Until open source realizes this, they'll never make headway.
Many have realized this, but it's a case of "damned if you do, damned if you don't"
If free software follows spec and not Microsoft, then IE takes the cake because it can handle more of the code that's actually found in the wild and users might not understand the details, but they will notice this fact.
If free software follows Microsoft and not spec, then IE takes the cake because we've effectively handed the standards process to Microsoft and they'll do whatever they damn well please with it.
The only real solution is to convince web developers to develop sites to spec, and yes, in many cases that is a very steep uphill battle.
This is an idea I just came up with while reading your comment, so it hasn't had much time to ferment. Anyway, what if the state paid whatever part of the award the frauds couldn't and then imprisoned the frauds for as long as it took them to pay it back to the state (or life, whichever is shorter).
Obviously there would sometimes be cases where the state loses money, but think of the deterents involved. With an award guaranteed by the state, a cottage industry of bounty hunters will develop that actively tries to get defrauded, then take the frauds to court. In the presence of such a cottage industry, frauds would have a significantly more difficult time not getting caught and their risk goes through the roof. If they're successful for a while, then they're probably going to spend the rest of their life in jail when they do get caught, and if they're not successful, then they'll lose five times what they raked in and be off to find a better living.
Further analysis and critique is by all means welcome, as this is really just a few minutes pondering on my part.
Having an ID card won't accomplish anything unless someone actually checks the data.
Guard: "I can't let you on that flight, sir. I advise you to reschedule or cancel."
Ticketholder: "What? I don't understand. What's the problem?"
Guard: "You and three of your high school classmates who were caught setting toilet paper on fire at your high school over spring break your senior year are all ticketted passengers on this plane."
Ticketholder: "Whoa... hey now, that was just a senior prank... wait a second, Jimbo's gonna be on this flight? I haven't seen that guy in years!"
Guard: "Sir, you're going to have to come with me for questioning."
Ticketholder: "Huh?"
Guard: "You were last seen with Jimbo less than six months ago at a wedding reception." ....
This is the level of tracking that would have been necessary for a national ID card to effectively stop the terrorist attacks last month. Is that what people really want?
The other problem is that it's entirely possible for a low-profile member of Al Queda (low enough profile to have no record with the "intelligence" community) immigrate to the United States, live a textbook "normal" lifestyle for fifteen or twenty years, and then receive a call from an equally low-profile member of Al Queda back in Afghanistan, saying "Allah has called you to do his bidding" where "his bidding" is some act that was prearranged before the guy ever left Afghanistan. As has been pointed out in a few posts, it's the same problem we're seeing with Ebay ratings... build up a great record, and then betray it.
How else though would you deter people from doing it again?
Award the amount frauded plus quadruple damages to the victims... Just a suggestion. I don't know what the current limits are, but I doubt the current law allows for that much.
Re:Oh yea! Especailly the new Harry Potter set!
on
Battle Over Blocks
·
· Score: 3
I think the key to getting the full potental out of these sets to provide a huge ass box of miscellaneous lego to go with it.
Hear, hear! Amen!
My brother and I grew up on the transition from vanilla Lego bricks to the newfangled one time pieces (OTPs), so most of our enormous collection (about twenty-five cubic feet of plasticky goodness) is vanilla bricks, but there is a substantial minority of weird non-brick pieces (WNBPs) and just a few OTPs. Our older step siblings did not grow up on Legos at all. Come Christmas and birthday time, my neices and nephews get the bulk packages of vanilla bricks from me and my brother, and sets from their parents. Together, they make a wonderful compliment to each other.
Moderators: I would have rather been moderated -1: Obvious if there were such a thing. I find it really depressing that someone here thought an encrypted tunnel was an insightful solution to the problem of an insecure transit network.
Re:New Sets != Death of Imagination
on
Battle Over Blocks
·
· Score: 3, Interesting
...decrying that the new (more than just rectangles) sets are the death of creativity...
