In theory, it would be great if only those that "deserve" to know about the problem are informed. But who decides? As a sysadmin, I certainly want to know. It could be argued that sysadmins *need* to know, with as much detail as possible. And once you tell all the sysadmins, well, you are basically telling the script kiddies. It is a prctical impossiblity to keep a secret among so many. It is extremely doubtfull than even if the select group included only, say, NFR, ISS and Cisco, the secret would remain one. And someone with a very good fix may be outside the appointed elite (remember having to patch htr again and again?). Aside from the fact that nothing is stopping a grey/black hat from discovering the hole independently. Heck, they could have known long before we did!
As for security through obscurity. It is *ALWAYS* a bad idea to rely for your security only on a secret. It is always a good idea to divulge as little as possible about your security measures. When we say that security through obscurity is bad, we don't necessarily mean that you should tell the world the exact implementation of encryption you use. We mean that you better be using real encryption and not a xor with a magic constant. (Apologies to we for including them;)
------------------------------------------------ This is a work of fiction. All the characters, events and opinions posted are fictional, and any resemblance to real people, incidents or opinions is purely coincidental
I have no doubt they scored a 100 in the hacker game. I'm not surprised that pretty much any site can be hacked. The point is, and any good security guy knows, securing a site is not about making it "unhackable". (Which I don't even think is possible). It is about risk management. If it costs more to secure against the attack than to recover, or it is unreasonable to assume that such firepower will come to bear on my site, the *proper* thing to do is leave it alone.
Apologies to the "good security guys (and gals!)" for the oversimplifications, and disclaimer, i'm not a particularly good security guy.
There is nothing wrong with P3P per se. It *could* increase privacy. There are (at least) two problems, however (IMO). And at least one is a biggie.
One risk is that it becomes a de facto standard. And I don't mean using P3P, I mean requiring full disclosure for access to every site. If one or two sites require more information than I want to give for me to have access, no sweat, I don't go there. If it becomes an accepted standard to require obscene amounts of information for any sort of site-- that *is* a problem, I can't surf. I like to think it is extremely unlikely. I fear that may be wishful thinking.
Another scary point is implementation. There is just too much trust involved and too big a risk of errors. An implementation error (and there will be, you can bet on it) could give all your personal information to everybody without even telling you...
I just hope they invest enough time and effort to make it robust enough to minimize the risk.
----------------------------------- This is a work of fiction. All the characters, events and opinions posted are fictional, and any resemblance to real people, incidents or opinions is purely coincidental
I will try not repeat the many good arguments posted previously in the thread.
You seem to be concerned that "the fittest" are no longer the only ones surviving (and more importantly, reproducing.) I disagree. Totally. Completely. Absolutely. By definition (of course, your definition may be different;) if you survive you belong to that mythical race of "the fittest". You survived, therefore you are fit to survive. Sure, that is no longer biased (at least in cities) to how good you are at hunting buffaloes with a spear. Because that is no longer a relevant description on "fittest".
On the other hand you seem concerned about the fact that more people are surviving than previously. How is that a bad thing? That is the point of evolution (sorta). To make organisms better able to survive, reproduce and expand. (On the pessimistic side, you just have to wait for a bit and Malthus will come around. Unless (maybe) we go to the stars...) Also, think information, think entropy, think rich, diverse gene pool.
Finally (and I guess I repeated more than I intended) think scale. Sure, we appear to not have evolved much in the last few hundred years. Pretty much nothing ever does in that puny timescale. And if you extend your definition of evolution to include more than physical characteristics of the individual (not proper biology, I know,) we *have* evolved to an amazing degree in an amazingly short time.
------------------------------------- The opinions posted do not reflect the opinions of my employer, myself, the poster or Mr. AC. The administration takes no responsability whatsoever for damages. Or anything else.
The millions that stole the copyrighted material from the web are already breaking the law. Most likely knowingly and willingly. How does making it "more" illegal to circumvent the copy protection add *any* protection to the copyright?
I'm not disagreeing with you, I just think that aside from being abused, the basic premise (or rather the part of it that we are talking about) does not seem to have much to recommend it.
------------------------------------- Remember- post early, post often.
