The Register ran a similar article citing this was another attempt at M$ to control the world, blah blah blah...
What I told them as I'll tell you now, is nothing stops a third party from becoming their own certificate authority and signing their own applications. Signed apps are nothing new - ever right-click on the.exe for a Windows NT/2000 service pack? This uses the same Crypto API that IE uses for SSL and S/MIME, and permits users to install new certificate authorities.
What this means for the office that develops their own in-house software is they can sign their own apps if they have OpenSSL or another SSL toolkit to make the CA cert. No doubt the tools for signing Win32 apps come with the latest Platform SDK. You don't need to pay Veri$ign or anyone else, but having your cert signed by a well known CA helps.
What this means for software houses like Corel is they can sign their own apps with their own cert, and their users can choose to trust them (or not) by importing their CA Cert into their system. Even Open Source houses can maintain their own certs and perhaps use a central CA operated by, say, Souce Forge. Again, having your cert signed by a well known CA helps but isn't necessary.
Check out your subscriber's agreements while reading this post. I think you'll find the following:
* No tech support for any sofwtare except what they provide you
* Requirement to use their HTTP proxy servers (which are probably sitting on OC3s or better) and their blocking or redirecting outbound port 80
* No servers allowed (but you should expect that from end user service)
* Telco owned or cable company owned hardware (You can't buy a DSL adapter you can keep)
[Potential troll] What DviX is really used for
on
DivX ;-) Deux Update
·
· Score: 4
Before you moderate this down as a troll post, please read it.
a high-quality MPEG4 codec used quite heavily by DVD pirates to recompress movies
Nice to see the truth come out. Tom's Hardware even knows this.
This is why the MPAA won the first round. This is what DeCSS.exe (Yes, the Win32 program, not the LiViD player) is being used for. It is certainly possible to transfer enough of a DVD to a 650 MB CD-ROM using this technology.
Yes I know about making backups, about control over media, etc etc but you have to admit this does make pirating movies easier (much easier than image-copying DVDs with CSS in tact).
There, now please moderate this down so it doesn't cause a flame war.
Unfortunately, there is no straightforward answer to this question, because level doesn't mean anything in the encryption world.
Yeah, I'm going to trust this. We at AFTI have analyzed a number of encryption systems. [snip] The last SafeMessage mechanism, which is still more secure than even email encrypted with PGP, is the Stewarding mode. Anything that claims better security without letting us see the source code or telling us what encryption technologies they use is selling snake oil.
If anything could be stupider than spamming the code to Usenet, it would be spamming it in e-mail or conceiving a virus to spread it through e-mail.
I hope the MPAA strips the programmer who does this of every dime they have, not because I like the MPAA (which I don't) but because I hate spam even more.
From the MPAA FAQ:
The Linux argument is a false issue. It has always been in the interest of the Motion Picture industry that there be as many legitimately licensed DVD players as possible, including those using non-Windows operating systems. However the argument that DeCSS was written for Linux players is simply false. The De-CSS utility was written for Windows-based software, not Linux.
Ding ding ding ding! Give the MPAA ten points for accuracy.
Sorry guys. Just download the "DVD Munitions" tarball from opendvd.org's FTP site (No URL posted, you know where to find it) and there as bright as day you'll see "DeCSS.ZIP" which contains "DeCSS.EXE", verified if you have Quick View to be a Win32 executable. You'll also find Win32 source code in the same tarball.
THIS is the code that the MPAA wants stripped off the net.
By contrast, the LiViD Tarball (from Linuxvideo.org) is a much better example of "The Linux Argument."
There are far more imaginative ways to spread DeCSS without vandalizing Usenet, many of which were described by Slashdot readers in other threads and stories.
I just pray no one decides to spam this through e-mail.
Re:How about support for OS/400?
on
GPG vs. PGP?
·
· Score: 1
I'm not savvy enough to take a previous release of PGP or GPG and port it to another platform. But, I do know that PGP 5.0 was ported to other platforms besides *ix and Win32. Amiga ports showed up, OS/2 ports, and so on, based on the PGPi source code (scanned from PGP 5.0 source legally exported in textbooks).
Even the original PGP 2.6.x source is available, which was a simpler command line program that could probably be recompiled on any command line platform.
