This is a practical decision: he did not reject Linux on any moral grounds; he just didn't realise how big linux would be (yet). And from reading the e-mailexchange between Linus and Tanenbaum that was linked to from/. quite some time ago, I'd say that was a pretty sane point of view at the time. The gist:
[...] GNU Lesser General Public License as published by the Free
Software Foundation; either version 2.1 of the License, or (at your
option) any later version.
just invites him to screw you when it pleases him. Rip out the "any
later version" part and make your own decisions when to use a
different license since otherwise he can potentially do you or your
work harm.
When first reading the GPL (which has a similar clause) my first reaction was I wanted to rip this out too.
However, as I realised later, this creates a new problem: if a bug in the version of the (L)GPL that I'm using for my program is ever discovered, I will have to get permission from anyone who has ever contributed to upgrade to a newer version of the (L)GPL that fixes the bug. This would probably be at least a major hassle and at worst impossible.
A way around this problem would be to add-in my own section that grants the original developer(s) the exclusive right to upgrade the license, but then, I'm not a lawyer, so this would be hard, and it still puts the power to upgrade the license into the hands of a select few, albeit this select few would now include me.
So I decided to leave the clause in for lack of a better alternative.
I did some reading on the Koolance system last time it came along on slashdot and it looks really great... except for one thing:
IIRC they mentioned somewhere on their site that the reservoir needs refilling after five years. Since I want my new system to be serving webpages or acting as a firewall after it's been replaced by a newer desktopbox this is really an issue for me: Five years is a long time and I don't want to be reliant on Koolance for spare parts in five years.
Can't seem to find this on their site anymore though. In fact:
10) Q: Will the liquid
ever leak, or need replacement?
A: As
you can see from our product page, every care has been made to seal the component connections
permanently. We have tested multiple configurations and methods, and
are quite confident in the present design. If you suspect a leak, please contact your local Koolance distributor for service.
So they might have made it more relyable or perhaps they've done more testing and are more confident in their design now.
I've got the same problem with both a S3 Virge/DX and a S3 Virge/GX on my AMD-K6 / 233 system with 32 MB's of RAM running 4.0.3. I was going to test if it was resolved in 4.1.0 and then file a bug-report, but being the lazy bastard that I am I've decided to wait for the.debs to be added to sid before upgrading.
In my case the problem is greatly reduced by reducing the colourdepth. I'm using the GX board in 1024x768 with my ColorDepth set to 16 now and it's completely gone.
Kinda like if you're worried about someone trying to start a conversation with you, you shouldn't go outside.
Starts rant:
Shooting and killing people doesn't have any legitimate purposes. Portscanning a computer does, so please stop obscuring the argument with absurd metaphors. In fact, I'd prefer it if people stopped using metaphors for portscanning all together, because there simply aren't any that simplify the situation. Here's why:
Portscanning: send some tcp/ip packet to a specific port on a target host and see if/how it responds. Let's compare this to the five senses: First: sight, smell and hearing are out, because they are passive: they don't send out anything and see how objects respond. Second: taste and touch. They might qualify on the grounds of being active: you put something in your mouth to taste it and you might press your fingers against that Rembrandt in the museum to actually feel the layers of paint.
So lets explore taste and touch a bit further. In real life tasting or touching someone's private property is not normal behaviour and will usually be considered an invasion of privacy (well, the neighbours might actually be getting used to me licking their car, but this I will mark an exception to the common case). On the internet however these kind of active senses are required: you can sit there waiting for some webserver to contact you, but don't expect your posts to show up on/. any time this century. So both taste and touch are also out, because they do not provide applicable metaphors.
I think I've successfully argued that you must do the online equivalent of tasting the slashdot server to get it to do anything useful and that all methaphors based on any of the senses break up when applied to the internet. From this I will conclude that no metaphor will be both applicable to the online situation and be intuitive (metaphors based on anything but real-life situations that you observe through your senses could hardly be called intuitive, now could they?) and thus we can now stop using metaphors from our daily lives to describe online events and portscanning in particular.
Ends rant.
