What happens if: You send out a contract as a Word doc email attachment. Customer changes the language of the contract, signs it, prints it, then mails it back. We could easily sign that without noticing the difference. We decided to send out digitally signed PDFs instead.
Unfortunately that doesn't close the "customer changes it, prints it, signs it, sends it back, and we sign it without noticing" hole.
, its a little more work, the cost is pretty much the same, but there is no monthly fee, and features don't get yanked out from under you.
I prefer having a whisper-silent TiVo in my living room than a noisy PC. Getting noise-free PC parts ups the price considerably.
Also, you're always in danger of your program guide information being ripped out from under you with MythTV, since there is no legit free source of program guide listings. Last I heard, they were still ripping them off from websites.
MANY scifi movies have ripped sound effects from video games, most notably Doom2
They're not "ripped" from Doom2, since they weren't Doom2's to begin with. They're stock sound effects. They're cheap to license, which is why Doom2 used them, and lower-budget movies use them.
We must remember that Mythic's case against Microsoft constitutes a claim of ownership over these themes.
No it doesn't. It constitues a claim of ownership over their company's name.
They're not suing because Microsoft is making a medieval fantasy MMOG. They're suing because Microsoft is naming it confusingly similar to their company's name -- and since their company also makes a medieval fantasy MMOG, it could be confusing to the market.
It's funny that one would exclude the top C++ GUI toolkit for commercial development for the purpose of making the distribution friendly for commercial development.
Three lanes each direction seems like a good idea on paper, until you find out that in practice you're constantly dodging cars going the other way who are sharing that center lane.:(
Of course you like it. You didn't have to pay for most of it. The rest of the country did.
If I'm not mistaken; and I may be, I haven't taken a civics class since high school; but Massachusetts residents pay federal taxes just like everyone else.
None of the music samples have any "feeling" though; there's not really anything in any of them that really stands out and gives the music any sort of character. They'd make good background music, but that's about it -- I doubt they'd be able to stand on their own as, say, a main theme.
Also keep in mind that Everquest subscription figures will always be inflated by people who buy Sony's MMO pass (which allows access to all their MMOs, I.E. play star wars galaxies and your EQ characters will not be deleted)
SOE All Access doesn't include Star Wars Galaxies. It includes EverQuest and a small number of "also ran" MMOGs like Planetside that aren't going to signifigantly confuse the EQ subscriber count.
The fact that they are lying is really not a relevant point.
On the contrary, the fact that they are lying is the relevant point. You are not permitted to actually give customers something different than what you sold them just because you need their business.
Be truthful. Advertise unlimited access, and disclose your bandwidth limits -- even if you must only do it in the fine print.
for paypal where there are so many redirect scams.
Not really. Paypal tells its users to check the address bar for https://www.paypal.com... not just http:.
For someone to spoof the https:, they'd need a secure site and valid VeriSign/Thawte/etc certificate of their own, which makes it trivial to track them down -- otherwise the user will get IE's bad certificate security warning dialog box.
Nope. Having binary modules only stops developers from trying to make their own
That's a weak excuse.
Having binary-only operating systems available doesn't stop developers from working on Linux, does it?
If the itch is bad enough, someone will scratch it. Right now it seems the binary-only nVidia modules are itchy enough to compel people to complain, but not bad enough for anyone to actually do anything about it.
On the other hand, I ain't a security expert, so there's probably a gaping hole in the above:-)
I've always envisioned a "trusted email" system to work something like this:
Every mailserver has a private key, and every user on the system has a private key.
The corresponding public key for a server is stored in the DNS TXT record for the server's domain. Anytime a mailserver receives a message, it can verify the message actually came from the domain by looking up its DNS record and comparing it to an X-Domain-Signature header from the message that the originating mailserver added when it was sent.
If the domain signature matches[1], the domain's mailserver can be contacted and issued an ESMTP command to try to retrieve the public key for the specific user on the return address of the message. That key can be used to check the X-User-Signature header from the message to ensure the user is on the From address is correct.