If there were a GNU library and toolkit for OS/400 I'd imagine you could just compile GPG straight away. There were also Perl ports if I'm not mistaken, if not of PGP than at least of RSA.
A long time ago an outfit called Webtrack released a filtering proxy server for NT based on EMWAC HTTPS. The software was free, but you subscribed to a list of "bad sites" for some yearly rate. That software evolved into Secure Computing's Smartfilter.
As I said, the software was free and comes with an evaluation of Smartfilter. It can operate without the list of "bad sites" and you can maintain your own list of "Don't serve these URLs". If you have trouble compiling Squid under Win32 this could be an alternative.
IE5 finally separated cookies into their security zones. While Netscape 4.0 always had the "only accept local cookies" feature that defeats these trackers, IE5 lets you permit cookies per security zone. For instance, disable all cookies for the Internet zone and permit cookies for "trusted sites." I also do this with Javascript and Java, as many sites that need cookies to operate also use enough Javascript that you want to enable it for them.
Finally IE5.5 has Netscape's "Accept only local cookies" switch. Finally they learn.
Rather than use the weird watermarking schemes I've read about, maybe they could now use 128-bit CAST and RSA in the "DVD 2.0" spec to encrypt the disks. The RSA Patent's expired, the US relaxed crypto export regulations, and AFAIK CAST's been royalty-free forever. Or they could use Triple-DES.
Hell, it worked for millions of PGP users, even with the ADK bug.
The updated PGP won't use a forged ADK... This fix is a Public Relations fix, not a bugfix.
My FUDetector just went off.
If the updated PGP won't use a forged ADK on a tampered key, and if NAI's key servers won't accept tampered keys, doesn't that eliminate the forged ADK problem?
And why do some people keep calling ADKs a key recovery feature when it's a message recovery feature?
The only reason this hasn't yet happened with Linux desktops is, well, there aren't nearly as many Linux desktops because there's no standardized desktop distro (see prior post) and no common e-mail software for any desktop environment. OK, Netscape 4.7 maybe. But the guys at DigiCrime could show you how to do these things to Netscape and maybe write a Javascript trojan, and even circumvent the "sandbox".
How many/.ers were "raised" on Linux? *BSD? Any other non-M$ environment? (counting hands) Yeah, I thought so.
I looked at Mandrake 6.0, Red Hat 6.1, and have a copy of Red Hat 6.2 I haven't yet touched. But since about August 1995 I worked with NT 3.51. In all this time I was able to feel my way through Win32 and know most of its nooks and crannies, how to turn off unneeded stuff to improve performance, even how to build an ISP with it. With NT 3.51, not NT 4.0. I look at any one of these three Linux distros and, well, I have no clue where everything is, nor how to turn off unneeded or insecure stuff.
By comparison, all the "bible thumpers" (my favorite name to date for Linux fanatics), who probably know two or three Linux distros inside-out and know how to turn off unneeded stuff, would feel just as scared to tread through NT land. This I know because the ISP that I built and the boss sold at a profit was systematically dismantled and rebuilt from the ground up by "bible thumpers."
That aside, the two don't compare. Win2K Professional for instance was designed for a very different purpose than most Linux distros are - a desktop OS with both a productivity and an entertainment platform and surprising stability. I could finally remove Win95 after two years of dual booting. Most Linux distros try to be both a desktop OS and a server OS, and often lose much in both directions. Before XFree 4.0 it wasn't an easy game platform either (has it gotten any easier?) If we had a Linux distro that tried to only be a desktop OS, that stuck with one desktop environment and apps to match, and a decent game platform, we could compare it to Win2K Pro. "Service packs" would help, too.
As for the C$300 price tag I paid, compare it to C$75.00/hr for the typical consulting firm. Let's face it, the money in Linux comes from the support.
As for a server OS, while I used NT as a platform to build an ISP on top of, I didn't use MS server software except what came with the OS (NT 3.51 I mean). I used all free stuff and one commercial web server. How many ISPs that use Linux can do so with off-the-shelf or downloadable software and not a year of developing your own scripts and playing jigsaw-puzzle to put it together? Again, if we had a Linux distro that only tried to be a server OS, with only server software and admin tools, preferably admin tools that could install on a desktop-only distro, we could compare it to Win2K Server.
