Slashdot Mirror

Please troll the living cuntchunks out of this cheating whore! This worthless slut willingly cheated on her hubby AND child, and then tries to blame it on her guy. This cuntsack needs to be trolled through all eternity! If you have a LiveJournal troll account, PLEASE shit on this cunt's day daily until she pukes menstrual wads!

Please troll the living cuntchunks out of this cheating whore! This worthless slut willingly cheated on her hubby AND child, and then tries to blame it on her guy. This cuntsack needs to be trolled through all eternity! If you have a LiveJournal troll account, PLEASE shit on this cunt's day daily until she pukes menstrual wads!

I know this posting is a bit late and a little far down the page, but I picked up one of these at lunch today, and I've posted a first review / initial impressions over on my LiveJournal. The bit I wrote can be found here.

In short, I really like this mouse... It's got a great feel to it.

This sounds a lot like the "Big Dumb Booster" design -- a big rocket made of repurposed shuttle parts -- from Stephen Baxter's hard sci-fi Manifold trilogy.

Nice to know someone at NASA is doing their reading. :)

(and reposted the text of that at my blog, just so you know)

When your room looks like this....

I think the article about addiction downplays how addictive MUDs are in comparison; I have dreamt in text because of MUDding 8-12 hours a day.

An acquaintance of mine wrote a more colorful version of Long's article. I heartily agree with both.

I've posted my journal from this year's Ottawa Linux Symposium. It's less professional than the articles linked to by the posts, but it may offer some insight on the presentations not covered by those articles. Also note: I am not (yet) a kernel hacker.

Here's a table of contents for my posts:
Day One: 2.6 kernel roadmap, Novell Linux Kernel Debugger, Hot Keys, Video Control, Suspend/Resume, Oh My! -- Recent Advances and Current Challenges in Linux/ACPI, TWIN: An Even Smaller Window System for Even Smaller Devices, Automated BoardFarm: Only Better with Bacon, welcome reception
Day Two: Write a Real, Working Linux Driver tutorial, Building Murphy-Compatible Embedded Linux Systems, Networking Driver Performance and Measurement - e1000 A Case Study, Enhancements to Linux I/O Scheduling
Day Three: usbmon, SeqHoundRWeb.py: a Python-based interface to a comprehensive online bioinformatics resource, Case Study: Usage of Virtualized GNU/Linux to Support Binary Testing Across Multiple Distributions, Testing the Xen Hypervisor and Linux Virtual Machine, Debian Women: Encouraging Women without Segregation, H'Uru - Coding Beyond MYST
Day Four: NPTL Stabilization Project, We are not getting any younger: A new approach to timekeeping and timers, the sysfs filesystem, keynote address

I've posted my journal from this year's Ottawa Linux Symposium. It's less professional than the articles linked to by the posts, but it may offer some insight on the presentations not covered by those articles. Also note: I am not (yet) a kernel hacker.

Here's a table of contents for my posts:
Day One: 2.6 kernel roadmap, Novell Linux Kernel Debugger, Hot Keys, Video Control, Suspend/Resume, Oh My! -- Recent Advances and Current Challenges in Linux/ACPI, TWIN: An Even Smaller Window System for Even Smaller Devices, Automated BoardFarm: Only Better with Bacon, welcome reception
Day Two: Write a Real, Working Linux Driver tutorial, Building Murphy-Compatible Embedded Linux Systems, Networking Driver Performance and Measurement - e1000 A Case Study, Enhancements to Linux I/O Scheduling
Day Three: usbmon, SeqHoundRWeb.py: a Python-based interface to a comprehensive online bioinformatics resource, Case Study: Usage of Virtualized GNU/Linux to Support Binary Testing Across Multiple Distributions, Testing the Xen Hypervisor and Linux Virtual Machine, Debian Women: Encouraging Women without Segregation, H'Uru - Coding Beyond MYST
Day Four: NPTL Stabilization Project, We are not getting any younger: A new approach to timekeeping and timers, the sysfs filesystem, keynote address

I've posted my journal from this year's Ottawa Linux Symposium. It's less professional than the articles linked to by the posts, but it may offer some insight on the presentations not covered by those articles. Also note: I am not (yet) a kernel hacker.

