It says,
'The constitution, and laws made by the rules of the constitution, and treaties made by the USA, together make up the supreme law, and all judges are bound by it, no matter what the state laws and state constitutions of the individual states may say.'
Or in other words, the constitution + federal law + treaties are bigger and badder than state laws and state constitutions; it doesn't say where treaties are relative to the federal constitution... though since the only thing that gives treaties power is the constitution -saying- they have power, there's a certain implication there...
'Laws' being proposed are,
People with access to information must make all reasonable effort to provide it to the authorities. Ie, 'We need to see all your server logs because we think the cracker routed through your network' or 'We need your entire anonymous remailer database so we can do traffic analysis to determine which 17 accounts belong to the cracker'; With a warrant... without... ? Will it be a 'crime' to not turn over this information on request? (Well, not for long in the USA but who knows about other countries; the courts will make sure warrants and/or subpoenas are still required to coerce information, but it could take time if the law isn't written that way.)
'Cracker Tools' being outlawed; to draw an analogy, 'lets outlaw drills because they can be used to drill out lock cylinders and gain entry into people's houses!' Uhm. What's a 'computer hacking tool' anyway? Netcat? I'm using it right now to test ftp protocols by hand. nmap? I use it to check that I didn't miss any ports when locking down a box. Nessus? Satan? They'll tell you exactly where a machine is vulnerable. Your machine, somebody else's machine, how are they supposed to know? (Actually, with Nessus you already have to be inside the target to use it, though I'm sure it could be used as a codebase to start a dedicated cracking tool.) My point is, run a security 'auditor' in combination with a 'stealth' portscan and compile a handful of 'demonstration' exploits from securityfocus and you've got yourself a handy-dandy skr1pt k1ddy level cracking-kit built out of security admin tools. Never mind the prior restraint/free speech issues implied since code is text is speech, dammit.
'Illegal to do unauthorized access'... What's an unauthorized access? Pinging a machine? Reading a webpage meant for internal use but not secured? Attempting to log in as user 'ftp' on a non-public ftp server? Portscanning? What is a portscan? Does telnetting to ports 21, 23, 25, and 80 out of curiousity to see what they're running count as a 'portscan'? D'oh.
If you ask me, the only 'computer crime' law we need is to make it illegal to destroy or alter information on a computer that you don't have authorized access too, (where 'alter' does not include doing things that generate log entries, etc, etc, long list of exceptions to describe normal behaviour). Yeah, this means if someone cracks your computer without overwriting files or anything nasty like that (like, maybe they sniff your in-the-clear telnet or ftp password transmission...) that you can't do jack about it in court, but so what?
Everyone always wants to draw parallels to the real world: In the real world you don't arrest people for walking into the lobby; you don't arrest people for using the bathroom without buying anything even though it says 'customers only'; you don't arrest people for looking in through the window of a jewelry store or even rattling the cage over the windows. You -do- arrest people for spray painting on the walls of the bathroom or for throwing a brick through the window of the jewelry store and running off with a pocketful of diamonds. Where the access lines between 'use' and 'abuse' are is entirely too vague and if we're not careful the government(s) will write up a set of laws that making any new network protocol illegal - not by intent, but because they're politicians and lawyers, not engineers, and won't know the implications of what they're writing! (Presumably they have enough technical advisors to know the -explicit- meaning of what they're writing, but long term implications are another matter.)
Any-way. The article is very vague; maybe safeguards are being built in to prevent the worries I describe; maybe they aren't; maybe they're penciled in but maybe they'll get erased; keep an eye on it, anyway, because it is -not- 'mostly harmless'.
Yes, but, Athlon wins in the only benchmark that matters so who cares that they're (marginally) behind in the 'OfficeBench' and 'SysMark' tests? Besides, there -is- no comparably clocked PIII when weighed against the latest Athlon...
Anway, the Athlon is faster at the same CPU speed on some benchmarks, not others, but it's a close race either way there. Athlon is -still- (or 'again') the fastest PC processor out there because the 10% lead of 1.1GhZ vs. Intel's 'measly' 1.0GhZ is bigger than the the 2-5% differences in those benchmarks that AMD does lose on.
(Of course, personally, I'm looking at the price/performance ratios and the Thunderbird-850 for my next upgrade. I'll get a GhZ+ machine when my company agrees to buy one for my desktop at work or when the price comes down from the stratosphere.:))
An-yway, it's all shameless muscle-flexing, but I just wanted to point out that I don't think AMD was ever 'lying' in their advertising.
a) I think you should vote your conscience not 'strategically'; democracy works best if everyone votes their conscience and ignores the pundits and pollsters.
b) -If- you still insist on voting strategically, remember to vote strategically -within your district-... Presidential votes are not popular votes, but go through the electoral college; I'm told New York elects its delegates per-district; other states have a 'winner-takes-all' policy where -all- the electoral votes for a -state- go to one candidate. If you've got a per district policy in your state, you have a very good chance of electing a Nader in your district (depending on your districts voter makeup, of course, and the activities of your local green party... but it's just as doable as electing a state representative from a minor party.) If you've got a statewide electoral delegate policy, well - realistically, your state is going to go to one of the big two and chances are your state is not really even contested. ie, even if the popular polls are a dead-heat, on a state-by-state basis probably only 4 or 5 states will actually be 'contested' and the remainder will be 'givens' on election day.
c) Given b, Per-district representation is the most obvious way to break the stranglehold the Big 2 have on the presidential electoral process; campaign for per-district representatives if your state has a winner-takes-all rule! (Of course it won't happen -this- year, but hey.)
d) I have to go research my state's voting rules now, so there is no point d.;)
--Parity
Personally, I've never been able to find any serious evaluation of NT's rating anywhere on the web or in print. There is, of course, MS's marketing claims that 'NT is C2', period and end of statement, no details, no clarifications, no special configurations mentioned.
