But the point here is that the freedom that OSS gives you does require you to trust the whole distribution chain. In this case there was an added muppet who did something they shouldn't have thus rendering everything downstream insecure. OSS is great but it required great developers, given that it has take well over a year to get the advisory out it shows that the many eyes piece didn't work here, mainly because the eyes were looking at the original source not the botched packaging job. This is actually the number one reason I use slackware. Every package gets built by one guy. And if anything, it's easy to trust one guy. And he happens to be the one with the most experience at making packages. Not only that, his philosophy is to provide pristine packages from its source as far as possible. No worries of changes to these packages except critical bug fixes, and these are usually the kind that go upstream anyway.
Frankly, I'm not surprised that this occurred in Debian. I have seen how they package before. Usually that have the original source and one giant make-package-debian-centric diff file that would be insanely hard to audit -- correct me if I'm wrong -- at least for anyone outside debian or did not build the package in the first place.
You must have not read the article. This method doesn't even have to show up in code, you just need poisoned binaries. And the only way to detect this from a trusted source is to disassemble and painstakeningly understand what really happens, or compare with unspoiled binaries. Or you can improve your web of trust.
Let me get this straight... You have a receipt checking system, and you are still loosing merchandise? I'd say it's a completely useless system, and you aren't addressing the real problem.
It also doesn't help to harass paying customers. Meanwhile, let me add circuit city to my black list of stores to never visit.
Why aren't they just considering the evidence the MPAA had when initiating the lawsuit? They had to have some evidence right? You can't go on a fishing-expedition right? What's the statute of limitations for evidence gathered *AFTER* the fact?
Just because they are a torrent tracker doesn't mean they are doing illegal things.
Your forgetting one big thing: there aren't any XT's anymore for these kids! This is what they got for trying to do anything with computers (without getting more expensive, even used machines).
Who cares about who these end up with? The fact you can dissemble a laptop like this very easily is very huge for even adults. Try a motherboard swap on a name brand machine. It's very very hard. All for what? BRANDING. There are no technical merits other than it's different casing for a different brand.
To learn 'skills' on how to assemble and dissemble things I think they'd be better off with legos, model rockets, remote control cars, etc.
And when they learn that, why is it wrong for them to dissemble a computer? It's not different, and when they have a OLPC to do it with, there isn't anything to worry about!
Argh, who cares if it was guided? The fact they are learning something is much more important.
I put together my first computer from parts when I was 10. It wasn't exactly easy either. It was an XT, which required a lot more steps than I'm sure they had to take with their easy, integrated all-in-one machine. I got a lot of guidance from my Dad.
If you think kids learn by figuring out things on their own, you're sadly mistaken. You give them tools, teach what you know about the tools, then the creativity comes. I've far surpassed anything my father has done with computers, and it's thanks to him for introducing it to begin with. His field isn't even in computers!
Good news! The Xpress 200m is supported by the open source r300 driver. Yes, it was reverse engineered with no help from ATI. It can play ET, run googleearth from what I've tried. AND it's stable. That's a far difference from when I tried fglrx with my Xpress 200m.
Except that Novell didn't transfer that stuff, and Novell signed a patent covenant. Looks like MS figured this out before we did.
Re:DRM isn't supposed to be foolproof
on
The DRM Scorecard
·
· Score: 1
What? Activation leads pirates to buy software? What???? My experience it causes legitimate owners more problems, because it often breaks for them too.
True story follows.
An older couple bought XP with an HP machine a few years back. I help them keep their machine running and it has for years. Every time they installed Norton Internet Security, I pulled it off because of the false sense of security it gives, and the number of problems Symantec's bad design introduces.
I went out of town for several months and this is what happened.
At some point they installed their Norton Internet Security 2006 again. In the last few years Symantec added activation to their product. Well their subscription ran out, so the app decided to deactivate itself. So they say. Then they got a virus. (Probably a trojan actually)
Next they attempted to recover their computer, but they decided it was more than they could handle, so they bought a new Vista machine. That same day they picked up a $60 new copy of Norton Internet Security 2007. And they installed Norton Internet Security 2007.
A few months later, I returned and they called me for support on several items. One of which was strange problems with Vista. I took a look. I found, yes there was something there that was hidden I could not see at first, especially something that dealt with networking. Finally I noticed that LiveUpdate was on the machine, so I searched for Norton Internet Security, and found it. I tried opening it to disable it and it wouldn't open. I hunted around for anything that would make it open. Nothing. So I went ahead with the uninstall. The old lady asked what I was doing and I told her. Upset that it wasn't working, I told her it was the only thing that can be done to fix the machine. Then she explained her story why she put it on there. I asked her to see the install disk. It was shrink wrapped with a useless 5 page manual on how to fix the Norton installer when it broke. Not very encouraging. So I looked at the disk to see if anything listed for system requirements. It said, required XP, with a mail-in upgrade offer for Vista. So a $60 product, which was incredible price for what they got, they were had. It went on there, and it may have been activated, but it didn't actually work.
