Looks like much of the USA in winter. Maybe not everyday, but at least several times a week.
I'm sure there're places in the USA where you have such conditions for months on end just like in Lappland, in Wyoming or Minnesota, say, and Alaska is of course even worse. Looks like USA has lots more sunshine though:
So I won't have to go around to every classroom and every pc and click OK when I do my monthly wipe and reimage?
If I understand correctly, even reinstallation does not need user attention as long as loader.efi doesn't change. But that's based only on my reading of the article I quoted, so I could be wrong.
Does that mean the user has to actually be present to press a key? That renders secure boot unuseable on remote-admined or unattended servers, the very place you would most want to have a secure boot chain.
I've got a dedicated backup server at home that backs up all machines there automatically and rsync's the backup to another machine offsite overnight.
I've got an uncapped but relatively slow connection, uplink speed in practice about 2MB/s, but that's enough: it rarely takes more than three hours to do the rsync. Occasionally (like after returning from a two-week trip to Kenya) I've got so much new data (photos) that it takes more than 24 hours, but that's rare (and causes no problems per se, other than increased window of vulnerability, but one day is acceptable for me). Also, both machines have hotswap disk slots, so I could do the sync at home and carry the disks over should I one day get so much new data that rsyncing it over the network would take too long.
This works very well for me. It does require a reasonable network connection and a suitable place for the offsite backup machine, though.
2. I bet you need more than just a simple 50,000 supporters to change the constitution. You probably need 2/3rd (like in many countries) of all votes.
In Finland the parliament can change the constitution, but it has to be supported in two consecutive parliaments (with an election in between) and by 2/3 majority, or by single parliament with 5/6 majority. A bit too easy for my liking, but certainly harder than getting 50000 supporters.
"You just get a series of links containing "confirm your identity with your bank", click your bank, it takes you to the page of your bank where you enter your banking credentials and confirm that you want to be recognised by that site.
Whole process takes about 30 seconds."
Sounds like a wet dream of the phishing industry.
Not really, since the credentials aren't reusable: you have a list of key-value pairs, each used only once, in random order. Moreover, payments require separate confirmation (second key-value match), so even man-in-the-middle attack with identification-only site wouldn't allow stealing your money (well, not that easily anyway).
I don't know the legality or widespreadness of this, but at least Norway has started to apply Norwegian law to anyone with a Norwegian citizenship, no matter where the person may find itself. So if you break Norwegian law in, say Thailand, where the action is NOT forbidden, you will still be prosecuted as if the action took place on Norwegian ground.
This practice was made to fight child abuse (O REALLY?!) but nothing stops them from taking that further
Interesting. In comparison, Finnish law applies to crimes outside Finnish territory when either the act is also crime in the country where it was committed and carries sufficiently heavy penalty or it is one of explicitly listed crimes (which include child sexual abuse). In most cases it also applies to crimes committed abroad only when either the perpetrator or the victim is a Finnish citizen, but there're a number of exceptions to that (e.g., certain crimes like genocide or when extradition is denied on grounds of possible death penalty or torture).
So you would not be prosecuted in Finland for smoking hashish in the Netherlands even if you are a Finnish citizen, but you could be for raping a child regardless of where it occurred.
Nope. Finnish citizens in Finland are not required to possess any kind of identity card, and I know for a fact that many indeed do not have one at all. The text you quoted does not say a country must require or issue IDs to all its citizens, only that such a card is sufficient to travel abroad (with limitations), and while Finland does have national identity cards in the sense used in that directive, they're not issued to everybody automatically, you must explicitly request one, and it's not free (EUR 53 last I checked). Indeed most people don't have one but rather use a passport or driver's license as ID when needed - but as noted, some people don't have those either. If you don't travel abroad or drive or need to open a new bank account, you can do without.
perhaps some of us should reflect for a moment about the countries ranked higher than we are, and how they got there, considering where they were (in general, not absolutely speaking in terms of this particular metric) not too long ago... Some of these places were the places I I heard about in school when they talked about repression and how "those commies" were trying to take over the world... Phrases like "Papers, please.... Your papers..." were practically ingrained into our social consciousness, asked of poor innocents in every movie with a scene set in one of these places...
