So true. My 2010 17' MacBook Pro took a slide down 12 steps after my 4 year old was trying to help me by bringing me the laptop. I'm typing on it right now - no repairs required. The hard drive senses a drop, and the aluminum case protected this huge LCD display from getting busted.
So I got a degree in CS - and spent about 10 years doing "IT" work. From network admin, to unix system administration, to supporting J2EE applications/application servers - and all third part software that runs on the OS.
I am doing R&D and Software Engineering and I guess now I'm "worthy" - but my past experience has me much more effective in my current role than if I had just gone straight software engineering all the way.
Funny thing is, when I saw the subject of the OP, it took reading this thread to finally realize even the point of the posting.
So, I guess the biggest flaw with this career path is that you will not learn the proper way to be snooty to those who work in IT.
He's invited to meet their developers? He should be careful. The blizzard armed guards might confuse him with the ones working in the sweat shop and he won't get to go home.
A patent is not infringed upon unless all claims within the patent are infringed upon. The slashdot submission does not take into account the other claims in the patent.
Of course, that doesn't really matter, because there are numerous prior art implementations of a CLI integrating to SOAP for something like this. For example, IBM WebSphere Portal has an xmlaccess command line utility that does exactly this.
Ack! It's not worth it? All that extra time spent working to update our programs through the night and for no benefit?? And to make matters worse, those of us who spent time updating Java for DST might have been installing broken timezone data. See http://www.javasanity.org/article/7/thanks-for-the -time-sun
It's not as simple as that. Not all 1.4 versions are patched for DST, only 1.4.2_11+. Further, there is a patch level for 1.3.1 that has the DST patches as well.
These are the java versions that natively include fixes for DST in 2007. 1.3.1_18+ 1.4.2_11+ 1.5.0_06+
So this means all 1.4.0 and 1.4.1 versions will not recognize DST unless you update them. Most vendors provided an update tool (tzupdater/jtzu) that can patch a variety of java versions. There is a table of available options for all vendors at: www.javasanity.org
Due to the widespread use of Java with enterprise applications, there is a huge issue with Java and DST as well. This article provides good info on how you can fix DST for Java as well. Pretty much every version of Java installed before December of 06 is vulnerable, as the whole java community seems to have been behind on fixing this problem.
The following link provides good information for patching Java from the 4 major java providers.
Microsoft's efforts with digital signing are very noble and they make some very valid points about Firefox here. Why does Firefox suggest having signed plug-ins when they don't sign their own program?
[Being a Linux and Firefox supporter, I cannot understand that]
But the whole comcept of using digital certificates and digital signatures is way too complex for the average non-technical computer user - and the thought of understanding it well is probably too technical for many technical computer users. SSL has similar problems.
Microsoft goes to great lengths to educate the customer with fairly decent descriptions when things aren't signed, or with default options. But ultimately, the uneducated masses do something because someone else "educated them".
So if your friend told you "hey, go install Morpheus file sharing program because you can get stuff for free." You're going to go download it and all of it's spyware.
If your friend emails you a really neat screen saver with embedded virus, then calls you and says "Check out that hot-chick screen saver", you're going to ignore every Unsigned notice error you get to see it run.
The goals of Microsoft are Noble - and Firefox needs to follow it's own recommendations, but I don't believe digital signatures will ever be the solution to the problem.
The masses just want their computers to work. They don't want to have to understand the technical details about how they work. Average users running Microsoft Windows should not be required to make a decision, because no matter what - it's russian roulette.
So if signed programs are the only way to add security to Windows, then just make valid signatures required and go on from there.
You'll just end up with lots of people creating their own signing certificates and the users will have to get a pop-up saying "I don't know the Certificate Authority that signed the signer certificate." Yea, guess what... the average user has no idea what a CA is.
Also note that the laws, courts or governments don't care about the fact that music sharing helps the companies who are trying to stop it.
They merely care about what the laws say. Ultimately, the copyright owners have the rights to distribute the content. If the RIAA says: "We own that, we don't want it shared." then the courts must uphold the owners rights under the law.
It is up to the RIAA to get smart and consider this the "radio station of the future". Only they can stop the lawsuits.
It has very little to do with accessibility and everything todo with the license used by the base toolkits.
The base libraries used by GNOME are licensed under the LGPL. This means that Sun proprietary programs can link to the gnome libraries without having to provide the source to the programs. Most notably, they don't have to provide the source code to Star Office. (Yes, there is plenty of code in Star Office that is not open source).
