random Windows apps I'd have to keep checking their websites or news sites myself to keep track of these issues, or any other security issues with the app. And then manually download it.
The current method adopted by many Windows apps of each having their own 'update manager' process running in the tray is not a sustainable in any way.
Ok, I paid twice as much for my Eee, but it doesn't look like an ugly botched abortion with an even more obscure "version" of Linux than Xandros
Even better Mandriva already supports the Eee for their distro, no doubt the other major distros will follow suit soon
Oh shit, sorry didn't check before I posted. Seems samba does actually run as root. Anyone know why this is?
Except for those admins too lazy to make sure SELinux us working.
Should read "except for anyone who's deliberately hacked their samba configuration to run as root". Considering there's no need to do this, and all distros package samba to create and run as it's own unprivileged uid, this will be pretty much nobody. And anyone who has done that has only themselves to blame.
Everything I can screw up on the computer should have an Undo-- that's what the Recycle Bin (or Trash Can for Mac users) is there for, although it's a bit more awkward than pressing control-Z.
Both KDE and GNOME have this built-in. In KDE there isn't even an option in the right-click menus anymore (unless you know to hold down the shift key) to properly delete something - it always goes to the trash can.
What would be even more ironic is if the Blu-Ray group collapses themselves in a few years due to lack of demand. That would be a good laugh.
I was browsing a local video/music store here yesterday and saw they're trying to flog each Blu-Ray movie for about £27! That's unbelievable for just a movie, even the crappy ones. Hopefully it will fail and they'll have to drop their prices. Prices like that actively discourage me from ever touching anything to do with bluray.
ocalhost (127.0.0.1) has a 32-bit subnet mask, so 127.0.0.1/32
/8 is valid is part of the loopback:
It may be setup this way on your computer's network settings but the RFC says the whole
http://www.faqs.org/rfcs/rfc3330.html
ANYONE above the age of 12, in a CIVILIZED FIRST WORLD COUNTRY, would LACK THESE SKILLS, tells me all I need to know about how "educated" and "enlightened" westerners truly are as compared to how much they THINK they are.
In Australia they went to greate efforts to teach us first aid (mainly focused on resuscitation - think little brother or sister who's fallen in the backyard swimming pool) in school at the age of 11.
Actually (and to my complete amazement) I got a positive response from one of these UK govt. e-petitions. It was about a road rules bill that would have made it compulsory for cyclists to ride in special 'bike lanes' whereever available. On the face of it that sounds fair but actually get on a bike in London and you'll see that some are just downright dangerous. They push you onto a narrow strip on the footpath for 50 metres (where you *will* hit any pedestrians as there just isn't space) before dumping you back onto the road. Much safer to just ride on the road half the time, not that I don't use them when they're placed properly as a 'mini-lane' on the edge of the road.
Anyway the point is I got a reply saying the bill had been ammended to say that cyclists where only obligated to use the 'lanes' when they were safe for all concerned.
That's because in spite of band-aids like Yum, the user experience for RPM still sucks.
Yum (or Mandriva's urpmi) are no more band-aids on top of RPM than apt is a band-aid on top of DEB. The user-experience of using dpkg sucks too, but no desktop user would ever need to even think of using it on a system with Synaptic installed any more than a desktop user on Mandriva would need use anything else but RPMDrake (the graphical tool for urpmi).
I agree. Two members of my family who had life-threatening illnesses in the last few years went to the public hospital, even though the private one was literally directly across the road and we had full private insurance. The reason is that the public hospital is bigger, has far more equipment and staff and is setup for handling anything.
In Australia private hospitals seem more like private clinics - they often don't even seem to have an 'emergency room' (they are usually build next to public ones which, of course, do). When I had to have my wisdom teeth out I used my insurance to get into the private hospital - and avoided the waiting lists, got my own room for the overnight stay etc.
Despite it's faults I think it's a great system - all the essential stuff is covered for everybody through taxes and the extra stuff can be paid for privately if you want it. We effectively get the best of both worlds.
Thanks for the link, I see that my claims may not have been true. Still, how does this become compliant with the GPL? Redhat distributes the OS (the source form) on the terms of the GPL. This allows me full redistribution rights, as long as I comply with the trademarks and copyright laws. In other words, I can use it to clone other systems internally and can install the software as I see fit on any other server in the organisation.
This is where it get's confusing. I think (at a guess, IANAL and all that) that Redhat owns copyright on the distribution itself, ie. the thing taken as a whole. This is how they can put that 'Subcription Agreement' on it that prevents you from doing all sorts of things. It's the individual packages that are covered by the GPL and Redhat satisfies the requirements of the GPL by posting the source packages on their FTP site, which is what CentOS is built from.
I don't think that's right at all. I've come across the same question in 2 different companies now and the answer has always been that you must have a RHEL subscription for every machine you have RHEL installed on. In fact have a read of the licencing agreement:t ry=buying+a+Red+Hat+Subscription+from+Red+Hat
https://www.redhat.com/licenses/rhel_us.html?coun
Read sections 3.1 and 5.1 in particular. In 5.1 they are saying that you must notify them if the number of installed systems exceeds the number of subscriptions you have, and they will bill you for the extra systems etc.:
Client will promptly notify Red Hat if the number of Installed Systems exceeds the number of Installed Systems for which Client has paid the applicable fee. In its notice, Client will include both the number of additional Installed Systems and the date(s) on which such Installed Systems were put into use. Red Hat will invoice Client for the applicable Services for such Installed Systems on a pro-rata basis and Client will pay for such Services in accordance with this Agreement.
This is why Centos is so useful, you can have as many dev/test/uat/whatever machines as you like without having to worry about subscriptions.
you dont have and need at least x.y.z version of package name XXX to continue, do you want to continue?
./configure && make && make install - see the Mandriva RPM Howto for eg.
They're not and never have been, use the --nodeps option. The default behaviour is to demand depedencies because if a program has a depedency of X that generally means it needs X to be installed to function properly.
3. every package should have versioning support. You install 0.1.1 but retain 0.1.0, so that you can revert if you need to.
the option should be voluntary.
This would be a very nifty feature (as long as its optional as it would take up a lot of space).
The rest of the ease of use stuff is already covered by the full package management systems like urpmi/RPMDrake, YAST and yum.
As for actually making them it is already very simple to make a simple RPM that basically just packages up the results of a