Curiously, Finland remains one of those countries where there's no general legal requirement to carry identification papers or indeed even to have any - and some people actually don't. (There's presidential election going on here right now, and every now and then people come to vote without papers, and there are a number of ways they can, including bringing along someone who can testify they're who they say they are.)
contempt of court will result in you being detained without trial until you comply. If you can not comply you are at the mercy of the judge whose court you are in contempt of. If you never comply and the judge so wishes, you will remain imprisoned until you die.
For comparison, in Finnish law there's a limit how long you can be detained for refusing to testify, namely six months.
I'm strongly considering investigating a position at a university where I can work on physics or nanotechnology; and, I would easily do it for half what I'm making now, simply for the job satisfaction.
I know and have known many of people who've kept on working despite having no financial need to do so, and also people who've kept on doing the same thing after being fired and having to eat mostly oatmeal porridge to survive on their savings. Mostly they're research scientists. That is indeed something that, at its best, can give you satisfaction over and above everything else. If you've got what it takes, go for it. There're also a number of artists who will keep on doing their thing regardless of money until they starve, but they generally never had a regular job to begin with. (Yeah, they're a minority. But they do exist.)
Taking one way snapshots over a network link to a remote location, for instance using rsync and a remote filesystem that supports snapshots, can be a viable solution for short term backups, but if you want longer term retention, "old hat" backup equipment still is a viable solution. How are you planning to restore from data corruption that happened 2 weeks ago?
It's easy enough to keep any desired schedule of incremental backups with rsync - search for rsnapshot for example, or BackupPC if you want a fancy web-based interface.
Otherwise, 100% agreement: backups should be physically separated from the primary data, preferably by significant geographical distance (think about fire) and duplicated on several locations.
Well, Finland does have a state-mandated police-provided blocklist, supposedly to fight child porn, which also blocks sites that point out that most of the sites on the list have nothing to do with child porn.
Fortunately using it isn't mandatory - ISPs are free to ignore it (some do, including mine) or provide it to their customers as an optional service (most of them do that, some make as opt-in, some as opt-out). I don't think any of them enforces it on their customers any more.
Here in Finland there was a court case a while back where a man was convicted for using neighbour's unprotected WLAN without permission. Rather amazingly, that lead to a new law passed by Finnish parliament just a few months ago, which explicitly allows such use. (Disclaimer: I was rather heavily involved in the campaign for the law, as then-chairman of Electronic Frontier Finland.)
Moreover, just about all landline network connections here are uncapped, and there are enough free WLANs around that using or offering them is not suspicious in itself. Nowhere near enough though, so a campaign like this could be very useful here as well.
No, there is no assumption of innocence when someone admits to doing it.
Really? That's somewhat surprising, given how often people confess to things they haven't in fact done. Some have even been executed for false confessions (like the case in England that led to the abolition of death penalty there).
Quite a few people find it depressing leaving work several hours after the sun has gone down. Can't please everyone!
Right. In winter, I go to work before sunrise and leave after sunset, which is pretty depressing. Then again, in summer I go to sleep before sunset and wake up after sunrise, which is pretty nice.
(I live in Finland, little over 62 degrees North. In mid-winter there's about 4 hours between sunrise and sunset; in midsummer, 20 hours. Here, shifting the clocks for daylight savings never made any real sense, except in synchronizing schedules with other countries. Today, it makes little sense anywhere, and it'd be best to drop the whole practice entirely ASAP.)
How is encryption without authentication better than no encryption?
Two reasons. First the obvious: most would-be attackers are clueless, even little increase in the complexity of attack will stop lots of them. The second you already note:
(For completeness sake: There are scenarios where encryption without authentication can force an attacker to use an active attack (MITM) instead of a passive attack (sniffing). In that case, even encryption without authentication can be useful
That is *the* reason I'd want to be able to use https without expensive certificates without scaring the user (but also without showing the lock symbol or otherwise advertising security, just make it look like unencrypted http to the user).
There's no such thing as a friendly interrogation. Always, always, always keep your yap shut and let the lawyer talk.
Unless (unlike Appelbaum) you're a non-citizen trying to enter the country. In that case, refusing to talk or requesting a lawyer means with practically 100% certainty that you won't get in. What you can do, however, is ask for an interpreter - and it may be a good idea however good your command of the local language is (as long as you aren't a native speaker). Interpreter's presence may defuse the situation with a suspicious border control official, interpretation gives you more time to think about your answers, and interpreters are often quite helpful and less, eh, scary than the interrogators (not without exception, of course).
The advise to youngsters against taking credit cards is flawwed. Because of how the current financial industry and credit reporting works.