Well, not many, but I have taught a few classes. I prefer small groups that allow me to interact personally with the students. I mostly did tutoring in university, for the same reason. When they came to the session allready having covered the subject, it didn't bother me at all. And if most people thought the effort, small or big, that I put into the class a "waste of time", surely the solution is not to ensure that they go to class wether they want to or not, wether they need to or not. Of course, if they don't know the material and don't show, they will fail. Punishment enough, in my book. My 0.02
If the content in the newsfeed is just a bland rehash of the course, no one is going to bother.
Put additional information, encourage the professors to write often, say an in-depth look at something they passed over quicly at class.
And special interest: I don't know what sort of stuff Chem Students find interesting, but find out and set up a parallel thread about music, anime, beer or whatever.
Of course, try to make it as simple as possible to actually use it, as well as relatively painless to learn it.
Isn't the point to learn the material rather than to keep a seat warm? If the student doesn't show, but learns his stuff and passes the test, congratulations!
Personally, I've always prefered a more self-guided approach to learning stuff (yes, in school and at work). I'm biased, of course, but I actually think you often learn better that way.
For my first experiments ripping my CDs I chose semi-randomly Suzanne Vega. I found that the quality *was* much better in 256 (it gave me chills, honest.) Then I went on to rip other music... and it sounded pretty much the same at 128 or 256. If it was fine-tuned to Vega, that clears one of the many little puzzles in my life.
Is it just me or did anybody else notice this last season having a lot of episodes with the feel of Millenium? I'm not complaining, although it does get me nostalgic.
I get the feeling Chris Carter misses the show and it is creeping into the X...
...Then again, maybe it is just because I really miss it.
That's the only point that had me worried. I am glad there is precedent for quoting full text. Given that, it can reasonably be argued that the whole text was required for meaningful discussion, especially since it is structures and interpretation. It would be fairly useless to have the description of structure X without the explanation of what the heck are its members, or the definition of substructure Y that it uses, or the definition of structure Z that is the proper response. Good thing it has very little fluff.
OTOH I don't really get the response letter. It is very "feel-good", but it seems more something we would write rather than something a lawyer would write. Go figure, maybe he is thinking so far ahead (MS: "Fine, it is fair use but it is still a trade secret- AHA!" ) we may miss the relevance.
It is a very nice idea, well presented, and interesting.
However, the only applications I can think of that would require this quality of random numbers (ignoring the shortfall) are cryptographic ones. And you certainly don't want to get your crypto numbers of the Internet. (Note- I *do* trust the guy, it's the principle of the thing. Plus, theres eavesdropping and I'm certain many other interesting caveats...)
Be happy tou are not using Lotus Notes. I dare anyone to find an app with a more wasted UI. I'm not a fan of Outlook (I'm pretty much an enemy;) but I read my Notes mail with LookOut- oops OutLook.
What I would *love* is a text based, no frills, MAPI/POP/NOTES/SMTP mail client. I hate Outlook and LotusNotes, but those are the servers at work. Pretty much any alternative is welcome, I hope Evolution lives up to my high expectations. I don't suppose anyone knows of a mail client with those features I could use?
Frankly, I'm a little worried. Sure, it's way cool to have a satellite on the Internet, but, come on, control it's position from the Internet? At least I hope they have some very good VPN and authentication set up (for when they do have control- I get the impression it wasn't set up for that yet, heres hoping it never does.) Security critical components should be on a private network. Sure, use TCP/IP, TCP/IP rocks, but if you are going to have remote control I for one would be far more relaxed if you were on a private network (the solar system intranet!).
Maybe I'm overreacting, but I can't help looking up to the sky, thinking of a script kiddy, and ducking under cover.
Not necesarilly- when the vidcard *needs* more power than your mainboard. If you use the machine for Office, mail and browsing, you don't need that much horsepower. If you use games (esp. Quake, Unreal, Half-Life, etc.) you need *a lot* of horsepower- mostly in graphics. I've got an old Pentium-S (No MMX!) 200 with a Voodoo 2 , and it runs Half-Life better than my brother's Pentium 3 with geegaws.
It says that Omega *aproximates* Omega0 exp(Bx), for large values of "squiggle" (psi? epsilon? My greek is rusted shut.)
So no, it is not necessarily a contradiction. Of course, it is not necessarily possible either, you would have to do the math to prove a function Omega could exist with that quality. It seems reasonable, though.
