Letting Microsoft have any involvement in the email infrastructure - other than using it - will be a disaster. And it will be all the more terrible because of how easily it can be prevented.
To be honest, I'm still not convinced that letting them just use e-mail wasn't a disaster.
It's worth pointing out that homosexual characters and themes abound in North American science fiction literature. Off the top of my head, Jeter's "Bad Voltage" (from early 80's), Scott's "Trouble and Her Friends"... Darn, if I was in my library I know I could read off a dozen or more. If a game developer's been reading sci-fi most of his/her life, gay characters wouldn't be such a strange concept.
Yes, I read alot of computer books and go to libraries, I don't think they're going to stop me from getting onto a plane because of this.
But you don't know for sure, do you?
And if they do, what are you going to do about it? How are you even going to know that's the reason you were denied? How will you clear your name? Maybe you should call up DHS before you fly and ask permission.
That's the real problem. Ordinary people are being stopped from doing things without any known reason or recourse. So far, you've just been lucky.
an efficient algorithm coded in an inefficient way will always beat out an inefficient algorithm coded by hand in 100% optimized assembly. I'll put my crudely coded Javascript quicksort algorithm against your finely honed 100% assembly bubblesort algorithm any day.
You know, I really hate that "it's okay if my code sucks as long as it's not bubblesort" argument.
Good algorithm selection is, of course, good coding practice. But that's not the point of the article.
Yeah, quicksort beats bubblesort anyday. A large man can beat up children, too, but that doesn't mean he can fight.
The reality is that your crudely coded Javascript quicksort would never go up against an assembly bubblesort. It would be compared to a C implementation (like, say, qsort(3)) done by someone who actually understands stuff like cache footprints, memory access patterns, tail recursion, and all that other goodness that you learn from spending time close to the metal.
why isn't there a database of some sort which would at least allow the option of keeping track of which versions of what applications have been configured how and installed where.
You mean why doesn't./configure keep such a database or why isn't there one on all Unix boxes?
The latter is obvious... there is no standard package management system.
I can't imagine a mode of operation for configure where you're re-running it so frequently as to be a real time waster. Unless you've got a source base so screwed up that it needs to./configure everytime you type 'make'. Things built using xgettext can come awfully close to that situation, but that's the only thing I've ever seen in the ballpark.
Let's assume you asked the F.B.I. and if they found bugs, I bet they wouldn't tell you.
Exactly. They'd find a bug and tell you it was secure in the hope that you'd publish it and make their jobs easier.
Now if they tell you it's not secure, either they found a legit bug and it's something they can explain to you _or_ they think it's too secure for them and don't want you to distribute it. The latter is pretty hard to pull off unless you're the NSA and can just claim "we'd explain why it's secure, but that would reveal super-secret cryptonalysis techniques and we'd have to kill you."
Actually, if it was too secure they'd probably try to cut a deal for a backdoor, ala Lotus.
Then again, doesn't the US government have to give its authorisation for cryptographic software to be exported? I recall that DES had to go through such motions, and if i'm not mistaken PGP can't be shipped outside of the US because its considered military grade cryptography?
Exactly. If you want to find out if your crypto implementation is secure, ask the US government. If they say yes, you've got bugs.
Mind you, I'm not sure why anyone would need to ask permission to export a public standard like AES. I'm pretty sure there aren't any secrets happening there.
Well, it maybe worked once. The people turning the guy in might have done it even if the reward wasn't available.
Microsoft announced the reward program almost a year ago and that this is the first worm actually resulting in a claim suggests, in fact, that the reward program is mostly a failure.
Since Palm already includes has a Java machine environment, why not simply install as java ogg player
Palm doesn't include a JVM on the Zire line. You can get one for about $5 from them, but it also sucks a good chunk of memory. You can get something like SuperWaba, but I don't know what kind of audio API's is has.
Yeah, I know. I was replying to the comment that being able to specify a driver license as non-GPL is useless because all drivers must be GPL. That's entirely wrong, of course.
It dosn't matter if the distribution is "public" or not. Distributing to one other party is still "distribution".
Bullshit.
According to the FSF, anyhow. I figure they'd know about these sorts of things...
If modules are infringing if they arent GPL, then why would they need to tell the kernel that they arent under the GPL?
The GPL only kicks in when distribution happens.
There's absolutely no reason why a company can't write a non-GPL driver for internal use and not make it available publically. In that case, a license string "for internal Foobar Inc. use only" is perfectly legit.
Yeah, you're right. For some reason I thought at least one country was a couple years out, but it looks like Canada will be the last place with a valid LZW patent.
Wooooo! Go Canada!
Er... Pardon my moment of national pride. Won't happen again.
It would cost them a great deal of money to port iTunes to Linux, and it is not immediately clear that such a port would provide them with any tangible financial benefit.
It ain't about spending the money.
They could publish enough of the protocols that someone could write software to handle payment and downloading tracks. Someone probably would do this.