When I was 9 and my brother was 7, we built a huge layout using the castle themed stuff. The scene was a river flowing from a small lake through a valley with big mountains all around. On one of the mountains, there was a castle at the top. From that same mountain, there was a waterfall into the lake. In the lake there was another castle, with a rope bridge to the mountain, where a road went up to the other castle. Next to the lake, on the same side of the river as the two castles was a village, and there was a small bridge, wide enough for one cart, across the river. There were two armies in this scene. One, with the falcon crest, was defending the two castles and the bridge and consisted of a lot of archers. The other, with the lion crest, was a legion approaching from the narrow plain on the other side of the river, mostly spear, pike, and sword bearing infantry with few mounted soldiers. In all, the layout was about ten square feet and the valley was about three feet from floor to summit.
My brother and I titled this scene "The First Battle of the Rhine" and sent a photo in to the Lego Maniacs magazine (or whatever it was called, we were subscribers at the time) to be featured in the next issue. Our photo never materialized in print, and I know that this is entirely circumstantial, but over the next two years we saw Lego produce the following sets: a castle in a lake, 2 different a castle/fortress thingies on mountains (and pitiful two and a half inch mountains at that), and a river scene featuring a rope bridge piece over a river plate. At the tender ages of ten and eight, it was quite upsetting to see the apparent wholesale theft of my brother's and my ingenuity. Even more disconcerting, even at that age, was the idea that other kids wouldn't have to, and therefore wouldn't try to be as clever. The waterfall was just about the only unique idea we never saw in the Lego catalogues, which is odd, because I engineered the flashing lights from the monorail into the base of it behind some transparent bricks... it was possibly the most marketable part.
Of course, it never stopped us from buying more Legos... including all four of the aforementioned rip off sets.
Would you say the same for a Linux Distro then? Personally, I enjoy Linux coming with a ton of free apps.
That's all a distro is. Most distributors do some leg work on the software that they eventually distribute, but by large, they don't actually produce any of it. And they don't have to have meetings and make deals to put any of it on the CD, they just do it. Such is free software.
With Windows, though, all that stuff on the CD is either a Microsoft piece of code or some code that got on there via a hearty round of business meetings. There certainly was no end-user input on the subject of which of a particular genre of gizmo was chosen.
Take these two examples:
Red Hat was at one time, and I haven't followed much, but probably still is a very big GNOME supporter. That is, they employed quite a few developers who hacked on GNOME. However, since KDE is just as or more popular, it's also on the CD. Mind you that despite Red Hat's involvement, GNOME is still not a "Red Hat product".
Microsoft produced Internet Explorer. I don't think there is any doubt that Internet Explorer is a Microsoft product, or for that matter that it is a Microsoft product to a far greater extent than even Red Hat Package Manager is a "Red Hat product". Jump back a few years and think about browser market share in, for example, 1997. Did Microsoft ever include the more popular browser in its distribution of Windows? Not until recently, when the browser it did include became the most popular browser. Exactly the same situation exists with WinAmp and Windows Media Player, with the exception that there is still hope for WinAmp if certain goverments and their appropriate organs rightly apply the law.
I was refering to the actual directory structure and the fact that there actually are only 8 and 3 characters allocated. The only time a null terminator is necessary or even possible in a DOS filename is if the name is less than 8 characters or the extension is less than 3. Under any other circumstance, the allotted space is simply filled up completely and the kernel knows where the end is implicitly.
What ever made you think I was talking about your C ode?
What about printing? Can you print those onto transparencies without the 10"
screwing things up?
Sure, just make up a stylesheet that causes your presentation to be printable, call it "printable.css" and then switch that one occurence of the string "presentable.css" to "printable.css" in your presentation when you want to print it.
You're assuming that the phrase "you've nothing to fear - if you are not breaking the law" is the voice of law enforcement. I was assuming it was the voice of Congress. Remember, law enforcement doesn't actually have this power in the United States and won't if intelligent people would just respond appropriately to their Congresscritters. Budget considerations are possibly Congress' biggest soft spot. Pointing out the enormous expense of watching every innocent person without any resulting benefit in public or national security would definitely make a lot of legislators think twice. The trouble is that it's really hard for a less capable mind to understand why there's no benefit.