If you never get a credit card or loan of any type, you will not have a credit history.
This will be very bad later, when you need to apply for credit or a loan, you will be denied, or require a cosigner, and pay a much higher interest rate..
As far as I know that is pretty much a US-only phenomenon. At least in most of Europe, the notion of "positive credit history" is all but unknown, when applying for a loan it doesn't matter if you've ever had a credit card unless you've failed to pay up. In many European countries many people don't have credit cards at all.
if someone really tried to make a license that explicitly forbids redistribution of the program in unmodified and non-aggregated form, I'm sure ISO would reject it
No. It used to be fairly common to sell software with source code, with explicit restriction that it may not be redistributed: source was only provided for in-house use. That is certainly not open source.
I remember those days, believe it or not.:)
So do I (yeah, I'm old). Did you really use the term "open source" then?
I'm sure I didn't, the vendors certainly didn't, actually I'm pretty sure I never heard the term back then.
Of course I may have missed someone using it, but it certainly wasn't a common term.
As far as I can tell, the very term was invented as a generic term for freely redistributable source - as a substitute for "free software", which had too heavy political and philosophical connotations.
Seriously, if you want to refer to software that is both open source and includes the right to distribute and modify, call it "Free Software" like the FSF, or "Libre" software. It's nice, unambiguous, is an existing term and doesn't confuse half the software world which is still filled with people like me who recall Open Source meaning only that the source code is available.
Can you point out any references to "Open Source" that predate the current common meaning (that includes free redistributability)?
Slashdot Mirror
Looks like much of the USA in winter. Maybe not everyday, but at least several times a week.
I'm sure there're places in the USA where you have such conditions for months on end just like in Lappland, in Wyoming or Minnesota, say, and Alaska is of course even worse. Looks like USA has lots more sunshine though:
http://imgur.com/vYpbh
More real-time webcams of roads there, they're all similar, with entire road surface covered in snow: http://www2.liikennevirasto.fi/alk/english/kelikamerat/kelikamerat_5.html
User only needs to press a key during initial installation, after that it should boot unattended just fine: "If the user gives permission, the signature will be installed and loader.efi will then boot up without any present user tests on all subsequent occasions even after the platform is placed back into secure boot mode." http://www.linuxfoundation.org/news-media/blogs/browse/2012/10/linux-foundation-uefi-secure-boot-system-open-source
So I won't have to go around to every classroom and every pc and click OK when I do my monthly wipe and reimage?
If I understand correctly, even reinstallation does not need user attention as long as loader.efi doesn't change. But that's based only on my reading of the article I quoted, so I could be wrong.
Does that mean the user has to actually be present to press a key? That renders secure boot unuseable on remote-admined or unattended servers, the very place you would most want to have a secure boot chain.
User only needs to press a key during initial installation, after that it should boot unattended just fine: "If the user gives permission, the signature will be installed and loader.efi will then boot up without any present user tests on all subsequent occasions even after the platform is placed back into secure boot mode." http://www.linuxfoundation.org/news-media/blogs/browse/2012/10/linux-foundation-uefi-secure-boot-system-open-source
Here's what I do (with about 3TB data now):
I've got a dedicated backup server at home that backs up all machines there automatically and rsync's the backup to another machine offsite overnight.
I've got an uncapped but relatively slow connection, uplink speed in practice about 2MB/s, but that's enough: it rarely takes more than three hours to do the rsync. Occasionally (like after returning from a two-week trip to Kenya) I've got so much new data (photos) that it takes more than 24 hours, but that's rare (and causes no problems per se, other than increased window of vulnerability, but one day is acceptable for me). Also, both machines have hotswap disk slots, so I could do the sync at home and carry the disks over should I one day get so much new data that rsyncing it over the network would take too long.
This works very well for me. It does require a reasonable network connection and a suitable place for the offsite backup machine, though.
You have a point, but:
2. I bet you need more than just a simple 50,000 supporters to change the constitution. You probably need 2/3rd (like in many countries) of all votes.
In Finland the parliament can change the constitution, but it has to be supported in two consecutive parliaments (with an election in between) and by 2/3 majority, or by single parliament with 5/6 majority. A bit too easy for my liking, but certainly harder than getting 50000 supporters.
"You just get a series of links containing "confirm your identity with your bank", click your bank, it takes you to the page of your bank where you enter your banking credentials and confirm that you want to be recognised by that site. Whole process takes about 30 seconds."
