The original post was meant as a joke. I really would not expect hackers to go in and fix bugs. I have no idea why the post was modded the way it was, as though this were some sort of serious suggestion.
I'm not planning on abandoning Debian, which I've used almost exclusively since 1998. However I do think there are problems in the system, and I feel there is no reason not to make fun of them. It's very much like a political cartoon or joke, which often address serious issues but do so in a lighthearted way. Anyway, the problem as I see it is that maintainers hang on far too long when they can no longer maintain a package. Part of this has to do with how hard it would be to come back later if they had time again. For very many Debian bugs, it's not as though it's been a week or something, we're talking about issues that are often over a year old (2.6.12 was out 12 months ago). Maintainers need to be able to step aside more easily, or share duties when they fall behind. That is not well supported in the current system and climate.
Another issue, although one that has been mitigated somewhat is the multiple-architectures problem. Debian added architectures with little or no practical use, yet every one adds significant overhead for a package maintainer (how many people use Debian's on an s390?) At least now those architectures can be released separately from the mainstream ones, so they won't hold up a release, and there is some better support for compile farm testing. It really showed a lack of forsight IMHO that this was not addressed before the arches were added.
I really want to see Debian thrive. However, if people cannot even admit that there is a problem, then there is no way we'll ever get to a solution.
In other words, the only alternative to this patch was rejected by upstream. They did so in favor of the rlimits approach, which Ubuntu and Fedora both support, but Debian is still dragging behind for unknown reasons. Read the rest of the bug and this becomes clear.
If you manage to hack into the main repository, please fix this bug. A well-tested patch has been available for almost 6 months, and it is even attached to the bug report. The bug has been fixed in Ubuntu, but Debian users are still waiting, more than a year after the bug was first filed.
You do understand that everything downloaded from update.microsoft.com needs to be digitally signed, right?
Btw, Debian also does digital signatures for every package installed (see here). I don't think they have gone as far as having an air-gap, but it does mean that a regular hacking won't be able to silently corrupt packages.
Debian's system is actually quite cool, since it can check *every* program installed, and not just core OS updates (courtesy of apt controlling 99% of software installation). In fact, you can add additional keys for other package sources (I run some unofficial packages, but those developers also sign their packages with their own keys, so it is covered as well).
Perhaps I went a little too over the top, now that I reread your post its not that strongly worded.
The main question that remains in my mind, is how you find the time to preview every movie you might watch. Maybe you don't? The MPAA notifications (violence, nudity, etc) are next to useless because they don't tell you *how long* something is, and that certainly makes a difference. Maybe you just do the fast-fwd thing? That doesn't really work for language.
Try and sell the result as my work, or sell it in such a way that other people will see the result as my work?
The correct analogy would be selling something labelled as "a Joe Decker photo with a smiley face painted on it". There is no misrepresentation here. In fact people are going out of their way to get this "sullied" version.
According to your logic, if I owned a frame shop, it would be ok for me to say "you may not include a Joe Decker photograph in this frame and sell the resulting framed picture, as it ruins the frame designer's artistic intent." Yes, there is such a thing as too much control.
One of the "clean movie" companies does exactly this (forgot the name, saw it on a news story of DVD editing). They sell special web-connected DVD players that download edit lists for the movies. Though more expensive to set up, they feel they are more legally in the clear. I think this model is actually quite nice, as you could tag each missing part, and then set up a menu for what things are ok to show (language, nudity, violence, etc) as checklists or even allowable levels. That would give the consumer complete control.
Personally I like to watch un-edited movies, but I defend the rights of others to watch whatever edit they want of something they bought. "Bounty" does not tell me what I am allowed and not allowed to do with their paper towels, magazines do not prevent me from skipping through stories, so why is a plastic disc treated differently?
It's pretty easy to see that GP does not actually have children. However, I'm sure he offers his advice in how parents should control their unruly kids in public.