Then there's people sounding off on the 'net, who generally say, 'The guy who put together the NT 3.51 box to pass C2 certification had to do all kinds of things to make it even work, (including removing networking, tweaking the registry, removing this that and the other program), and then when he tried to publicize what he'd done Microsoft effectively murdered him by suing him here there and everywhere and bad-mouthing him so that he had high stress and was unemployed and so unable to afford medical care died of stress related illness'.
Okay. Whatever. I don't entirely believe that it took a year of intense configuration and ripping out the critical guts of NT to make it secure, and I also don't believe that every version of NT is C2 secure out of the box, which is what MS implies. The government, of course, only says, 'Only boxes are rated C2 secure, not OSes'. (Except they say it in bureaucratese...)
In other words, your 'Point of Information' is just one more bit of noise and there is no signal in sight.It's an unsubstantiated claim on a widely disputed and underdocumented issue.
I -am- running a relatively new TNT2 card, but Netscape was not having problems with it before; and I -do- have more memory now, -but- I've run memcheck86 on it several times enabling all tests and everything; nothing; perfectly good RAM - and, as I said, Mozilla runs flawlessly. That's for the Linux install.
For the Windows install... no way. -Only- the Big Two web browsers have this problem. Acrobat doesn't have it, Mozilla doesn't have it, nothing in Office has it, my development tools don't have it, my various graphical player things don't have it... and I've seen it on multiple platforms. Sure, maybe it'd all be fine with a standard VGA driver in 800x600-256colors, but if I have to cripple the box to make a piece of software work, I'm not going to use that software.
And again, Mozilla runs flawlessly. Well, almost; it has a habit of causing an exception after closing it, but, whatever. Doesn't affect my experience, just an extra button to click on close. (I don't use M17 Mozilla on Windows, though; M17 for windows is pretty flaky, I use the daily builds there because it's rapidly improving.)
The real reason for all of this is, dselect is a horrible thing and is going to go away; front ends to apt are going to replace it, so, nobody has been putting any effort into making dselect behave sanely because it's expected to die a well deserved-death any time now.
I think the console-apt is in unstable and there's maybe a gnome-apt too; I just use apt-get from the command line and haven't touched dselect in years. (Before apt, I just used dpkg; dselect was never worth it to me.)
How about apt-get source?
If you set up the sources lines in your apt.conf file, apt can get the sources, which are in a group of files so that you can have either debian sources or the 'upstream' sources, and depending on options you give it, it can automatically unpack, build, and install from source.
Of course, unless you have customized libraries, there's not much point to this; usually, I apt-get install the binaries, but I sometimes apt-get source if I want to tweak something or if I want to see how something works so I can write code to talk to it.
Also, debian is very good about leaving/usr/local alone, so you can install with apt-get all those things that you don't need source for (supposing you're a Gnome developer, you probably don't need sources for base libraries, development tools, e-mail clients, networks daemons, etc, but you might need sources for X, and you'll certainly need sources for many if not all of the gnome pieces... conversely, if you're developing some network daemon you don't need gnome sources but you might need sources network drivers, etc.)
Anyway, I find the seamless ability to switch between binary and source very convenient.
# apt-get install ssmtp
(verbiage that amounts to 'adding 1 package removing 1 package, ok?')
[Y/n] Y
(-much- verbiage that amounts to 'lessee, we have to take out sendmail to put in ssmtp, doing that, oh dear, all your mail-readers are broken for a moment, okay, installing ssmtp, there ya' go!)
# _
The same thing works for all those conflicting packages, assuming your apt configuration is up to
date.
If your favorite software is distributed in debs but doesn't have an apt-compliant hierarchy, encourage them to put up an apt-compliant hierarchy. (The only example I can think of this is the tdyc version of KDE, and that's going to get rolled into Debian proper, but I suppose there might be software out there that isn't in debian's tree, and if they pull non-free hosting there'll be -lots- of software that isn't in debian's tree.)
Finally, this is on-topic.:)
I've been using Mozilla as my primary browser for nearly a month now.
Under Windows: IE has a very bad habit of garbaging the display if you scroll up and down... so does Netscape for that matter. Mozilla is immune to this.(IE dislikes 'big' jumps in scrolling but is okay with little ones; Netscape dislikes incremental scrolling especially with the mouse-wheel but is okay with big ones; at least, in my experience.)
Under Linux: For some unknown reason that I really don't care to research, Netscape suddenly started giving me a Bus Error every time I try to start it. Mozilla runs flawlessly.
YMMV, but I'm liking Mozilla M17 and looking forward to Mozilla M18.
Okay, I'm not a lawyer here, but it seems to me that this could mean -any- filtering at all; which could mean (and I took to mean) something as simple as, 'this is a valid TCP/IP packet without source routing to a local host that has already opened a connection to the internet host within a reasonable time'; in otherwords, something exactly like Linux's IP Masquerading.
So, what, you can have NAT without violating the patent iff you don't sanity check incoming packets? Nobody's going to do that. If that's the only way to implement NAT without violating the patent, it's not going to happen - it's just not sane to let arbitrary packets into your intranet.
Now, if you're a big company... or even a medium company... you can just separate your packet-filtering firewall and your NAT router into separate physical devices and call it a 'configuration' and not a NAT with filtering at all, but for a homenet or a very small company, you may not be able to afford the space/electricity/hardware to have two devices where one would do.
In otherwords, it doesn't sound like NAT+firewall to me, it sounds like NAT implemented with some nod towards security.