Re:Abusing /. to get tech-support
on
XFree 4.1.0 Out
·
· Score: 1
In that case I'll try 4.1.0 and write up a decent bug report if it isn't fixed. The corruption looks to me like it's a problem with one specific drawing operation, because it always looks the same and it's triggered by some specific (reproducable) events. I'll admit I'm not familiar enough with X internals to say for sure though.
Abusing /. to get tech-support
on
XFree 4.1.0 Out
·
· Score: 1
I've been having some issues with pixel corruption while running xfree 4.0.3-3 on a S3 virge/DX and got the same problem on a S3 virge/GX videocard.
The DX has 2 MBs of memory and the GX has got 4. The problem is worst when I set the colordepth to 32 and reduces when I decrease the colordepth. It's also slightly better on the GX board than on the DX one.
I'm using the GX board with a colordepth set to 24 now and it's quite usable. Still, it would be nice if this would be fixed. Anyone recognise these problems? Know if they're fixed?
Some more info:
I'm running Debian Woody on a AMD K6-2/233 with 32 MBs of RAM. Also, I tried to file a bugreport, but that was during the time the site was down and I neglected to do it when it came back up (shame on me;).
One of the oldest definitions of A.I. hasn't really been reached yet: the Turing Test.
That would be a tele-conversion with an entity
where you couldn't tell whether it was human or machine.
A machine that tries to convert you to its own religious cult? Neat!
I think you meant something like tele-conversation though. This has been done. Problem is that this original version of the Turing Test actually turns out to be quite easy to pass. Some ELIZA-like programs have passed it, even though most people wouldn't consider them intelligent. (Sorry for the lack of references to back this up, but I'm studying AI and this is what my professor told me;).)
There's a subtle difference between asking a company to pay for the Free Software they are using right now and asking them to invest in making it possible to keep using (new) Free Software in the future. The latter being the superior choice IMHO.
Microsoft Tech Support isn't optimised for meaningful questions. Tell them something like "my mouse tries to bite me when I'm trying to plug it in to my computer" and see what they come up with. Now that would be a fair question.
Illegal restraint of trade is generally something a company does on its own, not something a company gets a court to do.
It might not be viewed as illegal restraint of trade at the time of the courts ruling or the court might not be able to fully anticipate all the consequences of its verdict.
This is not illegal restraint of trade, because a) it hasn't friggin' happened yet, it's only that RIAA has asked a court to order it
So, if it hasn't happened yet we're not allowed to complain? Hope you enjoy your Copyright protected CD's
, and b) even if it did happen, something ordered by a court is assumed to be legal unless it's overturned, and even if it is it's ultimately the court's fault, and not the petitioner.
Remember the DMCA? Only in a perfect world legal equals moral. So even if they might be able to slip it through some legal crackhole, that doesn't make it right and approaching this from the point of view that everyone is reponsible for (at least) their own actions, that makes them 'the bad guyes' in my book.
If I ask a court to kill my neighbor, that in itself does not make me a murderer.
Yes, it does. I don't care about the legal gibberish, but if you consciously direct your actions to result in the death of another person, we're talking murder. Nothing more, nothing less.
Next time your knee jerks, don't let it hit you in the head and cause brain damage.
Well, you know what they say: Many bugs make eyeballs shallow. Meaning: if there are enough bugs in the code chances are that one will fit your particular skill-set.
I'm not sure if this is obvious or not, but if you have a good bit of free time, reading through posts on/. (on usage of linux for whatever reasons) might help. Even if you don't know exactly what's going on, you at least get exposure to the terms and methodologies.
A problem with a newbie reading/. is that there are a lot of people here posting things that are only partly accurate (or just plain nonsense). As a newbie it might be hard to filter those out. Therefore I think a newbie would learn more by reading Freshmeat or debianHelp or something and read slashdot for entertainment purposes only.
If this is well-known, where are the solutions? How can the weakest part be made stronger?
I guess regular excercising might do the trick.:)
BTW, does your car have airbags? Do they enhance security? Do they require any knowledge in their user's head in order to work correctly?
Of course airbags aren't idiot-proof either, but it takes an advanced idiot to render them useless. Does the same apply to SSH?
I'll separate this into protocol and implementation.
Protocol:
The only weak part in the protocol is getting the public key of the server to the client in a secure way. Once it's there, the protocol is secure (AFAIK).