If you look at TV, sooner or later an 'edited' version will be played on TV that has been 'sanatized' for those of weaker constitutions.
Um, this has been happening for many years already. I wonder if the directors even have any input into the editing that TV channels do. I doubt it, since their "friends" are editing the movies, so it must be ok.
Though I would not buy one of these DVDs myself, I really don't see why others should be prevented from selling such versions, provided that they are clearly marked, and include an original copy as per copyright requirements. It's a capitalist society, let the market figure it out.
From the FAQ: "Assume a computer running 24hrs/day requires, on average, 50W of power."
For a typical computer under load, that is off by a factor of 3 (AMD Athlon) or 4 (Intel P4). I'm supposed to trust these guys with something as complex as climate prediction when they assume values that far off for something you could look up on any hardware site? Their FAQ entry makes it clear than even a factor of 4 won't change their impact statement, but I'm amazed at just how wrong they are about the assumed inputs.
I hope they order their next Dell computers with 75 watt power supplies...
He's already replied to this but yes if you don't have a working network.
I see, and if someone has a problem with their CD drive (oh and USB and firewire too) are we obligated to give them a print-out of the source? I cannot see how the internet fails to satisfy as "a medium customarily used for software interchange". That is straight from the text of the GPL.
Also, how did he get on Ubuntu forums without network access? Maybe he's making that seem like a bigger hurdle than it was?
The only remote holes addressed in that patch involved SCTP, which most servers would not be running yet, and an IP forwarding bug which would only affect routers. If your server runs neither of these services, and does not have shell accounts for regular users, then you are pretty much in the clear.
Personally, I don't run serious production environments, so I can take things down during off-hours to upgrade whenever new kernels are available. I like the feeling of being up to date on anything I might need. However, if you care enough about continuity, you just have to read and assess each vulnerability to see if it affects you.
Yeah, I've got 3 replies now about PDF - you were quite right about it. I guess my knowledge on printers was a little dated, and that Postscript Level 3 is roughly equivalent to "can print PDF". I still know Postscript pretty well though; The only reason a printer would need to get the whole document before starting to print is due to the use of "atend" tags in Structured Postscript. Tags carry various metadata, and to be kind to streaming-style applications, many can be specified at the end of the document instead of the beginning. If you don't use atend tags however, a printer can start printing after it gets the prolog (code to run before every page) and the data for the first page (pages are demarcated unambiguously in the file). So, in that sense, the waiting problem can be fixed without changing too much.
If it was desired to go beyond page-level parallelism, you could take the Structured Postscript idea a little further and break the page up into functions with standard names that render bands on each page, and are coded so that they can be run on independent stacks. In general though I think it would be easier to buffer more and more pages (that's what most of that 1GB will undoubtedly go toward).
There are probably quite a few high-end printers that can print PDF directly, no Acrobat Reader necessary.
I've never heard of a printer that printed PDF directly, but there are very many that can interpret Postscript.
In the world of this industry the best achievers aspire to make the page rendering as multi-threaded as possible.
I doubt anyone cares about that right now. Do you have any reference backing this up at all? Most low end printers even render a single page multiple times because they lack the buffer memory to store the whole page, and the processors are quite slow compared to desktop CPUs (think tens of MHz). A high end printer is one that can store the whole page, and has a decent processor. I don't think they're at the point where they need SMT or multicore processors.
most likely the parsing of the printing language (PostScript for example) can only go serially, hence a bottleneck.
Interpreting is normally the bottleneck. Postscript is extremely easy to parse (by design).
The next step in printing languages will be to have the pages described in a way that will permit parallel interpreting.
Structured Postscript allows you to render different pages in parallel. I don't know why you'd need to go much beyond that anytime soon, at least for printing purposes.
I like FireFox, but it can consume a lot of RAM on any operating system. I've gotten it up to 700MB in Linux before. Tabs are a both a blessing and a curse.