Now, KDE on the other hand, is based on qt. The are only two options for proprietary programs linking against QT: 1) Not be proprietary and open the source to those apps. or 2) Contact Trolltech and pay them for licensing QT under a different license.
Again, this isn't a "GNOME" has this feature or "KDE" has another feature. Adding accessibility features to KDE would have been a minor effort from Sun.
This whole situation sucks, but your suggestion here just won't work.
For them to be in violation, they would have to be actively distributing Linux without providing the source code under the GPL. They are no longer distributing Linux.
The only way they would be in violation of the GPL is if a past customer was given the binaries and not given the source code. That customer would have to request (within 3 years) a copy of the source code - and pay for the reasonable costs for media and delivery of the source code. If they refused that request, then they would be in violation of the GPL.
But most distributions provide both the source code CD-roms as well as the binary cd-roms with every purchase, so they are off the hook if thats the case! (Did they do this too? I'm not sure)
In this case, they aren't telling you "Pay us for a binary only copy of Linux" either. They are saying "Buy a copy of UnixWare and we won't hold you accountable for using our proprietary code!"
While this may be used to keep competition down, it will have very little impact on price. If you do the math, netflix is only good for those who watch many movies - and not so useful for those who sit on them. Basically, they won't be able to increase the price much because of this.
I enjoyed netflix for a while. Quite a cool service, the information they store on their site about the movies is invaluable. Not to mention the rental queue, rental history and other interesting data.
I watched more movies for a couple months, but I found it's hard to keep up the pace necessary to get my money's worth over more than a few months.
One thing that always bugged me about their advertising though: Netflix claims "no late fees". So what would you call that $20/month subscription if you sit on three tapes and never watch them?
True, Production Servers don't really work well with a 12-month release cycle. This is really a part of their push for Red Hat Advanced Server. I met a Red Hat rep on the Road Tour who said: "Red Hat Linux Is just something we produce for the community..." "Red Hat Advanced Server is the one you should use for production quality enterprise systems..."
First of all... Full disclosure did not facilitate
the creation of this worm. It was based off of
a previous worm that was available long before the
details of the exploit for Code Red was made
available. This particular worm did not use the
research form eEye's exploit, it's obvious from
the way this worm exploits the vulnerability.
Vendors all around view a vulnerability that has
been publically exposed as a much higher priority
than those that have not been exposed. Over and
over again, history has shown that a vendor will
try to cover up a vulnerability if it is not
exposed, to avoid bad publicity. (No, this is not
specific to Microsoft, all vendors hate bad
publicity). If an exploit is publically available
for a particular vulnerability, it also changes
the method in which the vendor advertises the
patch, thus increasing the people who know about
it and install the patch.
Full disclosure provides many useful functions,
including the ability to test for vulnerabilities
in their own systems. It gives them the abliity
to verify that the system has been properly
secured after a work-around has been implemented.
Partial disclosure, which is often suggested, is
no different htan full disclosure, except it may
give the admins a false sense of security. With
partial disclosure, the existence of a bug is
disclosed to the public - but the details are not.
Sad enough, once the cat is out of the bag, it's
only a day or two before someone else can figure
out the exploit. Once the vendor releases a
patch, it is trivial to do binary diffs on the
provided updates and figure out the details of
creating the exploit. In fact there are tools
that help to automate this already in existence
today.
The sad thing about code red is this: Patches
have been available for quit a while now. Yet
systems are still getting hit. The widespread
affect of Code Red is the ONLY thing that will
get the admins who never patch their systems to
potentially pay attention to whats going on.
Full Disclosure is not the problem. If one person
has found the vulnerabilities, there are generally
more who have found them and are actively exploiting it already. To think otherwise is to seriously underestimate the cracker community.
Yes, but he gave a talk and explained out it works in the US.. that is illegal (currently) in the US. I don't think it's right, but it's the law..
No, it is definitely NOT illegal to give a talk about
flaws in security in products or copyright protecting algorithms.
The DMCA specifically applies to creating and distributing a "circumvention device". Talking about the potential design of a circumvention device and talking about flaws in copy protections are still protected by the first ammendment.
-- Twivel
"Information wants to be free."
Information empowers the human race. We should not lock it behind passworded sites and hundreds of different obscure licensing models.
For humor and satire, it's one thing. But when you start locking down content and competing with other information sites, we turn the internet into a proprietary jungle.
