Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Slashdot Deals: Cyber Monday Sale! Courses ranging from coding to project management - all eLearning deals 25% off with coupon code "CYBERMONDAY25". ×

Comment Re:Duh (Score 1) 246

No more, they made the change earlier this year (I think at the last WWDC) and also combined the different developer programs so you don't need to pay a separate iOS and Mac developer (distribution) fee. So now you can just download the free Xcode software and compile and install to your own devices/computers without paying a penny to Apple.

Comment Re:Duh (Score 4, Informative) 246

Um, Xcode is free.

The only thing you pay for is the $99 to distribute applications (through the App Stores or within your organization) - writing and installing your own applications to your iPhone, iPad, Apple Watch, Mac, etc. are all free.

The issue here appears to be limited to developers that are downloading Xcode from unofficial sources which allows their code to become infected.

Comment Re: Not the best summary... (Score 1) 195

My son got his first vaccinations at 1 month... By the time he was 2 years old he had over a dozen... We *did* choose to stretch out the vaccination schedule a bit (to avoid giving 4 vaccinations at once, etc.) and we've been very careful to screen which drug company's vaccines we use as many contain "non-medical' ingredients that are actually drugs (below the minimum dosage for adults) that are not otherwise approved for use in children.

Sadly, drug companies are not liable for adverse reactions to vaccines (you pay a small fee for every dosage to fund a government-backed plan instead), and (to the lay person at least) it seems like a lot of new vaccines are getting rushed out and pushed on the population at large without regard to the risk/reward or efficacy of the vaccine - I'm thinking particularly of the often-required chicken pox vaccine that is widely marketed as preventing shingles later in life, but which the drug company explicitly disclaims prevention of both chicken pox and shingles (on the drug info sheet we got from the doctor after she gave the vaccine to our son).

IMHO, the government, drug companies, and doctors have all done a really bad job of educating the public - clearly forcing people to vaccinate their children against everything without regard to safety or personal concerns, and telling parents that have concerns that they are stupid and that they will call child services if they don't give their child a particular vaccination, is not the right approach.

Comment Re:Outrageous pricing model. (Score 3, Informative) 97

I know for the (originally print-only) technical books I published through "traditional" means, I get less than half of the royalty per copy that I get for a print book, even though the electronic copy is priced the same as the print copy. The way this was explained to me (~15 years ago) was that the publisher would not be able to charge as much for the electronic copy (!), but that is BS because the royalty is a % of the gross book cost and not a % of the sale price, and there is no manufacturing cost to speak of for electronic books (just the initial cost of editing/promoting the book.)

Publishers also hold back thousands of dollars in royalties to cover returns, even for electronic books and even long after the book has gone out of print...

Needless to say, I don't use traditional publishers anymore - even with lower numbers of sales, I've made more on my two self-published books than on the three books I did before that. Not enough to live on (I don't write books for a living) but enough to justify the time spent...

Comment Re:Meh (Score 3, Insightful) 830

Regular construction lumber is cut to size (2x4, 2x6, etc.) and then dried which removed substantial amounts of moisture, resulting in the (typical) 1.75 x 3.5" dimensions for a 2x4. What your father gets from the Amish is called "green wood" and has not been dried - over time it will dry out naturally and be the "expected" dimensions.

Dimensional lumber has exact dimensions (e.g. a 2x4 is actually 2" x 4") and is either cut to size after drying or cut large before drying so that the dried size is correct.

And then there are the "manufactured wood products" (plywood, hardboard, chipboard, MDF, project panels, etc.) which are sold using actual dimensions vs. pre-drying dimensions.

Comment Re:OpenSSL support dropped... (Score 1) 178

Thanks, I read through it - some definite inaccuracies but the summary for the LWN article doesn't match what is actually said in the article... :/ I may post something on CUPS.org about why we chose GNU TLS over OpenSSL, just to clear things up...

Comment Re:Web server for printing... (Score 1) 178

LPD never was standardized. Every implementation is different, and RFC 1179 tried to document the common stuff - you'll note the status is Informational.

And I wouldn't call a simple HTTP POST-based interface a "monstrosity". IPP has a well-defined binary message format (no XML bloat), security model, and state machine that is deployed on billions of devices and has proven interoperability, something that LPD never achieved.

Comment Re:OpenSSL support dropped... (Score 1) 178

I can't read the LWN article yet but licensing was not a reason for dropping OpenSSL, and all things being equal there are no issues with including an exception for OpenSSL's license incompatibility or using an OpenSSL library that is part of the standard OS libraries.

OpenSSL was dropped because there were only resources to support one TLS library on free software OS's and the GNU TLS API and implementation are superior to OpenSSL.

