A couple of months in jail for a few of the the Diebold execs might put the fear of the voter into these people. Unless they end up losing a lot of money on this deal, no monetary fine is gonna do anything to stop this bullshit. -- Sooner or later somebody is going to exploit these holes (if it hasn't already happened).
They said "trust us", then they violated that trust. End of story.
Modified source code may have distribution restrictions. The license should explicitly allow the redistribution of derivative works. This cannot include the patched code, since patched code may not be considered derivative work.
I'm not sure what they were trying to say here, but it's almost certainly wrong. It is
at best misleading and/or confusing.
What I would say (IANAL) is:
You may limit the distribution of modified code to within your organization.
If you redistribute code outside of your organization, it must include access to the source code.
Recipients of source code (original or derivative) must receive the same redistribution rights as you had to the original.
____
Typo on page 8:
A complete Windows-to-Linux desktop migration may required that you re-program some applicaitons to run natively on windows.
I'm thinking that that should be:
A complete Windows-to-inux desktop migration may
require that you re-program some applicaitons to run natively on Linux.
and others saying that ice ages come in between warm periods.
That's known as a truism. It's the warm periods that delineate the ice ages (and vice versa). If you had two ice ages in a row, we'd just call it one long ice age. Similarly for warm periods.
So it was a quiet period followed by...
Another quiet period.
So there was just one long quiet period
No. There were two quiet periods. Two distinct quiet periods.
Was there a noise between the two quiet periods?
No, I already told you that! Nothing between them!
So how could you tell that there were two qiet periods and not one?
Are you trying to call me a liar.???!!!!
Saying things like "we have less effect than one major Eruption", may be true while the eruption is going on, but few major eruptions continue for more than a few days. Our society is having an effect in the range of a major eruption, but 24/7, 365 days a year.
It's like the difference to your electric bill between baking a cake, and leaving the oven on -- door open -- for an entire month.
Especially in the early days of global warming research, there was a lot of controversy over whether it was happening, and whether human activity was a (or the) prime contributor. In the last few years, however, it's become more a question of how fast and how far.
The north pole, which has survived for millenia has thinned by 30% in the last couple of decades -- at that rate it could be gone in my lifetime -- and in the meantime, it's eating a lot of the excess energy that we've been pumping into the ecosystem and capturing with the greenhouse effect.
A similar effect is occurring in antarctica. Ice shelves that have survived 3 or 4 ice-age cycles are breaking off wholesale. Right now, there's a
massive 80 mile long iceberg that is threatening to starve one of the major penguin colonies (as well as possibly preventing this year's supplies from being delivered to three antarctic research station)
Consider now, an entirely different analogy:
Let's say you're driving down the road one night, and 5 people try to warn you (over the CB radio) that the bridge ahead seems to be washed out. You're in a rush (late for a hot date), and none of these people has actally seen the washed out bridge. Furthermore, one person is telling you that the road ahead is fine (your rival for the date you're going to meet). Do you keep going pedal-to-the-metal, or do you slow down enough so that you can stop if the bridge is really out?
Just a reminder: Stallman came up with the GNU manifesto back at a time when MS was little more than a startup. He wasn't responding to Gates. He was responding to the proprietary principle that it's OK for me to hold your data hostage to my business model
Yeah, getting stuff to be cross-platform worked so well for OS/2 (win32 subsystem) and Mac (getting MS to port all the MS software to Mac)... OS/2 is dead, and Apple pretty much had to reinvent the Mac for MacOSX, and, even then, needed a MS-based infusion of $$$.
In both of those cases, they depended on Mr. Bill for the apps, and MS pulled the rug out from under them. This is a slightly different case of providing users with the applications on both Windows and Linux. This doesn't really create a dependance on Microsoft -- in fact, much the other way 'round.
The advantage of this approach is that it does make it easier for companies to transition from Windows to Linux/*BSD. The disadvantage, in the short term, is that it makes life a bit more comfortable for them while they're on Windows.