I believe the idea is a more compact two-socket interface. Almost all of the existing two socket boards are extended-ATX, and will not fit in consumer-friendly mini-tower.
Not to mention the null syscall is 5.7 times slower in the microkernel when compared to Linux. One might think that this would be a nonissue, but you'd be amazed how often server programs call "simple" syscalls such as gettimeofday.
Yep you are right, I stand corrected. TFA is misleading in this regard because it repeatedly references "atoms" and never once uses "molecule" in its description. It even describes cetrifuges as "separating atoms", which can't possibly be right, and I should have noticed.
Such as every version of Perl before 6? FSF does not consider the Artistic Licence 1.x to be "free", while 2.0 is. Perl 5 is not in non-free. So yes, the differences are often pretty subtle or minor. However I refuse to be labelled "wrong" when my definition is in agreement with both the FSF and SPI.
Personally I'm more of an "open source" person than a "free software" person. However I do feel that uncompromising groups have something to add to society, by maintaining balance against forces pulling in the opposite direction (FSF, ACLU, etc). Thus I try not to misrepresent their interpretations.
Where are you from, coward? Obviously your nation has taught you tolerance and tact.
open source != free software
No shit. I call Debian open source, because by RMS's definition, it includes things that are not Free Software. In fact, Debian's (slightly) more pragmatic approach is the prime origin of the term "open source".
You can open up your sources to everyone on the planet and forbid that they are compiled at all.
Actually, that wouldn't meet the open source definition. The very first sentence says "Open source doesn't just mean access to the source code." Looks like it's you who could use a clue.
Slashdot Mirror
The original post was meant as a joke. I really would not expect hackers to go in and fix bugs. I have no idea why the post was modded the way it was, as though this were some sort of serious suggestion.
I'm not planning on abandoning Debian, which I've used almost exclusively since 1998. However I do think there are problems in the system, and I feel there is no reason not to make fun of them. It's very much like a political cartoon or joke, which often address serious issues but do so in a lighthearted way. Anyway, the problem as I see it is that maintainers hang on far too long when they can no longer maintain a package. Part of this has to do with how hard it would be to come back later if they had time again. For very many Debian bugs, it's not as though it's been a week or something, we're talking about issues that are often over a year old (2.6.12 was out 12 months ago). Maintainers need to be able to step aside more easily, or share duties when they fall behind. That is not well supported in the current system and climate.
Another issue, although one that has been mitigated somewhat is the multiple-architectures problem. Debian added architectures with little or no practical use, yet every one adds significant overhead for a package maintainer (how many people use Debian's on an s390?) At least now those architectures can be released separately from the mainstream ones, so they won't hold up a release, and there is some better support for compile farm testing. It really showed a lack of forsight IMHO that this was not addressed before the arches were added.
I really want to see Debian thrive. However, if people cannot even admit that there is a problem, then there is no way we'll ever get to a solution.
Realtime LSM != real time rlimits
In other words, the only alternative to this patch was rejected by upstream. They did so in favor of the rlimits approach, which Ubuntu and Fedora both support, but Debian is still dragging behind for unknown reasons. Read the rest of the bug and this becomes clear.
Dear Hackers,
If you manage to hack into the main repository, please fix this bug. A well-tested patch has been available for almost 6 months, and it is even attached to the bug report. The bug has been fixed in Ubuntu, but Debian users are still waiting, more than a year after the bug was first filed.
If you hack, do it for the right reasons.
You do understand that everything downloaded from update.microsoft.com needs to be digitally signed, right?
Btw, Debian also does digital signatures for every package installed (see here). I don't think they have gone as far as having an air-gap, but it does mean that a regular hacking won't be able to silently corrupt packages.
Debian's system is actually quite cool, since it can check *every* program installed, and not just core OS updates (courtesy of apt controlling 99% of software installation). In fact, you can add additional keys for other package sources (I run some unofficial packages, but those developers also sign their packages with their own keys, so it is covered as well).
