my thoughts exactly: how is banning client-side things like JavaScript and ActiveX going to make their servers any safer? not that I'd object if they cleaned their pages from any JS or A-X, but that has nothing to do with server safety. or maybe are they programming their server-side dynamic pages with javascript? some Netscape servers can do that, but AFAIK it's not a particularily popular option.
anyway, if the gist of the idea is to make most of their pages entirely static, I'd say it's a good idea. government agencies aren't in the business of building online communities with forums and stuff like that. in order to present themselves and their information to the public, static pages should be more than enough.
while we're at it: how to build a secure static server in a few minutes: set up a Linux box with only httpd and sshd running, and sshd firewalled at the internet-connecting router. install thttpd for the web server, chrooted to its document root, running under an uid that can't write to any of the files or directories inside of the chroot. then you have exactly two attacks to worry about: 1) kernel networking bugs (nothing much you can do about these except trust that they are rare, and that fixes are available very quickly), and buffer overflows in the webserver (which crash the process, but don't let the attacker actually do anything with the system, like write anywhere or run any programs).
my favorite open conjecture is another simple one; I forgot the name, but it states that you start with any integer, and keep doing this operation: if the number is even, divide by two, if not, multiply by three and add one. if the conjecture is right, whatever the number you started with, you end up in the cycle 1-4-2-1. as far as I know, no-one knows where to even start proving it.
whether words or some internal mental representation are the ultimate building blocks of thought, is a very long-running controversy that has been analyzed from many points of view. the case for pure "words ARE your thought" has been made repeatedly (and extrpolated into things like the Sapir-Whorf hypothesis, and ideas like "clean up your mind by learning to use language logically", and so on), but it doesn't appear very credible at this point. there is a good case for some sort of "mentalese" that gets expressed as words.
anecdotic introspecting evidence on each side: 1) sometimes you can't find a word, which suggests that you can think in concepts. 2) sometimes the language you're thinking in will make you turn things one way or another, use idioms, etc, subtly changing what you're saying, compared to what you'd have siad in another language.
ACL very important to sysadmins mind you? well, there are probably cases where it would be, but I sure can't think of any. on all the systems I've used and projects where I've been involved, we've handled it just fine with userids and groups.
the one thing ACLs let you do that Unix-style permissions don't, is make exceptions (as in "this person also gets to write to this file") when you own the file in question but don't have admin rights. so yeah, it can be nice, but essential? no way. I've yet to meet a sysadmin that would refuse to create a group for you, and with small-ish projects the developpers just have root on the dev machines and create groups as they need them.
yep, multi-lingual people switch back and forth. I find myself thinking in English, Catalan, Spanish or French, more or less randomly, depending on who I've last talked to, on on what I'm thinking about, or whatever.
Esperanto is great as a hobby, and as a way to make international friends who share your hobby. it's not particularily good as an intermediary language for computer translation; in fact it's arguably quite bad at that.
point is, what this project is trying to do has nothing to do with Esperanto or its approach. As someone stated, this intermediary language doesn't even have to be human-readable, human-pronounceable, nor human-easily-learnable. OTOH, this language has to keep as many semantic features of the translated sentences as possible, including which pronouns have the same reference in a sentence (e.g the fact that "he" and "him" can't be the same in "he told him to to bugger off", but the two "he"'s can in "he thinks he's great", in English). languages in the world have come up with remarkably diverging ways to mark up what refers to what, including gender (or category) agreement, and all kinds of syntax-based rules. then there's the problem of semantic space: what do you do with the fact that languages (to use a well known example) don't always put the borders between colors in the same places, so that for one language these two colors will be variations of the same, and for others they'll be different?
all together, this means that an intermediary language, to be useful, has to strive for completeness (keep as much information as possible), rahter than for simplicity. it'll be hard to learn, but that's fine, you don't actually need people to learn it, so you don't even need to construct a phonetic/phonological system for it. think of it as an internal representation in computer memory. Esperanto being a rather simple language with a strong Indo-European bias, is not even close to mathing the requirements, and Interlingua, and Interlingua even less. but that's fine, this is not the problem these languages were trying to solve anyway. OTOH, E-o and Interlingua's relatively simple grammars should make it fairly easy to build translators to and from these languages and the UNL. maybe the UNL people could do a small scalle test to see how well their system can translate (for example) Esperanto to Interlingua, before attempting to translate German into Japanese. or maybe not.