I think that what I'd ask people to do is look at each porting question from a strategic point of view: Is having this app cross-platform going to make it more likely that people will move to fully FLOSS or less. If more, then port it. If less then don't.
BTW: It's not Windows vs FOSS, its proprietary vs FOSS. Microsoft just happens to be the deathstar of proprietary systems.
About 2 decades ago, a boss of mine said that if I wanted to make good money in the computer field, I'd be best off to learn cobol. He gave me a copy of the ANSI cobol spec (about a 2.5 inch binder) which I read thru (I learned IBM/370 and 68000 assembler in much the same way).
After reading the document, I swore that if I ever had a job that involved significant cobol programming, I'd just find another job. Period.
Other than helping a couple of friends to debug their COBOL programs, I've never touched the language.
I did have one girl-friend who kept on referring to it as the cobold programming language. Dunno if she ever read Lord of The Rings (this was in the '80s -- no movie), but I found it quietly amusing, nontheless.
I would recommend something we call "pencil and paper."
agreed
First you need to program the wetware (mind), then you can use the software to examine the side effects of the principles and formulas you learned. I think that the latter used to be known as applied math.
"In theory, there's no difference between theory and practice. In practice, however...."
I have a page that I direct most of my students to when trying to teach them passwords. It's changed slowly over time, but it tries to teach them the passphrase method. (it was originally based on the problem that, until recently, Solaris has been limited to 8 character passwords).
Getting users to use secure passwords is a serious problem. For classes, I've gotten to the point of giving them my treatise, letting them set their passwords and then using something like
John-the-ripper to crack people who choose bad passwords. Doing it in front of them and getting a handfull of passwords in under a minute will generally get the attention of at least some of them.
One thing to note about the 'change the password every few weeks' approach is that it presumes that an intruder has access to the encrypted password file. Given current security systems, it's now rare that you have access to the encrypted password unless you've already gotten admin access -- at that point you can expect that your security is hosed, anyways.
Rather than just not suggesting that sites use the 'change every 6 months' rule, it should be explicitly discouraged unless you have seriously elite users with the cycles to spare for repeated memorization.
Often changing a password is a good idea where that password is used in an automated process (eg. for nightly backups). Such passwords get used often, are probably stored somewhere and it's not going to mess up most users when they get changed (( this also applies to RSA keys, etc.)
The hardest thing with multiple passwords is that it's hardest when you start up into the system. I can probably memorize one or two passwords a month, but forcing me to change 8-19 passwords every month would drive me absolutely nuts.
... then at least a person has to gain physical access to the machine before they can compromise your account.
There are different kinds of physical access. One is physical access to a desktop box which should, at most, give you access to stuff stored locally on the box. Often this should be roughly nothing, since everything is (or should be) stored on the central server (with backups, etc).
It's the central server that you're probably trying to secure with often-changed passwords, and access to a desktop box is not the same as getting into the server room without anybody noticing.
..except once they have two of your passwords, they've figured out your pattern.
For any site where you care enough about that that's a real issue, then you shoule probably be using a more secure method. On the other hand, there are lots of sites where I'm only going to be moderately pissed if someone gets the passwords to all of them at one shot.
For me things like bank accounts get unique passwords, as do root and personal accounts with (remote) shell access. Other accounts tend to get 'communal' passwords.
I'm feeling the same... Part of what is hurting the Palm is that people who want MORE than what palm can handle are forced to go to WinCE units.
If all I want is daytimer and alarms with a phone list, then Palm is the cat's meow. I have no need for a palm device that needs a 2amp power supply (had to find a replacement recharger for a friend's Ipaq this weekend... 5V,2000mA!).
On the other hand, people who want to do heavy lifting but still have access to palm type applications will love this symbiosis. All palm has to do next is make Grafitti 1 available as an option again and we'll be flying. (for my part, I hate tiny keyboard windows).