Even if the patent doesn't describe the NAT rfc, and some particularly stupid NAT routers, it certainly describes a linux kernel with IP_MASQ and the the various ip_masq_* service modules.
Yes, -do- read the actual patent; in particular, claim 1. Translated,
'A method wherein: if someone on the intranet sends out a packet, we translate their address to one that the internet accepts, and remember who they are. If a packet comes back for that exact translated address, and we haven't timed out the connection yet, then pass it through to the appropriate intranet host.'
If that isn't a patent on 'NAT implemented as device consisting of software on a computer' I don't know what is.
Please remember that each -claim- stands on its own as separate invention, put together in one patent for convenience and relatedness, but Cisco is claiming claim 1 all by itself as an invention regardless of other complexities in the claims.
Real text for reference, but it's more readable on the database page:
1. A method for translating network addresses on packets destined for local hosts on a private network from hosts on an external network, the method comprising the following steps:
identifying a global IP destination address on an inbound packet arriving at the private network;
determining whether the global IP destination address corresponds to any local host on the private network by determining if a translation slot data structure exists for the global IP destination address, which translation slot associates the global IP destination address to a corresponding local IP address for a particular local host which has sent an outbound packet to an external network host on the external network within a defined time period;
if the inbound packet is found to be intended for the particular local host on the private network which has sent the outbound packet to the external network host within said defined time period, determining whether the inbound packet meets defined security criteria;
if the inbound packet meets said security criteria, replacing the inbound packet's global IP destination address with the corresponding local IP address for the particular local host to which the inbound packet was addressed; and
forwarding the inbound packet to the particular local host to which the inbound packet was addressed.
Uhm, no, technically you can't, and to be fair the original XOR-cursor patent was for blinking-block-cursors so that the letter under them would always be the inverse of the current cursor color. But, algorithms and mathematical formulas and scientific laws are 'natural' and are 'discovered' not 'invented' so you can't patent them. Technically.
But you can patent a device consisting of any computer running any software that -implements- the algorithm... d'oh.
Also you "can't" patent an idea that is 'obvious to someone versed in the art' according to the laws, but the patent office seems to interpret this as 'if it isn't obvious to -everyone- who has ever used a computer that in must be non-obvious to -someone- so it's patentable'... or something.
So, yes, in the end, you might as well be able to patent obvious algorithms, given the current interpretations, since the 'protections' are worked around with technicalities. But technically you can't. So you just have to say it differently. D'oh.
Anyway, the person you were replying to knows all this, s/he was being ironic.
Altivore is a neat concept, but it delivers a weak version of that functionality it does deliver (no packet reassembly, several ways that it could catch the wrong data), is poorly documented (Except for details of what it does wrong, in an attempt to argue that carnivore probably does the same thing) and I'm not entirely certain that that functionality it -does- claim to deliver works correctly.
I have been unable to do the headers-only-wiretapping sort of functionality, though I've gotten it to do the log-all-e-mail-coming-from-this-ip functionality.
OTOH, the source code is simple and pretty readable, and it's a really neat idea, so, basically, I encourage everyone who has a home net to download it, poke at it, play with it, patch it, improve it, and sneakily spy on all your own e-mails from your bedroom box to your living room box.;)
Fun toy, anyway, but it doesn't -really- compete with Carnivore - yet. It's more a proof-of-concept.
(It was, btw, posted to securityfocus several weeks back.)
You shouldn't be putting a freenet server -behind- a firewall anyway, it's a public server. The recommended architecture looks like (pretend the periods are spaces, slashdot breaks my nbsps.),
Gateway ...|
----------------------------- Exposed net ...|..............|.........|
Firewall ExposedServer1 ExposedServer2 ...|
----------------------------- Isolated net ...|.................|
PrivateServer PrivateWorkstation
Of course, for my home network my architecture is actually more like,
FireWall-Is-The-Gateway-And-Runs-the-Exposed-Servi ces
|
+- My Linux Box
|
+- My Housemate's Win95 Box
|
+- My Friend's Laptop
This will probably make security experts cringe, but hey, how many different PCs am I supposed to have running 24/7 to have a home 'net anyway?
--Parity
Alternatively, you could argue that it's libc that's flawed by making it so easy to create buffer overruns, as what's his name at http://cr.yp.to does, and so he uses instead a bunch of 'safe' functions to do 'String' functionality instead of using the unsafe libc str* functions.
Of course, lots of Unix people don't want to switch from C to C++ or Java where this kind of thing is the standard way of working, but a libsafeCarrays or something going into common usage would reduce this kind of thing drastically.
Though separating code and data pages is an elegant solution, though perhaps not a complete one. I'm not sure how many programs there are that have legitimate reason to modify executing code, but it's conceivable. I suppose we could just say that self-modifying code is too perverse an abberation to be permitted to live.
Read the docs. The author says yes, this is a possibility, but he has had zero complaints about it actually happening in the real world so far.
Also, portsentry is entirely configurable. You can drop attacking hosts into hosts.deny, or block them with ipchains, or block them with route reject, or not block them at all and just dump a message to/dev/lp0 so you have a hardcopy log of the attack. Whatever. It's up to you.
If you -are- using IPchains and you know what you're doing, you should be able to set it up so that port 80 -always- answers and is -always- exposed to the whole world. This means the attacker can still read your web pages, yes, but hopefully your web server is secure. (Okay, maybe it's the least-likely to be secure thing on your box, but then, an attacker that wants in through your webserver can go to some host that hasn't yet been portsentried and attack the webserver, being careful not to trigger portsentry this time... )
Also, maybe some people are using tcpd only and not ipchains at all; so the host is still 'live' to the 'net but the service ports get closed leaving only pinging and other ICMP packets up.