Of course, they'd have to accept that an open source client would strip out any DRM using playfair. shrug People will do it anyways with iTunes-downloaded music so I'm not sure there's really any overall loss.
But that probably wouldn't sell many iPod's and Apple would lose it's coveted control over the iTunes process. So it ain't gonna happen.
so why not explain the problem and ask them if they would be willing to pay you to fix it?
Because a lot of institutions will take the offer and twist it so it looks like a blackmail attempt, then involve law enforcement. I've seen way too many headlines reading something like "well meaning security person gets ass-fucked because they offered to help intitution fix security problems in return for money".
The last thing you want to do is make it look like you're after money.
However, he still made the decision to purchase the licenses and now he is in a contract with SCO. Now that SCO has him in a contract, they can (and judging by their previous actions, will) sue him if they feel he is in violation of said contract.
I've seen some suggestion that SCO is already in violation of the contract because they've been disclosing some of the financial aspects of it. I don't know how true that is.
Anyhow, I don't think they're stupid enough to go after EV1. They'd have a real tough job selling those licenses if they start turning around and suing the few people that buy them.
Here I was thinking it was about even odds that it was a troll. I mean, if it was anyone except SCO, I'd think it insanely stupid to dump that much information about unethical wheelings and dealings with Microsoft into a single e-mail.
As for his credibility, I still think he's way too quick to point at something being a smoking gun. He had zero confirmation of authenticity, but he was drawing conclusions all across the board.
Slashdot Mirror
Log in as a normal user, and su, of course.
Tell me this is a troll. Please.
c.
]] and sometimes I'd try to log in without thinking just after
]] starting a telnet session.
] Over telnet? Log in as root over telnet? AAAARRRGGGHHH!
So how did you remotely administer Unix boxes prior to ssh?
c.
Letting Microsoft have any involvement in the email infrastructure - other than using it - will be a disaster. And it will be all the more terrible because of how easily it can be prevented.
To be honest, I'm still not convinced that letting them just use e-mail wasn't a disaster.
c.
It's worth pointing out that homosexual characters and themes abound in North American science fiction literature. Off the top of my head, Jeter's "Bad Voltage" (from early 80's), Scott's "Trouble and Her Friends"... Darn, if I was in my library I know I could read off a dozen or more. If a game developer's been reading sci-fi most of his/her life, gay characters wouldn't be such a strange concept.
Dunno about the marketing folks.
c.
Yes, I read alot of computer books and go to libraries, I don't think they're going to stop me from getting onto a plane because of this.
But you don't know for sure, do you?
And if they do, what are you going to do about it? How are you even going to know that's the reason you were denied? How will you clear your name? Maybe you should call up DHS before you fly and ask permission.
That's the real problem. Ordinary people are being stopped from doing things without any known reason or recourse. So far, you've just been lucky.
c.
an efficient algorithm coded in an inefficient way will always beat out an inefficient algorithm coded by hand in 100% optimized assembly. I'll put my crudely coded Javascript quicksort algorithm against your finely honed 100% assembly bubblesort algorithm any day.
You know, I really hate that "it's okay if my code sucks as long as it's not bubblesort" argument.
Good algorithm selection is, of course, good coding practice. But that's not the point of the article.
Yeah, quicksort beats bubblesort anyday. A large man can beat up children, too, but that doesn't mean he can fight.
The reality is that your crudely coded Javascript quicksort would never go up against an assembly bubblesort. It would be compared to a C implementation (like, say, qsort(3)) done by someone who actually understands stuff like cache footprints, memory access patterns, tail recursion, and all that other goodness that you learn from spending time close to the metal.
c.
When did the term "X-Windows" come into play?
It didn't. It's referred to as the X Window System or X11 or just X. There's no X-related trademark that includes the plural that I'm aware of.
X does use windows as a concept, obviously, but I'm not entirely clear when the distinction between a Window and a Drawable came about.
c.
The case was not whether or not he should pay for seeds blown on to his crop, but whether he acquired these seeds illegally or not.
Which Monsanto never proved. Not even close. In fact, they didn't really even try to prove this.
If the case was about whether or not he'd illegally acquired the stuff, it would have been thrown out long ago.
c.
why isn't there a database of some sort which would at least allow the option of keeping track of which versions of what applications have been configured how and installed where.
./configure keep such a database or why isn't there one on all Unix boxes?
./configure everytime you type 'make'. Things built using xgettext can come awfully close to that situation, but that's the only thing I've ever seen in the ballpark.
You mean why doesn't
The latter is obvious... there is no standard package management system.
I can't imagine a mode of operation for configure where you're re-running it so frequently as to be a real time waster. Unless you've got a source base so screwed up that it needs to
c.
Let's assume you asked the F.B.I. and if they found bugs, I bet they wouldn't tell you.
Exactly. They'd find a bug and tell you it was secure in the hope that you'd publish it and make their jobs easier.