If both of those are correct, the message is accepted for delivery. If either fails, the message is not accepted for delivery[2].
[1] - Requiring the domain signature to validate before contacting the domain's mailserver prevents DDoS attacks against a mailserver by other mailservers by someone sending out loads of invalid messages. In that case, each mailserver would only be hitting its DNS server, and the DNS network in theory should be able to cache that without undue load.
[2] - The message is not bounced, it is not accepted for delivery. A bounce means that a new message would have to be sent back, and of course would be signed with the bouncing server's domain key and postmaster's user key, which could make it an attack vector. By not accepting it for delivery, the source mailserver is responsible for informing the user that the message wasn't delivered, but that mailserver should have a trusted path back to the user (since it's already handling that user's messages).
Thinking about it, in the context of those "virtual credit card numbers", imagine a special PIN that is good for one transaction. If you are uncertain of a particular ATM or get pin jacked, give over the one time PIN#. Later, visit their website to activate/deactivate that magic pin.
Now that's a good idea. Even take it further and don't require the user to visit the website to deactivate the PIN, have it automatically deactivate after one use.
Because it's easy to make a fake card and use a stolen 4-digit PIN, but it's hard to make a fake retina.
It might be hard to make a fake retina that would fool a human observer. How hard would it be to make a fake "retina" to fool a biometric censor? If I'm not mistaken, they're mostly visual, so you just need something that looks like a retina -- and the machine isn't going to complain if you're holding up your "eye" to the censor as opposed to leaning down to it.
"It's inconceivable to us that people wouldn't want to know about our valuable service!" How very self-serving.
I think you're being a tad too cynical and perhaps just a little snotty. How else are they supposed to let you know that they have your information on file, and provide you an opportunity to remove it? I mean, even Majordomo sends out confirmation email.
If they sent you some "newsletter" every day because you're a member, that I can see as shitty marketing, but a single email is hardly some spammy marketing blitz.
Thats a great link. All kidding aside, that is speicifically (that link) what people refer to when they discuss the standards software needs to meet to be used by the military? It was written in 1985 as well!
That's the main book of the series, the orange book, and it's usually the one people refer to when they're talking about milspec compliance in their computing systems. Remember how Microsoft claimed NT4 was C2 compliant? You can see exactly what C2 means in that book. All in all, the book still stands up well, even being almost 20 years old, because it was written to outline concepts, not specific technologies.
The higher levels of compliance require that your software actually be thoroughly examined and tested by the NCSC -- since that's really the only way to know about any covert channels that might exist. I understand that testing is extremely expensive; but I don't have any further information about it.
There are a bunch of other books in the same series, pretty much all available here. Several years back you used to be able to request a hard copy of the entire rainbow series for free from Uncle Sam, but according to this link they don't publish the hard copies anymore, just CD-ROMs, which is a pity because they were a damn good way to fill up a bookshelf with intimidating-looking manuals.:(
So what stops me from Setting up some bullshit bot to make as much money as possible in one game, and then just trading it for US dollars?
Currency devaluation. Basically the same reason that Bill Gates can't just print off new Microsoft stock certificates indefinately and expect them to keep selling at today's price.
One would assume that the people at GOM have done their homework and have a fluid pricing system that reacts to the changing market desires. If they don't, they'll be broke within the week.
Note that, unlike the FTC, MC/VISA can penalize any customer they choose to without due process (and they have a record of doing so).
And you thought Joe Jobs were bad now... wait until the spammers have shut down their more legit competition by spamming their addresses and getting their merchant accounts yanked.
Slashdot Mirror
What happens if: You send out a contract as a Word doc email attachment. Customer changes the language of the contract, signs it, prints it, then mails it back. We could easily sign that without noticing the difference. We decided to send out digitally signed PDFs instead.
Unfortunately that doesn't close the "customer changes it, prints it, signs it, sends it back, and we sign it without noticing" hole.
, its a little more work, the cost is pretty much the same, but there is no monthly fee, and features don't get yanked out from under you.