Do whatever you think is best for your box. There is -no- best practice for this, because heterogenity of implementation is key to preventing predictable DoS exploints by turning your own security against you.
Anyway, I don't care if my home box disappears from half the net for six hours until I can manually rework things when I'm sure it was a spoof - OTOH, if you're a major e-commerce site, yeah, you'd better make sure your portsentry isn't going to close off your http!
I dunno if this works or not, but you could try to compile on a x86 machine with a target of alpha. I don't have a lot of experience cross-compiling but it looks like it's as easy as putting -b alpha into CFLAGS... but I'm probably deluding myself with wishful thinking since I need to figure out how to cross-compile to arm soon.;o
Considering that the web/ftp-site is in Germany, well... yes, it is.;)
Remember many of KDE's developers are European, but, more to the point, 'Kandidat' follows the general predilection of the KDE project to name everything something that starts with a 'K' even if it's a misspelling (Konquerer) or just a 'K' stuck in front of a word in the tradition of 'xblah' (KOffice).
No, girls is equivalent to boys, guys is equivalent to gals.
It does, however, sound somewhat archaic (or at least retro, very 'fifties') to talk about 'the boys' going out to do something and boy in the singular is almost never used except in a derogatory manner or by gays.
An-yway, 'girls' is falling out of common usage the same as 'boys' already did and it wasn't what Cringely meant anyway.
Hrm. I'm not very good at doing YUV RGB conversions in my head so maybe I'm not seeing the picture here, but, it seems to me that if you reduce your information (by 1/4 or to 1/4? From 24->6 or 24->18? It seems like you were saying the former but that seems impossible... ) that, well, you're still losing information. Moving to a YUV description may make it easier to reduce only the 'least perceivable' part, but, sooner or later that YUV is going to convert back to RGB and is going to define only 2-to-the-power-of-bit-width different colors.
Hrmmmm. Well, I'll have to look into this more now, anyway.
I have to disagree with this... it just so happens that my kdm background displays a light b lue->dark blue gradient.
I regularly check whether I'm in 16 bit depth (for video games) or 32 bit depth (for general use, and remember that 32 is 24-with-speed-optimization not 32 bits of color differentiation) by whether or not I can see banding effects.
So, while the difference between adjacent colors in 24 bit color may seem indistinguishable, the next lower useful depth creates sharp distinctions. (Though one would thing that 'halving the colorspace' meant going from 24-bit to either 23-bit (though the meaning of that would be unclear) or 21 bit (7 bits for each of RGB) not all the way down to 16.
Anyway, the difference between 16bit and 24bit color is significant enough to me that I make sure to switch depths when switching between videogames (MythII and HereticII both work only in 16bit... ) and other activities.
For people who have actually read the article... it seems to me that what's going on here is that Google merged its database with Yahoo's, and naturally, everyone that uses Yahoo as a major resource will have links into Yahoo in their pages, and so Google's rankings have been shifted, not by 'conscious policy' but by a change in the contents of the database.
Yahoo's rise will stop when all the newly added directories have been fully spidered and statted and cross-ranked, and it'll probably fall as Google's database grows with non-Yahoo-database links being added.
Not that I have direct access to Google's database or algorithm, but, this seems more likely than a covert ranking-adjustment plan within Google.
First of all, I'm not reading most of this thread; the first three highest moderated posts - at this time - are jokes, and the fourth is pro-Christian.
Second, my real identity, etc, are not available to slashdot users just so I can be honest about questions like this in this forum. (Yes, this means I basically trust Rob &co. to not reveal my e-mail address. Sue me for not being entirely cynical. Oh, wait, you can't, you don't know who I am...;))
Anyway.
I am a Pagan, and have been, and I've been on the net since '85 (though at that time, only usenet and e-mail), using Linux since '94. I dabbled in mysticism and gnosticism before I came to the realization that Paganism was what I believed, what I'd -always- believed, and just been afraid to -do- it. (i.e., when I was told that the Pagan myths were just myths, and the Christian myths were 'religion' and that people didn't follow the pagan myths anymore, I kind of cut that off as an option for religion, even though I felt that's what I -should- be doing. 'But why? I wish people still believed that way, it feels more right...' I thought, but eventually put away with time & indoctrination.)
Anyway. I think the commonality is the same thing that is in common with all people in all alternative lifestyles - they can look at the world and say 'wait - that may be what everyone does, but it isn't -right-' and change the direction their going in. This takes some combination of intelligence, curiousity, and independent-mindedness.
Which is something for a lot of people in the geek community to think about. You have a lot in common with alternative religions, political activists, transsexuals, homosexuals, mystics, and hell, even politicians. (You think people go into politics for the money? Shyeah, right, you'd make more as an NT Admin and not spend it all on your next campaign. They do it because they think they can -change- things.)
Actually - there are gamma conversions somewhere between the equally spaced hex numbers (which have to be equally spaced, obviously, they're integer values) and the intensity displayed on your screen.
Unfortunately, this is not the same Gamma between platforms...
I believe there's actually a gamma conversion in your video card and then another gamma conversion in your monitor, and then on some monitors the 'contrast' knob actually adjusts the gamma, but on others it's really contrast... I'm kinda surprised, actually, that they managed to find -any- websafe colors -at all- given all the variables.
Anyway, in theory, PNG is supposed to solve all these problems (at least for images), by allowing a gamma value to be attached to the image so the appropriate adjustment can be made, but no web browsers are supporting the gamma-functions of PNG, or they weren't when O'Reilly's PNG book was written.
Slashdot Mirror
It says,
'The constitution, and laws made by the rules of the constitution, and treaties made by the USA, together make up the supreme law, and all judges are bound by it, no matter what the state laws and state constitutions of the individual states may say.'