Implementation:
Now getting that public key to the client is where implementation comes in. There are several ways a sysadmin could go about doing this:
1. Maintain a know_hosts files on all the users machines containing only keys known to be secure (enough) (e.g. because the admin verified them over the telephone). This is quite secure and leaves little to the users, but in most cases is totally impractical.
2. Have the client software add the public key to the know_hosts file the first time it connects to a new server. This is relatively low maintanance, but leaves a window of opportunity for a Man In The Middle attack during those first connections. In this scenario it's also sometimes necessary for users to update their know_hosts file when a server's key changes. There lies another opportunity for an attacker to get a foot in the door: because users generally don't want to be bothered by security, but just want to connect, a lot of them will just hit 'y' until all warnings about changed host keys go away. Because users are allowed to change keys in their known_hosts file, they might also hit 'y' when an attacker is intercepting their connection and (in this scenario) there is no way of preventing this: no piece of software can destinguish between a legitimate change in host key and an attack occurring. The only thing that can be done (as mentioned in the article) is to display a really scary warning message to the user hoping (s)he will make the right decision about changing the key.
So, in most cases the responsibility for security will come down on the users. Therefore, the only way to increase security that I can think of is educating the users.
D'OH, I'd typed up the perfect reply to your post and even previewed it, but when I was just tweaking the details, netscape crashed on me, so you'll have to do with the following digest version:
Looks like we've hit a cultural divergence here. I had no idea that there were dozens of people with the exact same appearance as Liz Hurley. Hence my question: "who's Liz Hurley btw?"
However, my point remains: Occam's Razor can be applied to everything: it's just going with the best choice.
And with my cultural background, I was also right about the woman probably being Liz Hurley because, lacking the important knowledge that Liz Hurley has been cloned, it was the simplest explanation.
Then the problem of Occams Razor would be that no matter who you saw that looked like Liz
Hurley, you would never believe it was really her since a look alike is the simplest explanation.
If you had no additional information about the person you were seeing, that would be the best explanation, so no problem here in my book.
Btw, my interpretation of the post by SevenSeasOfRhye was that he compared actually seeing Liz Hurley and seeing a picture of a nebula that looked like Liz Hurley. Obviously the second is not the same as the first and therefore he dared criticizing Occam's Razor. I just couldn't let that one slip.
Occam's Razor does apply to everything. If you saw something that looked like Liz Hurley (who's Liz Hurley btw?) for as far as you could tell then Occam's Razor tells you to assume it was Liz Hurley until you've got any real reason to believe that it was really that changeling you saw on Star Trek.
However, if you saw something that only vaguely resembled Liz Hurley (think: picture of a nebula), but clearly could not be her then Occam's Razor does not tell you to assume it was her, but to assume it was... a nebula (DUH).
So, anyone interested in inheriting my collection of kiddie pr0n or taking over my drugs syndicate after I've been killed in my extremist suicide bomming of the echelon main base of operations?
How do you know that what your percieve is real? What for that matter is "real"?
As your example clearly showed, there is no way of knowing/proving wether there is a 'real' world out there that's the same for all of us. However, it's not necessary to know anything for certain to make quite educated guesses. You may not have heard of it, but there's something called the "scientific method".
Let's look at gravity for a moment. There is no way I can be sure my cup of coffee will stay on my desk when I put it down next to my computer. For all I know it might float off into the sunset the moment I release it. Yet I'm risking this beautifull black liquid without giving it a second thought and I fully expect to drink it after finishing this post. I'm sure many people will agree it's a pretty good guess to expect gravity to do it's thing for me.
What I'm doing here is taking the simplest possible explanation I have available that fully explaines everything I've observed in the past and applying it to predict what I think of as the future. Compare this to ascribing everything that happens to some Deity who moves in ways I can't and am not supposed to understand and I hope you might begin to see why I find this strangely compelling.
"I say what it occurs to me to say when I think I hear people say things; more I cannot say." Hitchhikers Guide - D. Adams.
Slashdot Mirror
This is a practical decision: he did not reject Linux on any moral grounds; he just didn't realise how big linux would be (yet). And from reading the e-mailexchange between Linus and Tanenbaum that was linked to from /. quite some time ago, I'd say that was a pretty sane point of view at the time. The gist:
Tanenbaum: Microkernels are better in theory.
