Why would you want to kill off a market for software companies to code for and sell products? Is this what open source is all about, destroying markets? There's only so much service business around, you gotta have products too.
It's about raising the bar. The basic Office type package has been around for years, and does essentially what most people want. There is no reason why a basically stagnant product line should be a multi billion profit centre.
Really, the most interesting thing happening in Office packages is that we may get back to some sort of sensible standard exchange format. But MS aren't interested in that, so I'm not interested in their product.
How badly can attacking the root DNS servers affect the Internet experience since DNS is so decentralized?
DNS isn't really that decentralized. OK, you don't need access to the root zone itself that often. It's the big TLDs like.com and.org that are the big problem. And yes, if you have a good infrastructure it will be cached somewhere upstream. However, some proportion of these will time out if the DDOS is sustained for any length of time.
For DHCP say, you refresh before the timeout, so there is a minimum downtime of your DHCP server before the clients lease times out altogether. AFAIK, for DNS when the TTL expires that's it; so some sites will start dropping out the cache as soon as authorative DNS becomes unavailable.
So for example I could define a DTD for IETF RFCs (or use the one defined by Marshall Rose), use Word to edit the document then put the result through a set of filters to generate HTML, pdf and the crappy plaintext (really nroff) format the IESG insists on.
Yeah. It's kind of sad that the state of the art is back again to where we were about 10 years ago, except that we've changed SGML to XML. We spent a long time down the dead end road of "standard markup isn't important but WYSIWYG is".
If I don't know what the malicious code is, how am I supposed to avoid it?
The point is that even full disclosure only requires 'proof of concept' malicious code. There is no benefit on going the last step and widely circulating examples of code that actually f***s your hard disk.
OTOH, you don't gain that much either because it's generally fairly trivial to make damaging code from a 'proof of concept' exploit.
It's not a big deal either way really. Most vulnerable systems don't get trashed when the next exploit shows because crackers prefer backdooring to trashing. Not because they can't.
It's easy enough to find on the web but he means -if your sysadmin doesn't grok basic security then you have bigger problems than trying to get Tomcat running.
Granny's are traditionally assumed to be inherently able to suck eggs, so attempting to teach them is pointless (and somewhat insulting).
However, the spammers are cutting their own throat with it. Citing S.1816 (or whatever) as proof that the message "cannot be considered spam" is a lie. There is no, and has never been, any law of the United States passed by the Senate alone.
Well to be honest, I wouldn't give a f**k even if it were US law. One, I'm not in the US. Two, you can't legislate on what people think. I can consider what I like spam, and act accordingly.
A lot of spam I just dump rather than report but I make damn sure that *every* piece of spam with lying discalimers like that gets special attention.
Most of the plot of Dirk Gently's Holistic Detective Agency is a retread of Shada.
Interesting. I always thought it was a rewrite of 'City of Death'. Douglas Adams humour always sat uneasily in the Doctor Who format for me but as a book Dirk Gently is excellent.
The idea of professor Chronotis was particularly fine. I had the privilege of some tutorials from an old professor when I was an undergraduate, and when I spoke later to other people they all said: "Professor X. - he's the top man in the field - didn't realise he was still alive".
Like an eraser, or a bottle of tippex, that's what the "undo" button is there for. All this means is that the save process has to be a bit more sophisticated and store the last n changes.
A more sophisticated file system could help us there. During the day, we rsync the development areas every 15 minutes. It takes a trivial amount of space and CPU time. Yet for years I was stuck in the metaphor of doing nightly backups and telling folks they couldn't get back the files they changed in the morning.
The point is that saving files or versions in case we stuff things up shouldn't be our problem. We should have 'hard' commit points (this is a published document/reviewed code). Between then 'soft' checkpointing could be managed by the OS.
I have a question about brute-force attacks on encryption: How do you know when you've found the right key?
That depends on what you're encrypting. If you encrypt a random stream of text, you don't in general with a shared secret key. For plaintext, you usually need some sort of crib. A lot of people got thrown on the Enigma decrypt in Simon Singh's code book because he coded spaces as X (Enigma had no spacebar), throwing their frequency analysis check on the 'plaintext' out. Don't overestimate the security of hacks like using multiple crypto algorithms though.
For public key algorithms, like elliptic curves, it's dead easy. You can choose whatever plaintext you like and encrypt it with the public key. In practice, it will be simpler than that: for RSA if you think you know what the factos are, just multiplying them will tell you if you're right!
Anyone who uses a piece of Open Source software is a developer of that software. It's the nature of Open Source software. That's the price you pay for using the software
Although it's often said, I think this is largely wrong headed. There just isn't enough time in the world to get up to speed in every piece of software you use to the level where you can usefully submit detailed bugs and fixes.
The idea that you have to be a developer to use any code is, in my view, an idea that's had its day. I agree that you should try to put something back to the community but it's not efficient to spread your work too thinly.
We have to accept that there is a need for first tier support in the open source community. If your first line is the main bug tracker, it's bound to be full of junk.
if i were one of the reviewers of this work for publication, and i even heard a whisper about cheating, i'd pack the whole pile of results up and ship them straight back as invalid.