Comment Re:OpenSSL support dropped... (Score 1) 178

Honestly I don't know. But the number of systems still running a vulnerable version of OpenSSL is non-trivial...

In any case, the primary reason for dropping OpenSSL support is limited developer resources - GNU TLS is a lot easier to interface with and support certificate validation than OpenSSL. Nothing says the old OpenSSL support could not be brought back, but there is basically no advantage in doing so.

Comment Re:I hope... (Score 1) 178

Optimistically, fax represents 0.0004% of daily usage of printers from computers. Most fax happens directly at the printer with hardcopy getting fed in. And most people in the printing industry have been hoping/praying that fax will die for like 20 years now. The only reason for its continued existence is the questionable legal standing that faxed documents are valid and safe for contracts and medical information while secure transport over the Internet (TLS, PGP, etc.) is not.

Scan gets slightly more usage than fax, but since no vendor implements a public standard scanning protocol (possibly to change with the IPP Scan spec in formal vote right now? I dunno) and since scan works in the opposite direction as print, I don't see a version of CUPS that does both print and scan coming any time soon. Plus you don't have the same spooling requirements for scan - just pull the scan data from the printer and stuff it in a file from a user application.

Comment Re:About time (Score 1) 178

Of the ~500 million printers in active service today (that's counting all of the printers sold in the last 4 years, since the average service life of a printer is a little over 4 years overall), 96% have one or more network interfaces and 94% support IPP (the holdouts are mainly label printers...)

Most IPP printers support PostScript, PCL, PDF, PWG Raster, or AirPrint, which means you can do a "generic" driver that provides all or most (depending on the printer and language) of the functionality of the vendor's printer driver, with more functionality being available in newer printers.

The last holdout is USB printing (USB only printers account for about 4% of all printers sold these days), where we can use IPP over USB to eliminate drivers. IPP USB support started showing up in 2014 printers, and the latest Ubuntu and OS X support it automatically.

Comment Re:Where? (Score 1) 178

File bugs or email the webmaster if you have trouble with a web site.

In the case of CUPS.org, it is using Bootstrap and the intent is for the navigation to switch to a vertical menu (that can be hidden) when the width gets too narrow. There should be enough space to keep the regular menu "bar" down to 768 pixels wide at least, and if that is breaking you need to tell the CUPS.org webmaster about it, otherwise it won't get fixed...

Comment Re:Wait... (Score 4, Informative) 178

IPP doesn't use XML, it uses a (flat) binary message encoding. I imagine that had IPP been developed a few years later things would have been different... And while it definitely supports what is needed in the enterprise, it also satisfies the consumer space - ~500 million printers in service today (from consumer inkjets to big iron office copiers) support IPP, as does *every* consumer and enterprise computer and mobile device (billions of devices). IPP scales well.

The problem with LPRng was that it was a mess of scripts and hacks to make a variety of printers work. Every "driver" worked differently, and (having spent a fair amount of time with it 20 years ago) making it all work without an expert supporting it was basically impossible. It continued to use an extended version of the LPD protocol (which has nothing other than an informative RFC to document it, with most implementations varying from the RFC in some way) and did not address some pretty basic security issues like hiding job information from other users.

Back in 1998 there was little support for standard languages or doing a proper protocol so that you could monitor a printer's state or cancel a job. Vendors used proprietary languages and protocols to lock you into their drivers, their platform, their products. The whole point of CUPS was to define a standard interface with standard options for drivers while providing a better security model. Yes, that did make it more complicated than LPD/LPRng, but that complexity was needed since printing is *hard* and the software needed to support it is non-trivial. IPP was chosen as the underlying protocol and model because it offered everything needed from regular users to enterprise.

Ultimately CUPS succeeded because it allowed people to print without becoming experts. It allowed Linux distributors to actually support printing, and for printer manufacturers and third parties to provide drivers that "just worked". And it did it using public standards and the very UNIX-y interface of piped commands.

While CUPS continues to carry some old baggage around to keep supporting old printers, the day will come when that is no longer necessary and a leaner version (possibly based on the ippserver code) will be able to replace it. Today the economics favor printers implementing common, open standards so that all platforms can support them without extra, expensive development. Within a few years, it should be possible to retire printer drivers entirely.

Comment Re:OpenSSL support dropped... (Score 5, Insightful) 178

The recent OpenSSL vulnerabilities were just the nail in the coffin. It was more a matter of limited developer resources and the relative difficulty of implementing certification validation with the OpenSSL APIs vs. GNU TLS. (and don't forget we also support SecureTransport on OS X and Schannel on Windows...)

Much better to focus on making support for one popular TLS library on Linux/*BSD than to do a half-assed job for two libraries, one of which has known vulnerabilities and API/forking issues.

Remember: use logout to logout.