I look at all the pathetic computers and poorly written software and think, "Geez, if they designed washing machines like they design PCs and software, people would get eaten alive by them!"
We have standards enforcement bodies that see to safety in most appliances. Very likely all of your electrical appliances passed the Canadian Standard Association's requirements (even those sold in the USA). Even your computer's components, especially power supplies, need CSA or UL approval or both in many countries. It's common enough that we don't worry about burning ourselves or the house with our toaster or our stereo set so we don't bother checking for these. Operating instructions also come with safety instructions required by the standard bodies. Manufacturers will refer to these standards in their manuals and legal documents (IE: the Warranty!)
I want to see such warranties in software and in PC hardware, for instance, "When used as directed, this WizBang 3D Accelerator will work with all personal computers and motherboards with AGP2 capability." Of course motherboard and PC makers claiming AGP2 capability would have their systems tested by the standards body that oversees AGP2 (or whatever technology they claim to work with) so that said WizBang product will work with it.
Or, "When used as directed, this Windows v4.99.99 operating system will work with all personal computers using PC'98 architecture." Also, "this application is guaranteed to work on any computer system designed for MS Windows v4.99.99 (which in turn is guaranteed to run on a PC'98 certified machine)" The PC'98 spec is an example of a standard that can be enforced, like the CSA or UL standards. If MS could guarantee a working OS on a PC98 spec machine, and if the app maker could guarantee their app would work on Windows 4.99.99 (which in turn is guaranteed to run on a PC'98 machine) you'd have machines and software you could really depend on to do what you bought them to do. And if some part of the chain fails, the onus would be on whoever's component failed to fix it and honor their guarantee. (of course proving which component failed would take some time - that's what the standards bodies can do and routinely do today.)
We already have such standards in place. Things like PC98, the Win32 API (at least the published APIs), the GNU C Library, and such are good examples. If these could be "solidified" to the point where they'd stand up in court, people building on those standards MUST pass tests against them before claiming anything (or lose the compliance label and get sued by the standards body and the consumer), and that claim, if valid, would be one hell of a selling point over any claim made by a non-compliant competitor.
The simple way to get around having to crack the keys is just going to the client and copying the keys straight. Now the forger has an exact copy of the keys needed to make digital signatures for John Doe
How do you sign the messages with John Doe's private key without his passphrase? If J.D. was stupid to have a simple or easily guessable passphrase that's his fault, or if he were stupid to store the passphrase on the same computer as the private key.
"This is NOT spam! One of our subsidiaries which you have done business with received your legally binding signature...to withdraw from our mailing list, merely click the link below, where you will receive instructions to verify your decision to op-out by providing your (wait for it)..."
Ask for the verification.
Even if a luser was stupid to sign an "opt-out decision", that alone couldn't verify the so-called "original" request for the spam. I'd be more worried if the spammer asked instead for the luser's private key... and the luser actually handed it to them!
Pardon my ignorance, but how can digital signatures be that secure? I may store my private key in my account, but if some hacker gains root on my system, he would have my private keys. Can I then deny that I ordered that plastic dildo from sextoys.com?
Not if said hacker doesn't have your passphrase, unless of course you stored the passphrase with your private key. At least PGP is this secure, I couldn't tell you about S/MIME.
I have had a system together using OS2 boot loader which would boot to any of the following OSs
each OS was in it's own partition, but because of M$ stupidity, I had to play partition games, so that each of the M$ os's thought they were in C:
The OS/2 Boot Manager does a neat trick to the partition table entries. For each primary partition you select it will hide the others (change the partition's type) so it was "invisible".
The major problem with this trick is you can only have four primary partitions, one of which is the boot manager itself. This means only three primaries (or two and one extended partition) and current PCs can't boot from extended partitions without trickery like LILO, NT Bootloader, or what OS/2 does.
My answer to this problem at the time was just get a second hard drive and have it be a common drive between three OSes. That isn't always practical but it does work.
These companies try to avoid any liability issues. Suppose I buy a defective dishwasher that sparks and catches my house on fire... who is responsible for that? Maytag (or whoever, no offense to Maytag intended or implied).