Now here's the kicker, we wouldn't have gotten to this point where they were making uninformed decisions if it were not for the fact that Norton told them their product subscription had expired. So much for activation.
If the integration of Internet Explorer and Explorer were so seamless, then why do they still have separate icons for My Computer, My Network Places, and Internet Explorer? The reality is that these services are not the same.
Today, cars are still fairly open. Enough information is available for someone who buys a car to change things (i.e. specs). Historically the PC was open, and specs were made available to program the hardware. But before PCs became ingrained in the market well enough, Microsoft came along and created a black box that sits between your software and your hardware. Eventually that black box was called windows. Because Microsoft got into PCs very early, everybody got their software through them and to play along, you had to conform to their black box methods. With video cards, it's called Direct3D. So up to the late nineties, video cards were traditionally open. So the market has become accustomed to the Microsoft product, and it's a closed product. To get support for other systems, even open support, has been pretty much impossible as of lately.
So if a car manufacturer released a closed car, it would have a hard time selling because that's not what the market expects. On the other hand in the computer industry, a closed video card is what the market has come to expect so that it gets Microsoft support.
From my knowledge on how wine works, and what parallels does (it runs windows), there has to be modifications. WineD3D was written with the thought that someone could port it to windows, but it hasn't been done. We're pretty sure that there has to be modification to WineD3D to get it to work on windows, and then you got to consider how it interfaces with parallels. So whatever they did had to be pretty clever.
The fact they had to be asked whether they used wine code first before mentioning they did is concerning. The fact they released a product with wine code in binary form without thinking they needed to release the source is even more concerning. The license requires to provide source code modified or not. Right now the are in violation of the license and committing copyright infringement.
What makes you think that small projects can naively violate the (L)GPL? How can a project can be so stupid not to know the requirements of the GPL before using it? There is no exemption there, and if anyone fails at it they are committing copyright infringement.
How is what is going on spreading misinformation? There is concrete proof they are using wined3d. And the (L)GPL requires that anyone that distributes binaries of the licensed code to provide a way of obtaining the source, modified or not.
I just looked at the XGL/compiz stuff and found it works with Xorg 6.9. Of course you should have your driver updates still. It's not hard to compile the new drivers for 6.9. I've compiled the Xorg 2D drivers from the HEAD before too to use for my older versions. 7.1 isn't really any different than 6.9 than a few updates. It would be analogous to 6.10 if they made such a release.
In short, complaining that slackware is old when 6.9 is essentially the same as 7.x is stupid. Besides, I do believe that Pat has actually patched the drivers if you look at the changelog.
You're not making much sense. I didn't say it was wrong to use 7.x. I'm saying the 6.9/7.0 release was made to allow for migration. Slackware hasn't migrated yet. Pat wants to release a stable 11.0 which has been in the works far long before the release of Xorg 6.9/7.0. I expect X.org 7.1 to be in slackware-current for the future 11.1 in a few weeks. Or if you are that desperate for XGL, just download the build off X.org's site. It doesn't make sense to argue it when we are only four months difference in version numbers from 6.9/7.0 to 7.1. Most people just want their system to work.
No, your distro or X packages, since it is modular, got updated versions. Read http://x.org/ The press release even states they are released the same except for the changed the build system.
No. The point wasn't whether they could not be made to work. The point is the impact. Pat does not want to spend the time to test every app, especially seeing that he doesn't package alot of apps. He is waiting for things to stabilize by letting the people that actually maintain the apps to update. He doesn't want to make hundreds of little build patches just to make you happy and provide no functional difference. Also, the change was big enough for the Xorg people to recognize; that's why they made the 6.9/7.0 dual release for transitioning. You can't expect a distro to know exactly how things are working everywhere to keep bleeding edge working especially with a poor reason of 7.0 providing no additional value. This is why slack is considered very stable and all these "user" distros are hacked up to death.
Xorg 6.9 and Xorg 7.0 are functionally the same. The only difference is installation methods in that 7.0 is modular, puts things in/usr, and will break many apps. The distros that adopted 7.0 so fast were foolish and likely caused problems for their end users. So when you call Xorg 6.9 so old, you are so wrong. Xorg 6.9 and Xorg 7.0 are essentially the same code and released the same time.
I'm not going to detail the other things people have done, but I will also state, that slackware has supported 2.6 for a long time now. Not only that, I've been running it with 2.5/2.6 since about 2003.
Just for any address I will never want to visit, you can just block it. For example, I never will visit ad.doubleclick.net. I have very little reason to visit Cameroon. I will just block all of.cm if the resulting site is annoying.
