Now that I've put all the flamebait in the title...
I'm quite impressed with KDE for general use, but damn is it slow to start and a little clunky to use. Even on a PIII/866 (current home box) with 512Mb memory, it's really not quick. There's also heaps of background tasks running providing 'services' to all those windows.
The end result is a slick user experience (once you're logged in), but also a more Windows feel - cutesy icons everywhere, preferences almost-all-in-one-place-but-don't-try-anything-tri cky. Widgets that just don't fit right if you resize or change your fonts (I blame this on bad coding - both in Windows Apps and in KDE Apps). A help system that looks nice, but pops up half off the screen if you're on an 800x600 laptop.
Enough about the off-topic stuff though, to Windowmaker.
I started using Windowmaker all of a couple of years ago (boo, hiss - before that amiwm a lot (reminded me of the Amiga, and was good over networked X sessions because it's so light weight - looked good on grey dumb-terminals too) - also twm and fvwm on VNC sessions, and on my Sony NWS-3410 which sort of worked, just, as an X terminal on good days.
Anyway, I've always been impressed with the simplicity of Windowmaker - dock apps have enough room to really show useful information (two wmbiff docks gives the 10 most commonly used mailboxes, mix in some fetchmail or isync and custom mutt command lines for each, and it's a one click mail solution). Back when I was using Linux as my primary desktop on the laptop, and Windows was just a VMware that got booted up for the occasional Word.doc, Windowmaker was a massive productivity boost over the others.
I still think that if I was using a Linux desktop for work rather than experimentation and games (ksame here I come!), Windowmaker would plain let me get more work done - KDE has too much kruft. With a desktop menu with 3 options:
rxvt
* exit
* save
- yep, that's it, and a docked netscape (now Opera or Mozilla) launcher, what more does one need? Not much for programming, mail (the wmbiffs above) and web. Any other tools can be launched from a handy shell quicker than navigating those menus. Sure it costs in time to learn, but it pays off bigtime in productivity, and the speed and simplicity of the WM means it's never in your way.
The improvement in Windowmaker I've enjoyed recently is that windows now automatically appear over blank bits of screen rather than over other windows. I really like that.
P.S - my config has everything in the top right corner, docks going down, minimised icons going across - 4 virtual screens (Main,Work,Net(Web),Personal) - Netscape/Opera auto-launches on Screen3, Email on Screen2 or Screen4 depending on Mailbox, rxvt's on current screen. All is happy.
Dude, you are like, so right. Actually, tech support is only a small part of my job - also includes Sysadmin, Devel, and recently pointy-haired-ness over my two shiny new assistants.
Hey, and I get paid rather well by today's standards or something - I'll even do Wind0ze for money - shit, I never said I wasn't a cheap whore (thought I let cheapslutsrus.com go now that I actually have a steady girlfriend rather than a bunch of messed up semi-relationships for my friends to laugh at) - note to self, keep away from married women, only brings trouble.
The only thing that I would add to that is also partitioning the CC-number space so that an attacker who breaks one key doesn't get all the numbers, just a subset. And easy way to do this is to generate a new GPG key (say once per day) on the secure private-keys machine, and copy across the public key only to the servers. These can then encrypt the CCno with the public key, and also store the key used in the same DB entry.
That plus a bit of salting so that two different customers using the same CC number (say Husband and Wife who share a CC) don't show up as the same, and all is happy.
The dangerous bit is still going to be personel issues and access control to the private key storage, though passphrases can be used here.
I guess the issue is that if your system is going to have to be able to decrypt the CC real-time, then you can't have most of the access controls that we're talking about here. A computer is going to have to take an incoming message and load the CCno into memory at some point.
HKEY_CURRENT_USER\Software\Microsoft\Windows\Cur re ntVersion\Exporer\User Shell Folders\Personal = "C:\My Documents\".
Doesn't look too hard to find to me. I also have a stupid Kodak App that appears to not use this default (though it may read it during install to set it's own current_dir).
I just had to VNC into my desktop machine at work for Word2000 (don't have Office installed at home - yay for not funding the M$ monopoly), but it was the work of seconds to find [Tools]->[Options]{[File Locations]}{Documents}.
Don't blame the software for your own laziness in finding out how it works.
I can see both advantages and disadvantages in having it always start in the same directory, but I think the advantages probably win for software like Word that may people of varying skill level have to use. I get enough *can't find my documents* tech support problems without having it default to a network share on a no-longer-present laptop that a geeky teenager came and f*&$ed over someone's setting with.
