Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Under US Pressure, PayPal Stops Working With Mega 135

Posted by Soulskill
from the you-wouldn't-download-a-car dept.
New submitter seoras sends news that PayPal is now refusing to handle payments for Mega, Kim Dotcom's cloud storage service. A report (PDF) issued in September of last year claimed Mega and other "cyberlocker" sites made a great deal of illicit money off piracy. Mega disputes this, of course, and says the report caused U.S. Senator Patrick Leahy to pressure credit card companies to stop working with Mega. Those companies then pressured PayPal to stop as well. The hosting company claims, "MEGA provided extensive statistics and other evidence showing that MEGA’s business is legitimate and legally compliant. After discussions that appeared to satisfy PayPal’s queries, MEGA authorised PayPal to share that material with Visa and MasterCard. Eventually PayPal made a non-negotiable decision to immediately terminate services to MEGA."

Google Taking Over New TLDs 185

Posted by Soulskill
from the publicly-traded-beasts-must-feed dept.
bobo the hobo writes: In the corner of the internet where people care about DNS, there is a bit of an uproar at Google's application for over a hundred new top-level domains, including .dev, .lol, .app, .blog, .cloud and .search. Their application includes statements such as: "By contrast, our application for the .blog TLD describes a new way of automatically linking new second level domains to blogs on our Blogger platform – this approach eliminates the need for any technical configuration on the part of the user and thus makes the domain name more user friendly." They also mention limiting usage of .dev to Google only: "Second-level domain names within the proposed gTLD are intended for registration and use by Google only, and domain names under the new gTLD will not be available to the general public for purchase, sale, or registration. As such, [Google's shell company] intends to apply for an exemption to the ICANN Registry Operator Code of Conduct as Google is intended to be the sole registrar and registrant."

Bill Gates On Educating the World 156

Posted by samzenpus
from the learning-online dept.
theodp writes During February, Bill Gates is playing Perry White at The Verge, expounding on the big bets the Gates Foundation is making to improve the world over the next 15 years. One of those bets is that online classrooms can help the world catch up. Gates' vision of universal online education extends to those who struggle with basic literacy and currently lack online access, far beyond the reach of MOOCs like Coursera, EdX, and Udacity, which have enjoyed their greatest success with higher-level courses aimed at the middle class. "Gates' vision — a wave of smartphones that can act as ubiquitous, cheap computers — is central to solving this problem," explains The Verge's Adi Robertson. "And unfortunately, we're not there yet." But eventually, Gates is betting that a world-class education will only be a few taps away for anyone in the world. And that's when things get really interesting. "Before a child even starts primary school," Bill and Melinda Gates wrote in their Foundation's 2015 letter, "she will be able to use her mom's smartphone to learn her numbers and letters, giving her a big head start. Software will be able to see when she's having trouble with the material and adjust for her pace. She will collaborate with teachers and other students in a much richer way. If she is learning a language, she'll be able to speak out loud and the software will give her feedback on her pronunciation."

Trans-Pacific Partnership Enables Harsh Penalties For Filesharing 154

Posted by Soulskill
from the legislation-via-industry dept.
An anonymous reader writes: The Electronic Frontier Foundation went through a recent leak of the secretive Trans-Pacific Partnership agreement, an international treaty in development that (among other things) would impose new intellectual property laws on much of the developed world. The EFF highlights one section in particular, which focuses on the punishments for copyright infringement. The document doesn't set specific sentences, but it actively encourages high monetary penalties and jail terms. Its authors reason that these penalties will be a deterrent to future infringement. "The TPP's copyright provisions even require countries to enable judges to unilaterally order the seizure, destruction, or forfeiture of anything that can be 'traceable to infringing activity,' has been used in the 'creation of pirated copyright goods,' or is 'documentary evidence relevant to the alleged offense.' Under such obligations, law enforcement could become ever more empowered to seize laptops, servers, or even domain names."

Comment: Re:It could've been worse ... oh wait.... (Score 0) 136

by peppepz (#49039229) Attached to: Microsoft Fixes Critical Remotely Exploitable Windows Root-Level Design Bug
The interesting part is not so much that they're no longer fixing bugs in Windows Server 2003, but rather the reason why they aren't:

Although Windows Server 2003 is an affected product, Microsoft is not issuing an update for it because the comprehensive architectural changes required would jeopardize system stability and cause application compatibility problems.

In practice they're admitting that Windows 2003 is so broken by design that not even them can fix it without causing problems. I'd like to hear now the opinion of those who were lamenting over the quality of open source software after the heartbleed bug.

Comment: Re:Forced benevolence is not freedom (Score 1) 551

by peppepz (#49016033) Attached to: RMS Objects To Support For LLVM's Debugger In GNU Emacs's Gud.el

One does not have an inherent right to the work of someone else. Such a right only exists when it is contractually forced by an agreement such as the GPL.