Slashdot Mirror
Frankly, I'm not surprised that this occurred in Debian. I have seen how they package before. Usually that have the original source and one giant make-package-debian-centric diff file that would be insanely hard to audit -- correct me if I'm wrong -- at least for anyone outside debian or did not build the package in the first place.
You must have not read the article. This method doesn't even have to show up in code, you just need poisoned binaries. And the only way to detect this from a trusted source is to disassemble and painstakeningly understand what really happens, or compare with unspoiled binaries. Or you can improve your web of trust.
Let me get this straight... You have a receipt checking system, and you are still loosing merchandise? I'd say it's a completely useless system, and you aren't addressing the real problem.
It also doesn't help to harass paying customers. Meanwhile, let me add circuit city to my black list of stores to never visit.
Why aren't they just considering the evidence the MPAA had when initiating the lawsuit? They had to have some evidence right? You can't go on a fishing-expedition right? What's the statute of limitations for evidence gathered *AFTER* the fact?
Just because they are a torrent tracker doesn't mean they are doing illegal things.
Your forgetting one big thing: there aren't any XT's anymore for these kids! This is what they got for trying to do anything with computers (without getting more expensive, even used machines).
Who cares about who these end up with? The fact you can dissemble a laptop like this very easily is very huge for even adults. Try a motherboard swap on a name brand machine. It's very very hard. All for what? BRANDING. There are no technical merits other than it's different casing for a different brand.
To learn 'skills' on how to assemble and dissemble things I think they'd be better off with legos, model rockets, remote control cars, etc.
And when they learn that, why is it wrong for them to dissemble a computer? It's not different, and when they have a OLPC to do it with, there isn't anything to worry about!
Argh, who cares if it was guided? The fact they are learning something is much more important.
I put together my first computer from parts when I was 10. It wasn't exactly easy either. It was an XT, which required a lot more steps than I'm sure they had to take with their easy, integrated all-in-one machine. I got a lot of guidance from my Dad.
If you think kids learn by figuring out things on their own, you're sadly mistaken. You give them tools, teach what you know about the tools, then the creativity comes. I've far surpassed anything my father has done with computers, and it's thanks to him for introducing it to begin with. His field isn't even in computers!
"ati" is the same thing. That is typically the 2D portion of the driver.
Right now, I'm using a Mesa and drm git checkout. I don't think this support will be in 7.0.x. Maybe it will be in Mesa 7.1.
Good news! The Xpress 200m is supported by the open source r300 driver. Yes, it was reverse engineered with no help from ATI. It can play ET, run googleearth from what I've tried. AND it's stable. That's a far difference from when I tried fglrx with my Xpress 200m.
Except that Novell didn't transfer that stuff, and Novell signed a patent covenant. Looks like MS figured this out before we did.
What? Activation leads pirates to buy software? What???? My experience it causes legitimate owners more problems, because it often breaks for them too.
True story follows.
An older couple bought XP with an HP machine a few years back. I help them keep their machine running and it has for years. Every time they installed Norton Internet Security, I pulled it off because of the false sense of security it gives, and the number of problems Symantec's bad design introduces.
I went out of town for several months and this is what happened.
At some point they installed their Norton Internet Security 2006 again. In the last few years Symantec added activation to their product. Well their subscription ran out, so the app decided to deactivate itself. So they say. Then they got a virus. (Probably a trojan actually)
Next they attempted to recover their computer, but they decided it was more than they could handle, so they bought a new Vista machine. That same day they picked up a $60 new copy of Norton Internet Security 2007. And they installed Norton Internet Security 2007.
A few months later, I returned and they called me for support on several items. One of which was strange problems with Vista. I took a look. I found, yes there was something there that was hidden I could not see at first, especially something that dealt with networking. Finally I noticed that LiveUpdate was on the machine, so I searched for Norton Internet Security, and found it. I tried opening it to disable it and it wouldn't open. I hunted around for anything that would make it open. Nothing. So I went ahead with the uninstall. The old lady asked what I was doing and I told her. Upset that it wasn't working, I told her it was the only thing that can be done to fix the machine. Then she explained her story why she put it on there. I asked her to see the install disk. It was shrink wrapped with a useless 5 page manual on how to fix the Norton installer when it broke. Not very encouraging. So I looked at the disk to see if anything listed for system requirements. It said, required XP, with a mail-in upgrade offer for Vista. So a $60 product, which was incredible price for what they got, they were had. It went on there, and it may have been activated, but it didn't actually work.
Now here's the kicker, we wouldn't have gotten to this point where they were making uninformed decisions if it were not for the fact that Norton told them their product subscription had expired. So much for activation.
Norton still provides completely false security.
If the integration of Internet Explorer and Explorer were so seamless, then why do they still have separate icons for My Computer, My Network Places, and Internet Explorer? The reality is that these services are not the same.