And VPN Quarantine allows the system to require that clients connecting through a virtual private network have the latest security updates.
Unh, hunh. And is that before, or after I've been owned?
Granted: It's not bad to push people to install security upgrades (as long as you can turn off requiring upgrades that break your network, or network security). It is, however, bad if you get a false sense of security from having that nagging ability in there.
Also: the most secure way to get updates might be using the VPN.
This is not a smoking-gun proof. What it proves is that someone reasonably high-up in the Republican party was willing to pay for a vote-rigging software prototype that would be usable 'live'. That's reasonably disturbing in, and of itself. It does not, however, even suggest that the resulting code was ever used live. In fact, I get a feeling that the project utimately died. (The sample code may, however, have ended up in the hands of companies like Diebold and Sequoia, for all we know.)
If proven, it would also indicate that such a high-ranking Republican would also be willing to get personally involved (stupid, but still believable -- it had to happen sometime/somewhere and these meetings seem to have been reasonably private).
The rest of the story about dead investigators, fired wistle-blowers and emailed warnings just adds a nice sense of drama to the whole thing. Great for attention-getting but not much else.
Interesting for me is that the idea of an 'easter-egg' which would allow you to change the vote on the fly is pretty close to my own example of how to cook an election in the in the most general (software-wise) and non-intrusive manner (software-wise and physical accessability).
There are a few different ways to scale the rankings... The CBC News article gives a handfull of the different rankings used. Depending on how (and what) you're rating, Canada came anywhere from 3rd to 11th.
One thing that this points to is that the problem is unlikely to be either the Media or Internet use. With the exception of the CBC (my favorite!), canadians much the same garbage as the US does, and Internet (broadband) use here appears to be higher than in the US.
(( I'll bet you, however, that states that voted Republican in the last election did worse than states that voted Democrat... If it's true, though I won't bet on whether that's a cause or an effect. ))
I'm presuming, here, that anybody who's shooting slides is shooting for print, not for the web. I shoot mostly print because it's easier. I consider it better quality than digital (although digital is now catching up).
I tend to keep a roll or two of slide film for when I really want to ge the subtle colors right.
I inherited a stereo camera from my dad (StereoRealist) that used slide film, so my early days of photography were done with slide film and no meter... No better way to learn good exposures and get used to vivid colors.
On the web, however, just about anything will do. Scanning a 4x6 at 300DPI gives you 1200x1800 which still won't fit on the average web surfer's screen -- and a 4x6 print doesn't even come close to stressing what film can capture (unless you're shooting above 3200ASA).
The Berkeley study got a lot of hype (not enough for most liberals), yet their study has been thoroughly DEBUNKED.
The so-called debunking that I saw wasn't much of a debunk. It pretty much consisted of some handwaiving about how the discrepancy might have been caused by 'get-the-vote-out' campaigns getting more Republican voters out.
Of course, there were also Democrat get-the-vote-out campaigns, generally countering the Republican campaigns. More notable about the so-called-debunking is that it provides no real explanation as to why it was only the sequoia machines that had the systematic anomalies, and not other machines (( such as the touch-screen boxes which he perceptively points out only had 2 anomalous counties )).
If the anomalies were a result of get-the-vote-out campaigns, then we would have expected similar distributions of results in votes tallied by other machines. The "debunking" indirectly points out that that wider distribution did not occur. Lack of widespread anomalies in touch-screen counts supports an interim thesis that there was something naughty going on with the seqoia counts, as opposed to countering it.
It kinda makes sense to me that -- presuming that there was vote tampering code available in Diebold boxes -- that such code would not have been used (or would have only been used very sparingly), since Diebold boxes have recieved so much attention in the last year or so. Sequoia boxes (excuse the misspelling -- I'm too lazy to look it up right now) on the other hand are percieved to have been a bit less controversial.
Personally: I consider the Berkeley results to be 'interesting' -- and pointing to a need for a more complete investigation. The anomalies that they point to seem improbable to the point of near impossibility. So improbable that I'd prefer some collaberating information before accepting, unreservedly, that the Republicans would be that bold about rigging an election.