I prefer having a whisper-silent TiVo in my living room than a noisy PC. Getting noise-free PC parts ups the price considerably.
Also, you're always in danger of your program guide information being ripped out from under you with MythTV, since there is no legit free source of program guide listings. Last I heard, they were still ripping them off from websites.
MANY scifi movies have ripped sound effects from video games, most notably Doom2
They're not "ripped" from Doom2, since they weren't Doom2's to begin with. They're stock sound effects. They're cheap to license, which is why Doom2 used them, and lower-budget movies use them.
We must remember that Mythic's case against Microsoft constitutes a claim of ownership over these themes.
No it doesn't. It constitues a claim of ownership over their company's name.
They're not suing because Microsoft is making a medieval fantasy MMOG. They're suing because Microsoft is naming it confusingly similar to their company's name -- and since their company also makes a medieval fantasy MMOG, it could be confusing to the market.
It's funny that one would exclude the top C++ GUI toolkit for commercial development for the purpose of making the distribution friendly for commercial development.
Not really. Nobody likes MFC anyway.
5 lanes (3 each direction)
:(
Three lanes each direction seems like a good idea on paper, until you find out that in practice you're constantly dodging cars going the other way who are sharing that center lane.
Of course you like it. You didn't have to pay for most of it. The rest of the country did.
If I'm not mistaken; and I may be, I haven't taken a civics class since high school; but Massachusetts residents pay federal taxes just like everyone else.
and I can say that it's quite impressive
None of the music samples have any "feeling" though; there's not really anything in any of them that really stands out and gives the music any sort of character. They'd make good background music, but that's about it -- I doubt they'd be able to stand on their own as, say, a main theme.
At long last. PERL is legal!
And she knows There's More Than One Way To Do It!
Also keep in mind that Everquest subscription figures will always be inflated by people who buy Sony's MMO pass (which allows access to all their MMOs, I.E. play star wars galaxies and your EQ characters will not be deleted)
SOE All Access doesn't include Star Wars Galaxies. It includes EverQuest and a small number of "also ran" MMOGs like Planetside that aren't going to signifigantly confuse the EQ subscriber count.
The fact that they are lying is really not a relevant point.
On the contrary, the fact that they are lying is the relevant point. You are not permitted to actually give customers something different than what you sold them just because you need their business.
Be truthful. Advertise unlimited access, and disclose your bandwidth limits -- even if you must only do it in the fine print.
1. AOL/TW will drop the AOL part and revert to Time-Warner.
Already done. AOL Time Warner does not exist anymore.
for paypal where there are so many redirect scams.
... not just http:.
Not really. Paypal tells its users to check the address bar for https://www.paypal.com
For someone to spoof the https:, they'd need a secure site and valid VeriSign/Thawte/etc certificate of their own, which makes it trivial to track them down -- otherwise the user will get IE's bad certificate security warning dialog box.
Nope. Having binary modules only stops developers from trying to make their own
That's a weak excuse.
Having binary-only operating systems available doesn't stop developers from working on Linux, does it?
If the itch is bad enough, someone will scratch it. Right now it seems the binary-only nVidia modules are itchy enough to compel people to complain, but not bad enough for anyone to actually do anything about it.
On the other hand, I ain't a security expert, so there's probably a gaping hole in the above :-)
I've always envisioned a "trusted email" system to work something like this:
Every mailserver has a private key, and every user on the system has a private key.
The corresponding public key for a server is stored in the DNS TXT record for the server's domain. Anytime a mailserver receives a message, it can verify the message actually came from the domain by looking up its DNS record and comparing it to an X-Domain-Signature header from the message that the originating mailserver added when it was sent.
If the domain signature matches[1], the domain's mailserver can be contacted and issued an ESMTP command to try to retrieve the public key for the specific user on the return address of the message. That key can be used to check the X-User-Signature header from the message to ensure the user is on the From address is correct.
If both of those are correct, the message is accepted for delivery. If either fails, the message is not accepted for delivery[2].
