You gave DCOP as an example and the current thinking with the core is to try and replace DCOP with DBUS by KDE 4 (which I estimate at 18 months away)
Cool. I'm moving to the US for a year (in Australia at the moment) starting next Feburary, and I won't be doing as much coding in my day-to-day job (going to be partially working with integrating our product with tools built by other parts of the company, and partially the American training/support person for our tool), so I'll probably want another project to stop myself getting rusty. Have to see if I can pick up a small part of KDE which nobody else wants and get involved.
Actually I think the vocal minority wanted "consolidation".
The rest of us wanted healthy competition. I'd hate for corporate America to standardise Linux distributions like Microsoft have standardised the intel personal computer.
In the same way that the American Government has standardised on which side of the road you drive on, or what voltage and frequency to use?
There are some areas where standardisation is necessary. Copy-and-paste between apps and interprocess communication are things which need to be standardised, otherwise things just plain don't work.
It's all very good to have different guage railroads (Ok, we do in various parts of the world), but you need to have defined interfaces (in the railroad example, there are rail cars which have detatchable wheels, so you can lift them off with a crane and transfer them to wheels for a different line. No, really. I guess the equivalent in user interface space is having a translation engine between bonobo and dcop?? Ouch.
Maybe I'm just nervous because I hack on KDE.
I wish I had time. I'm running the KDE that came with Debian unstable, but am not particularly happy with it. I was running nightly builds from CVS (and I mean that I ran a script which did cvs update and then built the code - which took all night on my P4 laptop with 512 Mb memory).
Oh well - I submitted a couple of bug reports complete with a tracking of the exact piece of code where they existed and a patch which fixed it in my case. I am quite impressed with the quality of the code in the bits I've look at - and the QT interfaces look nice and clean. Still, what would I know - I haven't used C++ much since Uni - I'm a Perl monkey these days.
Re:debian is a truly great distribution...
on
Debian 3.0r2 Released
·
· Score: 2, Insightful
I don't understand why the software have to be old to be stable. Wine usualy gets better when aging, but I don't understand why this should apply to software, since the bug fixing usually is done by the developers, and they do it in the latest (or development) version.
It's not the age the matters, it's little things like making sure all the versions of dependencies work with each other - that everything has been compiled with exactly the same version of the compiler (including the compiler itself) and that there are no broken dependencies as software gets upgraded to a new version which breaks binary, or even source, compatibility for things which depend on it.
Bleeding edge software is great (I run Debian unstable with KDE from CVS) - but you run into problems with packages from different sources not yet upgraded to the latest and greatest APIs, not built with the latest compiler (sure having source based distros like Gentoo can help here - but only if the code compiles cleanly on the new compiler).
So don't sell $20 shared hosting accounts to anonymous individuals without requiring a large deposit.
Too right. While $20 shared hosting accounts are available without sufficient proof of ID and a mechanism for ensuring you pay a hell of a lot more than $20 if you abuse the TOS and spam, then spamming will continue to be a commercially viable proposition.
The easiest step in the chain for the victims of the spamming to address is those $20 shared hosting accounts. If it's not commercially viable for companies to offer them, they'll stop. At that point the spammers can't buy them any more, and they stop. We, the victims, win.
I'm sorry to those who have a business model which requires you to sell hosting for $20 and not confirm who you're selling to. Hang on a second, no I'm not. You're making money my expense as I clean up the crap spewed by your 'valued customers' - and I'm quite happy to make you value those customers a little less, thank_you_very_much.
Because many of them are in datacenters on hosting accounts that were purchased from reputable companies who didn't know they were selling to spammers, and DDoS'ing these poor hosting companies will likely put them out of business for nothing more than a simple mistake.
Those reputable companies might be a bit more careful in future to ensure that they aren't selling to spammers - by doing background checks, by educating their customers (for those spammers who don't actually realise it's a bad idea) and by being very public about kicking spammers when they're caught.
