Debian had a weak-key vulnerability for almost 2 years. Windows2000 had such a vulnerability for over 6 years! In fact, it was never even fixed in W2K.
Customers who have purchased music from Microsoft's now-defunct MSN Music store are now facing a decision they never anticipated making: commit to which computers (and OS) they want to authorize forever, or give up access to the music they paid for. Why? Because Microsoft has decided that it's done supporting the service and will be turning off the MSN Music license servers by the end of this summer.
... is that computers cannot be trusted to process anonymous transactions. Particularly when the stakes are high.
Digital electronic ballots can't be considered real, as they do not leave scads of physical forensic evidence the way a physical ballot would.
Everything else we do with computers involving trust also involves personal identification and verification procedures (logging in, checking a bank statement, etc. for which there are no analogs in voting systems) and even that is problematic enough.
You can't enforce package naming between distros, so you can't have reliable dependency checking.
Alien packages could be treated less "cleanly" for the sake of convenience and be segregated from the other packages so that the main system is not compromised.
Problem: There's no agreed upon line drawn between "main system" and everything else. IOW, there's no standard platform for applications to target. (There is LSB Desktop, which seems to remain unporomoted/stillborn.)
Ultimately, I think the best solution would be for the Linux Foundation to sell LSB Desktop to developers -- really push it as a target patform, and have apps with one primary dependancy: MyApp1.0::depends:: LSB Desktop 3.x. When downloaded directly from the author, the non-system extras would be packaged along with the app, and the package manager can replace the ones that easily match with its own repo versions.
It will never happen though. I can already hear the chorus of "Stop copying Windows!!!" rising, even though the above most closely copies the Mac. Believe me, I have heard it for years and years on this site and others.
This is more insightful than may seem on the surface.
Due to a history of mega-mergers, there is less and less competition among this class of corporate actor: executives and directors. Meanwhile they increase competition to insane levels among the working class, such that we 'compete' with people who could never show up at a rally outside the employer's offices and who have scant civil and labor rights to begin with (and perhaps even less in a trans-continental employment situation).
That law can easily be used to misconstrue an technician's intentions when repairing a machine.
Depending on how the prosecution/plaintiff wants to characterize the suspect technician(s) in each case, they can effectively make techs responsible for any data on any machine they serviced... whether or not they laid eyes on the data.
Why?
Because techs can't go through life censoring their actions/words such that they have nothing to do with any of the data on any of the systems they repaired. And computer forensics is not up to the task of dispelling suspicion, except in the rare case where the user has encrypted their data.
By such a law, we are held accountable for privacy breach when papers are left on the passenger seat sans envelope as soon as we test drive or pop the hood on the car. Those lawmakers are incompetent and erring on the side of their socio-economic class.
"My Word docs won't open", what used to be a cakewalk and a pleasure to remedy, is now an invitation to bear ridiculous levels of liability.
Stop spreading FUD. There are more important things to spend time on.
I say the incarceration rate of the nation, esp. Texas, is proof of a runaway police state with more opportunities to go on fishing expeditions and selectively throw the little guy into jail (or bankruptcy) than anyone can shake a stick at. The law these days usually IS interpreted too widely against independents and people of modest means... the easy targets.
Maybe the Texas legislature is spreading FUD, in this case with the Fear aimed squarely at IT pros. Become a part of their enforcement culture (at great expense), or else have that sword hanging over your head.
no shortage of moronic conspiracy theorists on slashdot,
Classic symptom of a denier who has been backed into a corner due to a lack of supporting facts: Resort to ad-homs, with 'conspiracy theorist' being the fashionable choice these days.
I hope you've already had fun playing with your label-maker, because it isn't sticking.
You have no references (other than Slashdot chatter) and I believe you are wrong.
Even the BBC has flatly stated that intelligence agencies employ such a remote surveillance technique. MI5 and FBI both are declining to fix this so-called misapprehension when asked by the press.