It might be nice to include signed authentication of at least the changelog, if not the package itself, to ensure authenticity of upgrades.
Debian has been checking digital signatures on every package installed for almost a year now. See here.
Of course, I run testing, so I have no idea when this got into stable.
Perhaps I went a little too over the top, now that I reread your post its not that strongly worded.
The main question that remains in my mind, is how you find the time to preview every movie you might watch. Maybe you don't? The MPAA notifications (violence, nudity, etc) are next to useless because they don't tell you *how long* something is, and that certainly makes a difference. Maybe you just do the fast-fwd thing? That doesn't really work for language.
Try and sell the result as my work, or sell it in such a way that other people will see the result as my work?
The correct analogy would be selling something labelled as "a Joe Decker photo with a smiley face painted on it". There is no misrepresentation here. In fact people are going out of their way to get this "sullied" version.
According to your logic, if I owned a frame shop, it would be ok for me to say "you may not include a Joe Decker photograph in this frame and sell the resulting framed picture, as it ruins the frame designer's artistic intent." Yes, there is such a thing as too much control.
I think you meant "no one used to be able to stop me".
One of the "clean movie" companies does exactly this (forgot the name, saw it on a news story of DVD editing). They sell special web-connected DVD players that download edit lists for the movies. Though more expensive to set up, they feel they are more legally in the clear. I think this model is actually quite nice, as you could tag each missing part, and then set up a menu for what things are ok to show (language, nudity, violence, etc) as checklists or even allowable levels. That would give the consumer complete control.
Personally I like to watch un-edited movies, but I defend the rights of others to watch whatever edit they want of something they bought. "Bounty" does not tell me what I am allowed and not allowed to do with their paper towels, magazines do not prevent me from skipping through stories, so why is a plastic disc treated differently?
It's pretty easy to see that GP does not actually have children. However, I'm sure he offers his advice in how parents should control their unruly kids in public.
If you look at TV, sooner or later an 'edited' version will be played on TV that has been 'sanatized' for those of weaker constitutions.
Um, this has been happening for many years already. I wonder if the directors even have any input into the editing that TV channels do. I doubt it, since their "friends" are editing the movies, so it must be ok.
Though I would not buy one of these DVDs myself, I really don't see why others should be prevented from selling such versions, provided that they are clearly marked, and include an original copy as per copyright requirements. It's a capitalist society, let the market figure it out.
From the FAQ:
"Assume a computer running 24hrs/day requires, on average, 50W of power."
For a typical computer under load, that is off by a factor of 3 (AMD Athlon) or 4 (Intel P4). I'm supposed to trust these guys with something as complex as climate prediction when they assume values that far off for something you could look up on any hardware site? Their FAQ entry makes it clear than even a factor of 4 won't change their impact statement, but I'm amazed at just how wrong they are about the assumed inputs.
I hope they order their next Dell computers with 75 watt power supplies...
He's already replied to this but yes if you don't have a working network.
I see, and if someone has a problem with their CD drive (oh and USB and firewire too) are we obligated to give them a print-out of the source? I cannot see how the internet fails to satisfy as "a medium customarily used for software interchange". That is straight from the text of the GPL.
Also, how did he get on Ubuntu forums without network access? Maybe he's making that seem like a bigger hurdle than it was?
The only remote holes addressed in that patch involved SCTP, which most servers would not be running yet, and an IP forwarding bug which would only affect routers. If your server runs neither of these services, and does not have shell accounts for regular users, then you are pretty much in the clear.
Personally, I don't run serious production environments, so I can take things down during off-hours to upgrade whenever new kernels are available. I like the feeling of being up to date on anything I might need. However, if you care enough about continuity, you just have to read and assess each vulnerability to see if it affects you.