Government say about surveillance - "you've nothing to fear - if you are not breaking the law"
To this there exists this proper response: "If I'm not breaking the law, then you're wasting your time, as well as mine and everyone else's tax money by watching me, and you've got nothing to show for all that expenditure because I'm not breaking the law. Go after actual suspects."
Why is it OK to open someone's mail with a court order, but it's not OK to read their e-mail with a court order? Why is it OK to tap someone's phone with a court order, but it's not OK to tap the new cellphone they just bought, with a court order?
I think the problem many people see, which I'm not completely in agreement with but I'll swallow for a few minutes at a time, is that opening people's mail and tapping their phones is a multilateral business, i.e. law enforcement can't do it on their own, they actually have to get the USPS or a phone company's help. USPS and the telco's don't have to do squat unless there is a court order. I think email is pretty much in that same bag, law enforcement has to get someone's help in order to get any access at all, legal or not. We kind of have to trust our carriers in that respect, that they won't let just anyone, even law enforcement, see our communications without proper authority to do so. However, cell and cordless phone conversations can be had unilaterally without anyone's help, and so that natural check just doesn't exist there. For those of us using wireless networks, that natural check is gone from our email, too. Therein lies the debate over encryption. So I have mixed feelings on the subject, but I think those are the issues people have and why the new tech is (possibly) demonstrably different from the old tech.
1) Install (patches|updates|hotfixes) immediately. Preferrably, run a tool that handles this task semi-automatically, or if you're brave, completely automatically.
2) Don't run servers as (root|Administrator|God). Create an account for each server and run it as that user. However, have root own the binaries, configs, docs, and sundry associated with the server. Distributors should handle this.
3) [For distributors] Don't turn things on by default. People won't realize they're running them. If they want it, they'll turn it on themselves.
Imagine you are a regulator (if such a thing truely exists). It is your job to look out over an industry and make sure everyone is following the rules.
Your job is easiest when the industry consists of:
a) a few big companies
b) one huge company
c) lots of small companies and a few big ones
d) thousands of tiny companies and no big ones
Correct answer: b. Your job is easiest when you only have one company to watch.
So naturally, the government, who is the number one employer of regulators, would like to downsize as much as possible just like any big business (cough) so that they can (cough) maximize prof^H^H^H^H efficiency (cough). In order to do that, they need to lighten the load on all those regulators, and so, the government favors monopolies.
And that brief analysis doesn't even begin to take politics into account.
If all that garbage down at the bottom of a signed whatever is not an encrypted hash, timestamp, key id, etc, then would you please explain what it is?
And you're right, strictly speaking, having certificates does not require strong encryption. But if you've got them, there's not much you can actually do with them that doesn't require strong encryption.
"Signing" content with MD5 would be pointless. If I were going to modify the content, I'd update the MD5 sum, too. You can't do that with PGP unless you've got the private key.
Slashdot Mirror
Until open source realizes this, they'll never make headway.
Many have realized this, but it's a case of "damned if you do, damned if you don't"
If free software follows spec and not Microsoft, then IE takes the cake because it can handle more of the code that's actually found in the wild and users might not understand the details, but they will notice this fact.
If free software follows Microsoft and not spec, then IE takes the cake because we've effectively handed the standards process to Microsoft and they'll do whatever they damn well please with it.
The only real solution is to convince web developers to develop sites to spec, and yes, in many cases that is a very steep uphill battle.
Good call.
This is an idea I just came up with while reading your comment, so it hasn't had much time to ferment. Anyway, what if the state paid whatever part of the award the frauds couldn't and then imprisoned the frauds for as long as it took them to pay it back to the state (or life, whichever is shorter).
Obviously there would sometimes be cases where the state loses money, but think of the deterents involved. With an award guaranteed by the state, a cottage industry of bounty hunters will develop that actively tries to get defrauded, then take the frauds to court. In the presence of such a cottage industry, frauds would have a significantly more difficult time not getting caught and their risk goes through the roof. If they're successful for a while, then they're probably going to spend the rest of their life in jail when they do get caught, and if they're not successful, then they'll lose five times what they raked in and be off to find a better living.