Here's a table of contents for my posts:
Day One: 2.6 kernel roadmap, Novell Linux Kernel Debugger, Hot Keys, Video Control, Suspend/Resume, Oh My! -- Recent Advances and Current Challenges in Linux/ACPI, TWIN: An Even Smaller Window System for Even Smaller Devices, Automated BoardFarm: Only Better with Bacon, welcome reception
Day Two: Write a Real, Working Linux Driver tutorial, Building Murphy-Compatible Embedded Linux Systems, Networking Driver Performance and Measurement - e1000 A Case Study, Enhancements to Linux I/O Scheduling
Day Three: usbmon, SeqHoundRWeb.py: a Python-based interface to a comprehensive online bioinformatics resource, Case Study: Usage of Virtualized GNU/Linux to Support Binary Testing Across Multiple Distributions, Testing the Xen Hypervisor and Linux Virtual Machine, Debian Women: Encouraging Women without Segregation, H'Uru - Coding Beyond MYST
Day Four: NPTL Stabilization Project, We are not getting any younger: A new approach to timekeeping and timers, the sysfs filesystem, keynote address

I've posted my journal from this year's Ottawa Linux Symposium. It's less professional than the articles linked to by the posts, but it may offer some insight on the presentations not covered by those articles. Also note: I am not (yet) a kernel hacker.

Here's a table of contents for my posts:
Day One: 2.6 kernel roadmap, Novell Linux Kernel Debugger, Hot Keys, Video Control, Suspend/Resume, Oh My! -- Recent Advances and Current Challenges in Linux/ACPI, TWIN: An Even Smaller Window System for Even Smaller Devices, Automated BoardFarm: Only Better with Bacon, welcome reception
Day Two: Write a Real, Working Linux Driver tutorial, Building Murphy-Compatible Embedded Linux Systems, Networking Driver Performance and Measurement - e1000 A Case Study, Enhancements to Linux I/O Scheduling
Day Three: usbmon, SeqHoundRWeb.py: a Python-based interface to a comprehensive online bioinformatics resource, Case Study: Usage of Virtualized GNU/Linux to Support Binary Testing Across Multiple Distributions, Testing the Xen Hypervisor and Linux Virtual Machine, Debian Women: Encouraging Women without Segregation, H'Uru - Coding Beyond MYST
Day Four: NPTL Stabilization Project, We are not getting any younger: A new approach to timekeeping and timers, the sysfs filesystem, keynote address

I've posted my journal from this year's Ottawa Linux Symposium. It's less professional than the articles linked to by the posts, but it may offer some insight on the presentations not covered by those articles. Also note: I am not (yet) a kernel hacker.

Here's a table of contents for my posts:
Day One: 2.6 kernel roadmap, Novell Linux Kernel Debugger, Hot Keys, Video Control, Suspend/Resume, Oh My! -- Recent Advances and Current Challenges in Linux/ACPI, TWIN: An Even Smaller Window System for Even Smaller Devices, Automated BoardFarm: Only Better with Bacon, welcome reception
Day Two: Write a Real, Working Linux Driver tutorial, Building Murphy-Compatible Embedded Linux Systems, Networking Driver Performance and Measurement - e1000 A Case Study, Enhancements to Linux I/O Scheduling
Day Three: usbmon, SeqHoundRWeb.py: a Python-based interface to a comprehensive online bioinformatics resource, Case Study: Usage of Virtualized GNU/Linux to Support Binary Testing Across Multiple Distributions, Testing the Xen Hypervisor and Linux Virtual Machine, Debian Women: Encouraging Women without Segregation, H'Uru - Coding Beyond MYST
Day Four: NPTL Stabilization Project, We are not getting any younger: A new approach to timekeeping and timers, the sysfs filesystem, keynote address

you should read my poetry on my livejournal. i think it's really good. one day i'm going to be a writer. http://www.livejournal.com/users/lover_of_anime/

I use it as a GPS and a music player in my car, and it works as a SIP phone (though the choice of codecs is limited by a slow CPU, and apparently some people have problems with making it work).

And, of course, it's a regular PDA with addressbook/calendar/todo/notes, web browser (konqueror), ssh, etc.

I use it as a GPS and a music player in my car, and it works as a SIP phone (though the choice of codecs is limited by a slow CPU, and apparently some people have problems with making it work).

And, of course, it's a regular PDA with addressbook/calendar/todo/notes, web browser (konqueror), ssh, etc.