Provide a strong enough financial dis-incentive to host spammers and eventually spam friendly ISPs will dry up - but while there's profit to be made hosting spamers, then of course these "reputable companies" will 'accidentally' host them.
Ok, so it was a pathetic cheap attempt at humour - maybe I should have been a little more obvious.
I am actually quite interested in playing with the Hurd, when I can find the time.
And development only counts if/when it's actually usable - yes you need to the the work, but if the code never gets used then you're pissing in the wind. I hope this isn't the case with the Hurd. I've seen enough code built only to be superseded by something else and never actually get used.
it's these people - largely mafia types - the industry should be worried about (something like 1 in 3 cds is fake) rather than a student copying a cd
Some people, and even some organisations, are capable of being worried about more than one thing at once - and even as they try and deal with one situation, they also try and deal with others. The pirates are a known problem which doesn't change people's buying habits that much - Napster and Kazaa on the other hand are new for these companies - and they're right to be worried. With codecs improving and broadband access increasing, it's really not hard to obtain an even better selection than the big music stores have, and at a cheaper price.
In the past it was easy enough to copy from the radio - if you wanted to listen long enough and be taping all the time just in case the song you wanted came on. It was easy enough to copy a CD that a friend already had - but harder to search for anything and everything. There's also the matter of convenience - it used to be more convenient to go to a store and browse shelves of music than hunt around amongst your friends for the song you wanted. Even putting price aside, it's now easier to download off the net than to search in a store. Get a good enough codec at a high enough bitrate, and the stores have nothing to offer:
* not cheaper * not more convenient * not sufficiently higher quality
As for how - well, laws of course. They work well enough for other things - underground markets don't hurt the established providers anywhere near as much as legal and better alternatives.
Thanks for that. I'm assuming that price is US$, which would map fairly closely to AU$10/watt. You can shop around and get it cheaper of course, and I'm though I'm not being particularly accurate - it's still more in the order of $10 than $1, and certainly not close to $0.10.
And of course while it's nice to read marketing announcements, there's enough other vapourware on slashdot (SCO licences, Duke Nukem, Longhorn...) without needing possible future technologies (assuming someone with deep pockets and a vested interest in slowing adoption of solar power doesn't buy out the patents) to keep us dreaming.
I live in hope of seeing photovoltaic roofing tiles which clip together to form a full-roof-coverage solar panel at similar prices to today's roofing materials. Combine this with simple and robust grid-interactive inverters and you'd have a winning combination.
I'll have to admit I haven't studied the capability of power substations to deal with power flowing back in large enough quantities from houses on sunny days - not a big deal if a few people had these things, but if every house had a roof-mounted power generation system it would change the dynamics of the grid considerably. Billing/payment would get messy too - power companies are willing to be generous with their pricing for grid-interactive systems at the moment because they're good PR, but it's not good business to buy power back at the same rate as you're selling it when it's more than one or two special cases.
The "viable attempt" that Bronster mentioned not having seen would be some way to make tractors and delivery trucks run off of the sun.
Thankyou, yes. Other things like growing trees - I've seen the numbers for how long it takes to 'pay back' the initial carbon dioxide investment in plantation forestry, and it's not a pretty sight. Certainly not long enough for the pulp-rotations (as little as 8 years in some cases), let alone the nutrients that are stripped from the soil.
Still, when you don't see many companies with anything beyond a five year plan (hey, I can't talk - I didn't have anything that long term until my daughter came along - have to be a little more sensible now).
Maybe companies should be forced to have the equivalent of a child - something to force them to think longer term.
We already have replacements for oil. We don't use them because oil is CHEAP.
Of course it's cheap when the price-point of solar panels is $10/watt. Even then they pay for themselves in about 10 years at consumer price for power (note I'm talking Australian figures here, but I believe the US figures are not dissimilar).