If you want the best of both MAC and Linux, then get both. A half decent Mac box will allow you to use PhotoShop for the real nit-picky Photo stuff, while a Linux box will give you access to those few tools that haven't been ported from Linux to OS-X, while giving you the advantage of speed for the software that's shared and the probability of more rapid future development in the Linux universe.
You can share images between the boxes with a nice 100Meg (or 1Gig) network.
Linux may not be quite caught up to the Mac in the photo processing world, but with many movie studios going to Linux processing, recent versions of GIMP have gotten a pretty good boost and you're likely to see the really necessary color tools sooner than later. (( chances are that they're already out there, but just not in your average commercial distro like RedHat or SuSe, which cater to the more general user and don't take to distributing beta code)).
I wouldn't worry too much about the fact that much of the code that you'll probably end up working with on the Linux side is likely to be Beta/pre-release code. What the Linux universe calls "Beta" usually passes for second release in the commercial world (or best-of-class if it's coming out of Microsoft).
I was able to blow up negatives to 4x6 with no noticeable loss of quality,
For a professional photographer, 4x6 is barely galley. I'm a decent amateur, and I've had people asking me for 24x36 blowups of some of my images (It was really more of a question of "How big a print can you give me?").
8x10 inches is the smallest end result that a pro photographer is going to be expecting to produce. Some pros end up producing 8x10metre results (think billboards), but I figure that if it gets to 2x3feet without noticable grain, you'll probably be getting into the comfort zone of most pro photogs.
Slashdot Mirror
Man, do you know how to ruin a good joke!
Try breathing...
They said "trust us", then they violated that trust. End of story.
What I would say (IANAL) is:
- You may limit the distribution of modified code to within your organization.
- If you redistribute code outside of your organization, it must include access to the source code.
- Recipients of source code (original or derivative) must receive the same redistribution rights as you had to the original.
____Typo on page 8: I'm thinking that that should be:
That's known as a truism. It's the warm periods that delineate the ice ages (and vice versa). If you had two ice ages in a row, we'd just call it one long ice age. Similarly for warm periods.
Saying things like "we have less effect than one major Eruption", may be true while the eruption is going on, but few major eruptions continue for more than a few days. Our society is having an effect in the range of a major eruption, but 24/7, 365 days a year.It's like the difference to your electric bill between baking a cake, and leaving the oven on -- door open -- for an entire month.
Especially in the early days of global warming research, there was a lot of controversy over whether it was happening, and whether human activity was a (or the) prime contributor. In the last few years, however, it's become more a question of how fast and how far.
The north pole, which has survived for millenia has thinned by 30% in the last couple of decades -- at that rate it could be gone in my lifetime -- and in the meantime, it's eating a lot of the excess energy that we've been pumping into the ecosystem and capturing with the greenhouse effect.
A similar effect is occurring in antarctica. Ice shelves that have survived 3 or 4 ice-age cycles are breaking off wholesale. Right now, there's a massive 80 mile long iceberg that is threatening to starve one of the major penguin colonies (as well as possibly preventing this year's supplies from being delivered to three antarctic research station)
Consider now, an entirely different analogy:
Let's say you're driving down the road one night, and 5 people try to warn you (over the CB radio) that the bridge ahead seems to be washed out. You're in a rush (late for a hot date), and none of these people has actally seen the washed out bridge. Furthermore, one person is telling you that the road ahead is fine (your rival for the date you're going to meet). Do you keep going pedal-to-the-metal, or do you slow down enough so that you can stop if the bridge is really out?
Just a reminder: Stallman came up with the GNU manifesto back at a time when MS was little more than a startup. He wasn't responding to Gates. He was responding to the proprietary principle that it's OK for me to hold your data hostage to my business model
In both of those cases, they depended on Mr. Bill for the apps, and MS pulled the rug out from under them. This is a slightly different case of providing users with the applications on both Windows and Linux. This doesn't really create a dependance on Microsoft -- in fact, much the other way 'round.