Posted by Hisham on 23:11 Saturday 23 July 2005
from the penguins-for-brains dept.
Anonymous Coward writes "Linux technology drives a new fully-autonomous vehicle developed for a major U.S. competition. From the article: 'While enterprise and desktop discussions grab headlines, Linux is quietly infiltrating into much more mundane applications -- such as running the on-board computers of the University of Central Florida's entry for the DARPA Grand Challenge autonomous, unmanned vehicle competition. Prof. Kien Hua of the College of Engineering and Computer Science heads up the UCF program as team leader.'"

(Straight from the Bizarro World, where /. is still a Linux-oriented website.)

You might be joking... but there was the eawife thing that started it all

http://www.livejournal.com/users/ea_spouse/

then there was the reports of them giving employees low wages, overworking employees without overtime - maybe illegally etc.

link

Read the blog of 'ea_spouse' to see what life is like for many game developers.

In regards to an episode of Charlie Rose discussing Japan's recent expansions. Link to my eventual comedtary:
http://www.livejournal.com/users/devilindupriest/1 02743.html#cutid1/

It turns out the x11-xorg glu library is not really affected by the C++ ABI transition (glu has a C-only API but uses C++ internally). My advice : wait until updated packages are there.

Reporter interviews JWZ, invited to explore own sexuality.

emulate: 1. strive to equal or match, especially by imitating;

Linux and the BSDs emulate Unix. Sometimes even in a binary sense (iBCS).

Unix was designed for and by programmers. Which means that Linux and the BSDs won't be designed for users unless and until the design philosophy changes drastically.

Apple's OS X does this:
* it does not use X-Windows (need I say more?)
* it has what appears to the user as a single, unified set of user interface elements
* its applications generally have fewer (if any) dependencies than real Unix/Linux/*BSD applications do
* Apple hid directories like /usr and /bin, and then provided properly named replacements!

Even configuration files on Unix/Linux/*BSD are screwed, with separate, proprietary (to each individual program) formats (Apple fixed this to a certain extent in OS X).

Obviously, things won't get better in this respect. The philosophical change required is way too high; it's nearly one of those "boil the ocean" problems.

Linux users are switching to OS X (and sometimes to Windows), because they realize that rolling your own PC and OS (or being able to) is just a giant waste of time.

If you're like me, and you don't want any Unix crap, use Windows.

Unsurprisingly there's already a lot of "bah, this guy wants Linux dumbed down for n00bs" comments on this thread. Which totally misses the point:

Linux-on-the-desktop isn't just too complicated for n00bs -- it's too complicated for reasonably sharp users, too. And that's the problem.

I offer myself as an example. I am not the God of All Things Computing. But I've been tinkering with PCs since MS-DOS 3 days, I've used Windows, Macs, Linux and even CP/M for pete's sake. Today my primary desktop at home runs Ubuntu Linux. I'm comfortable compiling software from source tarballs and rooting through Google for HOWTOs and FAQs.

In short, I know my way around a computer -- and yet Ubuntu still manages to throw me for a loop more frequently than I'd like.

Example. The other day I installed the new Deer Park preview of Firefox. For some reason, its installer (bonus points to it for even having a graphical installer, btw) didn't add a shortcut for launching it to my GNOME panel. So I wanted to add one myself.

Easy? Right? Bzzt.

On Windows, here's the steps for adding a new item to the Start menu:

1. Click Start menu button
2. Navigate to folder where you'd like to add shortcut
3. Right-click folder name
4. Select "New Shortcut"
5. Wizard launches that walks you through finding the program you want the shortcut to point to, and giving the shortcut a name.

I figured there must be a way to manipulate the GNOME panel in a similar fashion. Nope. There is no direct way in Ubuntu Hoary to add a panel item to the menus through the GUI. Instead you have to open a shell, find /usr/share/applications, and create a .desktop file in there for your application.

But! You don't have permission to do that by default, so you have to use sudo to create the file. ("You do know how to use sudo, right Mom?")

And then -- once you figure out that you need to create a .desktop file, and where this file needs to go, and what format this file needs to be in, and you actually go and create it -- nothing happens! That's right, you don't see the item in your panel until the next time you log in, unless you manually restart the X server with CTRL-ALT-BACKSPACE.

(Yes, you have to restart the window manager, or else it will appear that all your work was for naught. "Just restart the X server, Mom. Mom? Hello? Noob.")

The icing on the cake is that to find this answer, you have to go through three levels of redirection:

• Ubuntu tells you to refer to GNOME, since it's their desktop, Ubuntu's just distributing it
• GNOME tells you to refer to FreeDesktop.org, since it's their standard for panel items, GNOME is just packaging it
• FreeDesktop.org hides the instructions on how to write a .desktop file deep in a standards document.