With the already-volatile internet, acquisitions of information already locked down (and not freee) will be made even easier to protect and hide for proprietary benefit. Larger more profitable companies can buy out and lock down for their profit information that could be doing a larger good if it were available to everyone (the rich and the poor).
Do we really want to take "information" down the same path we seem to be going with other stuff. Like DNA research, medical research, commercial software, etc?
I'm serious, would be cool to have a linux one with the outside being a stuffed penguin. Since it's the size of a paper weight, it wouldn't be too difficult to do the fitting.
Statistics show that napster users buy more music. Lets not assume causation though. I'm neutral on whether Napster has a negative impact on music sales or not. But you can just as easily say that the hard core music lovers choose napster, not that it's napster causing them to buy more music.
-- Twivel
The GPL protects the users from abusive companies.
on
Mundie Responds
·
· Score: 2
This one isn't as "inflaming" as the previous one. At this point, he is just voicing his opinions. He is talking about business models around the GPL. He is correct if he is trying to say the GPL is not a business model, in fact you have to be creative to be profitable with the GPL.
The problem with the software industry is to save costs in business you have to standardize. This in and of itself implies a single vendor (or monopoly). When you have a single vendor that owns the market, you are at that companies whims (see the recent article about the forced upgrades by october 1st or you have to pay full retail price to upgrade). The GPL ultimately protects the customers and end users. It keeps one entity from having too much power and being able to abuse whoever they want.
-- Twivel
Re:Game Design and Reusability (Slightly OT)
on
MS VP Speech Online
·
· Score: 1
To a point you are right, there is some upgradability and cross-licensing of engines. But there has also been much faster growth and change in game engines in the past 3 years than there has been in any of the other traditional applications, which again was my point.
From what I've heard, the engine upgrades from quake -> quake 2 were much more than just a minor engine upgrade. Most of the internals were completely re-written for Quake 2.
You can't find the code for any advanced commercially used engines? Try Quake and Doom(a bit old). If Quake 2 hasn't been released, knowing ID it may be soon. Also, I'd suggest looking into plib. Thats a 3D development library that I am currently using to develop games. It has been used by many commercial games already (including some for the PS2). If you want stuff to look at, it's out there.
Best Wishes -- Twivel
Sure it is that simple. Either you used GPL code in your
code or you didn't. Either you used Microsoft code
in your code or you didn't. Copyright laws are clearly
defined. If you take code and use it in violation of
their license (whether that be a proprietary license or
an open one) you are breaking copyright laws.
Sure, anyone can "claim" that someone used GPL
code (or MS code for that matter). It's still not a
violation of the GPL and it has nothing todo with
a "viral aspect" in any sense whatsoever.
Slashdot Mirror
It seems the story author's browser is stuck on slashdot, so I'm giving a direct link.
https://www.google.com/search?q=oracle+versus+postgres&oq=oracle+versus+postgres&aqs=chrome.0.69i57j69i65l2j69i59j69i62l2.2581j0&sourceid=chrome&ie=UTF-8
So true. My 2010 17' MacBook Pro took a slide down 12 steps after my 4 year old was trying to help me by bringing me the laptop.
I'm typing on it right now - no repairs required. The hard drive senses a drop, and the aluminum case protected this huge LCD display from getting busted.
So I got a degree in CS - and spent about 10 years doing "IT" work. From network admin, to unix system administration, to supporting J2EE applications/application servers - and all third part software that runs on the OS.
I am doing R&D and Software Engineering and I guess now I'm "worthy" - but my past experience has me much more effective in my current role than if I had just gone straight software engineering all the way.
Funny thing is, when I saw the subject of the OP, it took reading this thread to finally realize even the point of the posting.
So, I guess the biggest flaw with this career path is that you will not learn the proper way to be snooty to those who work in IT.
He's invited to meet their developers? He should be careful. The blizzard armed guards might confuse him with the ones working in the sweat shop and he won't get to go home.
A patent is not infringed upon unless all claims within the patent are infringed upon. The slashdot submission does not take into account the other claims in the patent.
Of course, that doesn't really matter, because there are numerous prior art implementations of a CLI integrating to SOAP for something like this. For example, IBM WebSphere Portal has an xmlaccess command line utility that does exactly this.