Have a look at the names of the big solar suppliers. Solarex and BP - oh, except BP purchased Solarex a couple of years ago. I guess it's just BP Solar then. What else are BP known for? Gosh.
Either they're preparing a migration path from oil, or supressing solar to retain oil profits. As with most big companies, I imagine it's a bit of both.
And as you say - oil is cheap, especially if contries are not charging large royalties for removing a non-replaceable resource - but there's politics for you, and it's not a good idea to start charging too much for your oil when you don't have a squeaky-clean record, because it might be convenient not to have you around any more.
Um, so you're claiming that humanity is *less* wealthy than we were 100, 500, or 5000 years ago?
Um, no - the parent poster was claiming that the earth as a whole (or possibly the universe if you don't want to treat the earth as a closed system) is less wealthy than it was 100, 500, or 5000 years ago.
This is generally known by the catchy term 'entropy', or as the second law of thermodynamics, and isn't really in dispute.
What is in dispute, and what you and the parent poster seem to disagree upon, is whether the earth is a closed system - or whether the earth is being impoverished fast enough to have an impact on our ability to live on it.
You said: - There are also continuous influxes of new resources; for an example, go outside on a clear day and look up..
and it's true, there is new energy streaming in from the sun - but I haven't seen a viable attempt to actually use that energy now, rather than (as the parent poster aptly put it) burning our bank accounts in the form of fossil fuels deposited hundreds of thousands of years ago.
Burning those fossil fuels rather than living off our current intake is equivalent to spending from the savings account while not counting our sales to make sure that they're covering our costs. This is exactly what venture capitalists mean by 'burn rate'.
So - at the moment it is fair to say that all major economies are driven by the use of irreplacable (I think a fair definition in this context is that we can't replace them within 100 generations - and we can't. If we had the techonology to replace them we wouldn't need them any more, so we wouldn't bother) resources at this point in time.
I leave the floor open for a discussion of whether we'll develop alternatives before those resources are used up. There are promising initiatives in the area of alternative power sources (my area of expertise), but they're being slowed by the oil companies which seem to own all the patents (funny that: they have enough money to buy out whatever competition starts up) and are being held back so they don't compete too much with the bread-and-butter of these companies.
We see the same thing in other industries - good ideas being stalled or bought up and squashed by the big players who can't move fast enough to embrace the change - but who have enough money from their current business model to fight the change. I'm sure slashdot can think of plenty of examples of this - like **AA, *CO, ******oft.
Oh - and your last point, sure it's possible to improve production methods, but if it doesn't improve profits for those making a lot of money from the current method, you'll find it rather hard to institute those changes.
What if I sped up to try to avoid an accident, yet all the police see is that I was traveling at a much higher speed than the other person?
Funny, I generally find stopping to be a much more effective way of avoiding an accident. Speeding up, especially by all parties involved, makes things much more dangerous.
If you hit the back of a car, and you're going faster than the other car, then you certainly weren't speeding up to avoid an accident, you were speeding up to cause it. Sure if it was to avoid a worse accident (someone running red lights side-on to you), then you would say that in court - not say "But I was doing 50 officer, not 130". That's what these boxes catch you for - lying about your negligent behaviour, and I for one say it's a good thing.
I can borrow a book from a library, scan it and release it into the wild. Gosh.
For that matter, I can probably buy it from a bookstore, scan it, say it was a present for a friend, but I forgot the name and got the wrong book - and return it. Wow.
Sure you _can_ abuse it, but I don't imagine it would be hard for Amazon (assuming they _are_ working with OCR'd books rather than original work) to introduce 'spelling mistakes' into each copy they show on the web site, and then they'll know who's doing it.
Believe me - if this actually did become a real problem rather than a theoretical attack, you'd see poisoned data being introduced rather quickly.
When I was in third year, our Computer Science department got fucked over - such that it didn't even have the funding to buy a textbook we needed for the course - so the SciTech library didn't have a copy (we were merged with Engineering, who promptly used our funds to pay all their debts - bascially).