Now if they tell you it's not secure, either they found a legit bug and it's something they can explain to you _or_ they think it's too secure for them and don't want you to distribute it. The latter is pretty hard to pull off unless you're the NSA and can just claim "we'd explain why it's secure, but that would reveal super-secret cryptonalysis techniques and we'd have to kill you."
Actually, if it was too secure they'd probably try to cut a deal for a backdoor, ala Lotus.
c.
Then again, doesn't the US government have to give its authorisation for cryptographic software to be exported? I recall that DES had to go through such motions, and if i'm not mistaken PGP can't be shipped outside of the US because its considered military grade cryptography?
Exactly. If you want to find out if your crypto implementation is secure, ask the US government. If they say yes, you've got bugs.
Mind you, I'm not sure why anyone would need to ask permission to export a public standard like AES. I'm pretty sure there aren't any secrets happening there.
c.
I am glad the reward worked.
Well, it maybe worked once. The people turning the guy in might have done it even if the reward wasn't available.
Microsoft announced the reward program almost a year ago and that this is the first worm actually resulting in a claim suggests, in fact, that the reward program is mostly a failure.
c.
Palm doesn't include a JVM on the Zire line. You can get one for about $5 from them, but it also sucks a good chunk of memory. You can get something like SuperWaba, but I don't know what kind of audio API's is has.
As for an OGG player, MMPlayer seems decent.
c.
Yeah, I know. I was replying to the comment that being able to specify a driver license as non-GPL is useless because all drivers must be GPL. That's entirely wrong, of course.
It dosn't matter if the distribution is "public" or not. Distributing to one other party is still "distribution".
Bullshit.
According to the FSF, anyhow. I figure they'd know about these sorts of things...
c.
If modules are infringing if they arent GPL, then why would they need to tell the kernel that they arent under the GPL?
The GPL only kicks in when distribution happens.
There's absolutely no reason why a company can't write a non-GPL driver for internal use and not make it available publically. In that case, a license string "for internal Foobar Inc. use only" is perfectly legit.
c.
The first line of the article reads:
I'll admit that it's a pretty darn big ISP, but this seems to be targetted.
c.
According to Unisys, they'll all expire in 2004.
Yeah, you're right. For some reason I thought at least one country was a couple years out, but it looks like Canada will be the last place with a valid LZW patent.
Wooooo! Go Canada!
Er... Pardon my moment of national pride. Won't happen again.
c.
The LZW patent has expired.
Um, no. Not globally. I'm in Canada, where it doesn't expire until July. There's a few other countries that have quite a bit longer to go.
c.
You might as well say to use TIFF as use PNG - both will store high color images with perfect quality, but they'll be huge compared to JPEG.
Um, you might want to read the TIFF spec.
TIFF supports JPEG compression. It also does LZW. A few others, as well.
Yeah, TIFF is hit by two different compression patents. I wouldn't be surprised if there's some patents on the fax compression.
c.
It seems to me you would get more usable energy by just useing the power the solar cells create directly
And how do you store the solar power? A hydrogen storage tanks is basically a (relatively) eco-friendly battery.
c.
It would cost them a great deal of money to port iTunes to Linux, and it is not immediately clear that such a port would provide them with any tangible financial benefit.
It ain't about spending the money.
They could publish enough of the protocols that someone could write software to handle payment and downloading tracks. Someone probably would do this.
Of course, they'd have to accept that an open source client would strip out any DRM using playfair. shrug People will do it anyways with iTunes-downloaded music so I'm not sure there's really any overall loss.
But that probably wouldn't sell many iPod's and Apple would lose it's coveted control over the iTunes process. So it ain't gonna happen.
c.
so why not explain the problem and ask them if they would be willing to pay you to fix it?
Because a lot of institutions will take the offer and twist it so it looks like a blackmail attempt, then involve law enforcement. I've seen way too many headlines reading something like "well meaning security person gets ass-fucked because they offered to help intitution fix security problems in return for money".
The last thing you want to do is make it look like you're after money.
c.
However, he still made the decision to purchase the licenses and now he is in a contract with SCO. Now that SCO has him in a contract, they can (and judging by their previous actions, will) sue him if they feel he is in violation of said contract.
I've seen some suggestion that SCO is already in violation of the contract because they've been disclosing some of the financial aspects of it. I don't know how true that is.
Anyhow, I don't think they're stupid enough to go after EV1. They'd have a real tough job selling those licenses if they start turning around and suing the few people that buy them.
c.
Actually PG books aren't available in HTML.
Not directly. But various places like http://www.blackmask.com/page.php republish many, if not most, PG books in other formats.
c.
Yup, they did admit.
Here I was thinking it was about even odds that it was a troll. I mean, if it was anyone except SCO, I'd think it insanely stupid to dump that much information about unethical wheelings and dealings with Microsoft into a single e-mail.
As for his credibility, I still think he's way too quick to point at something being a smoking gun. He had zero confirmation of authenticity, but he was drawing conclusions all across the board.
c.