("You do read standards documents, right Mom?")

I went through all that and finally got my shortcut added to the panel. But how many average users are gonna put up with that? (And Ubuntu does better at this stuff than most others.)

With all the spit and polish issues that Linux has, Asa is not the only Mozillian to find fault with it; former Moz UI gadfly Matthew Thomas (aka mpt), who's now with Ubuntu sponsor Canonical, recently posted a list of 69 usability flaws in Ubuntu Hoary, and old skooler Jamie Zawinski gave up Linux for OS X for good.

My case was not a case of "user who could not snap out of Windows-ism". I'm more than willing to embrace a better approach when I see it. But this is not a better approach fo

My name is Daniel Mawson and the below link is to my blog detailing the events leading up to my soon to be legendary parachute off of the Empire State Building! Be sure to read my blog for soon to be released information regarding my epic jump which shall passed down in the annals of extreme sports history as the greatest accomplishment of man on God's greatest skate park, New York City!

http://www.livejournal.com/users/countdowntojump/

...than most of you thought... Indeed, even longer than a few of y'all have been alive.

In 1982, Khan wore a pretty cool necklace. [0]

Definitely in the same vein as capacitors and IDE cables...

-F

[0] Geez, I need to get decent picture hosting...

From what I understand, you don't chose the axioms, you agree on them with the people you're arguing with.

"Arguing Code" posted here: http://www.livejournal.com/users/sirivus/83516.htm l

Here's someone who's already doing this. Granted, she can't store very much data currently, but it's a start...

The point of OpenID is to be dead simple, short-comings and all, so it's actually adopted.

The above is taken from a discussion of vulnerabilities. The problem with this lowest common denominator approach is that it's horribly broken. OpenID is currently no better than just giving the URL of your blog.

The number one problem is the complete lack of integrity checking. Everything in OpenID seems to be perfectly happy to let their requests be modified in transit. I think the problem with this are pretty damn obvious: nothing can be trusted. Fortunately, fixing this is pretty simple: use TLS. In today's shared hosting environment, you probably want to require support for server name indication.

Another brilliant idea: transmit the key that you'll use for signing later in plaintext.

Yes, you can ask for DH-SHA1 encryption and get back a plaintext secret. If this troubles you, don't use the handle and instead use dumb mode with that server. (and if somebody sniffed the plaintext secret, it won't matter, since you'll never accept queries using that assoc_handle). If the server can't do DH, it's probably limited in some way, but using dumb mode is still safe, if not a little slower.

I believe "limited in some way" means "completely insecure." "Dumb mode" is not safe because there's no key associated with the server, so there's no way to ensure you're talking to the same one or that someone isn't tampering.

I also don't see much point in using a symmetric key for speed and security when you're just encrypting a short string. It's so tiny that both improvements are similarly small.

Perhaps the biggest problem with OpenID is it's reliance on sending a user to another page to login. It's just too easy to spoof a page and fool most people. Even better, you can open a window using Javascript and hide the location bar. Even if you normally use TLS, most people probably won't notice if it's missing or the certificate is different. Also, most sites (including LiveJournal) include a completely insecure assurance that you're secure. For example, LiveJournal says "LiveJournal Secure Site "

A simpler and more secure alternativeThe only way to fix this is (gasp) get users to carry their own keys. If you stored your key in a bookmarklet or extension, you could sign something with it. This is completely feasible because Javascript cryptography implementation is done. You could submit your public key with the signed comment. If you wanted to associate yourself with a URL, all you need to do is link to a page with the public key. If the same public key can be used for the signature.. That's right, no special identity server is needed. The public key could be submitted directly or it can be linked to. It might be a pain to write out the entire URL to the key, so perhaps autodiscovery-from-HTML should be supported:
<link rel="openpgp.key" href="http://www.livejournal.com/pubkey.bml?user=a trustheotaku" />
Note that no TLS is needed. The signature is secure in and of itself. If you want to support all the fanciness (e.g. revocation) of OpenPGP (spec), then you just need the

The point of OpenID is to be dead simple, short-comings and all, so it's actually adopted.

The above is taken from a discussion of vulnerabilities. The problem with this lowest common denominator approach is that it's horribly broken. OpenID is currently no better than just giving the URL of your blog.