Today, cars are still fairly open. Enough information is available for someone who buys a car to change things (i.e. specs). Historically the PC was open, and specs were made available to program the hardware. But before PCs became ingrained in the market well enough, Microsoft came along and created a black box that sits between your software and your hardware. Eventually that black box was called windows. Because Microsoft got into PCs very early, everybody got their software through them and to play along, you had to conform to their black box methods. With video cards, it's called Direct3D. So up to the late nineties, video cards were traditionally open. So the market has become accustomed to the Microsoft product, and it's a closed product. To get support for other systems, even open support, has been pretty much impossible as of lately.
c ost.html
So if a car manufacturer released a closed car, it would have a hard time selling because that's not what the market expects. On the other hand in the computer industry, a closed video card is what the market has come to expect so that it gets Microsoft support.
Vista only makes things worse:
http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_
Avivo is my guess for OSS driver, but you're talking about something that's really only a month old.
From my knowledge on how wine works, and what parallels does (it runs windows), there has to be modifications. WineD3D was written with the thought that someone could port it to windows, but it hasn't been done. We're pretty sure that there has to be modification to WineD3D to get it to work on windows, and then you got to consider how it interfaces with parallels. So whatever they did had to be pretty clever.
The fact they had to be asked whether they used wine code first before mentioning they did is concerning. The fact they released a product with wine code in binary form without thinking they needed to release the source is even more concerning. The license requires to provide source code modified or not. Right now the are in violation of the license and committing copyright infringement.
What makes you think that small projects can naively violate the (L)GPL? How can a project can be so stupid not to know the requirements of the GPL before using it? There is no exemption there, and if anyone fails at it they are committing copyright infringement.
How is what is going on spreading misinformation? There is concrete proof they are using wined3d. And the (L)GPL requires that anyone that distributes binaries of the licensed code to provide a way of obtaining the source, modified or not.
We own the copyright, that's more than enough to ask them to comply to LGPL or cease distribution.
Oliver, we are almost feature complete. The biggest thing we need these days is more testing and optimization.
Um, Only their most recent game releases were hybrid disks. Their old PC games were not, and if they had Mac ports, they took a long time.
I just looked at the XGL/compiz stuff and found it works with Xorg 6.9. Of course you should have your driver updates still. It's not hard to compile the new drivers for 6.9. I've compiled the Xorg 2D drivers from the HEAD before too to use for my older versions. 7.1 isn't really any different than 6.9 than a few updates. It would be analogous to 6.10 if they made such a release.
In short, complaining that slackware is old when 6.9 is essentially the same as 7.x is stupid. Besides, I do believe that Pat has actually patched the drivers if you look at the changelog.
You're not making much sense. I didn't say it was wrong to use 7.x. I'm saying the 6.9/7.0 release was made to allow for migration. Slackware hasn't migrated yet. Pat wants to release a stable 11.0 which has been in the works far long before the release of Xorg 6.9/7.0. I expect X.org 7.1 to be in slackware-current for the future 11.1 in a few weeks. Or if you are that desperate for XGL, just download the build off X.org's site. It doesn't make sense to argue it when we are only four months difference in version numbers from 6.9/7.0 to 7.1. Most people just want their system to work.
No, your distro or X packages, since it is modular, got updated versions. Read http://x.org/ The press release even states they are released the same except for the changed the build system.
No. The point wasn't whether they could not be made to work. The point is the impact. Pat does not want to spend the time to test every app, especially seeing that he doesn't package alot of apps. He is waiting for things to stabilize by letting the people that actually maintain the apps to update. He doesn't want to make hundreds of little build patches just to make you happy and provide no functional difference. Also, the change was big enough for the Xorg people to recognize; that's why they made the 6.9/7.0 dual release for transitioning. You can't expect a distro to know exactly how things are working everywhere to keep bleeding edge working especially with a poor reason of 7.0 providing no additional value. This is why slack is considered very stable and all these "user" distros are hacked up to death.
Argh... don't make assumptions.
/usr, and will break many apps. The distros that adopted 7.0 so fast were foolish and likely caused problems for their end users. So when you call Xorg 6.9 so old, you are so wrong. Xorg 6.9 and Xorg 7.0 are essentially the same code and released the same time.
Xorg 6.9 and Xorg 7.0 are functionally the same. The only difference is installation methods in that 7.0 is modular, puts things in
I'm not going to detail the other things people have done, but I will also state, that slackware has supported 2.6 for a long time now. Not only that, I've been running it with 2.5/2.6 since about 2003.
You could, but why bother? It's a typo anyway.
Just for any address I will never want to visit, you can just block it. For example, I never will visit ad.doubleclick.net. I have very little reason to visit Cameroon. I will just block all of .cm if the resulting site is annoying.