Don't tell me that geeky teenagers wouldn't do that and then rant at their luddite relatives who can't even work out how to change the directory, the lusers.
In any event, the My Computer, My Documents, can easily be renamed, if that is such a huge deal...
I take it you've never tried to tech-support people who've renamed their My Computer, My Documents, etc.
Especially not other people trying to use said computers with the 'clever' renamings.
Most especially not technical-iliterates who really can't handle the idea of thinking about the icons (don't even get me started on themed desktops with both new non-intuitive icons and non-intuitive names).
Very much especially when you're on a phone line and can't see the other screen.
VNC + VPN has become my friend for all still-functioning systems. (here, install software from the following Windows share. Set default password. Don't watch my drunken mouse movements over your modem while I fix the password in the registry. Ahh, all better now).
Does this explain why www.theregister.co.uk is returning NXDOMAIN?
I've certainly noticed problems resolving various places from.au recently, and put it down to holidays being had by people who usually boot broken kit.
Right now I am on a VPN connecting 3 machines: a NT box, my Linux box, and a Win98 box.
As the anonyous coward said a second ago (and nearly as rudely as I am about to) - which bit of VPN didn't you understand. My guess is the Virtual bit.
What you're talking about, (shall I quote the anonymous coward for a rude word to use here), is a NAT'ed Private Network - see that, PN - no V for Virtual anywhere there.
But it's also inherently flawed. [ more than 3 char extension ]
That's a very good point, and one I didn't think of that the time. I think (?) that they still map to some underlying 3 char extension in the 8.3 file format of MSDOS though.
Of course Win9x probably doesn't treat them as special without the full length extension - OK, so the experiment needs to deal with longer extensions, and suddenly we're in really-messy-big-area land. Doh!
What's registered also depends on what's installed - I would only test the default install, since M$ can claim anything else to be a security problem with the installed application (and probably rightly so).
If you'd read the link for more than a few seconds, you would have seen (apart from the dodgy 'look I'm a C coder' perl with hard coded array length and lots of double quotes in the definition) that the registry wasn't used for a reason.
* The registry may not document every piece of behaviour (i.e. there could be hard coded extention handling in the Explorer code itself.)
* By observing the behaviour of the system itself, directly at the level where it matters, you are guaranteed correct results.
I am very impressed with the research methodology presented in that link. Rather than trusting some documentation, the author actually went and recorded the behaviour of the system under real conditions. My hat is off (and my Redhat box is off the net, finally - but that's another story!)
Perhaps the best strategy is to sendt the document back to the sender, telling them to save it in the file format of your choice.
Perhaps the best solution is to live in the real world for a bit. Business involves compromises, and one of these is that you deal with the shit that paying customers dump on you (to a degree) or you don't get paid - file formats is only a part of this (ever dealt with changing specs, badly designed schemas and last minute reporting changes. I can tell you that telling your customers to f**k off until they fix their requirements is a great way to get fired by a company that doesn't want to go out of business because of Prima Donna numero Uno.)
That's going to be extremely difficult--even Word has problems with exact positioning between versions. The root cause is that the DOC file format was never meant for layout data, and most of the layout is dependant on how Word decides to format the content.
Oh, I absolutely agree - but it has to be close enough to the current version that KWord users can read files from M$Word in a way that covers most of the not-too-complex things, and write files in a format that M$Word can understand (doesn't have to be Doc - MSHTML would be fine too, so long as it's transparent to the Microsoftie).
Also, Excel (including graphs) needs to be supported, and Powerpoint presentations for the suits - luckily I don't have to deal with too much Powerpoint at the moment.
This is why if layout is important, people need to use a layout-centric file format like PDF...
Sure, that would be nice - it doesn't alter the fact that at the moment, most people are using M$Word, and any program that can't talk to M$Word in most cases I deal with isn't worth the effort - I have a job to get done, and I can't spend the time wandering up to the lone Windows NT server in the machine room (running some custom VB App which talks to a voice-phone-program of some sort - I ignore it except to restart it when the VB program crashes - it's not very well written unfortunately, but we don't have time to fix/replace it).
As I was saying - I don't have time to spend 20 minutes converting a file every time someone sends me something in a Microsoft format. Until KOffice can fill that gap, I have no choice but to continue working in with.doc (at least we have Spreadsheet::WriteExcel for non-graph reporting!)