The number one problem is the complete lack of integrity checking. Everything in OpenID seems to be perfectly happy to let their requests be modified in transit. I think the problem with this are pretty damn obvious: nothing can be trusted. Fortunately, fixing this is pretty simple: use TLS. In today's shared hosting environment, you probably want to require support for server name indication.

Another brilliant idea: transmit the key that you'll use for signing later in plaintext.

Yes, you can ask for DH-SHA1 encryption and get back a plaintext secret. If this troubles you, don't use the handle and instead use dumb mode with that server. (and if somebody sniffed the plaintext secret, it won't matter, since you'll never accept queries using that assoc_handle). If the server can't do DH, it's probably limited in some way, but using dumb mode is still safe, if not a little slower.

I believe "limited in some way" means "completely insecure." "Dumb mode" is not safe because there's no key associated with the server, so there's no way to ensure you're talking to the same one or that someone isn't tampering.

I also don't see much point in using a symmetric key for speed and security when you're just encrypting a short string. It's so tiny that both improvements are similarly small.

Perhaps the biggest problem with OpenID is it's reliance on sending a user to another page to login. It's just too easy to spoof a page and fool most people. Even better, you can open a window using Javascript and hide the location bar. Even if you normally use TLS, most people probably won't notice if it's missing or the certificate is different. Also, most sites (including LiveJournal) include a completely insecure assurance that you're secure. For example, LiveJournal says "LiveJournal Secure Site "

A simpler and more secure alternativeThe only way to fix this is (gasp) get users to carry their own keys. If you stored your key in a bookmarklet or extension, you could sign something with it. This is completely feasible because Javascript cryptography implementation is done. You could submit your public key with the signed comment. If you wanted to associate yourself with a URL, all you need to do is link to a page with the public key. If the same public key can be used for the signature.. That's right, no special identity server is needed. The public key could be submitted directly or it can be linked to. It might be a pain to write out the entire URL to the key, so perhaps autodiscovery-from-HTML should be supported:
<link rel="openpgp.key" href="http://www.livejournal.com/pubkey.bml?user=a trustheotaku" />
Note that no TLS is needed. The signature is secure in and of itself. If you want to support all the fanciness (e.g. revocation) of OpenPGP (spec), then you just need the

Actually, it appears that you can. If I'm not mistaken, logging in there gets you a normal login session at which point you can do anything a normal user can do. The only thing that seems to be disabled is for OpenID users to keep their own journals.

Perhaps they'll lock it down more in the future, though. I've also heard that GreatestJournal gives full access to their photo hosting service to anyone who logs in with OpenID.

From LJ's news channel:
As time goes on, there's rumors of upcoming support in Movable Type, WordPress, MediaWiki, Bugzilla, TypePad, TypeKey, b2, TextPattern, perl.org, and a bunch of other sites.

That's Wikipedia and its kin, a handful of some pretty widely-used blogging software and services, perl.org and Bugzilla. No, it's not Yahoo, but that's a significant number of Web sites.

It is worth nothing, however, that a whole lot of LJ/6a staffers have completely disabled OpenID posting to their comments. I've only seen Brad Fitz (who screens his) and Jesse Proulx leave them activated.

Doesn't exactly put across a bunch of confidence when most of the people invovled with making LJ work won't let people use OpenID.

From LJ's news channel:
As time goes on, there's rumors of upcoming support in Movable Type, WordPress, MediaWiki, Bugzilla, TypePad, TypeKey, b2, TextPattern, perl.org, and a bunch of other sites.

That's Wikipedia and its kin, a handful of some pretty widely-used blogging software and services, perl.org and Bugzilla. No, it's not Yahoo, but that's a significant number of Web sites.

It is worth nothing, however, that a whole lot of LJ/6a staffers have completely disabled OpenID posting to their comments. I've only seen Brad Fitz (who screens his) and Jesse Proulx leave them activated.

Doesn't exactly put across a bunch of confidence when most of the people invovled with making LJ work won't let people use OpenID.

From LJ's news channel:
As time goes on, there's rumors of upcoming support in Movable Type, WordPress, MediaWiki, Bugzilla, TypePad, TypeKey, b2, TextPattern, perl.org, and a bunch of other sites.

That's Wikipedia and its kin, a handful of some pretty widely-used blogging software and services, perl.org and Bugzilla. No, it's not Yahoo, but that's a significant number of Web sites.