Yeah, I've got 3 replies now about PDF - you were quite right about it. I guess my knowledge on printers was a little dated, and that Postscript Level 3 is roughly equivalent to "can print PDF". I still know Postscript pretty well though; The only reason a printer would need to get the whole document before starting to print is due to the use of "atend" tags in Structured Postscript. Tags carry various metadata, and to be kind to streaming-style applications, many can be specified at the end of the document instead of the beginning. If you don't use atend tags however, a printer can start printing after it gets the prolog (code to run before every page) and the data for the first page (pages are demarcated unambiguously in the file). So, in that sense, the waiting problem can be fixed without changing too much.
If it was desired to go beyond page-level parallelism, you could take the Structured Postscript idea a little further and break the page up into functions with standard names that render bands on each page, and are coded so that they can be run on independent stacks. In general though I think it would be easier to buffer more and more pages (that's what most of that 1GB will undoubtedly go toward).
There are probably quite a few high-end printers that can print PDF directly, no Acrobat Reader necessary.
I've never heard of a printer that printed PDF directly, but there are very many that can interpret Postscript.
In the world of this industry the best achievers aspire to make the page rendering as multi-threaded as possible.
I doubt anyone cares about that right now. Do you have any reference backing this up at all? Most low end printers even render a single page multiple times because they lack the buffer memory to store the whole page, and the processors are quite slow compared to desktop CPUs (think tens of MHz). A high end printer is one that can store the whole page, and has a decent processor. I don't think they're at the point where they need SMT or multicore processors.
most likely the parsing of the printing language (PostScript for example) can only go serially, hence a bottleneck.
Interpreting is normally the bottleneck. Postscript is extremely easy to parse (by design).
The next step in printing languages will be to have the pages described in a way that will permit parallel interpreting.
Structured Postscript allows you to render different pages in parallel. I don't know why you'd need to go much beyond that anytime soon, at least for printing purposes.
I like FireFox, but it can consume a lot of RAM on any operating system. I've gotten it up to 700MB in Linux before. Tabs are a both a blessing and a curse.
I believe the idea is a more compact two-socket interface. Almost all of the existing two socket boards are extended-ATX, and will not fit in consumer-friendly mini-tower.
Not to mention the null syscall is 5.7 times slower in the microkernel when compared to Linux. One might think that this would be a nonissue, but you'd be amazed how often server programs call "simple" syscalls such as gettimeofday.
Yep you are right, I stand corrected. TFA is misleading in this regard because it repeatedly references "atoms" and never once uses "molecule" in its description. It even describes cetrifuges as "separating atoms", which can't possibly be right, and I should have noticed.
Boiling uranium?
For the laser separation method, not for centrifuges.
I noticed that you used the Queen's English in writing your post, which means you must be one of those "evil British hackers" mentioned in the TFA.
Remember everyone, the lower the patch frequency a product has, the more secure it must be. Pay no attention to the wookie.
Eh? Like what?
Such as every version of Perl before 6? FSF does not consider the Artistic Licence 1.x to be "free", while 2.0 is. Perl 5 is not in non-free. So yes, the differences are often pretty subtle or minor. However I refuse to be labelled "wrong" when my definition is in agreement with both the FSF and SPI.
Personally I'm more of an "open source" person than a "free software" person. However I do feel that uncompromising groups have something to add to society, by maintaining balance against forces pulling in the opposite direction (FSF, ACLU, etc). Thus I try not to misrepresent their interpretations.
Kind of reminds me of "Head like a hole" with all the hollow head and color-shifted imagery.
Get a fucking clue, you American cuntbag!
Where are you from, coward? Obviously your nation has taught you tolerance and tact.
open source != free software
No shit. I call Debian open source, because by RMS's definition, it includes things that are not Free Software. In fact, Debian's (slightly) more pragmatic approach is the prime origin of the term "open source".
You can open up your sources to everyone on the planet and forbid that they are compiled at all.
Actually, that wouldn't meet the open source definition. The very first sentence says "Open source doesn't just mean access to the source code." Looks like it's you who could use a clue.
What have you contributed to the community?