With respect to cellphones, there is no reason to believe that network operators in today's surveillance landscape (eavesdrop at will and avoid the consequences) would avoid exercising control over phones' firmware, turning them into bugs.
This is like a law against pretty girls lying about their phone number to get creepy guys to stop bugging them,
Now that's an apt analogy: The owner of Myspace is Rupert Murdoch.
(shudder)
Come now, uncle Rupe needs all you kiddies to give complete and truthful personal details to him. Otherwise, what is he gonna tell his friends in the government about you?
I think that as DRM-whacked as people are becoming, they will tend to embrace, not avoid, the GPLv3 versions of software like SAMBA. Increasingly, people will just look stupid making a fuss over staying with outdated GPLv2 versions when they and their associates are wrestling with Son-Of-Plays-For-Sure media files, displays that don't want to work, etc.
That, and FOSS apps tend to be feature-greedy and require the very latest in support packages (not so much Firefox or OOo, but all the other little apps that people find useful). It will only take a couple of new features to get people using the new stuff as soon as you can say 'apt-get update'.
If there truly were a widespread reluctance to go with GPLv3 components, we would have seen a fork-and-replace putsch a'la XFree->Xorg long ago. No major distros care to, so I predict it won't happen.
That's good to know, because Xandros is one of the corps that signed a patent deal with MS while Steve Ballmer was threatening Linux users over supposed patent infringement.
More than that is GPLv3, which only grandfathered in the deal with Novell. As time goes on and GPLv3 figures more largely in the typical Linux distro, the other corps who signed on with MS will be stuck in a hard place.
Running Sketchup on Linux
on
Google Apps Hacks
·
· Score: 2, Interesting
...would be a really nice hack. Sketchup is the ONE Google app that I really want, and I haven't been able to get it going under WINE.
Not seperate ssh server... unless you're on Windows?
Separate key is needed because nx must do session/login management from root. Simple as that. Once I grasped that, the rest came easy (I will admit to being familiar with ssh configuration though).
...I've always had more luck getting it to work right than with freenx. But the latter has a KDE session integration now so the auther may want to look into that.
The session handling and preservation of nxserver is very good.
but there is no shortage of species that call a desert home.
Tell that to a prairie or a rainforest.
Look, deserts do not support the kind of biomass and biodiversity that other types of climates do. The life there does not genrate strong feedbacks that keep the biosphere productive. So I think you doth protest too much.
Further conversion of healthier biomes into desert due to a lack of renewable energy is primarily what should be avoided here.
intuition is a product of subconscious information processing. The brain is a pattern-recognition machine, and is generally very good at that. I would hazard a guess that if you average out everybody's intuitions ("first guesses"), some of the people are "overthinking" things, but many are just going with their gut, and the pattern recognition and extrapolation that's going on constantly anyway in your brain is often onto something.
I think you hit on why I like Derron Brown's shows so much. He actively gets people to perform amazing feats by (among other things) getting them to listen to their subconscious. He even goes to the extent of using hypnosis.
That is a very dramatic claim. Can you provide good references that back it up?
As I understand it, the CA would also have to be spoofed along with DNS... but the would-be spoofer wouldn't have the CA's private key to make that possible.
Are victims of phishing attacks going to know the difference? Better question: Are you going to remind the people you know to check the domain spelling?
They look dissimilar here, especially when the browser starts to load the page -- all characters are converted to lowercase. This occurs whether or not a site is found.
But you are right to point out that fonts themselves can present a security issue.
No, if they are trying to reach "example.com" and end up with "exampIe.com" in the address bar, then checking the spelling after the lock appears in the address bar will tell the user something is wrong.
Really, all you have to do is look for the lock, check domain spelling, and have no cert warnings to defeat phishing.
Slashdot Mirror
Debian had a weak-key vulnerability for almost 2 years. Windows2000 had such a vulnerability for over 6 years! In fact, it was never even fixed in W2K.
Dm-crypt is the primary crypto block device system that can work alone or together with LUKS.