I've had URL insta-click since 4 years ago (I didn't come up with it either, borrowed the scripts from someone else, then later rewrote them in perl). oh, and that's with plain fvwm2, no GNOME or KDE. for this you need: xselection from ftp://ftp.x.org/R5contrib (takes some tweaks to compile on X11R6 but it works), Netscape's remote.c (linked from http://home.netscape.com/newsref/std/x-remote.html, and a little glue script that grabs the PRIMARY selection, strips spaces, and calls remote with it. the you configure your window manager to run the script when you press a key, with a line like this: Key F6 A N Exec netscape-sel &
once you have that, all you have to do is mouse-select a URL anywhere and press F6.
So if you're looking to throw a few million into research and development, in order to turn your Cool New Idea for the Next Killer App into a reality, do you really want to have to be asking yourself "So... how long until a few bearded hippies come up with a free (speech/beer)knock-off?"
1st: "bearded hippies" is not an fair way to describe the free software (open source) developper community. not that I have anything against bona fide, real life bearded hippies (other than the fact that it's been a while since I've seen any).
2nd: if you're looking to throw a few million into R&D in order to turn your new Cool New Idea Next Killer App into reality, you don't have a choice between asking yourself "how long until someone comes up with a decent free software clone" or not. if your app is interesting to the mainstream *and* actually useful, it'll happen. live with it, and be happy that the unenlightened masses will still prefer yours if you make it flashier (which is typically the one area where the free version won't quite match the proprietary one).
what we woudl need is the source code to the human brain. locate the bit that makes people want to open executable attachments, and #ifdef it out, or replace it with a call to suddently_feel_like_going_to_take_a_dump() or something.
seriously, the problem is with the user, not with the software. you can't blame the sw for making things easy; you could blame it for not warning enough, but people will ignore warnings (esp. after seeing the same warning when their friend last sent them a new screensaver, clicking on 'yes', and nothing wrong happening).
no matter whether it's linux, windows or openbsd, people need to learn the difference between data (safe to view) and executables (unsafe to run). and the fact is that they won't.
we want more IPs than MAC addresses because we want to embed routing information in IPs. MACs are arbitrary, there's no way in hell you could route that, short of stuffing the whole list of a bazillion assigned MACs into every router and updating it hourly. sounds like fun:)
it sounds like a major overkill effor to me. within an organization, even large, you can be confident enough that no two random 48-bit numbers will conflict.
as has been pointed out, with most modern NICs, you *can* modifiy your MAC address. there isn't much point in it (replace one arbitrary number with another), but if you're paranoid enough you might want to automate the system to pick a new random one at every boot, or something like that.
Linux has many spin-offs, in the form of kernel ports to architectures that haven't been integrated in Linus' kernel, or specialized things like RTLinux, uCLinux, MOSIX/Linux, and one or two other Linux RT projects whose names escape me atm.
it's a matter of taste and flavor. having used both, I prefer the SysV-style installs that most Linux distributions (in particular, RedHat) use. many files, but each little thing is in one specific file. that's the main reason why I don't like SuSE much, too: even though they have SysV-style scripts, configuration is much too centralized, you have everything in rc.config, and if you use SuSEConfig you have to rerun it and have it regenerate a lot of things everytime you make the slightest change.
great advice. I always do that when I install a box: add ssh/sshd, then go through/etc/inetd.conf and the output of "ps axuww" and disable anything I don't need, and restrict things by IP (like relaying capabilities, if you use a local MTA). for large organizations, it makes sense to turn ports off at the router, but a well installed Linux/BSD/Unix box should be able to stand on its own securely... and it's not that hard.
keeping an eye on the security page is a very good idea too, but less important on development/production boxes with few uesrs, where you can take the attitude that account separation is not there to absoultely protect one account from another, but just to make you be conscious about what you're doing, by having to su over to another account for sensitive operations.
last I tried 'cypherpunks' wasn't working at NYTIMES, and it wouldn't let me register it. I tried registering variations like 'cypherp' (for login & passwd) and it said it was already registered... so i tried logged in as that and it worked.
most free reg sites out there have a cypherpunks/cypherpunks login/password; if they don't, well, just create one, and if it doesn't work, try obvious variations.
a nice todo list? I don't see *anything* in that list that is both 1) an actual weak point of linux, and 2) not already recognized and being worked on. nevermind that most of their "points" are just spin, and could be argued (or "objectively" benchmarked) both ways just as easily. and the rest of their points are just arguments by authority, as in "so and so uses NT so it can't be that bad". maybe that works with PHB's, but us techies know better.
in fact the only paragraph that makes some sense as a "todo" list is the one about large RAM support (added in 2.3.x), very large file and journalling support (both coming), and SMP beyond 8 (not 2) processors. then again, if you want to put 4GB of RAM in a 16-proc box, I'd say go for Solaris or Tru64, not Linux certainly not NT.