If a memory leak in someone's latest, greatest software package corrupts vital data (say in the kernel of my new media-less Windows 2000 system), who's to blame? No one. Problem is that many companies do rely on software such as this, and pay large amounts of money to do so... you'd think they would have bought a bit of accountability to go along with it.
Software authoring has to be the ultimate liability dodge. No one, and it sure looks like no one, will take responibility for their own software which they license to you.
Is there such a thing as a guarantee for working computers and software that have to work? Aside from software that drives the Space Shuttle that is? Could I go pay IBM several million dollars for a network system guaranteed not to fail or my money back?
What worries me more than the spamming is the fact that he hijacked someone else's box to do his spamflooding. However, I'm always suspicious of figures like $18,000 in caused damage.
I can believe it.
A spammer once forged the orca.bc.ca domain in their spam. Not relaying through it, but rather relaying through other people's servers with invalid user@orca.bc.ca reply addresses. The resulting flood of bounces and complaints shut us down for the day.
Think 2500 customers paying $19.95/month for their e-mail and dial-up, or $0.67 a day. That's $1600 worth of lost service, or one sysadmin's paycheque. That didn't include lost renewals that month, overtime in dealing with the spammer, or other stupid things.
To reach a number like $18 000 we'd be talking about 25 000 customers. With a domain like ibm.net the numbers of customers with lost e-mail would be in the hundreds of thousands. This still doesn't include the actual theft of service from the relay servers used.
...all Tom can muster is 'Thunderbird is able to leave its predecessor as well as Intel's Coppermine behind it, as long as this processor does not run on the BX133-chipset' Yeah.
'bx133' is a name Tom invented for a 440BX chipset running at 133 MHz FSB. I'm willing to bet the only reason it outperforms T-Bird at all is because of the overclocked AGP (89 MHz, 2/3 the FSB clock). BX can't run AGP at 1/2 the FSB clock.
The i815 Beta comparison is probably more realistic. The AGP is running within spec at 66 MHz.
They try to get us free software hackers to waste all of our time shooting down Humunculi as they sit back and laugh, watching the kernel fall apart.
heh, they don't need to see the games themselves run on Linux to accomplish that, they just need to have you keep Windows on the same machine.
Now if you really wanted to cause some damage to software development, make them run on BSD. (Oh wait, XFree 4.0 is out and it runs on BSD... too late!)
BC has (or had, as of 1999) a majority government headed by the New Democratic Party, a near-left-wing organization... or at least it used to be near-left-wing. Spending too much time in BC can do that to you.
Somehow I don't believe Big Business fits in the plans of the NDP, with its pro-union pro-worker stance, in that province. Microsoft represents the penultimate in Big Business. In addition, the federal government in Ottawa is so far out of touch with BC I can't imagine our Prime Minister endorsing such a move.
Now here's a thought: Would one of the conditions of such a move be to form a M$ staff union? The thoughts of a unionized M$ are amusing.
Slashdot Mirror
The Register ran a similar article citing this was another attempt at M$ to control the world, blah blah blah...
.exe for a Windows NT/2000 service pack? This uses the same Crypto API that IE uses for SSL and S/MIME, and permits users to install new certificate authorities.
What I told them as I'll tell you now, is nothing stops a third party from becoming their own certificate authority and signing their own applications. Signed apps are nothing new - ever right-click on the
What this means for the office that develops their own in-house software is they can sign their own apps if they have OpenSSL or another SSL toolkit to make the CA cert. No doubt the tools for signing Win32 apps come with the latest Platform SDK. You don't need to pay Veri$ign or anyone else, but having your cert signed by a well known CA helps.
What this means for software houses like Corel is they can sign their own apps with their own cert, and their users can choose to trust them (or not) by importing their CA Cert into their system. Even Open Source houses can maintain their own certs and perhaps use a central CA operated by, say, Souce Forge. Again, having your cert signed by a well known CA helps but isn't necessary.