Linus: But linux works *now*.
When first reading the GPL (which has a similar clause) my first reaction was I wanted to rip this out too.
However, as I realised later, this creates a new problem: if a bug in the version of the (L)GPL that I'm using for my program is ever discovered, I will have to get permission from anyone who has ever contributed to upgrade to a newer version of the (L)GPL that fixes the bug. This would probably be at least a major hassle and at worst impossible.
A way around this problem would be to add-in my own section that grants the original developer(s) the exclusive right to upgrade the license, but then, I'm not a lawyer, so this would be hard, and it still puts the power to upgrade the license into the hands of a select few, albeit this select few would now include me.
So I decided to leave the clause in for lack of a better alternative.
I did some reading on the Koolance system last time it came along on slashdot and it looks really great... except for one thing:
IIRC they mentioned somewhere on their site that the reservoir needs refilling after five years. Since I want my new system to be serving webpages or acting as a firewall after it's been replaced by a newer desktopbox this is really an issue for me: Five years is a long time and I don't want to be reliant on Koolance for spare parts in five years.
Can't seem to find this on their site anymore though. In fact:
10) Q: Will the liquid ever leak, or need replacement? A: As you can see from our product page, every care has been made to seal the component connections permanently. We have tested multiple configurations and methods, and are quite confident in the present design. If you suspect a leak, please contact your local Koolance distributor for service.
So they might have made it more relyable or perhaps they've done more testing and are more confident in their design now.
I've got the same problem with both a S3 Virge/DX and a S3 Virge/GX on my AMD-K6 / 233 system with 32 MB's of RAM running 4.0.3. I was going to test if it was resolved in 4.1.0 and then file a bug-report, but being the lazy bastard that I am I've decided to wait for the .debs to be added to sid before upgrading.
In my case the problem is greatly reduced by reducing the colourdepth. I'm using the GX board in 1024x768 with my ColorDepth set to 16 now and it's completely gone.
Kinda like if you're worried about someone trying to start a conversation with you, you shouldn't go outside.
/. any time this century. So both taste and touch are also out, because they do not provide applicable metaphors.
Starts rant:
Shooting and killing people doesn't have any legitimate purposes. Portscanning a computer does, so please stop obscuring the argument with absurd metaphors. In fact, I'd prefer it if people stopped using metaphors for portscanning all together, because there simply aren't any that simplify the situation. Here's why:
Portscanning: send some tcp/ip packet to a specific port on a target host and see if/how it responds. Let's compare this to the five senses: First: sight, smell and hearing are out, because they are passive: they don't send out anything and see how objects respond. Second: taste and touch. They might qualify on the grounds of being active: you put something in your mouth to taste it and you might press your fingers against that Rembrandt in the museum to actually feel the layers of paint.
So lets explore taste and touch a bit further. In real life tasting or touching someone's private property is not normal behaviour and will usually be considered an invasion of privacy (well, the neighbours might actually be getting used to me licking their car, but this I will mark an exception to the common case). On the internet however these kind of active senses are required: you can sit there waiting for some webserver to contact you, but don't expect your posts to show up on
I think I've successfully argued that you must do the online equivalent of tasting the slashdot server to get it to do anything useful and that all methaphors based on any of the senses break up when applied to the internet. From this I will conclude that no metaphor will be both applicable to the online situation and be intuitive (metaphors based on anything but real-life situations that you observe through your senses could hardly be called intuitive, now could they?) and thus we can now stop using metaphors from our daily lives to describe online events and portscanning in particular.
Ends rant.
In that case I'll try 4.1.0 and write up a decent bug report if it isn't fixed. The corruption looks to me like it's a problem with one specific drawing operation, because it always looks the same and it's triggered by some specific (reproducable) events. I'll admit I'm not familiar enough with X internals to say for sure though.
I've been having some issues with pixel corruption while running xfree 4.0.3-3 on a S3 virge/DX and got the same problem on a S3 virge/GX videocard.
;).
The DX has 2 MBs of memory and the GX has got 4. The problem is worst when I set the colordepth to 32 and reduces when I decrease the colordepth. It's also slightly better on the GX board than on the DX one.