More likely this is a move to build OSS and interoperability cred they'll need in court if/when they feel the need to pull a SCO against Linux.
Customers who have purchased music from Microsoft's now-defunct MSN Music store are now facing a decision they never anticipated making: commit to which computers (and OS) they want to authorize forever, or give up access to the music they paid for. Why? Because Microsoft has decided that it's done supporting the service and will be turning off the MSN Music license servers by the end of this summer.
article link
... is that computers cannot be trusted to process anonymous transactions. Particularly when the stakes are high.
Digital electronic ballots can't be considered real, as they do not leave scads of physical forensic evidence the way a physical ballot would.
Everything else we do with computers involving trust also involves personal identification and verification procedures (logging in, checking a bank statement, etc. for which there are no analogs in voting systems) and even that is problematic enough.
You can't enforce package naming between distros, so you can't have reliable dependency checking.
Alien packages could be treated less "cleanly" for the sake of convenience
and be segregated from the other packages so that the main system is not
compromised.
Problem: There's no agreed upon line drawn between "main system" and everything else. IOW, there's no standard platform for applications to target. (There is LSB Desktop, which seems to remain unporomoted/stillborn.)
Ultimately, I think the best solution would be for the Linux Foundation to sell LSB Desktop to developers -- really push it as a target patform, and have apps with one primary dependancy: MyApp1.0 ::depends:: LSB Desktop 3.x. When downloaded directly from the author, the non-system extras would be packaged along with the app, and the package manager can replace the ones that easily match with its own repo versions.
It will never happen though. I can already hear the chorus of "Stop copying Windows!!!" rising, even though the above most closely copies the Mac. Believe me, I have heard it for years and years on this site and others.
This is more insightful than may seem on the surface.
Due to a history of mega-mergers, there is less and less competition among this class of corporate actor: executives and directors. Meanwhile they increase competition to insane levels among the working class, such that we 'compete' with people who could never show up at a rally outside the employer's offices and who have scant civil and labor rights to begin with (and perhaps even less in a trans-continental employment situation).
That law can easily be used to misconstrue an technician's intentions when repairing a machine.
Depending on how the prosecution/plaintiff wants to characterize the suspect technician(s) in each case, they can effectively make techs responsible for any data on any machine they serviced... whether or not they laid eyes on the data.
Why?
Because techs can't go through life censoring their actions/words such that they have nothing to do with any of the data on any of the systems they repaired. And computer forensics is not up to the task of dispelling suspicion, except in the rare case where the user has encrypted their data.
By such a law, we are held accountable for privacy breach when papers are left on the passenger seat sans envelope as soon as we test drive or pop the hood on the car. Those lawmakers are incompetent and erring on the side of their socio-economic class.
"My Word docs won't open", what used to be a cakewalk and a pleasure to remedy, is now an invitation to bear ridiculous levels of liability.
Stop spreading FUD. There are more important things to spend time on.
I say the incarceration rate of the nation, esp. Texas, is proof of a runaway police state with more opportunities to go on fishing expeditions and selectively throw the little guy into jail (or bankruptcy) than anyone can shake a stick at. The law these days usually IS interpreted too widely against independents and people of modest means... the easy targets.
Maybe the Texas legislature is spreading FUD, in this case with the Fear aimed squarely at IT pros. Become a part of their enforcement culture (at great expense), or else have that sword hanging over your head.
no shortage of moronic conspiracy theorists on slashdot,
Classic symptom of a denier who has been backed into a corner due to a lack of supporting facts: Resort to ad-homs, with 'conspiracy theorist' being the fashionable choice these days.
I hope you've already had fun playing with your label-maker, because it isn't sticking.
You have no references (other than Slashdot chatter) and I believe you are wrong.
Even the BBC has flatly stated that intelligence agencies employ such a remote surveillance technique. MI5 and FBI both are declining to fix this so-called misapprehension when asked by the press.