Sounds like a wet dream of the phishing industry.
Not really, since the credentials aren't reusable: you have a list of key-value pairs, each used only once, in random order. Moreover, payments require separate confirmation (second key-value match), so even man-in-the-middle attack with identification-only site wouldn't allow stealing your money (well, not that easily anyway).
Yes the music is in the public domain, but not the performance.
The article says that
'Metro Transit bought the recordings for $150 from a company that offers the dead composers among "royalty-free" selections.'
I take that to mean it is a public domain performance, too.
I don't know the legality or widespreadness of this, but at least Norway has started to apply Norwegian law to anyone with a Norwegian citizenship, no matter where the person may find itself. So if you break Norwegian law in, say Thailand, where the action is NOT forbidden, you will still be prosecuted as if the action took place on Norwegian ground. This practice was made to fight child abuse (O REALLY?!) but nothing stops them from taking that further
Interesting. In comparison, Finnish law applies to crimes outside Finnish territory when either the act is also crime in the country where it was committed and carries sufficiently heavy penalty or it is one of explicitly listed crimes (which include child sexual abuse). In most cases it also applies to crimes committed abroad only when either the perpetrator or the victim is a Finnish citizen, but there're a number of exceptions to that (e.g., certain crimes like genocide or when extradition is denied on grounds of possible death penalty or torture).
So you would not be prosecuted in Finland for smoking hashish in the Netherlands even if you are a Finnish citizen, but you could be for raping a child regardless of where it occurred.
Nope. Finnish citizens in Finland are not required to possess any kind of identity card, and I know for a fact that many indeed do not have one at all. The text you quoted does not say a country must require or issue IDs to all its citizens, only that such a card is sufficient to travel abroad (with limitations), and while Finland does have national identity cards in the sense used in that directive, they're not issued to everybody automatically, you must explicitly request one, and it's not free (EUR 53 last I checked). Indeed most people don't have one but rather use a passport or driver's license as ID when needed - but as noted, some people don't have those either. If you don't travel abroad or drive or need to open a new bank account, you can do without.
perhaps some of us should reflect for a moment about the countries ranked higher than we are, and how they got there, considering where they were (in general, not absolutely speaking in terms of this particular metric) not too long ago... Some of these places were the places I I heard about in school when they talked about repression and how "those commies" were trying to take over the world... Phrases like "Papers, please.... Your papers..." were practically ingrained into our social consciousness, asked of poor innocents in every movie with a scene set in one of these places...
Curiously, Finland remains one of those countries where there's no general legal requirement to carry identification papers or indeed even to have any - and some people actually don't. (There's presidential election going on here right now, and every now and then people come to vote without papers, and there are a number of ways they can, including bringing along someone who can testify they're who they say they are.)
contempt of court will result in you being detained without trial until you comply. If you can not comply you are at the mercy of the judge whose court you are in contempt of. If you never comply and the judge so wishes, you will remain imprisoned until you die.
For comparison, in Finnish law there's a limit how long you can be detained for refusing to testify, namely six months.
I'm strongly considering investigating a position at a university where I can work on physics or nanotechnology; and, I would easily do it for half what I'm making now, simply for the job satisfaction.
I know and have known many of people who've kept on working despite having no financial need to do so, and also people who've kept on doing the same thing after being fired and having to eat mostly oatmeal porridge to survive on their savings. Mostly they're research scientists. That is indeed something that, at its best, can give you satisfaction over and above everything else. If you've got what it takes, go for it. There're also a number of artists who will keep on doing their thing regardless of money until they starve, but they generally never had a regular job to begin with. (Yeah, they're a minority. But they do exist.)
Taking one way snapshots over a network link to a remote location, for instance using rsync and a remote filesystem that supports snapshots, can be a viable solution for short term backups, but if you want longer term retention, "old hat" backup equipment still is a viable solution. How are you planning to restore from data corruption that happened 2 weeks ago?
It's easy enough to keep any desired schedule of incremental backups with rsync - search for rsnapshot for example, or BackupPC if you want a fancy web-based interface.
Otherwise, 100% agreement: backups should be physically separated from the primary data, preferably by significant geographical distance (think about fire) and duplicated on several locations.
Well, Finland does have a state-mandated police-provided blocklist, supposedly to fight child porn, which also blocks sites that point out that most of the sites on the list have nothing to do with child porn.