I sincerely hope that KOffice (and other alternatives) severely push MS-Office from being dominant...
Compatability with other Office Suites is #1 in my point of view.
Especially file format (and even bug) compatibility *sigh*.
I receive far too many documents in M$ Word format for work, and there is no choice but to use Word on Windows if I want to see it as the sender intended. When you're dealing with layouts of forms that have been printed and are in the field, you need to have the exact same form in front of your for data entry system design - and in many other fields it's exactly the same.
To replace Word and Excel you really need something that can handle 99% of all files from those applications, and a way to deal with the others that doesn't leave people who've stored a lot of things in those formats out in the cold.
I feel it prudent to point out the the GPL itself is not under the GPL license. I.E. You may not make modifications to it at all, only verbatim copying.
The reason that the GPL is not under the GPL is because it's an interface between the GPL world[tm] and copyright law.
If you modify the GPL, it is no longer the GPL - and hence does not provide the interface it is designed to provide.
It's long been said that the worst thing about the GPL is that people think the GPL is an acceptable Open-Source license. As you've discovered for yourself, it's quite accurate to call the GPL a communistic virus.
What you haven't addressed (Mr evilviper I'm not flame-bait your bad moerdators) is the fact that many people believe that a communistic virus is a very acceptable Open-Source license. Anything else is allowing people to use your code without sharing your ideals.
I'm sure communism (note the same root word as community) is overused as a dirty word - communism in this case is being used to refer to a virus that forces you to release derivative works back to the community - not something that makes you move to Russia and become a Marxist.
For my throw away tag line. Name a Russian who's had to go to America (land of the free and brave) to be attacked by the local KGB equivalent and thrown in jail without a trial. Oh yeah, that communism sure is the only system that doesn't care about people.
Separation of firewall and application duties
on
Home Server Rooms?
·
· Score: 4, Insightful
Personally, I have ONE well-configured machine acting as the firewall, the router, and the file server. There would be a seperate machine providing external 'net service (HTTP) if I could think of any damn good reason I needed a web server at my house.
I personally have two machines - one being nothing but a firewall and router and the other being all those handy services that you need on a home network (file storage, DNS, web proxy, testing DB and web server, etc).
There are good reasons for this split of duties:
The firewall is running a minimal setup - no setuid binaries, no listening to arbitary ports (port 22 is the only open port, and even that is only opened on the internal interface), no wu-ftpd or whatever the latest insecure daemon is (oh yeah - no public BIND!!!).
I frequently mess with the config of my internal server, trying something different, upgrading to new versions of software. It's hard to keep a system secure under these changes. I very rarely touch the firewall box.
Attackers have to break two different machines (which should be running two different OSen, but I'm lazy, and LRP based firewall systems are easier than picobsd for what I want) to get access to anything. The router machine only has 16Mb of memory, and boots off a floppy - it's even going to be hard for the attacker to copy a binary in, with no wget or similar installed. If it gets broken, I just hit the reset button, and the write-protected floppy has the same config (which I guess I'd want to check anyway, for how they got in).
In summary - home networks needs 2 machines - one providing security, one providing services.
Not familliar with hashes? You can't do it quite like that because an MD5 hash is the same for any number of datasets. Trying to un-do a hash is pretty idiotic at that level.
So - most of those cracked datasets are going to be an invalid file for the format (which we can deduce from the 3 letter filename extention - usually.tmp or something depending on your email client's handling of temporary filenames;( ).
Any decoded files can then be checked (it's supposed to be a JPEG, does it look anything like a picture? Not it then.
Anything that passes all those filters can then be sold as art, there's gotta be some sucker out there willing to buy.
Meanwhile, I have a super fast computer which can crack MD5s into lots of art forms, and I would proceed to break into the FBI before getting shot in the head (but not before getting a blowjob from the yummy blonde (there's always one)).
"Security through obscurity is bad!" What other forms _are_ there? Passwords and encryption _is_ the same as obscurity.
Huh? You obviously thought long and hard about this one. Let me try to keep it simple.
* Security through passwords - there is something hard to guess which you and your computer know. If anyone else guesses this, they get access.
* Security through 'obscurity' with exploitable software - there is something which anyone can download which contains the information required to access your system without guesswork.