Another campus which did inter-library loans had a copy of the book, but it was on the non-transferrable list. What we _could_ do was request that one chapter (less than 1/10) of the book be photocopied for us.
The lecturer passed around a chapter listing of the book, and we each wrote our name next to a chapter. We then ordered those chapters separately, and if you needed a chapter, you would borrow it from the person who had a copy.
Worked reasonably well because we were split into only a few groups, and doing different tasks which required different chapters. Still - it was legal to copy a small section of the book under fair use, and so with a little extra work we avoided buying a copy.
So if I want to read an entire book for free via Amazon, all I have to do is make a script that automatically searches for a phrase extracted from the next page, wash, rinse, repeat?
First prize for forgetting/not reading that this is tied to your credit card, and that Spamazon (forgive maybe, forget no) limits you to a certain number of views total, and also a certain number _per_book_. Enough to stop you reading the whole thing (unless you're patient enough to do it over a whole year - but in that case, why not ask your local library for a copy repeatedly, and wait until they get it in).
How often do you think this actually happens? Generally, you're lucky if you can get people out to vote for Tweedledum or Tweedledee, asking them to do some work when they get there is going too far.
It doesn't matter if it's only 1% of people who are doing that - if they notice that the machine hasn't printed what they asked for, they'll kick up a stink. More than a couple of people do that and the whole system will be called into question.
It's the same basis on which lots of blind-signing trust systems are built - ask the person to produce 100 different 'secrets', and verify that a random 99 of them are correct, then sign the other without looking at it, because the chance that they correctly guessed which of the 100 you would sign is so low, and (with a high enough penalty) the cost of being caught too high...
Hmm, so I guess I am an idiot to follow up to someone who suggested that any sysadmin who "read the security lists in the morning" (with the implication that anyone who didn't do that was an incompentant moron) and suggest that an assumption of timezone is unreasonable.
*sigh* - I'd plonk you, but you're too much of a coward to back up your comments. Yes, people who assume the world is one timezone when it comes to patching are lusers, as are many ACs.
In addition, a fix was checked in within four hours. 14 hours later, exploit code was posted to SecurityFocus, in the afternoon. Any admin who checked the lsh mailing list in the morning would have seen the error and the fix, and been well ahead of the exploit.
#include <standard f&*(ing merkin who thinks the world is all merkia>
Which is also true of equipment to break RSA, bringing us full circle, and showing that the story description is a crock of shit, and that this isn't going to replace wire any time soon.
Observing the state of a photon would change it. This makes quantum encryption perfect for evesdropping situations. You will know if someone has seen your data. Also, you can't be sure of it's exact path. The thing about those pesky subatomics is that you can't know their exact position and path at the same time.
Pity anyone can install a sniffer on the router where's it's decoding the packets from one quantum cable and adding them to the next....fine if you can afford end-to-end links with everyone you want to communicate with of course, but not so good if you're switching along the way (as the parent you so cleverly responded to made quite clear, really)
The pam_smb module controls the NT authentication of Linux boxes, permiting them to connect to a windows network.
Um, yeah, whatever you say. It actually allows you to use windows machines for authentication rather than/etc/passwd, or ldap, or some other auth system.
The only time I've ever used it was when I wanted cross platform auth, so ran a samba server and had the linux boxes use that via pam_smb.
As for sendmail - well, vendors who ship wuftpd and sendmail are a major problem in the linux world - but a halfway competant admin can install a better tool and the problem goes away - not so easy for Microsoft RPC services.
Slashdot Mirror
You gave DCOP as an example and the current thinking with the core is to try and replace DCOP with DBUS by KDE 4 (which I estimate at 18 months away)
Cool. I'm moving to the US for a year (in Australia at the moment) starting next Feburary, and I won't be doing as much coding in my day-to-day job (going to be partially working with integrating our product with tools built by other parts of the company, and partially the American training/support person for our tool), so I'll probably want another project to stop myself getting rusty. Have to see if I can pick up a small part of KDE which nobody else wants and get involved.