The advantage of this approach is that it does make it easier for companies to transition from Windows to Linux/*BSD. The disadvantage, in the short term, is that it makes life a bit more comfortable for them while they're on Windows.
I think that what I'd ask people to do is look at each porting question from a strategic point of view: Is having this app cross-platform going to make it more likely that people will move to fully FLOSS or less. If more, then port it. If less then don't.
BTW: It's not Windows vs FOSS, its proprietary vs FOSS. Microsoft just happens to be the deathstar of proprietary systems.
After reading the document, I swore that if I ever had a job that involved significant cobol programming, I'd just find another job. Period.
Other than helping a couple of friends to debug their COBOL programs, I've never touched the language.
I did have one girl-friend who kept on referring to it as the cobold programming language. Dunno if she ever read Lord of The Rings (this was in the '80s -- no movie), but I found it quietly amusing, nontheless.
agreed
First you need to program the wetware (mind), then you can use the software to examine the side effects of the principles and formulas you learned. I think that the latter used to be known as applied math.
"In theory, there's no difference between theory and practice. In practice, however...."
Rong!!!
SumBody haz trademarqued evrie wurd inn zhe dicktionary, soo wee musht lern tu shpell anue orr git soued.
40% Offtopic
30% Underrated
This seems to be one of those situations where you either get the joke, or you don't.
Getting users to use secure passwords is a serious problem. For classes, I've gotten to the point of giving them my treatise, letting them set their passwords and then using something like John-the-ripper to crack people who choose bad passwords. Doing it in front of them and getting a handfull of passwords in under a minute will generally get the attention of at least some of them.
One thing to note about the 'change the password every few weeks' approach is that it presumes that an intruder has access to the encrypted password file. Given current security systems, it's now rare that you have access to the encrypted password unless you've already gotten admin access -- at that point you can expect that your security is hosed, anyways.
Rather than just not suggesting that sites use the 'change every 6 months' rule, it should be explicitly discouraged unless you have seriously elite users with the cycles to spare for repeated memorization.
The hardest thing with multiple passwords is that it's hardest when you start up into the system. I can probably memorize one or two passwords a month, but forcing me to change 8-19 passwords every month would drive me absolutely nuts.
There are different kinds of physical access. One is physical access to a desktop box which should, at most, give you access to stuff stored locally on the box. Often this should be roughly nothing, since everything is (or should be) stored on the central server (with backups, etc).
It's the central server that you're probably trying to secure with often-changed passwords, and access to a desktop box is not the same as getting into the server room without anybody noticing.
For any site where you care enough about that that's a real issue, then you shoule probably be using a more secure method. On the other hand, there are lots of sites where I'm only going to be moderately pissed if someone gets the passwords to all of them at one shot.
For me things like bank accounts get unique passwords, as do root and personal accounts with (remote) shell access. Other accounts tend to get 'communal' passwords.
If all I want is daytimer and alarms with a phone list, then Palm is the cat's meow. I have no need for a palm device that needs a 2amp power supply (had to find a replacement recharger for a friend's Ipaq this weekend... 5V,2000mA!).
On the other hand, people who want to do heavy lifting but still have access to palm type applications will love this symbiosis. All palm has to do next is make Grafitti 1 available as an option again and we'll be flying. (for my part, I hate tiny keyboard windows).
Just for completeness: One of the letters I wrote about using easter-eggs to modify a vote on the fly.
Unh, hunh. And is that before, or after I've been owned?
Granted: It's not bad to push people to install security upgrades (as long as you can turn off requiring upgrades that break your network, or network security). It is, however, bad if you get a false sense of security from having that nagging ability in there.
Also: the most secure way to get updates might be using the VPN.
If proven, it would also indicate that such a high-ranking Republican would also be willing to get personally involved (stupid, but still believable -- it had to happen sometime/somewhere and these meetings seem to have been reasonably private).
