Well, the history of SSH says that you can continue to use the trademark for distributing a derivative work of the original software for which the trademark was registered. I guess he may have "sole ownership" without much question, but I doubt he has a right to "sole usage". Of course, maybe the fact that the ssh protocol was a standard makes a difference here?
It might be a nice idea to call the new project OpenTwiki in the same light as OpenSSH. If I were to do this I would ask a lawyer first.
as long as the TWiki trademark rights are maintained.
that's probably an additional restriction on redistribution and means that twiki.net no longer has a license to the GPL code for which they were not the author. Given the rather strict clauses in the GPLv2, mere distribution of twiki by twiki.net is something where I would want to discuss legality with a GPL expert lawyer who was intimately aware of the history of the twiki code.
In that sense, the problem seems not to be electronic voting so much as just a poor set of instructions.
An electronic voting system like that should make it almost impossible to lose votes or misunderstand even without instructions. You shouldn't be able to close the application without pressing okay the second time. Instructions don't really come into it. Bad design is the primary thing. The e-voting companies should pay to re-run the election with paper.
Most of the garbage that we have now just isn't worth keeping. The biggest problem is filtering out the junk we have so that we know what is really valuable. That would be things like great music; writing; the origins of software freedom; works of history and biography etc. Then we could store that, but the problem is we mostly store SOX inspired lies for compliance audits. This garbage takes away from any effort to store serious stuff long term. Who could we trust to do the filtering? The govt? (no please don't answer that:-)
In many of those countries there have been serious issues with this. Various (e.g. German) Wikipedias have to be much more careful than the English edition since their contributors are mostly in their home countries. Look at the cases in Europe against Google's image cache and news headlines systems. I think these problems would have been much worse if there wasn't clear competition from the US which makes it clear to judges that if they make a stupid judgement, services will simply move offshore to companies which are fully out of their jurisdiction. When they make judgements, these have to be able to be applied in the real would and that means that to be able to control Web 2.0 they have to leave some space for it in their own legal system.
In other words, this is one of the few areas, possibly the only one in the area of intellectual restrictions, where the US has really been leading the world in a good way recently.
SOX complliance doesn't have anything to say, however, on the question of whether that written record should match with the reality. All you need is some reasonable legal resason for each decision. A record of slight irrational madness in your past decisions will help make almost anything "reasonable" for some lawyers definition of reasonable. For example, if you can demonstrate that you bought game consoles for all your employees to improve productivity, then buying a personal fighter jet for the same reason will be perfectly acceptable.
I'm surprised that we found out about it so quickly. Someone with real political power must really like Joe.
(Mod: Inciteful / UnFunny / Informative / Scary ) (N.B. that's a c not an s)
Okay; I think your comment is completely legitimate in the modern office environment and I don't want to criticise at all, so please see this as directed at the designers of open plan offices everywhere and not yourself. They, after all, are the architects who should be able to study historical buildings and explain the concepts I put below to you.
There are these things called interior "walls". Invented in the stone age, but recently forgotten by office designers (except at Google and Fog Creek Software), they are difficult to explain, but they consisted of an solid object which filled an entire vertical plane between two areas (called "rooms") which divided up what we might, today, call an "open plan space". By consisting of vibration absorbing material they could entirely intersect noise and reduce it in such a way that nobody outside the "room" would be able to hear the activity inside. If you placed your ping pong table in a "separate room" as it used to be called, you could then use it without any influence on other users of the (now divided) "open plan space".
Except that when this happens to me it's normally shared on some stupid multi-terrabyte windows-hosted nightmare fileshare connected by what seems like an IPoCP (RFC 2549) link and the search you describe would take three days. Most of the time Open Office's recent-opened list saves me; but not always.
I think the most important thing is to be able to answer why. I do pretty wierd things with company money, but since I can generally show a business case and since I've mostly been right (==directly, provably, profitable) in the past I tend to get away with it.
If you want to motivate them; make them happy and so on, I suggest a ping-pong table. This will bring them together and make them interact. At the same time it will encourage fitness and movement which will counteract the rest of their job. There must be lots more sports equipment which would really help.
Two things; a) banks can't. Fraud is a serious problem.
More importantly; b) banks get to try again. Most electronic cash transfers have two ends. It's in the interest of each one to check it goes right. If one end is committing fraud then the other end will complain. You can then reverse the transaction (if you have correctly identified the parties) or at least take security measures so it doesn't happen in future.