oh, and no-one much uses swap files under Linux, and you can set up a whole bunch of swap partitions, totalling much more than 128MB. and Linux does have async IO (with fdno passing, someone actually wrote a minimal httpd using it) and quite fine-grained kernel locks. as for the security model, Linux has supported capabilities since late 2.1.x.
agree. "big" is very subjective (except for those who equate it with "has lots of $$" but we geeks wouldn't do that, right?), but still, I wouldn't think of Caldera as one of the biggest. I'd think RedHat, SuSE, Debian, Mandrake, and only then Caldera. (this is not an attempt to judge their respective qualities, just my idea of their mindshare).
it can be a very sensible design decision *not* to use cookies. for a public site where you want users to like your service, and be able to enjoy it with a large range of browsers and settings, depending on cookies is arguably a bad idea. there are other ways (i.e forms with image submit buttons, or session data or session id's embedded in the urls).
UMSDOS? oh yuck. why don't they put their root on a loopback mounted large file in the vfat partition? I'd definitely do it that way if I had to install Linux on Windows w/o repartitioning.
Slashdot Mirror
anyway, if the gist of the idea is to make most of their pages entirely static, I'd say it's a good idea. government agencies aren't in the business of building online communities with forums and stuff like that. in order to present themselves and their information to the public, static pages should be more than enough.
while we're at it: how to build a secure static server in a few minutes: set up a Linux box with only httpd and sshd running, and sshd firewalled at the internet-connecting router. install thttpd for the web server, chrooted to its document root, running under an uid that can't write to any of the files or directories inside of the chroot. then you have exactly two attacks to worry about: 1) kernel networking bugs (nothing much you can do about these except trust that they are rare, and that fixes are available very quickly), and buffer overflows in the webserver (which crash the process, but don't let the attacker actually do anything with the system, like write anywhere or run any programs).
my favorite open conjecture is another simple one; I forgot the name, but it states that you start with any integer, and keep doing this operation: if the number is even, divide by two, if not, multiply by three and add one. if the conjecture is right, whatever the number you started with, you end up in the cycle 1-4-2-1. as far as I know, no-one knows where to even start proving it.
anecdotic introspecting evidence on each side: 1) sometimes you can't find a word, which suggests that you can think in concepts. 2) sometimes the language you're thinking in will make you turn things one way or another, use idioms, etc, subtly changing what you're saying, compared to what you'd have siad in another language.
the one thing ACLs let you do that Unix-style permissions don't, is make exceptions (as in "this person also gets to write to this file") when you own the file in question but don't have admin rights. so yeah, it can be nice, but essential? no way. I've yet to meet a sysadmin that would refuse to create a group for you, and with small-ish projects the developpers just have root on the dev machines and create groups as they need them.
yep, multi-lingual people switch back and forth. I find myself thinking in English, Catalan, Spanish or French, more or less randomly, depending on who I've last talked to, on on what I'm thinking about, or whatever.
point is, what this project is trying to do has nothing to do with Esperanto or its approach. As someone stated, this intermediary language doesn't even have to be human-readable, human-pronounceable, nor human-easily-learnable. OTOH, this language has to keep as many semantic features of the translated sentences as possible, including which pronouns have the same reference in a sentence (e.g the fact that "he" and "him" can't be the same in "he told him to to bugger off", but the two "he"'s can in "he thinks he's great", in English). languages in the world have come up with remarkably diverging ways to mark up what refers to what, including gender (or category) agreement, and all kinds of syntax-based rules. then there's the problem of semantic space: what do you do with the fact that languages (to use a well known example) don't always put the borders between colors in the same places, so that for one language these two colors will be variations of the same, and for others they'll be different?
all together, this means that an intermediary language, to be useful, has to strive for completeness (keep as much information as possible), rahter than for simplicity. it'll be hard to learn, but that's fine, you don't actually need people to learn it, so you don't even need to construct a phonetic/phonological system for it. think of it as an internal representation in computer memory. Esperanto being a rather simple language with a strong Indo-European bias, is not even close to mathing the requirements, and Interlingua, and Interlingua even less. but that's fine, this is not the problem these languages were trying to solve anyway. OTOH, E-o and Interlingua's relatively simple grammars should make it fairly easy to build translators to and from these languages and the UNL. maybe the UNL people could do a small scalle test to see how well their system can translate (for example) Esperanto to Interlingua, before attempting to translate German into Japanese. or maybe not.
Key F6 A N Exec netscape-sel &
once you have that, all you have to do is mouse-select a URL anywhere and press F6.