The rest of the story about dead investigators, fired wistle-blowers and emailed warnings just adds a nice sense of drama to the whole thing. Great for attention-getting but not much else.
Interesting for me is that the idea of an 'easter-egg' which would allow you to change the vote on the fly is pretty close to my own example of how to cook an election in the in the most general (software-wise) and non-intrusive manner (software-wise and physical accessability).
One thing that this points to is that the problem is unlikely to be either the Media or Internet use. With the exception of the CBC (my favorite!), canadians much the same garbage as the US does, and Internet (broadband) use here appears to be higher than in the US.
(( I'll bet you, however, that states that voted Republican in the last election did worse than states that voted Democrat... If it's true, though I won't bet on whether that's a cause or an effect. ))
I tend to keep a roll or two of slide film for when I really want to ge the subtle colors right.
I inherited a stereo camera from my dad (StereoRealist) that used slide film, so my early days of photography were done with slide film and no meter... No better way to learn good exposures and get used to vivid colors.
On the web, however, just about anything will do. Scanning a 4x6 at 300DPI gives you 1200x1800 which still won't fit on the average web surfer's screen -- and a 4x6 print doesn't even come close to stressing what film can capture (unless you're shooting above 3200ASA).
Methinks the Grammar Nazis are gonna go hog-wild on this thread.
The so-called debunking that I saw wasn't much of a debunk. It pretty much consisted of some handwaiving about how the discrepancy might have been caused by 'get-the-vote-out' campaigns getting more Republican voters out.
Of course, there were also Democrat get-the-vote-out campaigns, generally countering the Republican campaigns. More notable about the so-called-debunking is that it provides no real explanation as to why it was only the sequoia machines that had the systematic anomalies, and not other machines (( such as the touch-screen boxes which he perceptively points out only had 2 anomalous counties )).
If the anomalies were a result of get-the-vote-out campaigns, then we would have expected similar distributions of results in votes tallied by other machines. The "debunking" indirectly points out that that wider distribution did not occur. Lack of widespread anomalies in touch-screen counts supports an interim thesis that there was something naughty going on with the seqoia counts, as opposed to countering it.
It kinda makes sense to me that -- presuming that there was vote tampering code available in Diebold boxes -- that such code would not have been used (or would have only been used very sparingly), since Diebold boxes have recieved so much attention in the last year or so. Sequoia boxes (excuse the misspelling -- I'm too lazy to look it up right now) on the other hand are percieved to have been a bit less controversial.
Personally: I consider the Berkeley results to be 'interesting' -- and pointing to a need for a more complete investigation. The anomalies that they point to seem improbable to the point of near impossibility. So improbable that I'd prefer some collaberating information before accepting, unreservedly, that the Republicans would be that bold about rigging an election.
You can share images between the boxes with a nice 100Meg (or 1Gig) network.
Linux may not be quite caught up to the Mac in the photo processing world, but with many movie studios going to Linux processing, recent versions of GIMP have gotten a pretty good boost and you're likely to see the really necessary color tools sooner than later. (( chances are that they're already out there, but just not in your average commercial distro like RedHat or SuSe, which cater to the more general user and don't take to distributing beta code)).
I wouldn't worry too much about the fact that much of the code that you'll probably end up working with on the Linux side is likely to be Beta/pre-release code. What the Linux universe calls "Beta" usually passes for second release in the commercial world (or best-of-class if it's coming out of Microsoft).
For a professional photographer, 4x6 is barely galley. I'm a decent amateur, and I've had people asking me for 24x36 blowups of some of my images (It was really more of a question of "How big a print can you give me?").
8x10 inches is the smallest end result that a pro photographer is going to be expecting to produce. Some pros end up producing 8x10metre results (think billboards), but I figure that if it gets to 2x3feet without noticable grain, you'll probably be getting into the comfort zone of most pro photogs.