* Not telling someone when there's a hole that $BADGUY knows of a piece of software they're running (until the patch gets out),
IS LIKE
* not telling someone that you've discovered that $BADGUY knows their password (until you kill $BADGUY).
Seriously, if you know that someone's password is compromised, you tell them immediately so they can disable the account or change their password. If you know that someone's software is compromised, you tell them immediately so they can disable the server or change their software.
should match >99% of cc numbers. And a lot of other dross, but you can just pipe it into a mod10 checker
Putting the burden on me, the poor sap who wants to have my web pages indexed, to make sure that I don't accidently put any numbers on a web site that might be mis-interpreted as a credit card number (i.e. a tab or comma separated list of numbers would be likely to hit the above, especially if it was much longer than a CC number).
Not to mention the problem of recursive lookup on
a long number (the first 2000 digits of pi are 3.1415926535.......) - it would take an age to make sure there were no CC no's in that.
All together, it would cause 'innocent' pages to not be indexed, which is distinctly sub optimal.
The only thing at all newsworthy about this is that it's now being used to gather legal evidence. Tools like this have been around for years--now the government is just trying to make evidence gathered thereby admissible.
Woohoo, I think it's time to release 'hAx0r.framekit', the new virus SDK that can be used to install a keystroke generator that feeds 'fbi.keylogger' with targetted keystrokes.
You too can frame your bestest (ex-)friends with one easy download.
'hAx0r.keywordpack' with terrorist phrases and anti-American sentiments expansion pack now available.
djbdns is trying to make cash on people's misunderstanding - and especially goes against the "open source" thing
make cash? It's a free as in beer product, with elements of free speach (you may read the source) - you're only not free to distributed pre-built binaries of altered versions. It has worked quite successfully to maintain a canonical version of the software that _just_works_[tm], without the mess of different file locations.
On the other hand, I really object to/var - it was chosen as the location most likely to work on all the current vendors. Sure. My problem is that a good security move is to mark/var NOEXEC. This doesn't work so well with binaries being in there. So/usr shouldn't contain non-cross platform binaries?/usr/bin/run-djbdns could be a shell script that works out the OS version and launches the apropriate binary from/usr/share/djbdns/$OSVERSION/djbdns-server, or something. </rant>
1. people don't patch their servers because they don't stay on top of things.
2. most dns servers are not locked down properly (especially those of you using at&t's, worldcom's and other large telco's dns') against zone transfers which allow hackers to find out what you've got.
3. some software is designed in a more secure manner than other software, and hence is less likely to be vulnerable to specific attacks (think buffer overflows in BIND's case).
4. more complex software is more likely to have errors. I don't think running DNS on a Windows 95 server is safe, and I don't think running BIND is safe either.
I wish one of the other more BIND compatible alternatives was completed, but I'm seriously evaluating djbdns to replace BIND everywhere I use it (at the moment I only have on a test server), because I really don't think BIND has demonstrated a commitment to code quality.
I said it in an earlier post but this is bullshit, there isn't any less idea content in compiled code than source code
There isn't any less expressive content in a nuclear weapon than in the instructions to make a nuclear weapon - after all, anyone with a screwdriver can read the contents of a nuclear weapon and see how it's made.
Sorry, but the _primary_ purpose of a nuclear weapon is to blow shit up. The instructions for making a nuclear weapon on the other hand are expressive material which shows how interactions of an unstable nucleus and neutrons can be used to produce positive feedback and a massive explosion. Sure you can use it to make weapons of mass destruction, but it's also speech.
A nuclear weapon is not speach (except in the "do you feel lucky today, punk - eat this" sense), but blueprints for a weapon are.
All that matters is whether the DVDCCA could show evidence that Johansen agreed to and subsequently broke a legal contract.
IANAL, and IANA{Citizen of the US of A} either, but the DVDCCA also have to show evidence that it was lawful for Johansen to agree to that contract. If the law in Norway is that reverse engineering is lawful for interoperability, then any clauses in the click-wrap agreement are null and void, and hence Johansen can be considered to have not agreed to them, regardless of what the agreement actually says.
Especially if he purchased the software and specified the country in which he was purchasing at the time, I would argue that the company selling the software was implicitly accepting the changes to their click-wrap agreement that would match the laws in the jurisdiction to which they were selling.