1st: "bearded hippies" is not an fair way to describe the free software (open source) developper community. not that I have anything against bona fide, real life bearded hippies (other than the fact that it's been a while since I've seen any).
2nd: if you're looking to throw a few million into R&D in order to turn your new Cool New Idea Next Killer App into reality, you don't have a choice between asking yourself "how long until someone comes up with a decent free software clone" or not. if your app is interesting to the mainstream *and* actually useful, it'll happen. live with it, and be happy that the unenlightened masses will still prefer yours if you make it flashier (which is typically the one area where the free version won't quite match the proprietary one).
seriously, the problem is with the user, not with the software. you can't blame the sw for making things easy; you could blame it for not warning enough, but people will ignore warnings (esp. after seeing the same warning when their friend last sent them a new screensaver, clicking on 'yes', and nothing wrong happening).
no matter whether it's linux, windows or openbsd, people need to learn the difference between data (safe to view) and executables (unsafe to run). and the fact is that they won't.
we want more IPs than MAC addresses because we want to embed routing information in IPs. MACs are arbitrary, there's no way in hell you could route that, short of stuffing the whole list of a bazillion assigned MACs into every router and updating it hourly. sounds like fun :)
it sounds like a major overkill effor to me. within an organization, even large, you can be confident enough that no two random 48-bit numbers will conflict.
as has been pointed out, with most modern NICs, you *can* modifiy your MAC address. there isn't much point in it (replace one arbitrary number with another), but if you're paranoid enough you might want to automate the system to pick a new random one at every boot, or something like that.
$ arp Address HWtype HWaddress Flags Mask Iface bingo ether 00:A0:F9:00:99:89 C eth0 $ ls -al =arp -rwxr-xr-x 1 root root 29000 Mar 25 1999 /sbin/arp*
damn, now you know my router's MAC address. now every spook and hacker out there is going to trace me!! *runs screaming*
sure, you can open TCP/IP connections. you can't use path MTU discovery though, so your connections are going to suck.
well, it's definitely not Open Source. you can't redistribute for a fee.
Linux has many spin-offs, in the form of kernel ports to architectures that haven't been integrated in Linus' kernel, or specialized things like RTLinux, uCLinux, MOSIX/Linux, and one or two other Linux RT projects whose names escape me atm.
it's a matter of taste and flavor. having used both, I prefer the SysV-style installs that most Linux distributions (in particular, RedHat) use. many files, but each little thing is in one specific file. that's the main reason why I don't like SuSE much, too: even though they have SysV-style scripts, configuration is much too centralized, you have everything in rc.config, and if you use SuSEConfig you have to rerun it and have it regenerate a lot of things everytime you make the slightest change.
keeping an eye on the security page is a very good idea too, but less important on development/production boxes with few uesrs, where you can take the attitude that account separation is not there to absoultely protect one account from another, but just to make you be conscious about what you're doing, by having to su over to another account for sensitive operations.
the Linux kernel is way more intrincate and carefully put together than any swiss watch. try reading "the cathedral and the bazaar" one of these days.
most free reg sites out there have a cypherpunks/cypherpunks login/password; if they don't, well, just create one, and if it doesn't work, try obvious variations.
bah, just turn off the 'use documetn fonts' setting in netscape.
in fact the only paragraph that makes some sense as a "todo" list is the one about large RAM support (added in 2.3.x), very large file and journalling support (both coming), and SMP beyond 8 (not 2) processors. then again, if you want to put 4GB of RAM in a 16-proc box, I'd say go for Solaris or Tru64, not Linux certainly not NT.
oh, and no-one much uses swap files under Linux, and you can set up a whole bunch of swap partitions, totalling much more than 128MB. and Linux does have async IO (with fdno passing, someone actually wrote a minimal httpd using it) and quite fine-grained kernel locks. as for the security model, Linux has supported capabilities since late 2.1.x.
agree. "big" is very subjective (except for those who equate it with "has lots of $$" but we geeks wouldn't do that, right?), but still, I wouldn't think of Caldera as one of the biggest. I'd think RedHat, SuSE, Debian, Mandrake, and only then Caldera. (this is not an attempt to judge their respective qualities, just my idea of their mindshare).
it can be a very sensible design decision *not* to use cookies. for a public site where you want users to like your service, and be able to enjoy it with a large range of browsers and settings, depending on cookies is arguably a bad idea. there are other ways (i.e forms with image submit buttons, or session data or session id's embedded in the urls).
UMSDOS? oh yuck. why don't they put their root on a loopback mounted large file in the vfat partition? I'd definitely do it that way if I had to install Linux on Windows w/o repartitioning.