Indeed, that's the point. That's one thing the developer loses when he choses a BSD license over a copyleft one (not just the GPL).

No, it is not a loss. It is simply coveting something one does not have. If you want to say it it unfair, sure, but a loss, no, not all.

Isn't it correct to call "a loss" something that you can have, and then at some point you can no longer have? I get quite a lot of hits on Google for that usage:

The point is that with the GPL they cannot commercially fork code written by me. Of course they can do whatever they want with their own code.

They absolutely can use GPL code commercially. Commercial use does nor require distribution to external users. Commercial use simply means they make money off your work, and this is perfectly allowable under the GPL.

use != fork

You forget the pesky little detail that I mentioned that users are under no obligation to use a proprietary BSD fork rather than the community version. They can stick with the community and have no such fear, use FreeBSD rather than Mac OS X for example.

Another loss for the user. With the GPL, I have the freedom to choose the products that I like. With the BSD license, I have to take what the community gives me. And today this means that I might even not have the ability to run the free version of the software on my machine, because its manufacturers might decide (and they usually do) that it's not worth the hassle for them to release the source code of some machine-specific software that is required to use even the community version of the product.

Its also a humorous example given the fact that Android phones with their GPL based Linux host are not getting critical patches.

Quite the opposite. Since Linux is GPL, and only because of that, at least Android phone owners can install a community-driven distribution on their phones. That's because the hardware manufacturers have to release both the kernel and the drivers. For the userspace parts, which fall under different licenses, they don't bother - and that's an endless source of problems for the users.

To make a concrete example, try asking Sony about the source code for the GPL kernel of an Xperia phone. They'll give it. Try asking them about the source code for the BSD kernel of the Playstation 3 and see what happens ;-) .

Yes you mentioned GPLv3 but that was a crude attempt to manufacture a hypothetical, the reality is that Linux is what most devices will be based upon and Linux is inherently GPLv2 and will not be changing.

Are you trying to make the point that the GPLv3 is better than the GPLv2? You're bashing an open door, as I strongly agree with that.

A straw man. No where was your property, the community BSD code, at risk of loss. Only the commercial fork's code, and that code is not yours, it is someone else's property.

We're talking about the mere "forced benevolence is not freedom" statement here. Do you think that the laws that force people not to rob my house give me freedom, or not?

You are under no obligation to use commercial forks. Again, you may stay with FreeBSD and not run Mac OS X. Nothing Mac OS X does or adds takes away from anyone who wishes to use FreeBSD.

Of course I have no obligation to use commercial forks, it's a freedom of choice that I have. Then again, it might become an obligation if the machine that I can buy only runs the commercial flavour of the project. The most relevant example for the case of Mac OS X isn't FreeBSD, it's Darwin. I can download it, compile it, and then I can just look at the binary, because it doesn't contain the drivers required to boot the Mac that runs the commercially distributed version of the same software.

Comment: Re:Forced benevolence is not freedom (Score 1) 551

by peppepz (#49015827) Attached to: RMS Objects To Support For LLVM's Debugger In GNU Emacs's Gud.el
I have never used the word 'theft', with or without quotation marks. Nor I have said that extending BSD code without giving back is illegal or furtive. It's done with permission.

Albeit with different intent than commercial exploitation, you'll find that some BSD code was imported in key GNU projects, and the FSF even goes as far as to recommend using the 3-clause BSD license when the additional protection of the GPL isn't desired.

And no, BSD developers don't lose their copyright. They lose, freely, an opportunity to endow the community with the best outcome of their work, which is a fact and not a characterization of mine. If you want we can talk about my opinions on the music industry but then I think we'd be derailing the discussion.

Comment: Re:Forced benevolence is not freedom (Score 4, Insightful) 551

by peppepz (#49015309) Attached to: RMS Objects To Support For LLVM's Debugger In GNU Emacs's Gud.el

What rights do BSD contributors lose? All the community code exists, the community can continue without the commercial changes, the community is not required to use some commercial fork. They lose nothing if some contributor chooses not to give back.

They lose the rights to take advantage of the improvements that the commercial contributor has done to their code, while the commercial contributor does not lose the right to take advantage of the improvements that the free contributor has done. You may agree or disagree with this, but it is objectively a loss.

Furthermore, users of GPL'd code decide not to give back at times too. They can use some a commercial fork internally and benefit from community work and not give back.

The point is that with the GPL they cannot commercially fork code written by me. Of course they can do whatever they want with their own code.

Also, various commercial users of BSD code have a pretty good track record of contributing back.

This is irrelevant to the discussion. When people make laws against theft, they don't think about the fact that most people have a pretty good track record of not stealing. Laws (and contracts) must be written with the worst case in mind.

What rights do BSD users lose?