Or in other words, the constitution + federal law + treaties are bigger and badder than state laws and state constitutions; it doesn't say where treaties are relative to the federal constitution... though since the only thing that gives treaties power is the constitution -saying- they have power, there's a certain implication there...
--Parity
'Laws' being proposed are,
... What's an unauthorized access? Pinging a machine? Reading a webpage meant for internal use but not secured? Attempting to log in as user 'ftp' on a non-public ftp server? Portscanning? What is a portscan? Does telnetting to ports 21, 23, 25, and 80 out of curiousity to see what they're running count as a 'portscan'? D'oh.
People with access to information must make all reasonable effort to provide it to the authorities. Ie, 'We need to see all your server logs because we think the cracker routed through your network' or 'We need your entire anonymous remailer database so we can do traffic analysis to determine which 17 accounts belong to the cracker'; With a warrant... without... ? Will it be a 'crime' to not turn over this information on request? (Well, not for long in the USA but who knows about other countries; the courts will make sure warrants and/or subpoenas are still required to coerce information, but it could take time if the law isn't written that way.)
'Cracker Tools' being outlawed; to draw an analogy, 'lets outlaw drills because they can be used to drill out lock cylinders and gain entry into people's houses!' Uhm. What's a 'computer hacking tool' anyway? Netcat? I'm using it right now to test ftp protocols by hand. nmap? I use it to check that I didn't miss any ports when locking down a box. Nessus? Satan? They'll tell you exactly where a machine is vulnerable. Your machine, somebody else's machine, how are they supposed to know? (Actually, with Nessus you already have to be inside the target to use it, though I'm sure it could be used as a codebase to start a dedicated cracking tool.) My point is, run a security 'auditor' in combination with a 'stealth' portscan and compile a handful of 'demonstration' exploits from securityfocus and you've got yourself a handy-dandy skr1pt k1ddy level cracking-kit built out of security admin tools. Never mind the prior restraint/free speech issues implied since code is text is speech, dammit.
'Illegal to do unauthorized access'
If you ask me, the only 'computer crime' law we need is to make it illegal to destroy or alter information on a computer that you don't have authorized access too, (where 'alter' does not include doing things that generate log entries, etc, etc, long list of exceptions to describe normal behaviour). Yeah, this means if someone cracks your computer without overwriting files or anything nasty like that (like, maybe they sniff your in-the-clear telnet or ftp password transmission...) that you can't do jack about it in court, but so what?
Everyone always wants to draw parallels to the real world: In the real world you don't arrest people for walking into the lobby; you don't arrest people for using the bathroom without buying anything even though it says 'customers only'; you don't arrest people for looking in through the window of a jewelry store or even rattling the cage over the windows. You -do- arrest people for spray painting on the walls of the bathroom or for throwing a brick through the window of the jewelry store and running off with a pocketful of diamonds. Where the access lines between 'use' and 'abuse' are is entirely too vague and if we're not careful the government(s) will write up a set of laws that making any new network protocol illegal - not by intent, but because they're politicians and lawyers, not engineers, and won't know the implications of what they're writing! (Presumably they have enough technical advisors to know the -explicit- meaning of what they're writing, but long term implications are another matter.)
Any-way. The article is very vague; maybe safeguards are being built in to prevent the worries I describe; maybe they aren't; maybe they're penciled in but maybe they'll get erased; keep an eye on it, anyway, because it is -not- 'mostly harmless'.
--Parity
Yes, but, Athlon wins in the only benchmark that matters so who cares that they're (marginally) behind in the 'OfficeBench' and 'SysMark' tests? Besides, there -is- no comparably clocked PIII when weighed against the latest Athlon... :))
Anway, the Athlon is faster at the same CPU speed on some benchmarks, not others, but it's a close race either way there. Athlon is -still- (or 'again') the fastest PC processor out there because the 10% lead of 1.1GhZ vs. Intel's 'measly' 1.0GhZ is bigger than the the 2-5% differences in those benchmarks that AMD does lose on.
(Of course, personally, I'm looking at the price/performance ratios and the Thunderbird-850 for my next upgrade. I'll get a GhZ+ machine when my company agrees to buy one for my desktop at work or when the price comes down from the stratosphere.
An-yway, it's all shameless muscle-flexing, but I just wanted to point out that I don't think AMD was ever 'lying' in their advertising.
--Parity
I've already had most of this debate in a thread under the voting poll, but, briefly -
... Presidential votes are not popular votes, but go through the electoral college; I'm told New York elects its delegates per-district; other states have a 'winner-takes-all' policy where -all- the electoral votes for a -state- go to one candidate. If you've got a per district policy in your state, you have a very good chance of electing a Nader in your district (depending on your districts voter makeup, of course, and the activities of your local green party... but it's just as doable as electing a state representative from a minor party.) If you've got a statewide electoral delegate policy, well - realistically, your state is going to go to one of the big two and chances are your state is not really even contested. ie, even if the popular polls are a dead-heat, on a state-by-state basis probably only 4 or 5 states will actually be 'contested' and the remainder will be 'givens' on election day.
;)
a) I think you should vote your conscience not 'strategically'; democracy works best if everyone votes their conscience and ignores the pundits and pollsters.
b) -If- you still insist on voting strategically, remember to vote strategically -within your district-
c) Given b, Per-district representation is the most obvious way to break the stranglehold the Big 2 have on the presidential electoral process; campaign for per-district representatives if your state has a winner-takes-all rule! (Of course it won't happen -this- year, but hey.)
d) I have to go research my state's voting rules now, so there is no point d.
--Parity
POI: NT has a C2 rating *including* networking.