Just what the world needed, a group of nations in the South Pacific with more bandwidth for sending spam. Anyone ever see Telstra's toothless AUP?
spamparadise.mp3 (Mirror this please, don't kill my ISP)
Check out your subscriber's agreements while reading this post. I think you'll find the following:
* No tech support for any sofwtare except what they provide you
* Requirement to use their HTTP proxy servers (which are probably sitting on OC3s or better) and their blocking or redirecting outbound port 80
* No servers allowed (but you should expect that from end user service)
* Telco owned or cable company owned hardware (You can't buy a DSL adapter you can keep)
Before you moderate this down as a troll post, please read it.
a high-quality MPEG4 codec used quite heavily by DVD pirates to recompress movies
Nice to see the truth come out. Tom's Hardware even knows this.
This is why the MPAA won the first round. This is what DeCSS.exe (Yes, the Win32 program, not the LiViD player) is being used for. It is certainly possible to transfer enough of a DVD to a 650 MB CD-ROM using this technology.
Yes I know about making backups, about control over media, etc etc but you have to admit this does make pirating movies easier (much easier than image-copying DVDs with CSS in tact).
There, now please moderate this down so it doesn't cause a flame war.
SafeMessage FAQ
What level of encryption is used in SafeMessage?
Unfortunately, there is no straightforward answer to this question, because level doesn't mean anything in the encryption world.
Yeah, I'm going to trust this. We at AFTI have analyzed a number of encryption systems. [snip] The last SafeMessage mechanism, which is still more secure than even email encrypted with PGP, is the Stewarding mode. Anything that claims better security without letting us see the source code or telling us what encryption technologies they use is selling snake oil.
If anything could be stupider than spamming the code to Usenet, it would be spamming it in e-mail or conceiving a virus to spread it through e-mail.
I hope the MPAA strips the programmer who does this of every dime they have, not because I like the MPAA (which I don't) but because I hate spam even more.
Ding ding ding ding! Give the MPAA ten points for accuracy.
Sorry guys. Just download the "DVD Munitions" tarball from opendvd.org's FTP site (No URL posted, you know where to find it) and there as bright as day you'll see "DeCSS.ZIP" which contains "DeCSS.EXE", verified if you have Quick View to be a Win32 executable. You'll also find Win32 source code in the same tarball.
THIS is the code that the MPAA wants stripped off the net.
By contrast, the LiViD Tarball (from Linuxvideo.org) is a much better example of "The Linux Argument."
There are far more imaginative ways to spread DeCSS without vandalizing Usenet, many of which were described by Slashdot readers in other threads and stories.
I just pray no one decides to spam this through e-mail.
I'm not savvy enough to take a previous release of PGP or GPG and port it to another platform. But, I do know that PGP 5.0 was ported to other platforms besides *ix and Win32. Amiga ports showed up, OS/2 ports, and so on, based on the PGPi source code (scanned from PGP 5.0 source legally exported in textbooks).
Even the original PGP 2.6.x source is available, which was a simpler command line program that could probably be recompiled on any command line platform.
If there were a GNU library and toolkit for OS/400 I'd imagine you could just compile GPG straight away. There were also Perl ports if I'm not mistaken, if not of PGP than at least of RSA.
A long time ago an outfit called Webtrack released a filtering proxy server for NT based on EMWAC HTTPS. The software was free, but you subscribed to a list of "bad sites" for some yearly rate. That software evolved into Secure Computing's Smartfilter.
As I said, the software was free and comes with an evaluation of Smartfilter. It can operate without the list of "bad sites" and you can maintain your own list of "Don't serve these URLs". If you have trouble compiling Squid under Win32 this could be an alternative.
IE5 finally separated cookies into their security zones. While Netscape 4.0 always had the "only accept local cookies" feature that defeats these trackers, IE5 lets you permit cookies per security zone. For instance, disable all cookies for the Internet zone and permit cookies for "trusted sites." I also do this with Javascript and Java, as many sites that need cookies to operate also use enough Javascript that you want to enable it for them.
Finally IE5.5 has Netscape's "Accept only local cookies" switch. Finally they learn.
Rather than use the weird watermarking schemes I've read about, maybe they could now use 128-bit CAST and RSA in the "DVD 2.0" spec to encrypt the disks. The RSA Patent's expired, the US relaxed crypto export regulations, and AFAIK CAST's been royalty-free forever. Or they could use Triple-DES.
Hell, it worked for millions of PGP users, even with the ADK bug.
The updated PGP won't use a forged ADK... This fix is a Public Relations fix, not a bugfix.