Yes. But there won't be much interesting to publish until and unless they get a positive signal. Whilst the actions of cheaters are deplorable, in the end they aren't that significant.
Consider, there have to be enough hacked clients around to get a reasonable probablity that the same fake client get to process the data n times, getting the same bad, positive result.
Even then all that happens is that the SETI folks rerun the analysis of the segment in question on trusted machines, find there's nothing there, then go back to sleep.
Even this isn't correct. The GPL takes no freedoms away at ALL. Copyright law is pretty clear on the point of copying. You only get to do it with the copyright holder's permission. So, in the absence of the GPL, you don't get to copy the software.
The problem with this legalistic argument is that you can't then consistently assert that *any* licence takes your freedom away.
Without the likes of Slashdot, whole swathes of youngsters would be unable to comunicate at all, and would be unable to fit in, and would end up jumping off a bridge.
Well these days most bridges are only 1U high, so they're not likely to come to much harm.
As the article notes, apart from the cost, it is very likely illegal to retain such data. European privacy law prevents you holding such logs longer than necessary to run your business (billing, handling net-abusers etc. - about 1-2 years, tops).
As the monitoring code isn't statutary yet, it might not afford ISPs a defence against a prosecution under privacy laws.
Have to attend for the purposes of work conventions of librarians. Specifically, there are the Medical Library Association and Science Library association. They are by far, outside the the technical IT etc. community the most technically proficient bunch around
Really? How on earth can businesses operate in such a hostile environment where governments can dictate fundamentally business decisions like the length of the warranty?!
Quite well thank you. One might ask the same question about operating in the US with its mad personal litigation culture.
Same answer: they pass enough of the cost on to the end customer to make a profit. And if they can't someone else will.
Governments make the rules, businesses play to win. Same the world over.
Slashdot Mirror
"Ah, a signal. Quick, beam a signal back, and...uh...wait 30,000,000 years for a reply! Cool!"
sounds like your typical tech. support query.
Well? Is your company going to take the pay-off or are you going to stay with FreeBSD?
I think you have mistaken this AC for someone who writes his own comments.
The two names do not create confusion, so Mozilla folks can use the name..This is why we have Macintosh apples and Macintosh computers.
;)
Hmm, I see now there could be no possible confusion between a Macintosh apple and an Apple Macintosh
Why would you want to kill off a market for software companies to code for and sell products? Is this what open source is all about, destroying markets? There's only so much service business around, you gotta have products too.
It's about raising the bar. The basic Office type package has been around for years, and does essentially what most people want. There is no reason why a basically stagnant product line should be a multi billion profit centre.
Really, the most interesting thing happening in Office packages is that we may get back to some sort of sensible standard exchange format. But MS aren't interested in that, so I'm not interested in their product.
How badly can attacking the root DNS servers affect the Internet experience since DNS is so decentralized?
.com and .org that are the big problem. And yes, if you have a good infrastructure it will be cached somewhere upstream. However, some proportion of these will time out if the DDOS is sustained for any length of time.
DNS isn't really that decentralized. OK, you don't need access to the root zone itself that often. It's the big TLDs like
For DHCP say, you refresh before the timeout, so there is a minimum downtime of your DHCP server before the clients lease times out altogether. AFAIK, for DNS when the TTL expires that's it; so some sites will start dropping out the cache as soon as authorative DNS becomes unavailable.
So for example I could define a DTD for IETF RFCs (or use the one defined by Marshall Rose), use Word to edit the document then put the result through a set of filters to generate HTML, pdf and the crappy plaintext (really nroff) format the IESG insists on.
Yeah. It's kind of sad that the state of the art is back again to where we were about 10 years ago, except that we've changed SGML to XML. We spent a long time down the dead end road of "standard markup isn't important but WYSIWYG is".
If I don't know what the malicious code is, how am I supposed to avoid it?
The point is that even full disclosure only requires 'proof of concept' malicious code. There is no benefit on going the last step and widely circulating examples of code that actually f***s your hard disk.
OTOH, you don't gain that much either because it's generally fairly trivial to make damaging code from a 'proof of concept' exploit.
It's not a big deal either way really. Most vulnerable systems don't get trashed when the next exploit shows because crackers prefer backdooring to trashing. Not because they can't.
It's easy enough to find on the web but he means -if your sysadmin doesn't grok basic security then you have bigger problems than trying to get Tomcat running.
Granny's are traditionally assumed to be inherently able to suck eggs, so attempting to teach them is pointless (and somewhat insulting).
AFAIK, even 4.0 browsers understand "text-align: center
IE5 doesn't. It thinks it as the same as "CENTER"
However, the spammers are cutting their own throat with it. Citing S.1816 (or whatever) as proof that the message "cannot be considered spam" is a lie. There is no, and has never been, any law of the United States passed by the Senate alone.
Well to be honest, I wouldn't give a f**k even if it were US law. One, I'm not in the US. Two, you can't legislate on what people think. I can consider what I like spam, and act accordingly.
A lot of spam I just dump rather than report but I make damn sure that *every* piece of spam with lying discalimers like that gets special attention.