Actually I think the vocal minority wanted "consolidation".
The rest of us wanted healthy competition. I'd hate for corporate America to standardise Linux distributions like Microsoft have standardised the intel personal computer.
In the same way that the American Government has standardised on which side of the road you drive on, or what voltage and frequency to use?
There are some areas where standardisation is necessary. Copy-and-paste between apps and interprocess communication are things which need to be standardised, otherwise things just plain don't work.
It's all very good to have different guage railroads (Ok, we do in various parts of the world), but you need to have defined interfaces (in the railroad example, there are rail cars which have detatchable wheels, so you can lift them off with a crane and transfer them to wheels for a different line. No, really. I guess the equivalent in user interface space is having a translation engine between bonobo and dcop?? Ouch.
Maybe I'm just nervous because I hack on KDE.
I wish I had time. I'm running the KDE that came with Debian unstable, but am not particularly happy with it. I was running nightly builds from CVS (and I mean that I ran a script which did cvs update and then built the code - which took all night on my P4 laptop with 512 Mb memory).
Oh well - I submitted a couple of bug reports complete with a tracking of the exact piece of code where they existed and a patch which fixed it in my case. I am quite impressed with the quality of the code in the bits I've look at - and the QT interfaces look nice and clean. Still, what would I know - I haven't used C++ much since Uni - I'm a Perl monkey these days.
I don't understand why the software have to be old to be stable. Wine usualy gets better when aging, but I don't understand why this should apply to software, since the bug fixing usually is done by the developers, and they do it in the latest (or development) version.
It's not the age the matters, it's little things like making sure all the versions of dependencies work with each other - that everything has been compiled with exactly the same version of the compiler (including the compiler itself) and that there are no broken dependencies as software gets upgraded to a new version which breaks binary, or even source, compatibility for things which depend on it.
Bleeding edge software is great (I run Debian unstable with KDE from CVS) - but you run into problems with packages from different sources not yet upgraded to the latest and greatest APIs, not built with the latest compiler (sure having source based distros like Gentoo can help here - but only if the code compiles cleanly on the new compiler).
Does that answer your question?
So don't sell $20 shared hosting accounts to anonymous individuals without requiring a large deposit.
Too right. While $20 shared hosting accounts are available without sufficient proof of ID and a mechanism for ensuring you pay a hell of a lot more than $20 if you abuse the TOS and spam, then spamming will continue to be a commercially viable proposition.
The easiest step in the chain for the victims of the spamming to address is those $20 shared hosting accounts. If it's not commercially viable for companies to offer them, they'll stop. At that point the spammers can't buy them any more, and they stop. We, the victims, win.
I'm sorry to those who have a business model which requires you to sell hosting for $20 and not confirm who you're selling to. Hang on a second, no I'm not. You're making money my expense as I clean up the crap spewed by your 'valued customers' - and I'm quite happy to make you value those customers a little less, thank_you_very_much.
Because many of them are in datacenters on hosting accounts that were purchased from reputable companies who didn't know they were selling to spammers, and DDoS'ing these poor hosting companies will likely put them out of business for nothing more than a simple mistake.
Those reputable companies might be a bit more careful in future to ensure that they aren't selling to spammers - by doing background checks, by educating their customers (for those spammers who don't actually realise it's a bad idea) and by being very public about kicking spammers when they're caught.
Provide a strong enough financial dis-incentive to host spammers and eventually spam friendly ISPs will dry up - but while there's profit to be made hosting spamers, then of course these "reputable companies" will 'accidentally' host them.
Ok, so it was a pathetic cheap attempt at humour - maybe I should have been a little more obvious.
I am actually quite interested in playing with the Hurd, when I can find the time.