On the lack of math, it always bugs me also, although it is necessary: the paper would be more like a book with everything spelled out. Also it is an incredibly educating, entertaining (and frustating!) experience to fill in the missing parts. (I've done it on ocassion.)
Re:DeCSS & CPHack aren't illegal until October!
on
'Battling Censorware'
·
· Score: 1
To play devil's advocate (one of my favorite roles;) I would expect the opposing counsel to counter:
Since users require an external tool (made by those vicious hackers-child pornographers-credit card stealing-misguided geniuses ) to circumvent the access control, it *is* effective.
Anyway, the point isn't whether it was easy or difficult, the point is outlawing it takes away too many things. If that was our argument, they (yes, the mythical, mysterious, evil they) would just have to get a clue, implement stronger controls (arguable whether it is at all possible- for what is worth, I think it is) and we would be file-system-checked.
PS.- Sorry if I came on too trollish, I still haven't (and doubt I will) gotten adjusted to daylight savings time and am in a slightly altered state of consciousness.
I don't speak portuguese (only spanish and english) but I'm pretty sure that by ligaçao they meant link. How does one say link in portuguese anyway? In spanish I've seen "vinculo" and "ligua" used.
Mainframes are great in many ways, and have improved beyond recognition TCP/IP handling. And it is very tempting to have that many Linux boxes running. But what is the market? Those that already have a mainframe are likely to be conservative and, therefore, unlikely to get the insane glow in their eyes I get when they hear about Linux on the mainframe. At most I would expect them to put websphere or something on one or two Unix partitions. I think it would make sense for someone with an outrageous amount of capital (forget the hardware, think administration) that wanted to do big time hosting. How many of those can there be? Or am I missing some great big potential user base?
>IOS doesn't require constant upgrading. I've been installing routers for years, and some of those boxes
>have been running for that long without changing a thing. Set it and forget it.
Er... do upgrade them, please. At least if they are externally accesible. Functionally, I have no beef with older Cisco IOS. But securitywise, they *do* require upgrades. I'm paranoid, I work in security;)
Slashdot Mirror
No, this is not an old issue. The point is *not* that your employer/the CIA/X can read your email (scary though it may be).
The point is that JoeHacker(anyone) can modify your public key so that *he* can read your mail. Big diff.
In theory, it would be great if only those that "deserve" to know about the problem are informed. But who decides? As a sysadmin, I certainly want to know. It could be argued that sysadmins *need* to know, with as much detail as possible. And once you tell all the sysadmins, well, you are basically telling the script kiddies. It is a prctical impossiblity to keep a secret among so many. It is extremely doubtfull than even if the select group included only, say, NFR, ISS and Cisco, the secret would remain one. And someone with a very good fix may be outside the appointed elite (remember having to patch htr again and again?). Aside from the fact that nothing is stopping a grey/black hat from discovering the hole independently. Heck, they could have known long before we did!
;)
-
As for security through obscurity. It is *ALWAYS* a bad idea to rely for your security only on a secret. It is always a good idea to divulge as little as possible about your security measures. When we say that security through obscurity is bad, we don't necessarily mean that you should tell the world the exact implementation of encryption you use. We mean that you better be using real encryption and not a xor with a magic constant. (Apologies to we for including them
-----------------------------------------------
This is a work of fiction. All the characters, events and opinions posted are fictional, and any resemblance to real people, incidents or opinions is purely coincidental
I have no doubt they scored a 100 in the hacker game. I'm not surprised that pretty much any site can be hacked. The point is, and any good security guy knows, securing a site is not about making it "unhackable". (Which I don't even think is possible). It is about risk management. If it costs more to secure against the attack than to recover, or it is unreasonable to assume that such firepower will come to bear on my site, the *proper* thing to do is leave it alone.
Apologies to the "good security guys (and gals!)" for the oversimplifications, and disclaimer, i'm not a particularly good security guy.
Hear, hear, I second the motion.
He has already shown that he can fit in in the show.
There is nothing wrong with P3P per se. It *could* increase privacy. There are (at least) two problems, however (IMO). And at least one is a biggie.
One risk is that it becomes a de facto standard. And I don't mean using P3P, I mean requiring full disclosure for access to every site. If one or two sites require more information than I want to give for me to have access, no sweat, I don't go there. If it becomes an accepted standard to require obscene amounts of information for any sort of site-- that *is* a problem, I can't surf. I like to think it is extremely unlikely. I fear that may be wishful thinking.