Personally, I've never been able to find any serious evaluation of NT's rating anywhere on the web or in print. There is, of course, MS's marketing claims that 'NT is C2', period and end of statement, no details, no clarifications, no special configurations mentioned.
Then there's people sounding off on the 'net, who generally say, 'The guy who put together the NT 3.51 box to pass C2 certification had to do all kinds of things to make it even work, (including removing networking, tweaking the registry, removing this that and the other program), and then when he tried to publicize what he'd done Microsoft effectively murdered him by suing him here there and everywhere and bad-mouthing him so that he had high stress and was unemployed and so unable to afford medical care died of stress related illness'.
Okay. Whatever. I don't entirely believe that it took a year of intense configuration and ripping out the critical guts of NT to make it secure, and I also don't believe that every version of NT is C2 secure out of the box, which is what MS implies. The government, of course, only says, 'Only boxes are rated C2 secure, not OSes'. (Except they say it in bureaucratese...)
In other words, your 'Point of Information' is just one more bit of noise and there is no signal in sight.It's an unsubstantiated claim on a widely disputed and underdocumented issue.
--Parity
I -am- running a relatively new TNT2 card, but Netscape was not having problems with it before; and I -do- have more memory now, -but- I've run memcheck86 on it several times enabling all tests and everything; nothing; perfectly good RAM - and, as I said, Mozilla runs flawlessly. That's for the Linux install.
For the Windows install... no way. -Only- the Big Two web browsers have this problem. Acrobat doesn't have it, Mozilla doesn't have it, nothing in Office has it, my development tools don't have it, my various graphical player things don't have it... and I've seen it on multiple platforms. Sure, maybe it'd all be fine with a standard VGA driver in 800x600-256colors, but if I have to cripple the box to make a piece of software work, I'm not going to use that software.
And again, Mozilla runs flawlessly. Well, almost; it has a habit of causing an exception after closing it, but, whatever. Doesn't affect my experience, just an extra button to click on close. (I don't use M17 Mozilla on Windows, though; M17 for windows is pretty flaky, I use the daily builds there because it's rapidly improving.)
--Parity
The real reason for all of this is, dselect is a horrible thing and is going to go away; front ends to apt are going to replace it, so, nobody has been putting any effort into making dselect behave sanely because it's expected to die a well deserved-death any time now.
I think the console-apt is in unstable and there's maybe a gnome-apt too; I just use apt-get from the command line and haven't touched dselect in years. (Before apt, I just used dpkg; dselect was never worth it to me.)
--Parity
How about apt-get source? /usr/local alone, so you can install with apt-get all those things that you don't need source for (supposing you're a Gnome developer, you probably don't need sources for base libraries, development tools, e-mail clients, networks daemons, etc, but you might need sources for X, and you'll certainly need sources for many if not all of the gnome pieces... conversely, if you're developing some network daemon you don't need gnome sources but you might need sources network drivers, etc.)
If you set up the sources lines in your apt.conf file, apt can get the sources, which are in a group of files so that you can have either debian sources or the 'upstream' sources, and depending on options you give it, it can automatically unpack, build, and install from source.
Of course, unless you have customized libraries, there's not much point to this; usually, I apt-get install the binaries, but I sometimes apt-get source if I want to tweak something or if I want to see how something works so I can write code to talk to it.
Also, debian is very good about leaving
Anyway, I find the seamless ability to switch between binary and source very convenient.
--Parity
# apt-get install ssmtp
(verbiage that amounts to 'adding 1 package removing 1 package, ok?')
[Y/n] Y
(-much- verbiage that amounts to 'lessee, we have to take out sendmail to put in ssmtp, doing that, oh dear, all your mail-readers are broken for a moment, okay, installing ssmtp, there ya' go!)
# _
The same thing works for all those conflicting packages, assuming your apt configuration is up to
date.
If your favorite software is distributed in debs but doesn't have an apt-compliant hierarchy, encourage them to put up an apt-compliant hierarchy. (The only example I can think of this is the tdyc version of KDE, and that's going to get rolled into Debian proper, but I suppose there might be software out there that isn't in debian's tree, and if they pull non-free hosting there'll be -lots- of software that isn't in debian's tree.)
--Parity
Finally, this is on-topic. :)
I've been using Mozilla as my primary browser for nearly a month now.
Under Windows: IE has a very bad habit of garbaging the display if you scroll up and down... so does Netscape for that matter. Mozilla is immune to this.(IE dislikes 'big' jumps in scrolling but is okay with little ones; Netscape dislikes incremental scrolling especially with the mouse-wheel but is okay with big ones; at least, in my experience.)
Under Linux: For some unknown reason that I really don't care to research, Netscape suddenly started giving me a Bus Error every time I try to start it. Mozilla runs flawlessly.
YMMV, but I'm liking Mozilla M17 and looking forward to Mozilla M18.
--Parity
Okay, I'm not a lawyer here, but it seems to me that this could mean -any- filtering at all; which could mean (and I took to mean) something as simple as, 'this is a valid TCP/IP packet without source routing to a local host that has already opened a connection to the internet host within a reasonable time'; in otherwords, something exactly like Linux's IP Masquerading.
So, what, you can have NAT without violating the patent iff you don't sanity check incoming packets? Nobody's going to do that. If that's the only way to implement NAT without violating the patent, it's not going to happen - it's just not sane to let arbitrary packets into your intranet.
Now, if you're a big company... or even a medium company... you can just separate your packet-filtering firewall and your NAT router into separate physical devices and call it a 'configuration' and not a NAT with filtering at all, but for a homenet or a very small company, you may not be able to afford the space/electricity/hardware to have two devices where one would do.
In otherwords, it doesn't sound like NAT+firewall to me, it sounds like NAT implemented with some nod towards security.