[1] - Requiring the domain signature to validate before contacting the domain's mailserver prevents DDoS attacks against a mailserver by other mailservers by someone sending out loads of invalid messages. In that case, each mailserver would only be hitting its DNS server, and the DNS network in theory should be able to cache that without undue load.
[2] - The message is not bounced, it is not accepted for delivery. A bounce means that a new message would have to be sent back, and of course would be signed with the bouncing server's domain key and postmaster's user key, which could make it an attack vector. By not accepting it for delivery, the source mailserver is responsible for informing the user that the message wasn't delivered, but that mailserver should have a trusted path back to the user (since it's already handling that user's messages).
Thinking about it, in the context of those "virtual credit card numbers", imagine a special PIN that is good for one transaction. If you are uncertain of a particular ATM or get pin jacked, give over the one time PIN#. Later, visit their website to activate/deactivate that magic pin.
Now that's a good idea. Even take it further and don't require the user to visit the website to deactivate the PIN, have it automatically deactivate after one use.
Because it's easy to make a fake card and use a stolen 4-digit PIN, but it's hard to make a fake retina.
It might be hard to make a fake retina that would fool a human observer. How hard would it be to make a fake "retina" to fool a biometric censor? If I'm not mistaken, they're mostly visual, so you just need something that looks like a retina -- and the machine isn't going to complain if you're holding up your "eye" to the censor as opposed to leaning down to it.
Using violence does not take power away from the govenment, it gives the government MORE power. It NEVER works.
Except when it does.
For further reading, look up the history of any country on Earth.
"It's inconceivable to us that people wouldn't want to know about our valuable service!" How very self-serving.
I think you're being a tad too cynical and perhaps just a little snotty. How else are they supposed to let you know that they have your information on file, and provide you an opportunity to remove it? I mean, even Majordomo sends out confirmation email.
If they sent you some "newsletter" every day because you're a member, that I can see as shitty marketing, but a single email is hardly some spammy marketing blitz.
even google's seemingly unabtrusive adwords are annoying when i need to do research and need pages to come up fast.
What are you running? A 386? How long do you think it takes your browser to render a DIV tag anyway?
Thats a great link. All kidding aside, that is speicifically (that link) what people refer to when they discuss the standards software needs to meet to be used by the military? It was written in 1985 as well!
:(
That's the main book of the series, the orange book, and it's usually the one people refer to when they're talking about milspec compliance in their computing systems. Remember how Microsoft claimed NT4 was C2 compliant? You can see exactly what C2 means in that book. All in all, the book still stands up well, even being almost 20 years old, because it was written to outline concepts, not specific technologies.
The higher levels of compliance require that your software actually be thoroughly examined and tested by the NCSC -- since that's really the only way to know about any covert channels that might exist. I understand that testing is extremely expensive; but I don't have any further information about it.
There are a bunch of other books in the same series, pretty much all available here. Several years back you used to be able to request a hard copy of the entire rainbow series for free from Uncle Sam, but according to this link they don't publish the hard copies anymore, just CD-ROMs, which is a pity because they were a damn good way to fill up a bookshelf with intimidating-looking manuals.
Is there any official definition of what "Military Grade" means?
Yes, the Orange Book.
So what stops me from Setting up some bullshit bot to make as much money as possible in one game, and then just trading it for US dollars?
Currency devaluation. Basically the same reason that Bill Gates can't just print off new Microsoft stock certificates indefinately and expect them to keep selling at today's price.
One would assume that the people at GOM have done their homework and have a fluid pricing system that reacts to the changing market desires. If they don't, they'll be broke within the week.
Here I thought /. was the source for fair and balanced coverage.
As "fair and balanced" as that other fair and balanced news source anyway.
Note that, unlike the FTC, MC/VISA can penalize any customer they choose to without due process (and they have a record of doing so).
And you thought Joe Jobs were bad now... wait until the spammers have shut down their more legit competition by spamming their addresses and getting their merchant accounts yanked.