Another scary point is implementation. There is just too much trust involved and too big a risk of errors. An implementation error (and there will be, you can bet on it) could give all your personal information to everybody without even telling you...
I just hope they invest enough time and effort to make it robust enough to minimize the risk.
-----------------------------------
This is a work of fiction. All the characters, events and opinions posted are fictional, and any resemblance to real people, incidents or opinions is purely coincidental
I will try not repeat the many good arguments posted previously in the thread.
;) if you survive you belong to that mythical race of "the fittest". You survived, therefore you are fit to survive. Sure, that is no longer biased (at least in cities) to how good you are at hunting buffaloes with a spear. Because that is no longer a relevant description on "fittest".
You seem to be concerned that "the fittest" are no longer the only ones surviving (and more importantly, reproducing.) I disagree. Totally. Completely. Absolutely. By definition (of course, your definition may be different
On the other hand you seem concerned about the fact that more people are surviving than previously. How is that a bad thing? That is the point of evolution (sorta). To make organisms better able to survive, reproduce and expand. (On the pessimistic side, you just have to wait for a bit and Malthus will come around. Unless (maybe) we go to the stars...) Also, think information, think entropy, think rich, diverse gene pool.
Finally (and I guess I repeated more than I intended) think scale. Sure, we appear to not have evolved much in the last few hundred years. Pretty much nothing ever does in that puny timescale. And if you extend your definition of evolution to include more than physical characteristics of the individual (not proper biology, I know,) we *have* evolved to an amazing degree in an amazingly short time.
-------------------------------------
The opinions posted do not reflect the opinions of my employer, myself, the poster or Mr. AC. The administration takes no responsability whatsoever for damages. Or anything else.
Fair enough, but...
The millions that stole the copyrighted material from the web are already breaking the law. Most likely knowingly and willingly. How does making it "more" illegal to circumvent the copy protection add *any* protection to the copyright?
I'm not disagreeing with you, I just think that aside from being abused, the basic premise (or rather the part of it that we are talking about) does not seem to have much to recommend it.
-------------------------------------
Remember- post early, post often.
That's what I don't get. I mean, I'm not the government (heck I ain't even an American) but why would they publicise it instead of hushing it up?
;)
Misinformation campaign? Letter on the tabletop? Leaks? Incompetence? Morality? (the public should know, Mr. President
Puzzling...
Well, not many, but I have taught a few classes. I prefer small groups that allow me to interact personally with the students. I mostly did tutoring in university, for the same reason. When they came to the session allready having covered the subject, it didn't bother me at all. And if most people thought the effort, small or big, that I put into the class a "waste of time", surely the solution is not to ensure that they go to class wether they want to or not, wether they need to or not. Of course, if they don't know the material and don't show, they will fail. Punishment enough, in my book. My 0.02
If the content in the newsfeed is just a bland rehash of the course, no one is going to bother.
Put additional information, encourage the professors to write often, say an in-depth look at something they passed over quicly at class.
And special interest: I don't know what sort of stuff Chem Students find interesting, but find out and set up a parallel thread about music, anime, beer or whatever.
Of course, try to make it as simple as possible to actually use it, as well as relatively painless to learn it.
What's the problem?
Isn't the point to learn the material rather than to keep a seat warm? If the student doesn't show, but learns his stuff and passes the test, congratulations!
Personally, I've always prefered a more self-guided approach to learning stuff (yes, in school and at work). I'm biased, of course, but I actually think you often learn better that way.
For my first experiments ripping my CDs I chose semi-randomly Suzanne Vega. I found that the quality *was* much better in 256 (it gave me chills, honest.) Then I went on to rip other music... and it sounded pretty much the same at 128 or 256. If it was fine-tuned to Vega, that clears one of the many little puzzles in my life.
I feel left out, I clicked on the link and didn't get a free troll. I even activated JScript! Does anybody know if it's been fixed?
Is it just me or did anybody else notice this last season having a lot of episodes with the feel of Millenium? I'm not complaining, although it does get me nostalgic.
I get the feeling Chris Carter misses the show and it is creeping into the X...
...Then again, maybe it is just because I really miss it.