My FUDetector just went off.
If the updated PGP won't use a forged ADK on a tampered key, and if NAI's key servers won't accept tampered keys, doesn't that eliminate the forged ADK problem?
And why do some people keep calling ADKs a key recovery feature when it's a message recovery feature?
Does a company who cares so very little about security belong in your server room?
And I thought Linux fanatics were beyond FUD.
Stop blaming Microsoft for your virus woes. If ILoveYou came into your computer and trashed it - too bad, that's not M$'s fault.
And billions were not lost to ILoveYou or any other program like it.
The only reason this hasn't yet happened with Linux desktops is, well, there aren't nearly as many Linux desktops because there's no standardized desktop distro (see prior post) and no common e-mail software for any desktop environment. OK, Netscape 4.7 maybe. But the guys at DigiCrime could show you how to do these things to Netscape and maybe write a Javascript trojan, and even circumvent the "sandbox".
How many /.ers were "raised" on Linux? *BSD? Any other non-M$ environment? (counting hands) Yeah, I thought so.
I looked at Mandrake 6.0, Red Hat 6.1, and have a copy of Red Hat 6.2 I haven't yet touched. But since about August 1995 I worked with NT 3.51. In all this time I was able to feel my way through Win32 and know most of its nooks and crannies, how to turn off unneeded stuff to improve performance, even how to build an ISP with it. With NT 3.51, not NT 4.0. I look at any one of these three Linux distros and, well, I have no clue where everything is, nor how to turn off unneeded or insecure stuff.
By comparison, all the "bible thumpers" (my favorite name to date for Linux fanatics), who probably know two or three Linux distros inside-out and know how to turn off unneeded stuff, would feel just as scared to tread through NT land. This I know because the ISP that I built and the boss sold at a profit was systematically dismantled and rebuilt from the ground up by "bible thumpers."
That aside, the two don't compare. Win2K Professional for instance was designed for a very different purpose than most Linux distros are - a desktop OS with both a productivity and an entertainment platform and surprising stability. I could finally remove Win95 after two years of dual booting. Most Linux distros try to be both a desktop OS and a server OS, and often lose much in both directions. Before XFree 4.0 it wasn't an easy game platform either (has it gotten any easier?) If we had a Linux distro that tried to only be a desktop OS, that stuck with one desktop environment and apps to match, and a decent game platform, we could compare it to Win2K Pro. "Service packs" would help, too.
As for the C$300 price tag I paid, compare it to C$75.00/hr for the typical consulting firm. Let's face it, the money in Linux comes from the support.
As for a server OS, while I used NT as a platform to build an ISP on top of, I didn't use MS server software except what came with the OS (NT 3.51 I mean). I used all free stuff and one commercial web server. How many ISPs that use Linux can do so with off-the-shelf or downloadable software and not a year of developing your own scripts and playing jigsaw-puzzle to put it together? Again, if we had a Linux distro that only tried to be a server OS, with only server software and admin tools, preferably admin tools that could install on a desktop-only distro, we could compare it to Win2K Server.
I look at all the pathetic computers and poorly written software and think, "Geez, if they designed washing machines like they design PCs and software, people would get eaten alive by them!"
We have standards enforcement bodies that see to safety in most appliances. Very likely all of your electrical appliances passed the Canadian Standard Association's requirements (even those sold in the USA). Even your computer's components, especially power supplies, need CSA or UL approval or both in many countries. It's common enough that we don't worry about burning ourselves or the house with our toaster or our stereo set so we don't bother checking for these. Operating instructions also come with safety instructions required by the standard bodies. Manufacturers will refer to these standards in their manuals and legal documents (IE: the Warranty!)
I want to see such warranties in software and in PC hardware, for instance, "When used as directed, this WizBang 3D Accelerator will work with all personal computers and motherboards with AGP2 capability." Of course motherboard and PC makers claiming AGP2 capability would have their systems tested by the standards body that oversees AGP2 (or whatever technology they claim to work with) so that said WizBang product will work with it.