Ack! It's not worth it? All that extra time spent working to update our programs through the night and for no benefit?? And to make matters worse, those of us who spent time updating Java for DST might have been installing broken timezone data. See http://www.javasanity.org/article/7/thanks-for-the -time-sun
It's not as simple as that. Not all 1.4 versions are patched for DST, only 1.4.2_11+. Further, there is a patch level for 1.3.1 that has the DST patches as well.
These are the java versions that natively include fixes for DST in 2007.
1.3.1_18+
1.4.2_11+
1.5.0_06+
So this means all 1.4.0 and 1.4.1 versions will not recognize DST unless you update them. Most vendors provided an update tool (tzupdater/jtzu) that can patch a variety of java versions. There is a table of available options for all vendors at: www.javasanity.org
Due to the widespread use of Java with enterprise applications, there is a huge issue with Java and DST as well. This article provides good info on how you can fix DST for Java as well. Pretty much every version of Java installed before December of 06 is vulnerable, as the whole java community seems to have been behind on fixing this problem.
d ont-panic-it-can-be-fixed
The following link provides good information for patching Java from the 4 major java providers.
http://www.javasanity.org/article/3/dst-and-java-
Well the author was quite funny at least.
"...his Smalltalk programming language was a predecessor to Sun Microsystems' Java."
Much in the same way that lisp was a predecessor to perl.
Microsoft's efforts with digital signing are very noble and they make some very valid points about Firefox here. Why does Firefox suggest having signed plug-ins when they don't sign their own program?
[Being a Linux and Firefox supporter, I cannot understand that]
But the whole comcept of using digital certificates and digital signatures is way too complex for the average non-technical computer user - and the thought of understanding it well is probably too technical for many technical computer users. SSL has similar problems.
Microsoft goes to great lengths to educate the customer with fairly decent descriptions when things aren't signed, or with default options. But ultimately, the uneducated masses do something because someone else "educated them".
So if your friend told you "hey, go install Morpheus file sharing program because you can get stuff for free." You're going to go download it and all of it's spyware.
If your friend emails you a really neat screen saver with embedded virus, then calls you and says "Check out that hot-chick screen saver", you're going to ignore every Unsigned notice error you get to see it run.
The goals of Microsoft are Noble - and Firefox needs to follow it's own recommendations, but I don't believe digital signatures will ever be the solution to the problem.
The masses just want their computers to work. They don't want to have to understand the technical details about how they work. Average users running Microsoft Windows should not be required to make a decision, because no matter what - it's russian roulette.
So if signed programs are the only way to add security to Windows, then just make valid signatures required and go on from there.
You'll just end up with lots of people creating their own signing certificates and the users will have to get a pop-up saying "I don't know the Certificate Authority that signed the signer certificate." Yea, guess what... the average user has no idea what a CA is.
--Twivel
Nice way to chew off one piece at a time.
Also note that the laws, courts or governments don't care about the fact that music sharing helps the companies who are trying to stop it.
They merely care about what the laws say. Ultimately, the copyright owners have the rights to distribute the content. If the RIAA says: "We own that, we don't want it shared." then the courts must uphold the owners rights under the law.
It is up to the RIAA to get smart and consider this the "radio station of the future". Only they can stop the lawsuits.
It has very little to do with accessibility and everything todo with the license used by the base toolkits.
The base libraries used by GNOME are licensed under the LGPL. This means that Sun proprietary programs can link to the gnome libraries without having to provide the source to the programs. Most notably, they don't have to provide the source code to Star Office. (Yes, there is plenty of code in Star Office that is not open source).
Now, KDE on the other hand, is based on qt. The are only two options for proprietary programs linking against QT: 1) Not be proprietary and open the source to those apps. or 2) Contact Trolltech and pay them for licensing QT under a different license.
Again, this isn't a "GNOME" has this feature or "KDE" has another feature. Adding accessibility features to KDE would have been a minor effort from Sun.
--
Brian
This whole situation sucks, but your suggestion here just won't work.
For them to be in violation, they would have to be actively distributing Linux without providing the source code under the GPL. They are no longer distributing Linux.
The only way they would be in violation of the GPL is if a past customer was given the binaries and not given the source code. That customer would have to request (within 3 years) a copy of the source code - and pay for the reasonable costs for media and delivery of the source code. If they refused that request, then they would be in violation of the GPL.