That's the only point that had me worried. I am glad there is precedent for quoting full text. Given that, it can reasonably be argued that the whole text was required for meaningful discussion, especially since it is structures and interpretation. It would be fairly useless to have the description of structure X without the explanation of what the heck are its members, or the definition of substructure Y that it uses, or the definition of structure Z that is the proper response. Good thing it has very little fluff.
OTOH I don't really get the response letter. It is very "feel-good", but it seems more something we would write rather than something a lawyer would write. Go figure, maybe he is thinking so far ahead (MS: "Fine, it is fair use but it is still a trade secret- AHA!" ) we may miss the relevance.
(Of course, as always, as usual, IANAL)
It is a very nice idea, well presented, and interesting.
However, the only applications I can think of that would require this quality of random numbers (ignoring the shortfall) are cryptographic ones. And you certainly don't want to get your crypto numbers of the Internet. (Note- I *do* trust the guy, it's the principle of the thing. Plus, theres eavesdropping and I'm certain many other interesting caveats...)
Be happy tou are not using Lotus Notes. I dare anyone to find an app with a more wasted UI. I'm not a fan of Outlook (I'm pretty much an enemy;) but I read my Notes mail with LookOut- oops OutLook.
What I would *love* is a text based, no frills, MAPI/POP/NOTES/SMTP mail client. I hate Outlook and LotusNotes, but those are the servers at work. Pretty much any alternative is welcome, I hope Evolution lives up to my high expectations. I don't suppose anyone knows of a mail client with those features I could use?
Frankly, I'm a little worried. Sure, it's way cool to have a satellite on the Internet, but, come on, control it's position from the Internet? At least I hope they have some very good VPN and authentication set up (for when they do have control- I get the impression it wasn't set up for that yet, heres hoping it never does.)
Security critical components should be on a private network. Sure, use TCP/IP, TCP/IP rocks, but if you are going to have remote control I for one would be far more relaxed if you were on a private network (the solar system intranet!).
Maybe I'm overreacting, but I can't help looking up to the sky, thinking of a script kiddy, and ducking under cover.
Not necesarilly- when the vidcard *needs* more power than your mainboard. If you use the machine for Office, mail and browsing, you don't need that much horsepower. If you use games (esp. Quake, Unreal, Half-Life, etc.) you need *a lot* of horsepower- mostly in graphics. I've got an old Pentium-S (No MMX!) 200 with a Voodoo 2 , and it runs Half-Life better than my brother's Pentium 3 with geegaws.
So no, it is not necessarily a contradiction. Of course, it is not necessarily possible either, you would have to do the math to prove a function Omega could exist with that quality. It seems reasonable, though.
On the lack of math, it always bugs me also, although it is necessary: the paper would be more like a book with everything spelled out. Also it is an incredibly educating, entertaining (and frustating!) experience to fill in the missing parts. (I've done it on ocassion.)
Since users require an external tool (made by those vicious hackers-child pornographers-credit card stealing-misguided geniuses ) to circumvent the access control, it *is* effective.
Anyway, the point isn't whether it was easy or difficult, the point is outlawing it takes away too many things. If that was our argument, they (yes, the mythical, mysterious, evil they) would just have to get a clue, implement stronger controls (arguable whether it is at all possible- for what is worth, I think it is) and we would be file-system-checked.
PS.- Sorry if I came on too trollish, I still haven't (and doubt I will) gotten adjusted to daylight savings time and am in a slightly altered state of consciousness.
I don't speak portuguese (only spanish and english) but I'm pretty sure that by ligaçao they meant link. How does one say link in portuguese anyway? In spanish I've seen "vinculo" and "ligua" used.
Mainframes are great in many ways, and have improved beyond recognition TCP/IP handling. And it is very tempting to have that many Linux boxes running. But what is the market? Those that already have a mainframe are likely to be conservative and, therefore, unlikely to get the insane glow in their eyes I get when they hear about Linux on the mainframe. At most I would expect them to put websphere or something on one or two Unix partitions. I think it would make sense for someone with an outrageous amount of capital (forget the hardware, think administration) that wanted to do big time hosting. How many of those can there be? Or am I missing some great big potential user base?
>have been running for that long without changing a thing. Set it and forget it.
Er... do upgrade them, please. At least if they are externally accesible. Functionally, I have no beef with older Cisco IOS. But securitywise, they *do* require upgrades. I'm paranoid, I work in security ;)