Even if the patent doesn't describe the NAT rfc, and some particularly stupid NAT routers, it certainly describes a linux kernel with IP_MASQ and the the various ip_masq_* service modules.
--Parity
Yes, -do- read the actual patent; in particular, claim 1. Translated,
'A method wherein: if someone on the intranet sends out a packet, we translate their address to one that the internet accepts, and remember who they are. If a packet comes back for that exact translated address, and we haven't timed out the connection yet, then pass it through to the appropriate intranet host.'
If that isn't a patent on 'NAT implemented as device consisting of software on a computer' I don't know what is.
Please remember that each -claim- stands on its own as separate invention, put together in one patent for convenience and relatedness, but Cisco is claiming claim 1 all by itself as an invention regardless of other complexities in the claims.
Real text for reference, but it's more readable on the database page:
1. A method for translating network addresses on packets destined for local hosts on a private network from hosts on an external network, the method comprising the following steps:
identifying a global IP destination address on an inbound packet arriving at the private network;
determining whether the global IP destination address corresponds to any local host on the private network by determining if a translation slot data structure exists for the global IP destination address, which translation slot associates the global IP destination address to a corresponding local IP address for a particular local host which has sent an outbound packet to an external network host on the external network within a defined time period;
if the inbound packet is found to be intended for the particular local host on the private network which has sent the outbound packet to the external network host within said defined time period, determining whether the inbound packet meets defined security criteria;
if the inbound packet meets said security criteria, replacing the inbound packet's global IP destination address with the corresponding local IP address for the particular local host to which the inbound packet was addressed; and
forwarding the inbound packet to the particular local host to which the inbound packet was addressed.
--Parity
Uhm, no, technically you can't, and to be fair the original XOR-cursor patent was for blinking-block-cursors so that the letter under them would always be the inverse of the current cursor color. But, algorithms and mathematical formulas and scientific laws are 'natural' and are 'discovered' not 'invented' so you can't patent them. Technically. ... or something.
But you can patent a device consisting of any computer running any software that -implements- the algorithm... d'oh.
Also you "can't" patent an idea that is 'obvious to someone versed in the art' according to the laws, but the patent office seems to interpret this as 'if it isn't obvious to -everyone- who has ever used a computer that in must be non-obvious to -someone- so it's patentable'
So, yes, in the end, you might as well be able to patent obvious algorithms, given the current interpretations, since the 'protections' are worked around with technicalities. But technically you can't. So you just have to say it differently. D'oh.
Anyway, the person you were replying to knows all this, s/he was being ironic.
--Parity
Altivore is a neat concept, but it delivers a weak version of that functionality it does deliver (no packet reassembly, several ways that it could catch the wrong data), is poorly documented (Except for details of what it does wrong, in an attempt to argue that carnivore probably does the same thing) and I'm not entirely certain that that functionality it -does- claim to deliver works correctly. ;)
I have been unable to do the headers-only-wiretapping sort of functionality, though I've gotten it to do the log-all-e-mail-coming-from-this-ip functionality.
OTOH, the source code is simple and pretty readable, and it's a really neat idea, so, basically, I encourage everyone who has a home net to download it, poke at it, play with it, patch it, improve it, and sneakily spy on all your own e-mails from your bedroom box to your living room box.
Fun toy, anyway, but it doesn't -really- compete with Carnivore - yet. It's more a proof-of-concept.
(It was, btw, posted to securityfocus several weeks back.)
--Parity
You shouldn't be putting a freenet server -behind- a firewall anyway, it's a public server. The recommended architecture looks like (pretend the periods are spaces, slashdot breaks my nbsps.),
...|
...|..............|.........|
...|
...|.................|
i ces
|
+- My Linux Box
|
+- My Housemate's Win95 Box
|
+- My Friend's Laptop
This will probably make security experts cringe, but hey, how many different PCs am I supposed to have running 24/7 to have a home 'net anyway?
Gateway
----------------------------- Exposed net
Firewall ExposedServer1 ExposedServer2
----------------------------- Isolated net
PrivateServer PrivateWorkstation
Of course, for my home network my architecture is actually more like,
FireWall-Is-The-Gateway-And-Runs-the-Exposed-Serv
--Parity
Alternatively, you could argue that it's libc that's flawed by making it so easy to create buffer overruns, as what's his name at http://cr.yp.to does, and so he uses instead a bunch of 'safe' functions to do 'String' functionality instead of using the unsafe libc str* functions.
Of course, lots of Unix people don't want to switch from C to C++ or Java where this kind of thing is the standard way of working, but a libsafeCarrays or something going into common usage would reduce this kind of thing drastically.
Though separating code and data pages is an elegant solution, though perhaps not a complete one. I'm not sure how many programs there are that have legitimate reason to modify executing code, but it's conceivable. I suppose we could just say that self-modifying code is too perverse an abberation to be permitted to live.
--Parity
Read the docs. The author says yes, this is a possibility, but he has had zero complaints about it actually happening in the real world so far.
/dev/lp0 so you have a hardcopy log of the attack. Whatever. It's up to you.
Also, portsentry is entirely configurable. You can drop attacking hosts into hosts.deny, or block them with ipchains, or block them with route reject, or not block them at all and just dump a message to
If you -are- using IPchains and you know what you're doing, you should be able to set it up so that port 80 -always- answers and is -always- exposed to the whole world. This means the attacker can still read your web pages, yes, but hopefully your web server is secure. (Okay, maybe it's the least-likely to be secure thing on your box, but then, an attacker that wants in through your webserver can go to some host that hasn't yet been portsentried and attack the webserver, being careful not to trigger portsentry this time... )
Also, maybe some people are using tcpd only and not ipchains at all; so the host is still 'live' to the 'net but the service ports get closed leaving only pinging and other ICMP packets up.