Voting is different. In order to avoid vote buying it has to happen in secret and for the most part if you can check your own vote you can also show someone else how you voted. This is much harder than securing most financial transactions.
Yes; except all of this discussion is wrong. The French explicitly did realise the weakness of the Maginot line; had considered extending it but didn't have the funds and just simply lacked reserves to fill in for those weaknesses. The line behaved perfectly, channelling the German attack to other areas, as expected. The Belgians failed by going Neutral and the French army failed by misdeploying and being otherwise under-equipped.
I think you'll find the wikipedia article about this will help you find the truth.
Your post is based on a misunderstanding of the original poster. Actually "value" doesn't have any meaning at all. It is pure junk business speak as in "we deliver value to our shareholders". In this particular case there are at least two different things. "Purchase value", which is what you are talking about and "value to mankind" or perhaps "value to business" which is what most other people here are talking about. Even those have definitions which will vary according to exactly what question you ask.
A typical question, which has a real valid answer, is "what is the insurable value of Linux". In other words; if everybody who needed one took out an insurance policy against the loss of Linux what is the maximum reasonable monetary value that those polices could be worth. That is limited by the maximum loss which can be sustained which is equal to the lesser of amount of business which will be lost or the amount of effort it will take to replace Linux.
You are wrong that linux is "invaluable" since, given enough effort and money, it could almost certainly be replaced.
A good example of a use of this is in deciding how much lobbying power Linux might have. If Windows is worth e.g. $10Billion and Linux is worth $25Billion, then an effort by Microsoft to destroy Linux via legislative means might cause a serious backlash. That kind of argument is useful with various "semi-corrupt" politicians who value campaign contributions highly. On the other hand, it's also a reason for those politicians to wonder why Linux isn't contributing it's "share".
I guess that you probably don't want to build around a Macintosh heart since it's probably easiest to get interesting older devices for the PC architecture. However, there's a whole set of interesting media related to the apple 3.5" floppies which used variable angular density of bits to achieve more even linear density (in other words, more bits on the outer tracks, less on the inner tracks). This needs special hardware and I think only some PC drives could possibly support reading this. This is, of course, a bit sick but not as bad as Apple II gaming media where you actually have to be able to load bits of the device driver from the disk as you go along. In a primitive form of Digital Restrictions Management, they used to stop the drive motor and continue to reaad as they went along.
Later apple media 3.5" Floppy was mostly 1.44Mb standard.
UUEncode does not guarantee even use of characters. You lose some randomness. Within an 8bit character set and assuming/dev/random is working right, my code gives perfectly even spread (I hope:-).
Also, the UUEncode solution limits you to only certain characters which may be less than are available for your password or may be more than you want.
Not that that matters compared to using your dogs name as a password:-) It does matter, however, against people like Elcomsoft who will use absolutely any weakness they can find to help you "recover" your password.
You would trust some random other person's web site to generate a critical password? I admit it's probably better than what many people do, but it's almost certainly not acceptable in a commercial situation.
Other's have already provided some downloadable solutions, but here's a solution which should be available on most modern operating systems. Just get to a command line and type the following.
Use/dev/random if you want even better quality randomness (probably not really needed). Note that you can control the the character set to match the place you are using by editing the tr command and the length by either taking a section of the password or by doing it multiple times and sticking them together. This is nicer than systems which feed through uuencode or base64 in that it should provide an even distribution between different characters in your character set.
On the other hand; should you be trusting a random slashdot poster:-)
hopefully this will go into slashdot unmangled. There are so many better uses for this money (make a big pile of fireworks and burn them all; deliberately burn Russian gas to create a better greenhouse effect; buying up toxic waste to make baby milk) that I can't really begin to think how to disagree with the parent.
And we don't condone or support that kind of activity, either.
it's not enough to not "condone" or to not "support" it. When you engage in listening to conversations, you get a certain responsibility. There should be a filter on what is listened to. If a recorded is identified as not worth listening to it should be immediately destroyed. The story at Abu Ghraib was not that what was done was a bad thing. The story was that nothing was done to stop it and when they were caught, everthing was done to sweep the issue under the carpet.
This story has the same issue. Instead of talking about the safeguards they have in place and the actions they are taking, they are trying to minimise and deny much ever happened.