Fortunately using it isn't mandatory - ISPs are free to ignore it (some do, including mine) or provide it to their customers as an optional service (most of them do that, some make as opt-in, some as opt-out). I don't think any of them enforces it on their customers any more.
Here in Finland there was a court case a while back where a man was convicted for using neighbour's unprotected WLAN without permission. Rather amazingly, that lead to a new law passed by Finnish parliament just a few months ago, which explicitly allows such use. (Disclaimer: I was rather heavily involved in the campaign for the law, as then-chairman of Electronic Frontier Finland.) Moreover, just about all landline network connections here are uncapped, and there are enough free WLANs around that using or offering them is not suspicious in itself. Nowhere near enough though, so a campaign like this could be very useful here as well.
No, there is no assumption of innocence when someone admits to doing it.
Really? That's somewhat surprising, given how often people confess to things they haven't in fact done. Some have even been executed for false confessions (like the case in England that led to the abolition of death penalty there).
Quite a few people find it depressing leaving work several hours after the sun has gone down. Can't please everyone!
Right. In winter, I go to work before sunrise and leave after sunset, which is pretty depressing. Then again, in summer I go to sleep before sunset and wake up after sunrise, which is pretty nice.
(I live in Finland, little over 62 degrees North. In mid-winter there's about 4 hours between sunrise and sunset; in midsummer, 20 hours. Here, shifting the clocks for daylight savings never made any real sense, except in synchronizing schedules with other countries. Today, it makes little sense anywhere, and it'd be best to drop the whole practice entirely ASAP.)
you can't have a wank to Internet porn in a public library.
Around here (Finland) it seems quite a few people do, at least if some librarians are to be believed...
How is encryption without authentication better than no encryption?
Two reasons. First the obvious: most would-be attackers are clueless, even little increase in the complexity of attack will stop lots of them. The second you already note:
(For completeness sake: There are scenarios where encryption without authentication can force an attacker to use an active attack (MITM) instead of a passive attack (sniffing). In that case, even encryption without authentication can be useful
That is *the* reason I'd want to be able to use https without expensive certificates without scaring the user (but also without showing the lock symbol or otherwise advertising security, just make it look like unencrypted http to the user).
The n900 has syncevolution, that can supposedly sync with lots of stuff: http://syncevolution.org/documentation/compatibility
However, I'm not sure how reliable it is on the n900 at the moment.
I've been using syncevolution on the N900 for over six months now, and it's been working like charm, no problems whatsoever.
There's no such thing as a friendly interrogation. Always, always, always keep your yap shut and let the lawyer talk.
Unless (unlike Appelbaum) you're a non-citizen trying to enter the country. In that case, refusing to talk or requesting a lawyer means with practically 100% certainty that you won't get in. What you can do, however, is ask for an interpreter - and it may be a good idea however good your command of the local language is (as long as you aren't a native speaker). Interpreter's presence may defuse the situation with a suspicious border control official, interpretation gives you more time to think about your answers, and interpreters are often quite helpful and less, eh, scary than the interrogators (not without exception, of course).
The advise to youngsters against taking credit cards is flawwed. Because of how the current financial industry and credit reporting works.
If you never get a credit card or loan of any type, you will not have a credit history. This will be very bad later, when you need to apply for credit or a loan, you will be denied, or require a cosigner, and pay a much higher interest rate..
As far as I know that is pretty much a US-only phenomenon. At least in most of Europe, the notion of "positive credit history" is all but unknown, when applying for a loan it doesn't matter if you've ever had a credit card unless you've failed to pay up. In many European countries many people don't have credit cards at all.
On what grounds is it their call to make?
Sorry, typo: I meant OSI of course.
I remember those days, believe it or not. :)
So do I (yeah, I'm old). Did you really use the term "open source" then? I'm sure I didn't, the vendors certainly didn't, actually I'm pretty sure I never heard the term back then.
Of course I may have missed someone using it, but it certainly wasn't a common term.
As far as I can tell, the very term was invented as a generic term for freely redistributable source - as a substitute for "free software", which had too heavy political and philosophical connotations.
Seriously, if you want to refer to software that is both open source and includes the right to distribute and modify, call it "Free Software" like the FSF, or "Libre" software. It's nice, unambiguous, is an existing term and doesn't confuse half the software world which is still filled with people like me who recall Open Source meaning only that the source code is available.
Can you point out any references to "Open Source" that predate the current common meaning (that includes free redistributability)?