And development only counts if/when it's actually usable - yes you need to the the work, but if the code never gets used then you're pissing in the wind. I hope this isn't the case with the Hurd. I've seen enough code built only to be superseded by something else and never actually get used.
C) The FSF is _not_ involved in any kernel development.
Um, what about HURD?
What about HURD? Vapourware doesn't count as kernel development.
it's these people - largely mafia types - the industry should be worried about (something like 1 in 3 cds is fake) rather than a student copying a cd
Some people, and even some organisations, are capable of being worried about more than one thing at once - and even as they try and deal with one situation, they also try and deal with others. The pirates are a known problem which doesn't change people's buying habits that much - Napster and Kazaa on the other hand are new for these companies - and they're right to be worried. With codecs improving and broadband access increasing, it's really not hard to obtain an even better selection than the big music stores have, and at a cheaper price.
In the past it was easy enough to copy from the radio - if you wanted to listen long enough and be taping all the time just in case the song you wanted came on. It was easy enough to copy a CD that a friend already had - but harder to search for anything and everything. There's also the matter of convenience - it used to be more convenient to go to a store and browse shelves of music than hunt around amongst your friends for the song you wanted. Even putting price aside, it's now easier to download off the net than to search in a store. Get a good enough codec at a high enough bitrate, and the stores have nothing to offer:
* not cheaper
* not more convenient
* not sufficiently higher quality
As for how - well, laws of course. They work well enough for other things - underground markets don't hurt the established providers anywhere near as much as legal and better alternatives.
Thanks for that. I'm assuming that price is US$, which would map fairly closely to AU$10/watt. You can shop around and get it cheaper of course, and I'm though I'm not being particularly accurate - it's still more in the order of $10 than $1, and certainly not close to $0.10.
And of course while it's nice to read marketing announcements, there's enough other vapourware on slashdot (SCO licences, Duke Nukem, Longhorn...) without needing possible future technologies (assuming someone with deep pockets and a vested interest in slowing adoption of solar power doesn't buy out the patents) to keep us dreaming.
I live in hope of seeing photovoltaic roofing tiles which clip together to form a full-roof-coverage solar panel at similar prices to today's roofing materials. Combine this with simple and robust grid-interactive inverters and you'd have a winning combination.
I'll have to admit I haven't studied the capability of power substations to deal with power flowing back in large enough quantities from houses on sunny days - not a big deal if a few people had these things, but if every house had a roof-mounted power generation system it would change the dynamics of the grid considerably. Billing/payment would get messy too - power companies are willing to be generous with their pricing for grid-interactive systems at the moment because they're good PR, but it's not good business to buy power back at the same rate as you're selling it when it's more than one or two special cases.
The "viable attempt" that Bronster mentioned not having seen would be some way to make tractors and delivery trucks run off of the sun.
Thankyou, yes. Other things like growing trees - I've seen the numbers for how long it takes to 'pay back' the initial carbon dioxide investment in plantation forestry, and it's not a pretty sight. Certainly not long enough for the pulp-rotations (as little as 8 years in some cases), let alone the nutrients that are stripped from the soil.
Still, when you don't see many companies with anything beyond a five year plan (hey, I can't talk - I didn't have anything that long term until my daughter came along - have to be a little more sensible now).
Maybe companies should be forced to have the equivalent of a child - something to force them to think longer term.
We already have replacements for oil. We don't use them because oil is CHEAP.
Of course it's cheap when the price-point of solar panels is $10/watt. Even then they pay for themselves in about 10 years at consumer price for power (note I'm talking Australian figures here, but I believe the US figures are not dissimilar).
Have a look at the names of the big solar suppliers. Solarex and BP - oh, except BP purchased Solarex a couple of years ago. I guess it's just BP Solar then. What else are BP known for? Gosh.
Either they're preparing a migration path from oil, or supressing solar to retain oil profits. As with most big companies, I imagine it's a bit of both.