Slashdot Mirror
Now that I've put all the flamebait in the title...
i cky. Widgets that just don't fit right if you resize or change your fonts (I blame this on bad coding - both in Windows Apps and in KDE Apps). A help system that looks nice, but pops up half off the screen if you're on an 800x600 laptop.
I'm quite impressed with KDE for general use, but damn is it slow to start and a little clunky to use. Even on a PIII/866 (current home box) with 512Mb memory, it's really not quick. There's also heaps of background tasks running providing 'services' to all those windows.
The end result is a slick user experience (once you're logged in), but also a more Windows feel - cutesy icons everywhere, preferences almost-all-in-one-place-but-don't-try-anything-tr
Enough about the off-topic stuff though, to Windowmaker.
I started using Windowmaker all of a couple of years ago (boo, hiss - before that amiwm a lot (reminded me of the Amiga, and was good over networked X sessions because it's so light weight - looked good on grey dumb-terminals too) - also twm and fvwm on VNC sessions, and on my Sony NWS-3410 which sort of worked, just, as an X terminal on good days.
Anyway, I've always been impressed with the simplicity of Windowmaker - dock apps have enough room to really show useful information (two wmbiff docks gives the 10 most commonly used mailboxes, mix in some fetchmail or isync and custom mutt command lines for each, and it's a one click mail solution). Back when I was using Linux as my primary desktop on the laptop, and Windows was just a VMware that got booted up for the occasional Word.doc, Windowmaker was a massive productivity boost over the others.
I still think that if I was using a Linux desktop for work rather than experimentation and games (ksame here I come!), Windowmaker would plain let me get more work done - KDE has too much kruft. With a desktop menu with 3 options:
rxvt
* exit
* save
- yep, that's it, and a docked netscape (now Opera or Mozilla) launcher, what more does one need? Not much for programming, mail (the wmbiffs above) and web. Any other tools can be launched from a handy shell quicker than navigating those menus. Sure it costs in time to learn, but it pays off bigtime in productivity, and the speed and simplicity of the WM means it's never in your way.
The improvement in Windowmaker I've enjoyed recently is that windows now automatically appear over blank bits of screen rather than over other windows. I really like that.
P.S - my config has everything in the top right corner, docks going down, minimised icons going across - 4 virtual screens (Main,Work,Net(Web),Personal) - Netscape/Opera auto-launches on Screen3, Email on Screen2 or Screen4 depending on Mailbox, rxvt's on current screen. All is happy.
Some of us have real jobs man...
Dude, you are like, so right. Actually, tech support is only a small part of my job - also includes Sysadmin, Devel, and recently pointy-haired-ness over my two shiny new assistants.
Hey, and I get paid rather well by today's standards or something - I'll even do Wind0ze for money - shit, I never said I wasn't a cheap whore (thought I let cheapslutsrus.com go now that I actually have a steady girlfriend rather than a bunch of messed up semi-relationships for my friends to laugh at) - note to self, keep away from married women, only brings trouble.
Ouch - bound to get Vickified or something now.
webtechniques.com article on using GPG
The only thing that I would add to that is also partitioning the CC-number space so that an attacker who breaks one key doesn't get all the numbers, just a subset. And easy way to do this is to generate a new GPG key (say once per day) on the secure private-keys machine, and copy across the public key only to the servers. These can then encrypt the CCno with the public key, and also store the key used in the same DB entry.
That plus a bit of salting so that two different customers using the same CC number (say Husband and Wife who share a CC) don't show up as the same, and all is happy.
The dangerous bit is still going to be personel issues and access control to the private key storage, though passphrases can be used here.
I guess the issue is that if your system is going to have to be able to decrypt the CC real-time, then you can't have most of the access controls that we're talking about here. A computer is going to have to take an incoming message and load the CCno into memory at some point.
Reg is at 213.40.196.64 if you're desperate :-)
Seems they haven't noticed yet either - I wonder if there's anything listening for mail on that IP. Guess not, no reply on port 25.
Anyone know how to tell them what's happening? Do they own any other domains?
Start->Run
r re ntVersion\Exporer\User Shell Folders\Personal = "C:\My Documents\".
regedit
Edit->Find
My Documents
F3 a few times
HKEY_CURRENT_USER\Software\Microsoft\Windows\Cu
Doesn't look too hard to find to me. I also have a stupid Kodak App that appears to not use this default (though it may read it during install to set it's own current_dir).