We are also talking about the same FBI that will infect target PCs with spyware through popular Internet sites like MySpace.
With respect to cellphones, there is no reason to believe that network operators in today's surveillance landscape (eavesdrop at will and avoid the consequences) would avoid exercising control over phones' firmware, turning them into bugs.
This is like a law against pretty girls lying about their phone number to get creepy guys to stop bugging them,
Now that's an apt analogy: The owner of Myspace is Rupert Murdoch.
(shudder)
Come now, uncle Rupe needs all you kiddies to give complete and truthful personal details to him. Otherwise, what is he gonna tell his friends in the government about you?
I think that as DRM-whacked as people are becoming, they will tend to embrace, not avoid, the GPLv3 versions of software like SAMBA. Increasingly, people will just look stupid making a fuss over staying with outdated GPLv2 versions when they and their associates are wrestling with Son-Of-Plays-For-Sure media files, displays that don't want to work, etc.
That, and FOSS apps tend to be feature-greedy and require the very latest in support packages (not so much Firefox or OOo, but all the other little apps that people find useful). It will only take a couple of new features to get people using the new stuff as soon as you can say 'apt-get update'.
If there truly were a widespread reluctance to go with GPLv3 components, we would have seen a fork-and-replace putsch a'la XFree->Xorg long ago. No major distros care to, so I predict it won't happen.
That's good to know, because Xandros is one of the corps that signed a patent deal with MS while Steve Ballmer was threatening Linux users over supposed patent infringement.
More than that is GPLv3, which only grandfathered in the deal with Novell. As time goes on and GPLv3 figures more largely in the typical Linux distro, the other corps who signed on with MS will be stuck in a hard place.
...would be a really nice hack. Sketchup is the ONE Google app that I really want, and I haven't been able to get it going under WINE.
Not seperate ssh server... unless you're on Windows?
Separate key is needed because nx must do session/login management from root. Simple as that. Once I grasped that, the rest came easy (I will admit to being familiar with ssh configuration though).
...I've always had more luck getting it to work right than with freenx. But the latter has a KDE session integration now so the auther may want to look into that.
The session handling and preservation of nxserver is very good.
but there is no shortage of species that call a desert home.
Tell that to a prairie or a rainforest.
Look, deserts do not support the kind of biomass and biodiversity that other types of climates do. The life there does not genrate strong feedbacks that keep the biosphere productive. So I think you doth protest too much.
Further conversion of healthier biomes into desert due to a lack of renewable energy is primarily what should be avoided here.
Received its funding from NASA a little while back.
http://orbit.psi.edu/
You can already sign up!
intuition is a product of subconscious information processing. The brain is a pattern-recognition machine, and is generally very good at that. I would hazard a guess that if you average out everybody's intuitions ("first guesses"), some of the people are "overthinking" things, but many are just going with their gut, and the pattern recognition and extrapolation that's going on constantly anyway in your brain is often onto something.
I think you hit on why I like Derron Brown's shows so much. He actively gets people to perform amazing feats by (among other things) getting them to listen to their subconscious. He even goes to the extent of using hypnosis.
Have a look at this Derron Brown episode!
That is a very dramatic claim. Can you provide good references that back it up?
As I understand it, the CA would also have to be spoofed along with DNS... but the would-be spoofer wouldn't have the CA's private key to make that possible.
They look dissimilar here, especially when the browser starts to load the page -- all characters are converted to lowercase. This occurs whether or not a site is found.
But you are right to point out that fonts themselves can present a security issue.
No, if they are trying to reach "example.com" and end up with "exampIe.com" in the address bar, then checking the spelling after the lock appears in the address bar will tell the user something is wrong.
Really, all you have to do is look for the lock, check domain spelling, and have no cert warnings to defeat phishing.
Well, the browsers I'm used to will have you choose between "Cancel" in which case the browser won't connect, or "Continue" to accept the cert anyway.
You'd have to do more than turn down the cert. You'd have to manually go to the unsecured http: address.