And as you say - oil is cheap, especially if contries are not charging large royalties for removing a non-replaceable resource - but there's politics for you, and it's not a good idea to start charging too much for your oil when you don't have a squeaky-clean record, because it might be convenient not to have you around any more.
Um, so you're claiming that humanity is *less* wealthy than we were 100, 500, or 5000 years ago?
Um, no - the parent poster was claiming that the earth as a whole (or possibly the universe if you don't want to treat the earth as a closed system) is less wealthy than it was 100, 500, or 5000 years ago.
This is generally known by the catchy term 'entropy', or as the second law of thermodynamics, and isn't really in dispute.
What is in dispute, and what you and the parent poster seem to disagree upon, is whether the earth is a closed system - or whether the earth is being impoverished fast enough to have an impact on our ability to live on it.
You said: - There are also continuous influxes of new resources; for an example, go outside on a clear day and look up..
and it's true, there is new energy streaming in from the sun - but I haven't seen a viable attempt to actually use that energy now, rather than (as the parent poster aptly put it) burning our bank accounts in the form of fossil fuels deposited hundreds of thousands of years ago.
Burning those fossil fuels rather than living off our current intake is equivalent to spending from the savings account while not counting our sales to make sure that they're covering our costs. This is exactly what venture capitalists mean by 'burn rate'.
So - at the moment it is fair to say that all major economies are driven by the use of irreplacable (I think a fair definition in this context is that we can't replace them within 100 generations - and we can't. If we had the techonology to replace them we wouldn't need them any more, so we wouldn't bother) resources at this point in time.
I leave the floor open for a discussion of whether we'll develop alternatives before those resources are used up. There are promising initiatives in the area of alternative power sources (my area of expertise), but they're being slowed by the oil companies which seem to own all the patents (funny that: they have enough money to buy out whatever competition starts up) and are being held back so they don't compete too much with the bread-and-butter of these companies.
We see the same thing in other industries - good ideas being stalled or bought up and squashed by the big players who can't move fast enough to embrace the change - but who have enough money from their current business model to fight the change. I'm sure slashdot can think of plenty of examples of this - like **AA, *CO, ******oft.
Oh - and your last point, sure it's possible to improve production methods, but if it doesn't improve profits for those making a lot of money from the current method, you'll find it rather hard to institute those changes.
What if I sped up to try to avoid an accident, yet all the police see is that I was traveling at a much higher speed than the other person?
Funny, I generally find stopping to be a much more effective way of avoiding an accident. Speeding up, especially by all parties involved, makes things much more dangerous.
If you hit the back of a car, and you're going faster than the other car, then you certainly weren't speeding up to avoid an accident, you were speeding up to cause it. Sure if it was to avoid a worse accident (someone running red lights side-on to you), then you would say that in court - not say "But I was doing 50 officer, not 130". That's what these boxes catch you for - lying about your negligent behaviour, and I for one say it's a good thing.
I can borrow a book from a library, scan it and release it into the wild. Gosh.
For that matter, I can probably buy it from a bookstore, scan it, say it was a present for a friend, but I forgot the name and got the wrong book - and return it. Wow.
Sure you _can_ abuse it, but I don't imagine it would be hard for Amazon (assuming they _are_ working with OCR'd books rather than original work) to introduce 'spelling mistakes' into each copy they show on the web site, and then they'll know who's doing it.
Believe me - if this actually did become a real problem rather than a theoretical attack, you'd see poisoned data being introduced rather quickly.
When I was in third year, our Computer Science department got fucked over - such that it didn't even have the funding to buy a textbook we needed for the course - so the SciTech library didn't have a copy (we were merged with Engineering, who promptly used our funds to pay all their debts - bascially).
Another campus which did inter-library loans had a copy of the book, but it was on the non-transferrable list. What we _could_ do was request that one chapter (less than 1/10) of the book be photocopied for us.