I just had to VNC into my desktop machine at work for Word2000 (don't have Office installed at home - yay for not funding the M$ monopoly), but it was the work of seconds to find [Tools]->[Options]{[File Locations]}{Documents}.
Don't blame the software for your own laziness in finding out how it works.
I can see both advantages and disadvantages in having it always start in the same directory, but I think the advantages probably win for software like Word that may people of varying skill level have to use. I get enough *can't find my documents* tech support problems without having it default to a network share on a no-longer-present laptop that a geeky teenager came and f*&$ed over someone's setting with.
Don't tell me that geeky teenagers wouldn't do that and then rant at their luddite relatives who can't even work out how to change the directory, the lusers.
In any event, the My Computer, My Documents, can easily be renamed, if that is such a huge deal...
I take it you've never tried to tech-support people who've renamed their My Computer, My Documents, etc.
Especially not other people trying to use said computers with the 'clever' renamings.
Most especially not technical-iliterates who really can't handle the idea of thinking about the icons (don't even get me started on themed desktops with both new non-intuitive icons and non-intuitive names).
Very much especially when you're on a phone line and can't see the other screen.
VNC + VPN has become my friend for all still-functioning systems. (here, install software from the following Windows share. Set default password. Don't watch my drunken mouse movements over your modem while I fix the password in the registry. Ahh, all better now).
Does this explain why www.theregister.co.uk is returning NXDOMAIN?
.au recently, and put it down to holidays being had by people who usually boot broken kit.
I've certainly noticed problems resolving various places from
Right now I am on a VPN connecting 3 machines: a NT box, my Linux box, and a Win98 box.
As the anonyous coward said a second ago (and nearly as rudely as I am about to) - which bit of VPN didn't you understand. My guess is the Virtual bit.
What you're talking about, (shall I quote the anonymous coward for a rude word to use here), is a NAT'ed Private Network - see that, PN - no V for Virtual anywhere there.
Thankyou.
this is VPN software, as this also claims to be, though it's not very good.
But it's also inherently flawed. [ more than 3 char extension ]
That's a very good point, and one I didn't think of that the time. I think (?) that they still map to some underlying 3 char extension in the 8.3 file format of MSDOS though.
Of course Win9x probably doesn't treat them as special without the full length extension - OK, so the experiment needs to deal with longer extensions, and suddenly we're in really-messy-big-area land. Doh!
What's registered also depends on what's installed - I would only test the default install, since M$ can claim anything else to be a security problem with the installed application (and probably rightly so).
Are the people I converse with in email just cooler/smarter than everyone else At the risk of stroking the collective /. ego, yeah, they are.
Most of them I get are from spammers (I presume) who have collected one of my email addresses in their database. Really pathetic that is, I tell you.
What a maroon. Brute force it???
All this crap is nicely in the registry.
If you'd read the link for more than a few seconds, you would have seen (apart from the dodgy 'look I'm a C coder' perl with hard coded array length and lots of double quotes in the definition) that the registry wasn't used for a reason.
* The registry may not document every piece of behaviour (i.e. there could be hard coded extention handling in the Explorer code itself.)
* By observing the behaviour of the system itself, directly at the level where it matters, you are guaranteed correct results.
I am very impressed with the research methodology presented in that link. Rather than trusting some documentation, the author actually went and recorded the behaviour of the system under real conditions. My hat is off (and my Redhat box is off the net, finally - but that's another story!)
Perhaps the best strategy is to sendt the document back to the sender, telling them to save it in the file format of your choice.
Perhaps the best solution is to live in the real world for a bit. Business involves compromises, and one of these is that you deal with the shit that paying customers dump on you (to a degree) or you don't get paid - file formats is only a part of this (ever dealt with changing specs, badly designed schemas and last minute reporting changes. I can tell you that telling your customers to f**k off until they fix their requirements is a great way to get fired by a company that doesn't want to go out of business because of Prima Donna numero Uno.)
That's going to be extremely difficult--even Word has problems with exact positioning between versions. The root cause is that the DOC file format was never meant for layout data, and most of the layout is dependant on how Word decides to format the content.
.doc (at least we have Spreadsheet::WriteExcel for non-graph reporting!)
Oh, I absolutely agree - but it has to be close enough to the current version that KWord users can read files from M$Word in a way that covers most of the not-too-complex things, and write files in a format that M$Word can understand (doesn't have to be Doc - MSHTML would be fine too, so long as it's transparent to the Microsoftie).