Most of the plot of Dirk Gently's Holistic Detective Agency is a retread of Shada.
Interesting. I always thought it was a rewrite of 'City of Death'. Douglas Adams humour always sat uneasily in the Doctor Who format for me but as a book Dirk Gently is excellent.
The idea of professor Chronotis was particularly fine. I had the privilege of some tutorials from an old professor when I was an undergraduate, and when I spoke later to other people they all said: "Professor X. - he's the top man in the field - didn't realise he was still alive".
So is K9 going to be some guy (John Leeson) in a suit
It's, like earlier recent episodes, mostly streamed audio, with some cartoon style images. So of course they credit the voice actors equally.
Fujitsu has never been one to shine in the HDD market, only just make par.
I disagree, Fujitsu Eagles were great drives.
Like an eraser, or a bottle of tippex, that's what the "undo" button is there for. All this means is that the save process has to be a bit more sophisticated and store the last n changes.
A more sophisticated file system could help us there. During the day, we rsync the development areas every 15 minutes. It takes a trivial amount of space and CPU time. Yet for years I was stuck in the metaphor of doing nightly backups and telling folks they couldn't get back the files they changed in the morning.
The point is that saving files or versions in case we stuff things up shouldn't be our problem. We should have 'hard' commit points (this is a published document/reviewed code). Between then 'soft' checkpointing could be managed by the OS.
I have a question about brute-force attacks on encryption: How do you know when you've found the right key?
That depends on what you're encrypting. If you encrypt a random stream of text, you don't in general with a shared secret key. For plaintext, you usually need some sort of crib. A lot of people got thrown on the Enigma decrypt in Simon Singh's code book because he coded spaces as X (Enigma had no spacebar), throwing their frequency analysis check on the 'plaintext' out. Don't overestimate the security of hacks like using multiple crypto algorithms though.
For public key algorithms, like elliptic curves, it's dead easy. You can choose whatever plaintext you like and encrypt it with the public key. In practice, it will be simpler than that: for RSA if you think you know what the factos are, just multiplying them will tell you if you're right!
Could someone explain what the EU has power to do?
Seems to me like they couldn't do much...
Microsoft could be in line for fines totalling up to $2.5bn (£1.75bn) levied by the European Commission.
Nuff said.
Anyone who uses a piece of Open Source software is a developer of that software. It's the nature of Open Source software. That's the price you pay for using the software
Although it's often said, I think this is largely wrong headed. There just isn't enough time in the world to get up to speed in every piece of software you use to the level where you can usefully submit detailed bugs and fixes.
The idea that you have to be a developer to use any code is, in my view, an idea that's had its day. I agree that you should try to put something back to the community but it's not efficient to spread your work too thinly.
We have to accept that there is a need for first tier support in the open source community. If your first line is the main bug tracker, it's bound to be full of junk.
if i were one of the reviewers of this work for publication, and i even heard a whisper about cheating, i'd pack the whole pile of results up and ship them straight back as invalid.
Yes. But there won't be much interesting to publish until and unless they get a positive signal. Whilst the actions of cheaters are deplorable, in the end they aren't that significant.
Consider, there have to be enough hacked clients around to get a reasonable probablity that the same fake client get to process the data n times, getting the same bad, positive result.
Even then all that happens is that the SETI folks rerun the analysis of the segment in question on trusted machines, find there's nothing there, then go back to sleep.
Even this isn't correct. The GPL takes no freedoms away at ALL. Copyright law is pretty clear on the point of copying. You only get to do it with the copyright holder's permission. So, in the absence of the GPL, you don't get to copy the software.
The problem with this legalistic argument is that you can't then consistently assert that *any* licence takes your freedom away.
Without the likes of Slashdot, whole swathes of youngsters would be unable to comunicate at all, and would be unable to fit in, and would end up jumping off a bridge.
Well these days most bridges are only 1U high, so they're not likely to come to much harm.
The question is, WHY did they refuse?
As the article notes, apart from the cost, it is very likely illegal to retain such data. European privacy law prevents you holding such logs longer than necessary to run your business (billing, handling net-abusers etc. - about 1-2 years, tops).
As the monitoring code isn't statutary yet, it might not afford ISPs a defence against a prosecution under privacy laws.
That much power in the hands of an uncontrolled agency just cries to our government to be managed.
I take it you're not speaking officially for the People's Republic of China.
Have to attend for the purposes of work conventions of librarians. Specifically, there are the Medical Library Association and Science Library association. They are by far, outside the the technical IT etc. community the most technically proficient bunch around
Some 31337 medical librarians at work in this news story.
Ummm....Ummm.....a flag! Do they have a Flag? Yeah, that's it! They can't be a goverment without a flag. Whew. I knew there was something.
Phew. Had me worried a minute there.
Really? How on earth can businesses operate in such a hostile environment where governments can dictate fundamentally business decisions like the length of the warranty?!
Quite well thank you. One might ask the same question about operating in the US with its mad personal litigation culture.
Same answer: they pass enough of the cost on to the end customer to make a profit. And if they can't someone else will.
Governments make the rules, businesses play to win. Same the world over.