It seems to be a bit different from that. It's much more like classic syn cookies. They send REQUEST (syn) from any of many hosts without any need to keep state. They get back CHALLENGE (ack) to the host which they gave the IP address of in REQUEST. Looking at the data in the CHALLENGE, they have enough information to create RESPONSE and fully open the TCP connection. There's no link from one connection to another. That means that they have partially, but not completely broken the protection of syn-cookies. They can attack from many hosts whilst giving away only one of their IP addresses. Finally, from that stage, if they want to continue then according to their UnicornscanDefCon Presentation then they need to keep state.
Summary: Syncookies protects you against people who can't afford to give their own IP address (as it always did) but it doesn't protect you against people who can afford to give their IP address (as it never did) even if they only want to give a few IP addresses (this is new) or have very small memory resources (this is new too). Most importantly; if you start responding only to certain requests in the hope of driving up the resource utilisation for a DDOS, they can now handle that efficiently. DDOS has become a bit more accessible. They claim to have some other attacks which link with this. Those are more likely to be a large problem.
Now we see that a little bit of knowledge can be a dangerous thing.
The point that's in the grandparent's post is not that your own syn-cookies can be used against you. Syn cookies on your server are doing the right thing and are protecting you against normal syn floods.
What's happening in this attack is that the client side (the attacker) is using their own syn cookies to store information about connections on your server (instead of in their own memory). This allows them to handle more connections than otherwise. Unfortunately there is nothing you can do to stop this. They are using required behavior of the TCP stack for their information storage.
Some mitigation strategies that I can think of
The parents "fix" will make things slightly worse during this attack since turning off syn-cookies will mean that your server will have to track even more TCP connections. Not just those that are active, but also those that have just started. Of course, it will also make the new attack pointless since they can just do a normal syn-flood instead.
Increase the TCP connection storage on your server to such a size that the DOS becomes impractical
Ensure that TCP connections time out after some time if they have not been authorised to a particular user
Impose a resource limit per authorised user on connections. Impose a separate resource limit on all non authorised users which will not interfere with authorised use.
Use IPSEC to authorise all incoming connections / alternatively prioritise authorised sessions.
The best current full fix I can think of is to use IPSEC and ensure that all incoming connections are authorised. Your own users will still be able to DOS you, but at least you can hunt them down.
Slashdot Mirror
Well, the history of SSH says that you can continue to use the trademark for distributing a derivative work of the original software for which the trademark was registered. I guess he may have "sole ownership" without much question, but I doubt he has a right to "sole usage". Of course, maybe the fact that the ssh protocol was a standard makes a difference here?
It might be a nice idea to call the new project OpenTwiki in the same light as OpenSSH. If I were to do this I would ask a lawyer first.
that's probably an additional restriction on redistribution and means that twiki.net no longer has a license to the GPL code for which they were not the author. Given the rather strict clauses in the GPLv2, mere distribution of twiki by twiki.net is something where I would want to discuss legality with a GPL expert lawyer who was intimately aware of the history of the twiki code.
An electronic voting system like that should make it almost impossible to lose votes or misunderstand even without instructions. You shouldn't be able to close the application without pressing okay the second time. Instructions don't really come into it. Bad design is the primary thing. The e-voting companies should pay to re-run the election with paper.
Most of the garbage that we have now just isn't worth keeping. The biggest problem is filtering out the junk we have so that we know what is really valuable. That would be things like great music; writing; the origins of software freedom; works of history and biography etc. Then we could store that, but the problem is we mostly store SOX inspired lies for compliance audits. This garbage takes away from any effort to store serious stuff long term. Who could we trust to do the filtering? The govt? (no please don't answer that :-)
In many of those countries there have been serious issues with this. Various (e.g. German) Wikipedias have to be much more careful than the English edition since their contributors are mostly in their home countries. Look at the cases in Europe against Google's image cache and news headlines systems. I think these problems would have been much worse if there wasn't clear competition from the US which makes it clear to judges that if they make a stupid judgement, services will simply move offshore to companies which are fully out of their jurisdiction. When they make judgements, these have to be able to be applied in the real would and that means that to be able to control Web 2.0 they have to leave some space for it in their own legal system.
In other words, this is one of the few areas, possibly the only one in the area of intellectual restrictions, where the US has really been leading the world in a good way recently.