Also, Excel (including graphs) needs to be supported, and Powerpoint presentations for the suits - luckily I don't have to deal with too much Powerpoint at the moment.
This is why if layout is important, people need to use a layout-centric file format like PDF...
Sure, that would be nice - it doesn't alter the fact that at the moment, most people are using M$Word, and any program that can't talk to M$Word in most cases I deal with isn't worth the effort - I have a job to get done, and I can't spend the time wandering up to the lone Windows NT server in the machine room (running some custom VB App which talks to a voice-phone-program of some sort - I ignore it except to restart it when the VB program crashes - it's not very well written unfortunately, but we don't have time to fix/replace it).
As I was saying - I don't have time to spend 20 minutes converting a file every time someone sends me something in a Microsoft format. Until KOffice can fill that gap, I have no choice but to continue working in with
I sincerely hope that KOffice (and other alternatives) severely push MS-Office from being dominant...
Compatability with other Office Suites is #1 in my point of view.
Especially file format (and even bug) compatibility *sigh*.
I receive far too many documents in M$ Word format for work, and there is no choice but to use Word on Windows if I want to see it as the sender intended. When you're dealing with layouts of forms that have been printed and are in the field, you need to have the exact same form in front of your for data entry system design - and in many other fields it's exactly the same.
To replace Word and Excel you really need something that can handle 99% of all files from those applications, and a way to deal with the others that doesn't leave people who've stored a lot of things in those formats out in the cold.
I feel it prudent to point out the the GPL itself is not under the GPL license. I.E. You may not make modifications to it at all, only verbatim copying.
The reason that the GPL is not under the GPL is because it's an interface between the GPL world[tm] and copyright law.
If you modify the GPL, it is no longer the GPL - and hence does not provide the interface it is designed to provide.
It's long been said that the worst thing about the GPL is that people think the GPL is an acceptable Open-Source license. As you've discovered for yourself, it's quite accurate to call the GPL a communistic virus.
What you haven't addressed (Mr evilviper I'm not flame-bait your bad moerdators) is the fact that many people believe that a communistic virus is a very acceptable Open-Source license. Anything else is allowing people to use your code without sharing your ideals.
I'm sure communism (note the same root word as community) is overused as a dirty word - communism in this case is being used to refer to a virus that forces you to release derivative works back to the community - not something that makes you move to Russia and become a Marxist.
For my throw away tag line. Name a Russian who's had to go to America (land of the free and brave) to be attacked by the local KGB equivalent and thrown in jail without a trial. Oh yeah, that communism sure is the only system that doesn't care about people.
I personally have two machines - one being nothing but a firewall and router and the other being all those handy services that you need on a home network (file storage, DNS, web proxy, testing DB and web server, etc).
There are good reasons for this split of duties:
In summary - home networks needs 2 machines - one providing security, one providing services.
Not familliar with hashes? You can't do it quite like that because an MD5 hash is the same for any number of datasets. Trying to un-do a hash is pretty idiotic at that level.
.tmp or something depending on your email client's handling of temporary filenames ;( ).
So - most of those cracked datasets are going to be an invalid file for the format (which we can deduce from the 3 letter filename extention - usually
Any decoded files can then be checked (it's supposed to be a JPEG, does it look anything like a picture? Not it then.
Anything that passes all those filters can then be sold as art, there's gotta be some sucker out there willing to buy.
Meanwhile, I have a super fast computer which can crack MD5s into lots of art forms, and I would proceed to break into the FBI before getting shot in the head (but not before getting a blowjob from the yummy blonde (there's always one)).
Job 2 is to find an ftp daemon that doesn't suck.
All hardware sucks, all software sucks.
v not >
<tt>ftp-data 20/tcp</tt>
<tt>ftp 21/tcp</tt>
"Security through obscurity is bad!" What other forms _are_ there? Passwords and encryption _is_ the same as obscurity.
Huh? You obviously thought long and hard about this one. Let me try to keep it simple.
* Security through passwords - there is something hard to guess which you and your computer know. If anyone else guesses this, they get access.
* Security through 'obscurity' with exploitable software - there is something which anyone can download which contains the information required to access your system without guesswork.
* Not telling someone when there's a hole that $BADGUY knows of a piece of software they're running (until the patch gets out),
IS LIKE
* not telling someone that you've discovered that $BADGUY knows their password (until you kill $BADGUY).