But most distributions provide both the source code CD-roms as well as the binary cd-roms with every purchase, so they are off the hook if thats the case! (Did they do this too? I'm not sure)
In this case, they aren't telling you "Pay us for a binary only copy of Linux" either. They are saying "Buy a copy of UnixWare and we won't hold you accountable for using our proprietary code!"
Just my 2cents.
--
Brian
While this may be used to keep competition down, it will have very little impact on price. If you do the math, netflix is only good for those who watch many movies - and not so useful for those who sit on them. Basically, they won't be able to increase the price much because of this.
I enjoyed netflix for a while. Quite a cool service, the information they store on their site about the movies is invaluable. Not to mention the rental queue, rental history and other interesting data.
I watched more movies for a couple months, but I found it's hard to keep up the pace necessary to get my money's worth over more than a few months.
One thing that always bugged me about their advertising though: Netflix claims "no late fees". So what would you call that $20/month subscription if you sit on three tapes and never watch them?
True, Production Servers don't really work well with a 12-month release cycle. This is really a part of their push for Red Hat Advanced Server. I met a Red Hat rep on the Road Tour who said: "Red Hat Linux Is just something we produce for the community..." "Red Hat Advanced Server is the one you should use for production quality enterprise systems..."
Twivel
Vendors all around view a vulnerability that has been publically exposed as a much higher priority than those that have not been exposed. Over and over again, history has shown that a vendor will try to cover up a vulnerability if it is not exposed, to avoid bad publicity. (No, this is not specific to Microsoft, all vendors hate bad publicity). If an exploit is publically available for a particular vulnerability, it also changes the method in which the vendor advertises the patch, thus increasing the people who know about it and install the patch.
Full disclosure provides many useful functions, including the ability to test for vulnerabilities in their own systems. It gives them the abliity to verify that the system has been properly secured after a work-around has been implemented.
Partial disclosure, which is often suggested, is no different htan full disclosure, except it may give the admins a false sense of security. With partial disclosure, the existence of a bug is disclosed to the public - but the details are not. Sad enough, once the cat is out of the bag, it's only a day or two before someone else can figure out the exploit. Once the vendor releases a patch, it is trivial to do binary diffs on the provided updates and figure out the details of creating the exploit. In fact there are tools that help to automate this already in existence today.
The sad thing about code red is this: Patches have been available for quit a while now. Yet systems are still getting hit. The widespread affect of Code Red is the ONLY thing that will get the admins who never patch their systems to potentially pay attention to whats going on.
Full Disclosure is not the problem. If one person has found the vulnerabilities, there are generally more who have found them and are actively exploiting it already. To think otherwise is to seriously underestimate the cracker community.
--
Twivel
No, it is definitely NOT illegal to give a talk about flaws in security in products or copyright protecting algorithms.
The DMCA specifically applies to creating and distributing a "circumvention device". Talking about the potential design of a circumvention device and talking about flaws in copy protections are still protected by the first ammendment.
--
Twivel
--
Twivel
CE costs about 15-25 per license in bulk, so the difference is negligable. They probably hope to make a slightly larger margin on that one maybe?
I'm serious, would be cool to have a linux one with the outside being a stuffed penguin. Since it's the size of a paper weight, it wouldn't be too difficult to do the fitting.
Statistics show that napster users buy more music. Lets not assume causation though. I'm neutral on whether Napster has a negative impact on music sales or not. But you can just as easily say that the hard core music lovers choose napster, not that it's napster causing them to buy more music.
--
Twivel
The problem with the software industry is to save costs in business you have to standardize. This in and of itself implies a single vendor (or monopoly). When you have a single vendor that owns the market, you are at that companies whims (see the recent article about the forced upgrades by october 1st or you have to pay full retail price to upgrade). The GPL ultimately protects the customers and end users. It keeps one entity from having too much power and being able to abuse whoever they want.
--
Twivel
From what I've heard, the engine upgrades from quake -> quake 2 were much more than just a minor engine upgrade. Most of the internals were completely re-written for Quake 2.
You can't find the code for any advanced commercially used engines? Try Quake and Doom(a bit old). If Quake 2 hasn't been released, knowing ID it may be soon. Also, I'd suggest looking into plib. Thats a 3D development library that I am currently using to develop games. It has been used by many commercial games already (including some for the PS2). If you want stuff to look at, it's out there.
Best Wishes
--
Twivel
Sure, anyone can "claim" that someone used GPL code (or MS code for that matter). It's still not a violation of the GPL and it has nothing todo with a "viral aspect" in any sense whatsoever.