Or, "When used as directed, this Windows v4.99.99 operating system will work with all personal computers using PC'98 architecture." Also, "this application is guaranteed to work on any computer system designed for MS Windows v4.99.99 (which in turn is guaranteed to run on a PC'98 certified machine)" The PC'98 spec is an example of a standard that can be enforced, like the CSA or UL standards. If MS could guarantee a working OS on a PC98 spec machine, and if the app maker could guarantee their app would work on Windows 4.99.99 (which in turn is guaranteed to run on a PC'98 machine) you'd have machines and software you could really depend on to do what you bought them to do. And if some part of the chain fails, the onus would be on whoever's component failed to fix it and honor their guarantee. (of course proving which component failed would take some time - that's what the standards bodies can do and routinely do today.)
We already have such standards in place. Things like PC98, the Win32 API (at least the published APIs), the GNU C Library, and such are good examples. If these could be "solidified" to the point where they'd stand up in court, people building on those standards MUST pass tests against them before claiming anything (or lose the compliance label and get sued by the standards body and the consumer), and that claim, if valid, would be one hell of a selling point over any claim made by a non-compliant competitor.
I recall seeing this switch - enabled by default - on every version of PGP for Windows I've seen, starting with 5.0.
If you use someone's public key that has been tampered with in this manner, wouldn't it be really easy to notice?
How do you sign the messages with John Doe's private key without his passphrase? If J.D. was stupid to have a simple or easily guessable passphrase that's his fault, or if he were stupid to store the passphrase on the same computer as the private key.
Ask for the verification.
Even if a luser was stupid to sign an "opt-out decision", that alone couldn't verify the so-called "original" request for the spam. I'd be more worried if the spammer asked instead for the luser's private key... and the luser actually handed it to them!
The OS/2 Boot Manager does a neat trick to the partition table entries. For each primary partition you select it will hide the others (change the partition's type) so it was "invisible".
The major problem with this trick is you can only have four primary partitions, one of which is the boot manager itself. This means only three primaries (or two and one extended partition) and current PCs can't boot from extended partitions without trickery like LILO, NT Bootloader, or what OS/2 does.
My answer to this problem at the time was just get a second hard drive and have it be a common drive between three OSes. That isn't always practical but it does work.
Software authoring has to be the ultimate liability dodge. No one, and it sure looks like no one, will take responibility for their own software which they license to you.
Is there such a thing as a guarantee for working computers and software that have to work? Aside from software that drives the Space Shuttle that is? Could I go pay IBM several million dollars for a network system guaranteed not to fail or my money back?
I can believe it.
A spammer once forged the orca.bc.ca domain in their spam. Not relaying through it, but rather relaying through other people's servers with invalid user@orca.bc.ca reply addresses. The resulting flood of bounces and complaints shut us down for the day.
Think 2500 customers paying $19.95/month for their e-mail and dial-up, or $0.67 a day. That's $1600 worth of lost service, or one sysadmin's paycheque. That didn't include lost renewals that month, overtime in dealing with the spammer, or other stupid things.
To reach a number like $18 000 we'd be talking about 25 000 customers. With a domain like ibm.net the numbers of customers with lost e-mail would be in the hundreds of thousands. This still doesn't include the actual theft of service from the relay servers used.
'bx133' is a name Tom invented for a 440BX chipset running at 133 MHz FSB. I'm willing to bet the only reason it outperforms T-Bird at all is because of the overclocked AGP (89 MHz, 2/3 the FSB clock). BX can't run AGP at 1/2 the FSB clock.
The i815 Beta comparison is probably more realistic. The AGP is running within spec at 66 MHz.
heh, they don't need to see the games themselves run on Linux to accomplish that, they just need to have you keep Windows on the same machine.
Now if you really wanted to cause some damage to software development, make them run on BSD. (Oh wait, XFree 4.0 is out and it runs on BSD... too late!)
BC has (or had, as of 1999) a majority government headed by the New Democratic Party, a near-left-wing organization... or at least it used to be near-left-wing. Spending too much time in BC can do that to you.
Somehow I don't believe Big Business fits in the plans of the NDP, with its pro-union pro-worker stance, in that province. Microsoft represents the penultimate in Big Business. In addition, the federal government in Ottawa is so far out of touch with BC I can't imagine our Prime Minister endorsing such a move.
Now here's a thought: Would one of the conditions of such a move be to form a M$ staff union? The thoughts of a unionized M$ are amusing.