It is worth nothing, however, that a whole lot of LJ/6a staffers have completely disabled OpenID posting to their comments. I've only seen Brad Fitz (who screens his) and Jesse Proulx leave them activated.

Doesn't exactly put across a bunch of confidence when most of the people invovled with making LJ work won't let people use OpenID.

From LJ's news channel:
As time goes on, there's rumors of upcoming support in Movable Type, WordPress, MediaWiki, Bugzilla, TypePad, TypeKey, b2, TextPattern, perl.org, and a bunch of other sites.

That's Wikipedia and its kin, a handful of some pretty widely-used blogging software and services, perl.org and Bugzilla. No, it's not Yahoo, but that's a significant number of Web sites.

It is worth nothing, however, that a whole lot of LJ/6a staffers have completely disabled OpenID posting to their comments. I've only seen Brad Fitz (who screens his) and Jesse Proulx leave them activated.

Doesn't exactly put across a bunch of confidence when most of the people invovled with making LJ work won't let people use OpenID.

From LJ's news channel:
As time goes on, there's rumors of upcoming support in Movable Type, WordPress, MediaWiki, Bugzilla, TypePad, TypeKey, b2, TextPattern, perl.org, and a bunch of other sites.

That's Wikipedia and its kin, a handful of some pretty widely-used blogging software and services, perl.org and Bugzilla. No, it's not Yahoo, but that's a significant number of Web sites.

It is worth nothing, however, that a whole lot of LJ/6a staffers have completely disabled OpenID posting to their comments. I've only seen Brad Fitz (who screens his) and Jesse Proulx leave them activated.

Doesn't exactly put across a bunch of confidence when most of the people invovled with making LJ work won't let people use OpenID.

I'd have thought the motivation was to limit the number of separate accounts you need. Having a billion accounts running around is a massive security nightmare.

OpenID is meant to allow someone to verify they are who they are by using a Web site that is provably owned by that person. Let's say my LiveJournal id is "ANONCoward" and I want to comment on my friend "CmdTaco", whose blog is hosted on GreatestJournal. OpenID lets me log in as AnonCoward at LJ, then comment on CmdTaco's GJ, using an identifier - my Web site address - and a verifier - my LJ cookie.

However, here is the problem I have with OpenID: My ex-girlfriend, who hates me, signs up on LiveJournal with the ID "AN0NCoward" - with a zero. She copies my entries and backdates them, saves my user picture and uploads it to this dummy journal. (This is one mad woman, and this is not a hyperbole.) Before OpenID, she could just spam my LJ friends. With OpenID, she can probably fool some people most of the time, and most people some of the time, into thinking that she really is me - on GreatestJournal, DeadJournal, and, if expansion is as planned, most TypePad/Moving Type blogs, perl.org, and so on.

Granted, this would take some dumb, gullible people on the receiving end of this kind of kindergarten fraud. But we are talking about LJ here.

Not to mention, of course, that comment spam is already showing up, and unlike anonymous comment spam, there's no IP address tracking, or at least none accessible by the spam receiver.

When supporting the EFF in words, how about with funding? There is theSummit 2005, on Thursday July 28, 2005 in Las Vegas...

At the end of Black Hat and the beginning of DEFCON this year is theSummit 2005 - bringing together DEFCON & Black Hat speakers from past/present, as well as well known names in the computer security world. We all come together in a small, private venue for the evening summit to meet and discuss the important topics and socialize.

Note that there will be no more than 200 tickets sold (including featured guests), and all proceeds go to the Electronic Frontier Foundation [http://www.eff.org/ with the sponsor covering event overhead.

theSummit is our gathering of BlackHat / DefCon speakers and big thinkers in the Information Security realm. Anyone interested in supporting the EFF, are highly encouraged to attend; meet with fellow Information security professionals, and talk with big thinkers from the Information security world in a more private and informal setting. Too many times people want to ask questions, or have ideas that cannot make it to the big thinkers. This is either because of time conflicts or they are nervous to come up and talk. This event plans to pull out the stops, and allow the free form of conversation to flow.

The Electronic Frontier Foundation [http://www.eff.org/ is a nonprofit group of passionate people -- lawyers, technologists, volunteers, and visionaries -- working to protect our digital rights.

Where: Ice House Lounge, 650 S. Main Street, Las Vegas, Nevada
When: Thursday July 28, 2005, 9:00PM - 12:00AM
Tickets: $30 (pre-sale) $40 (at the door, if available) All Ages welcomed!