100% pragmatic example: GPLv3 bash has a serious bug (any reference to reality is purely intentional). GPLv3 users patch, recompile and they have lost no right. BSD-licensed phone firmware has a serious bug. Users lose the right to make use of the phone they bought and not be pwned by hackers while doing that.

The GPL does *not* offer greater freedom, it creates restrictions to force behaviors it believes benevolent. Forced benevolence may or may not be a good thing but it is not freedom.

I believe that my rights to own property and to live are freedom. They exists only because other people are "forced to benevolence", in particular not to steal my stuff or harm me. Try to convince me that this is not freedom.

Translated to the software world, can you argue that the ability to fix the code of a program that I use is not a freedom for me? I'm free from bugs. I'm free from hackers. I'm free to add new features. I'm free both in a practical and philosophical sense.

Comment: Re: Who cares what RMS wants? (Score 5, Insightful) 551

by peppepz (#49015239) Attached to: RMS Objects To Support For LLVM's Debugger In GNU Emacs's Gud.el
Later versions of the GPL cannot take away any freedom granted by an earler version, because the choice of the version is done by who redistributes the code.

The Free Software Foundation may publish revised and/or new versions of the GNU General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.

Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU General Public License “or any later version” applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU General Public License, you may choose any version ever published by the Free Software Foundation.

If the Program specifies that a proxy can decide which future versions of the GNU General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program.

Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version.

But serisouly GPLv3 started because of his tantrum with Tivio.

GPLv3 started because RMS saw that companies were using the GPL in a manner that was compliant to the letter but not to the spirit. Back then, the GNU haters laughed at him, as usual, because "who would want to run code on a set-top box". Nowadays, the vast majority of the end-user devices are tivoized (Android, Apple, Microsoft, ...), and users can't do anything with the code that runs on them, including fixing security bugs and auditing it to find out what it does with all their personal data, let alone (God forbid!) run their own programs on it. So the introduction of the GPLv3 wasn't a whim as you are implying, it was actually sensible and farsighted.

Comment: Re:Open source code is open for everyone (Score 4, Informative) 211

by peppepz (#48918555) Attached to: Serious Network Function Vulnerability Found In Glibc
In fact, the bug had already been audited and fixed, almost two years ago, when the security researchers found a way to exploit it. From TFA:

We identified a number of factors that mitigate the impact of this bug. In particular, we discovered that it was fixed on May 21, 2013 (between the releases of glibc-2.17 and glibc-2.18)

Current glibc release is 2.20. That's three relases without the bug already.

Nothing to see here, move along.

Comment: Re:libressl-2.1.3 (Score 5, Interesting) 97

by peppepz (#48897057) Attached to: OpenSSL 1.0.2 Released

OpenSSL remains the only portable SSL library that can be used by both open source and commercial developers alike. Which is really a shame, because OpenSSL sucks. All the bad things the libressl people have said about OpenSSL are absolutely true.

We have GnuTLS which is only one year younger than OpenSSL, has a nicer API, is portable to Windows, has a better track record with regard to binary compatibility, a better build system, and can be used by commercial software (it’s LGPLv2.1). Comparison of features with other SSL libraries.

Comment: Re:lol, Java (Score 1) 79

by peppepz (#48873367) Attached to: Oracle Releases Massive Security Update

A large percentage works just fine even with holes, and with greater performance and less overhead.

You need benchmarks to prove such blanket statements. In my experience, Java code usually isn't far from C++ performance and it's actually faster when we're talking about high level "glue" code. It vastly outperforms C in string handling, because C's standard string routines are awful not only to the programmer, but to the processor, too. And then again, for maximum performance there's FORTRAN.

Today, we know it's possible to make a shitpile with any tool, leaving java and other runtimes to sacrifice much of the potential for lean, high performance software for small gains in security (the latter with a growing list of caveats).

Do you know any example of stack smashing, buffer overflows, invalid pointer dereference, malloc failures, code overwriting done by a program written in pure Java? They're the stuff that hackers love. They happen automatically in C: any code you write causes them by default, and you need to be very clever, to have complete information about the machine state after every instruction (which is usually impossible), to have platform-specific tool support (relro, noexecstack, ASLR, ...) in order to avoid or prevent them. In Java, they just don't happen, barring bugs in the JVM, which are akin to bugs in the runtime library of any compiled language of your choice. If this isn't an improvement...

It also doesn't help that java comes with a browser plugin that opens a complete runtime environment to drivebys. Microsoft abandoned activex for this reason.

To be honest, the runtime environment for applets was supposed to be restricted (it's not the same runtime environment that Java applications see). It's the same mechanism that post-HTML5 Javascript has, except that at least we can disable (or better delete) the awful Java plugin, while we can't do the same for the browsers' Javascript support.

The moon is a planet just like the Earth, only it is even deader.