Seriously, if you know that someone's password is compromised, you tell them immediately so they can disable the account or change their password. If you know that someone's software is compromised, you tell them immediately so they can disable the server or change their software .
*plink*
\d.?\d.?\d.?\d.?\d.?\d.?\d.?\d.?\d.?\d.?\d.?\d.?\d .?\d.?\d.?\d
should match >99% of cc numbers. And a lot of other dross, but you can just pipe it into a mod10 checker
Putting the burden on me, the poor sap who wants to have my web pages indexed, to make sure that I don't accidently put any numbers on a web site that might be mis-interpreted as a credit card number (i.e. a tab or comma separated list of numbers would be likely to hit the above, especially if it was much longer than a CC number).
Not to mention the problem of recursive lookup on
a long number (the first 2000 digits of pi are 3.1415926535.......) - it would take an age to make sure there were no CC no's in that.
All together, it would cause 'innocent' pages to not be indexed, which is distinctly sub optimal.
The only thing at all newsworthy about this is that it's now being used to gather legal evidence. Tools like this have been around for years--now the government is just trying to make evidence gathered thereby admissible.
Woohoo, I think it's time to release 'hAx0r.framekit', the new virus SDK that can be used to install a keystroke generator that feeds 'fbi.keylogger' with targetted keystrokes.
You too can frame your bestest (ex-)friends with one easy download.
'hAx0r.keywordpack' with terrorist phrases and anti-American sentiments expansion pack now available.
(damn, need more marketingspeak training)
djbdns is trying to make cash on people's misunderstanding - and especially goes against the "open source" thing
/var - it was chosen as the location most likely to work on all the current vendors. Sure. My problem is that a good security move is to mark /var NOEXEC. This doesn't work so well with binaries being in there. So /usr shouldn't contain non-cross platform binaries? /usr/bin/run-djbdns could be a shell script that works out the OS version and launches the apropriate binary from /usr/share/djbdns/$OSVERSION/djbdns-server, or something. </rant>
make cash? It's a free as in beer product, with elements of free speach (you may read the source) - you're only not free to distributed pre-built binaries of altered versions. It has worked quite successfully to maintain a canonical version of the software that _just_works_[tm], without the mess of different file locations.
On the other hand, I really object to
1. people don't patch their servers because they don't stay on top of things.
2. most dns servers are not locked down properly (especially those of you using at&t's, worldcom's and other large telco's dns') against zone transfers which allow hackers to find out what you've got.
3. some software is designed in a more secure manner than other software, and hence is less likely to be vulnerable to specific attacks (think buffer overflows in BIND's case).
4. more complex software is more likely to have errors. I don't think running DNS on a Windows 95 server is safe, and I don't think running BIND is safe either.
I wish one of the other more BIND compatible alternatives was completed, but I'm seriously evaluating djbdns to replace BIND everywhere I use it (at the moment I only have on a test server), because I really don't think BIND has demonstrated a commitment to code quality.
I said it in an earlier post but this is bullshit, there isn't any less idea content in compiled code than source code
There isn't any less expressive content in a nuclear weapon than in the instructions to make a nuclear weapon - after all, anyone with a screwdriver can read the contents of a nuclear weapon and see how it's made.
Sorry, but the _primary_ purpose of a nuclear weapon is to blow shit up. The instructions for making a nuclear weapon on the other hand are expressive material which shows how interactions of an unstable nucleus and neutrons can be used to produce positive feedback and a massive explosion. Sure you can use it to make weapons of mass destruction, but it's also speech.
A nuclear weapon is not speach (except in the "do you feel lucky today, punk - eat this" sense), but blueprints for a weapon are.
Oh, and "bullshit yourself", or something.
All that matters is whether the DVDCCA could show evidence that Johansen agreed to and subsequently broke a legal contract.
IANAL, and IANA{Citizen of the US of A} either, but the DVDCCA also have to show evidence that it was lawful for Johansen to agree to that contract. If the law in Norway is that reverse engineering is lawful for interoperability, then any clauses in the click-wrap agreement are null and void, and hence Johansen can be considered to have not agreed to them, regardless of what the agreement actually says.
Especially if he purchased the software and specified the country in which he was purchasing at the time, I would argue that the company selling the software was implicitly accepting the changes to their click-wrap agreement that would match the laws in the jurisdiction to which they were selling.