Do whatever you think is best for your box. There is -no- best practice for this, because heterogenity of implementation is key to preventing predictable DoS exploints by turning your own security against you.
Anyway, I don't care if my home box disappears from half the net for six hours until I can manually rework things when I'm sure it was a spoof - OTOH, if you're a major e-commerce site, yeah, you'd better make sure your portsentry isn't going to close off your http!
--Parity
I dunno if this works or not, but you could try to compile on a x86 machine with a target of alpha. I don't have a lot of experience cross-compiling but it looks like it's as easy as putting -b alpha into CFLAGS... but I'm probably deluding myself with wishful thinking since I need to figure out how to cross-compile to arm soon. ;o
--Parity
Considering that the web/ftp-site is in Germany, well... yes, it is. ;)
Remember many of KDE's developers are European, but, more to the point, 'Kandidat' follows the general predilection of the KDE project to name everything something that starts with a 'K' even if it's a misspelling (Konquerer) or just a 'K' stuck in front of a word in the tradition of 'xblah' (KOffice).
--Parity
No, girls is equivalent to boys, guys is equivalent to gals.
It does, however, sound somewhat archaic (or at least retro, very 'fifties') to talk about 'the boys' going out to do something and boy in the singular is almost never used except in a derogatory manner or by gays.
An-yway, 'girls' is falling out of common usage the same as 'boys' already did and it wasn't what Cringely meant anyway.
--Parity
Hrm. I'm not very good at doing YUV RGB conversions in my head so maybe I'm not seeing the picture here, but, it seems to me that if you reduce your information (by 1/4 or to 1/4? From 24->6 or 24->18? It seems like you were saying the former but that seems impossible... ) that, well, you're still losing information. Moving to a YUV description may make it easier to reduce only the 'least perceivable' part, but, sooner or later that YUV is going to convert back to RGB and is going to define only 2-to-the-power-of-bit-width different colors.
Hrmmmm. Well, I'll have to look into this more now, anyway.
--Parity
I have to disagree with this... it just so happens that my kdm background displays a light b lue->dark blue gradient.
I regularly check whether I'm in 16 bit depth (for video games) or 32 bit depth (for general use, and remember that 32 is 24-with-speed-optimization not 32 bits of color differentiation) by whether or not I can see banding effects.
So, while the difference between adjacent colors in 24 bit color may seem indistinguishable, the next lower useful depth creates sharp distinctions. (Though one would thing that 'halving the colorspace' meant going from 24-bit to either 23-bit (though the meaning of that would be unclear) or 21 bit (7 bits for each of RGB) not all the way down to 16.
Anyway, the difference between 16bit and 24bit color is significant enough to me that I make sure to switch depths when switching between videogames (MythII and HereticII both work only in 16bit... ) and other activities.
--Parity
For people who have actually read the article... it seems to me that what's going on here is that Google merged its database with Yahoo's, and naturally, everyone that uses Yahoo as a major resource will have links into Yahoo in their pages, and so Google's rankings have been shifted, not by 'conscious policy' but by a change in the contents of the database.
Yahoo's rise will stop when all the newly added directories have been fully spidered and statted and cross-ranked, and it'll probably fall as Google's database grows with non-Yahoo-database links being added.
Not that I have direct access to Google's database or algorithm, but, this seems more likely than a covert ranking-adjustment plan within Google.
--Parity
First of all, I'm not reading most of this thread; the first three highest moderated posts - at this time - are jokes, and the fourth is pro-Christian.
;))
Second, my real identity, etc, are not available to slashdot users just so I can be honest about questions like this in this forum. (Yes, this means I basically trust Rob &co. to not reveal my e-mail address. Sue me for not being entirely cynical. Oh, wait, you can't, you don't know who I am...
Anyway.
I am a Pagan, and have been, and I've been on the net since '85 (though at that time, only usenet and e-mail), using Linux since '94. I dabbled in mysticism and gnosticism before I came to the realization that Paganism was what I believed, what I'd -always- believed, and just been afraid to -do- it. (i.e., when I was told that the Pagan myths were just myths, and the Christian myths were 'religion' and that people didn't follow the pagan myths anymore, I kind of cut that off as an option for religion, even though I felt that's what I -should- be doing. 'But why? I wish people still believed that way, it feels more right...' I thought, but eventually put away with time & indoctrination.)
Anyway. I think the commonality is the same thing that is in common with all people in all alternative lifestyles - they can look at the world and say 'wait - that may be what everyone does, but it isn't -right-' and change the direction their going in. This takes some combination of intelligence, curiousity, and independent-mindedness.
Which is something for a lot of people in the geek community to think about. You have a lot in common with alternative religions, political activists, transsexuals, homosexuals, mystics, and hell, even politicians. (You think people go into politics for the money? Shyeah, right, you'd make more as an NT Admin and not spend it all on your next campaign. They do it because they think they can -change- things.)
Think about it.
--Parity
Actually - there are gamma conversions somewhere between the equally spaced hex numbers (which have to be equally spaced, obviously, they're integer values) and the intensity displayed on your screen.
Unfortunately, this is not the same Gamma between platforms...
I believe there's actually a gamma conversion in your video card and then another gamma conversion in your monitor, and then on some monitors the 'contrast' knob actually adjusts the gamma, but on others it's really contrast... I'm kinda surprised, actually, that they managed to find -any- websafe colors -at all- given all the variables.
Anyway, in theory, PNG is supposed to solve all these problems (at least for images), by allowing a gamma value to be attached to the image so the appropriate adjustment can be made, but no web browsers are supporting the gamma-functions of PNG, or they weren't when O'Reilly's PNG book was written.
--Parity