I'm using the GX board with a colordepth set to 24 now and it's quite usable. Still, it would be nice if this would be fixed. Anyone recognise these problems? Know if they're fixed?
Some more info:
I'm running Debian Woody on a AMD K6-2/233 with 32 MBs of RAM. Also, I tried to file a bugreport, but that was during the time the site was down and I neglected to do it when it came back up (shame on me
Well, at least other people can see her too, which made her a major upgrade from my previous girlfriend...
One of the oldest definitions of A.I. hasn't really been reached yet: the Turing Test. That would be a tele-conversion with an entity where you couldn't tell whether it was human or machine.
;).)
A machine that tries to convert you to its own religious cult? Neat!
I think you meant something like tele-conversation though. This has been done. Problem is that this original version of the Turing Test actually turns out to be quite easy to pass. Some ELIZA-like programs have passed it, even though most people wouldn't consider them intelligent. (Sorry for the lack of references to back this up, but I'm studying AI and this is what my professor told me
It's capable of detecting new files, changes to existing files and files that were deleted.
Well, perhaps tripwire would be an option.
There's a subtle difference between asking a company to pay for the Free Software they are using right now and asking them to invest in making it possible to keep using (new) Free Software in the future. The latter being the superior choice IMHO.
Microsoft Tech Support isn't optimised for meaningful questions. Tell them something like "my mouse tries to bite me when I'm trying to plug it in to my computer" and see what they come up with. Now that would be a fair question.
Illegal restraint of trade is generally something a company does on its own, not something a company gets a court to do.
It might not be viewed as illegal restraint of trade at the time of the courts ruling or the court might not be able to fully anticipate all the consequences of its verdict.
This is not illegal restraint of trade, because a) it hasn't friggin' happened yet, it's only that RIAA has asked a court to order it
So, if it hasn't happened yet we're not allowed to complain? Hope you enjoy your Copyright protected CD's
, and b) even if it did happen, something ordered by a court is assumed to be legal unless it's overturned, and even if it is it's ultimately the court's fault, and not the petitioner.
Remember the DMCA? Only in a perfect world legal equals moral. So even if they might be able to slip it through some legal crackhole, that doesn't make it right and approaching this from the point of view that everyone is reponsible for (at least) their own actions, that makes them 'the bad guyes' in my book.
If I ask a court to kill my neighbor, that in itself does not make me a murderer.
Yes, it does. I don't care about the legal gibberish, but if you consciously direct your actions to result in the death of another person, we're talking murder. Nothing more, nothing less.
Next time your knee jerks, don't let it hit you in the head and cause brain damage.
Too late...
Is it me or are these pieces falling up?
Well, you know what they say: Many bugs make eyeballs shallow. Meaning: if there are enough bugs in the code chances are that one will fit your particular skill-set.
Happy to use mozilla: www.shockwave.com for me
"Hacker is a term used to describe those who illegally break into computer systems to steal or copy information."
For one they are clear about the difference between a "hacker" and a "cracker".
So, which article did *you* read?
I'm not sure if this is obvious or not, but if you have a good bit of free time, reading through posts on /. (on usage of linux for whatever reasons) might help. Even if you don't know exactly what's going on, you at least get exposure to the terms and methodologies.
/. is that there are a lot of people here posting things that are only partly accurate (or just plain nonsense). As a newbie it might be hard to filter those out. Therefore I think a newbie would learn more by reading Freshmeat or debianHelp or something and read slashdot for entertainment purposes only.
A problem with a newbie reading
If this is well-known, where are the solutions? How can the weakest part be made stronger?
:)
I guess regular excercising might do the trick.
BTW, does your car have airbags? Do they enhance security? Do they require any knowledge in their user's head in order to work correctly?
Of course airbags aren't idiot-proof either, but it takes an advanced idiot to render them useless. Does the same apply to SSH?
I'll separate this into protocol and implementation.
Protocol:
The only weak part in the protocol is getting the public key of the server to the client in a secure way. Once it's there, the protocol is secure (AFAIK).