For more information, and to purchase tickets for the event:
http://www.dc702summit.org/home/

Event is sponsored by the Hackajar Foundation, and by the members of DEFCON 702.

We all hope to see you there!

(as posted in the Livejournal DEFCON community [http://www.livejournal.com/community/defcon_defco n/323.html ])

100 years ago Einstein was publishing his theory. Today we're discussing intelligent design and how the dinosaurs attacked Noah's ark. Why do I feel we're going backwards? (low res images because of Slashdotting, I guess... can't find a high res version)

People may be interested in my write-up on Badfruit's BadApple which I posted to LiveJournal here.

In short, this tool modifies your HOSTS file to point the iTunes Music Store link in iTunes to a local copy of IIS. That copy of IIS serves a python app which hosts a fake music store to offer Podcasts. This copy of IIS is open to the entire world (listening on *:80) running some rather untested software, and the redirection (via the HOSTS file) essentially 'breaks' iTunes Music Store functionality. This behavior (still) does not appear to be documented on BadFruit's site.

It also appears to have some hooks into mp3tunes.com, but I wasn't able to completely determine what. BadFruit may be selling music or collecting referrals, I'm not sure which.

In short, please use lots of caution before installing this software. It makes some rather drastic changes to one's machine, and these aren't documented on BadFruit's site.

Or they should be watching The Angry Customer.

I know that many people here are claiming that large sites offering free content will collapse and die if the trend to block advertising continues, but I'd like to point at LiveJournal as a site that has millions and millions of hits daily and is doing just fine in spite of the fact that they're completely free and have never had to stoop to depending on ad-based revenue. The feature set they offer to paying customers and their merchandise seem to entirely cover their operating expenses.

Personally, as an aside, I also don't think it's fair to compare web-based ads to newspaper ads. My city offers a free daily newspaper, supported by ads, which I'm happy to take. The ads may be bright and colourful, but I find it easy to psychologically blot most of them out, and I also find that given that the ads are concerning local businesses, occasionally one that is relevant to me will catch my eye. Ads on the web, because we've grown so accustomed to ignoring banner ads and what have you, have become so bloody intrusive that without my extensive use of AdBlock on a daily basis, I find the web virtually unusable. I have no opposition to static ad images that are tastefully placed on a page, but when you get into large animated gifs, Java applets, and Flash scripts incessantly trying to catch my attention and completely and constantly deterring my focus from the contents of the page, I refuse to waste my bandwidth and time on such irritating nonsense.

Yeah, but how many of them would you want to see naked? Unless you have a chub fetish, you're unlikely to find the US demographic pool particularly attractive.

On the other hand, you could just go grab a Livejournal account, join the communities "kaizersoze125" and "show_your_boobs", and marvel at the quantity of amateur porn folks throw out there for free.

Seriously. There's some high quality out there. Some of it's not even members-locked (earningtails, for instance).

--grendel drago

The central idea here is basically 'Let's apply error correcting codes to BitTorrent'. This isn't a new idea, everybody comes up with it. In fact I saw fit to mention that it's a dubious idea before. (Some people will point out that 'error correcting codes' isn't the right term for the latest and greatest of this sort of technology, to which I say 'whatever'.) The main reason that this is a popular idea is that recent work in error correcting techology is very cool. While it is very cool, and very applicable to sending information across lossy channels, the case for using it in BitTorrent is unconvincing.

Fine... I figured you would also be capable of googling. Here's all the debunking you should need:

http://www.livejournal.com/community/nintendo_ds/8 1844.html

If you need more proof, do some actual research before assuming all /. stories must be true and making blanket statements.

...than their promise to have a Linux version of Windows Media Player running. That piece of vaporware nothingness is over 2 years old (my blog entry on it is dated 4/30/03).

so having "experiments" is still more than they have for some products they've announced over the years...

You might want to read Bram's actual article. You will find that it is not a bash at all, but a detailed critique. The linked-to article quoted just the conclusion, not the extensive and plausible reasoning.

Did you read the response you refer to? Avalanche claimed to be superior to BitTorrent and based its argument on assumptions and old code. Cohen corrected the misconceptions.

He also went out of his way to explain why Avalanche is doing things wrong and where their testing methodology had come up wanting.

A bunch of people have been pestering me about Avalanche recently, so I'll comment on it.

bram cohen has (probably biased) analysis:
http://www.livejournal.com/users/bramcohen/