SOX complliance doesn't have anything to say, however, on the question of whether that written record should match with the reality. All you need is some reasonable legal resason for each decision. A record of slight irrational madness in your past decisions will help make almost anything "reasonable" for some lawyers definition of reasonable. For example, if you can demonstrate that you bought game consoles for all your employees to improve productivity, then buying a personal fighter jet for the same reason will be perfectly acceptable.
I'm surprised that we found out about it so quickly. Someone with real political power must really like Joe. (Mod: Inciteful / UnFunny / Informative / Scary ) (N.B. that's a c not an s)
Okay; I think your comment is completely legitimate in the modern office environment and I don't want to criticise at all, so please see this as directed at the designers of open plan offices everywhere and not yourself. They, after all, are the architects who should be able to study historical buildings and explain the concepts I put below to you.
There are these things called interior "walls". Invented in the stone age, but recently forgotten by office designers (except at Google and Fog Creek Software), they are difficult to explain, but they consisted of an solid object which filled an entire vertical plane between two areas (called "rooms") which divided up what we might, today, call an "open plan space". By consisting of vibration absorbing material they could entirely intersect noise and reduce it in such a way that nobody outside the "room" would be able to hear the activity inside. If you placed your ping pong table in a "separate room" as it used to be called, you could then use it without any influence on other users of the (now divided) "open plan space".
Except that when this happens to me it's normally shared on some stupid multi-terrabyte windows-hosted nightmare fileshare connected by what seems like an IPoCP (RFC 2549) link and the search you describe would take three days. Most of the time Open Office's recent-opened list saves me; but not always.
I think the most important thing is to be able to answer why. I do pretty wierd things with company money, but since I can generally show a business case and since I've mostly been right (==directly, provably, profitable) in the past I tend to get away with it.
If you want to motivate them; make them happy and so on, I suggest a ping-pong table. This will bring them together and make them interact. At the same time it will encourage fitness and movement which will counteract the rest of their job. There must be lots more sports equipment which would really help.
The whooosh you hear is the sound of the car going over your head.
If you can't laugh, sometimes you would have to cry.
Two things; a) banks can't. Fraud is a serious problem.
More importantly; b) banks get to try again. Most electronic cash transfers have two ends. It's in the interest of each one to check it goes right. If one end is committing fraud then the other end will complain. You can then reverse the transaction (if you have correctly identified the parties) or at least take security measures so it doesn't happen in future.
Voting is different. In order to avoid vote buying it has to happen in secret and for the most part if you can check your own vote you can also show someone else how you voted. This is much harder than securing most financial transactions.
Yes; except all of this discussion is wrong. The French explicitly did realise the weakness of the Maginot line; had considered extending it but didn't have the funds and just simply lacked reserves to fill in for those weaknesses. The line behaved perfectly, channelling the German attack to other areas, as expected. The Belgians failed by going Neutral and the French army failed by misdeploying and being otherwise under-equipped. I think you'll find the wikipedia article about this will help you find the truth.
Your post is based on a misunderstanding of the original poster. Actually "value" doesn't have any meaning at all. It is pure junk business speak as in "we deliver value to our shareholders". In this particular case there are at least two different things. "Purchase value", which is what you are talking about and "value to mankind" or perhaps "value to business" which is what most other people here are talking about. Even those have definitions which will vary according to exactly what question you ask.
A typical question, which has a real valid answer, is "what is the insurable value of Linux". In other words; if everybody who needed one took out an insurance policy against the loss of Linux what is the maximum reasonable monetary value that those polices could be worth. That is limited by the maximum loss which can be sustained which is equal to the lesser of amount of business which will be lost or the amount of effort it will take to replace Linux.
You are wrong that linux is "invaluable" since, given enough effort and money, it could almost certainly be replaced.
A good example of a use of this is in deciding how much lobbying power Linux might have. If Windows is worth e.g. $10Billion and Linux is worth $25Billion, then an effort by Microsoft to destroy Linux via legislative means might cause a serious backlash. That kind of argument is useful with various "semi-corrupt" politicians who value campaign contributions highly. On the other hand, it's also a reason for those politicians to wonder why Linux isn't contributing it's "share".
I guess that you probably don't want to build around a Macintosh heart since it's probably easiest to get interesting older devices for the PC architecture. However, there's a whole set of interesting media related to the apple 3.5" floppies which used variable angular density of bits to achieve more even linear density (in other words, more bits on the outer tracks, less on the inner tracks). This needs special hardware and I think only some PC drives could possibly support reading this. This is, of course, a bit sick but not as bad as Apple II gaming media where you actually have to be able to load bits of the device driver from the disk as you go along. In a primitive form of Digital Restrictions Management, they used to stop the drive motor and continue to reaad as they went along.