Implementation:
Now getting that public key to the client is where implementation comes in. There are several ways a sysadmin could go about doing this:
1. Maintain a know_hosts files on all the users machines containing only keys known to be secure (enough) (e.g. because the admin verified them over the telephone). This is quite secure and leaves little to the users, but in most cases is totally impractical.
2. Have the client software add the public key to the know_hosts file the first time it connects to a new server. This is relatively low maintanance, but leaves a window of opportunity for a Man In The Middle attack during those first connections. In this scenario it's also sometimes necessary for users to update their know_hosts file when a server's key changes. There lies another opportunity for an attacker to get a foot in the door: because users generally don't want to be bothered by security, but just want to connect, a lot of them will just hit 'y' until all warnings about changed host keys go away. Because users are allowed to change keys in their known_hosts file, they might also hit 'y' when an attacker is intercepting their connection and (in this scenario) there is no way of preventing this: no piece of software can destinguish between a legitimate change in host key and an attack occurring. The only thing that can be done (as mentioned in the article) is to display a really scary warning message to the user hoping (s)he will make the right decision about changing the key.
So, in most cases the responsibility for security will come down on the users. Therefore, the only way to increase security that I can think of is educating the users.
D'OH, I'd typed up the perfect reply to your post and even previewed it, but when I was just tweaking the details, netscape crashed on me, so you'll have to do with the following digest version:
Looks like we've hit a cultural divergence here. I had no idea that there were dozens of people with the exact same appearance as Liz Hurley. Hence my question: "who's Liz Hurley btw?"
However, my point remains: Occam's Razor can be applied to everything: it's just going with the best choice.
And with my cultural background, I was also right about the woman probably being Liz Hurley because, lacking the important knowledge that Liz Hurley has been cloned, it was the simplest explanation.
Then the problem of Occams Razor would be that no matter who you saw that looked like Liz Hurley, you would never believe it was really her since a look alike is the simplest explanation.
If you had no additional information about the person you were seeing, that would be the best explanation, so no problem here in my book.
Btw, my interpretation of the post by SevenSeasOfRhye was that he compared actually seeing Liz Hurley and seeing a picture of a nebula that looked like Liz Hurley. Obviously the second is not the same as the first and therefore he dared criticizing Occam's Razor. I just couldn't let that one slip.
Occam's Razor does apply to everything. If you saw something that looked like Liz Hurley (who's Liz Hurley btw?) for as far as you could tell then Occam's Razor tells you to assume it was Liz Hurley until you've got any real reason to believe that it was really that changeling you saw on Star Trek.
... a nebula (DUH).
However, if you saw something that only vaguely resembled Liz Hurley (think: picture of a nebula), but clearly could not be her then Occam's Razor does not tell you to assume it was her, but to assume it was
So, anyone interested in inheriting my collection of kiddie pr0n or taking over my drugs syndicate after I've been killed in my extremist suicide bomming of the echelon main base of operations?
Oops...
Christianity is the mother of science because of "the medieval insistence on the rationality of God."
And then some stupid movement called the 'Enlightenment' came along and took all that rationality away. D'OH, I hate it when that happens!
Btw, the views of important scientists aren't arguments per se. Their motivations for reaching those conclusions could be, but their views aren't.
How do you know that what your percieve is real? What for that matter is "real"?
As your example clearly showed, there is no way of knowing/proving wether there is a 'real' world out there that's the same for all of us. However, it's not necessary to know anything for certain to make quite educated guesses. You may not have heard of it, but there's something called the "scientific method".
Let's look at gravity for a moment. There is no way I can be sure my cup of coffee will stay on my desk when I put it down next to my computer. For all I know it might float off into the sunset the moment I release it. Yet I'm risking this beautifull black liquid without giving it a second thought and I fully expect to drink it after finishing this post. I'm sure many people will agree it's a pretty good guess to expect gravity to do it's thing for me.
What I'm doing here is taking the simplest possible explanation I have available that fully explaines everything I've observed in the past and applying it to predict what I think of as the future. Compare this to ascribing everything that happens to some Deity who moves in ways I can't and am not supposed to understand and I hope you might begin to see why I find this strangely compelling.
"I say what it occurs to me to say when I think I hear people say things; more I cannot say." Hitchhikers Guide - D. Adams.