The lecturer passed around a chapter listing of the book, and we each wrote our name next to a
chapter. We then ordered those chapters separately, and if you needed a chapter, you would borrow it from the person who had a copy.
Worked reasonably well because we were split into only a few groups, and doing different tasks which required different chapters. Still - it was legal to copy a small section of the book under fair use, and so with a little extra work we avoided buying a copy.
So if I want to read an entire book for free via Amazon, all I have to do is make a script that automatically searches for a phrase extracted from the next page, wash, rinse, repeat?
First prize for forgetting/not reading that this is tied to your credit card, and that Spamazon (forgive maybe, forget no) limits you to a certain number of views total, and also a certain number _per_book_. Enough to stop you reading the whole thing (unless you're patient enough to do it over a whole year - but in that case, why not ask your local library for a copy repeatedly, and wait until they get it in).
3) Card is checked by user for accuracy
How often do you think this actually happens? Generally, you're lucky if you can get people out to vote for Tweedledum or Tweedledee, asking them to do some work when they get there is going too far.
It doesn't matter if it's only 1% of people who are doing that - if they notice that the machine hasn't printed what they asked for, they'll kick up a stink. More than a couple of people do that and the whole system will be called into question.
It's the same basis on which lots of blind-signing trust systems are built - ask the person to produce 100 different 'secrets', and verify that a random 99 of them are correct, then sign the other without looking at it, because the chance that they correctly guessed which of the 100 you would sign is so low, and (with a high enough penalty) the cost of being caught too high...
But it does conflict with ...and robust way that....
Guess it's too much to ask to even read the parent post these days.
Hmm, so I guess I am an idiot to follow up to someone who suggested that any sysadmin who "read the security lists in the morning" (with the implication that anyone who didn't do that was an incompentant moron) and suggest that an assumption of timezone is unreasonable.
*sigh* - I'd plonk you, but you're too much of a coward to back up your comments. Yes, people who assume the world is one timezone when it comes to patching are lusers, as are many ACs.
In addition, a fix was checked in within four hours. 14 hours later, exploit code was posted to SecurityFocus, in the afternoon. Any admin who checked the lsh mailing list in the morning would have seen the error and the fix, and been well ahead of the exploit.
#include <standard f&*(ing merkin who thinks the world is all merkia>
in the meantime they have the ability to
Read my entire message
Actually, they don't (yes, I've tested this by telnetting to the SMTP port).
They accept the envelope sender and receiver, then reject the DATA command.
Wow, that document was published 10 days ago. That's best practices for you.
Notice that they only address HTTP and SMTP in the guidelines. I guess there really aren't any other protocols worth speaking of.
(https maybe? Hmm - I wonder what happens there)
Which is also true of equipment to break RSA, bringing us full circle, and showing that the story description is a crock of shit, and that this isn't going to replace wire any time soon.
Observing the state of a photon would change it. This makes quantum encryption perfect for evesdropping situations. You will know if someone has seen your data. Also, you can't be sure of it's exact path. The thing about those pesky subatomics is that you can't know their exact position and path at the same time.
..fine if you can afford end-to-end links with everyone you want to communicate with of course, but not so good if you're switching along the way (as the parent you so cleverly responded to made quite clear, really)
Pity anyone can install a sniffer on the router where's it's decoding the packets from one quantum cable and adding them to the next..
The pam_smb module controls the NT authentication of Linux boxes, permiting them to connect to a windows network.
/etc/passwd, or ldap, or some other auth system.
Um, yeah, whatever you say. It actually allows you to use windows machines for authentication rather than
The only time I've ever used it was when I wanted cross platform auth, so ran a samba server and had the linux boxes use that via pam_smb.
As for sendmail - well, vendors who ship wuftpd and sendmail are a major problem in the linux world - but a halfway competant admin can install a better tool and the problem goes away - not so easy for Microsoft RPC services.