Later apple media 3.5" Floppy was mostly 1.44Mb standard.
Damn. I didn't think anyone would spot that. Oh well back to the drawing board Pinkey. :-)
UUEncode does not guarantee even use of characters. You lose some randomness. Within an 8bit character set and assuming /dev/random is working right, my code gives perfectly even spread (I hope :-).
Also, the UUEncode solution limits you to only certain characters which may be less than are available for your password or may be more than you want.
Not that that matters compared to using your dogs name as a password :-) It does matter, however, against people like Elcomsoft who will use absolutely any weakness they can find to help you "recover" your password.
Privacy is a security issue.
You would trust some random other person's web site to generate a critical password? I admit it's probably better than what many people do, but it's almost certainly not acceptable in a commercial situation.
Other's have already provided some downloadable solutions, but here's a solution which should be available on most modern operating systems. Just get to a command line and type the following.
dd if=/dev/urandom bs=200 count=1 | tr -cd 'A-Za-z0-9!@$#%_'; echo
Use /dev/random if you want even better quality randomness (probably not really needed). Note that you can control the the character set to match the place you are using by editing the tr command and the length by either taking a section of the password or by doing it multiple times and sticking them together. This is nicer than systems which feed through uuencode or base64 in that it should provide an even distribution between different characters in your character set.
On the other hand; should you be trusting a random slashdot poster :-)
I think it depends on if your contractor is Dilbert or his PHB.
If you have to ask that, you have neither been working in private industry or in the state sector. How do you feed yourself and how can I get there?
hopefully this will go into slashdot unmangled. There are so many better uses for this money (make a big pile of fireworks and burn them all; deliberately burn Russian gas to create a better greenhouse effect; buying up toxic waste to make baby milk) that I can't really begin to think how to disagree with the parent.
it's not enough to not "condone" or to not "support" it. When you engage in listening to conversations, you get a certain responsibility. There should be a filter on what is listened to. If a recorded is identified as not worth listening to it should be immediately destroyed. The story at Abu Ghraib was not that what was done was a bad thing. The story was that nothing was done to stop it and when they were caught, everthing was done to sweep the issue under the carpet.
This story has the same issue. Instead of talking about the safeguards they have in place and the actions they are taking, they are trying to minimise and deny much ever happened.
It seems to be a bit different from that. It's much more like classic syn cookies. They send REQUEST (syn) from any of many hosts without any need to keep state. They get back CHALLENGE (ack) to the host which they gave the IP address of in REQUEST. Looking at the data in the CHALLENGE, they have enough information to create RESPONSE and fully open the TCP connection. There's no link from one connection to another. That means that they have partially, but not completely broken the protection of syn-cookies. They can attack from many hosts whilst giving away only one of their IP addresses. Finally, from that stage, if they want to continue then according to their Unicornscan DefCon Presentation then they need to keep state.
Summary: Syncookies protects you against people who can't afford to give their own IP address (as it always did) but it doesn't protect you against people who can afford to give their IP address (as it never did) even if they only want to give a few IP addresses (this is new) or have very small memory resources (this is new too). Most importantly; if you start responding only to certain requests in the hope of driving up the resource utilisation for a DDOS, they can now handle that efficiently. DDOS has become a bit more accessible. They claim to have some other attacks which link with this. Those are more likely to be a large problem.
Now we see that a little bit of knowledge can be a dangerous thing.
The point that's in the grandparent's post is not that your own syn-cookies can be used against you. Syn cookies on your server are doing the right thing and are protecting you against normal syn floods.
What's happening in this attack is that the client side (the attacker) is using their own syn cookies to store information about connections on your server (instead of in their own memory). This allows them to handle more connections than otherwise. Unfortunately there is nothing you can do to stop this. They are using required behavior of the TCP stack for their information storage.
Some mitigation strategies that I can think of
The parents "fix" will make things slightly worse during this attack since turning off syn-cookies will mean that your server will have to track even more TCP connections. Not just those that are active, but also those that have just started. Of course, it will also make the new attack pointless since they can just do a normal syn-flood instead.
The best current full fix I can think of is to use IPSEC and ensure that all incoming connections are authorised. Your own users will still be able to DOS you, but at least you can hunt them down.