Further analysis and critique is by all means welcome, as this is really just a few minutes pondering on my part.
Having an ID card won't accomplish anything unless someone actually checks the data.
Guard: "I can't let you on that flight, sir. I advise you to reschedule or cancel."
....
Ticketholder: "What? I don't understand. What's the problem?"
Guard: "You and three of your high school classmates who were caught setting toilet paper on fire at your high school over spring break your senior year are all ticketted passengers on this plane."
Ticketholder: "Whoa... hey now, that was just a senior prank... wait a second, Jimbo's gonna be on this flight? I haven't seen that guy in years!"
Guard: "Sir, you're going to have to come with me for questioning."
Ticketholder: "Huh?"
Guard: "You were last seen with Jimbo less than six months ago at a wedding reception."
This is the level of tracking that would have been necessary for a national ID card to effectively stop the terrorist attacks last month. Is that what people really want?
The other problem is that it's entirely possible for a low-profile member of Al Queda (low enough profile to have no record with the "intelligence" community) immigrate to the United States, live a textbook "normal" lifestyle for fifteen or twenty years, and then receive a call from an equally low-profile member of Al Queda back in Afghanistan, saying "Allah has called you to do his bidding" where "his bidding" is some act that was prearranged before the guy ever left Afghanistan. As has been pointed out in a few posts, it's the same problem we're seeing with Ebay ratings... build up a great record, and then betray it.
How else though would you deter people from doing it again?
Award the amount frauded plus quadruple damages to the victims... Just a suggestion. I don't know what the current limits are, but I doubt the current law allows for that much.
I think the key to getting the full potental out of these sets to provide a huge ass box of miscellaneous lego to go with it.
Hear, hear! Amen!
My brother and I grew up on the transition from vanilla Lego bricks to the newfangled one time pieces (OTPs), so most of our enormous collection (about twenty-five cubic feet of plasticky goodness) is vanilla bricks, but there is a substantial minority of weird non-brick pieces (WNBPs) and just a few OTPs. Our older step siblings did not grow up on Legos at all. Come Christmas and birthday time, my neices and nephews get the bulk packages of vanilla bricks from me and my brother, and sets from their parents. Together, they make a wonderful compliment to each other.
Moderators: I would have rather been moderated -1: Obvious if there were such a thing. I find it really depressing that someone here thought an encrypted tunnel was an insightful solution to the problem of an insecure transit network.
...decrying that the new (more than just rectangles) sets are the death of creativity...
When I was 9 and my brother was 7, we built a huge layout using the castle themed stuff. The scene was a river flowing from a small lake through a valley with big mountains all around. On one of the mountains, there was a castle at the top. From that same mountain, there was a waterfall into the lake. In the lake there was another castle, with a rope bridge to the mountain, where a road went up to the other castle. Next to the lake, on the same side of the river as the two castles was a village, and there was a small bridge, wide enough for one cart, across the river. There were two armies in this scene. One, with the falcon crest, was defending the two castles and the bridge and consisted of a lot of archers. The other, with the lion crest, was a legion approaching from the narrow plain on the other side of the river, mostly spear, pike, and sword bearing infantry with few mounted soldiers. In all, the layout was about ten square feet and the valley was about three feet from floor to summit.
My brother and I titled this scene "The First Battle of the Rhine" and sent a photo in to the Lego Maniacs magazine (or whatever it was called, we were subscribers at the time) to be featured in the next issue. Our photo never materialized in print, and I know that this is entirely circumstantial, but over the next two years we saw Lego produce the following sets: a castle in a lake, 2 different a castle/fortress thingies on mountains (and pitiful two and a half inch mountains at that), and a river scene featuring a rope bridge piece over a river plate. At the tender ages of ten and eight, it was quite upsetting to see the apparent wholesale theft of my brother's and my ingenuity. Even more disconcerting, even at that age, was the idea that other kids wouldn't have to, and therefore wouldn't try to be as clever. The waterfall was just about the only unique idea we never saw in the Lego catalogues, which is odd, because I engineered the flashing lights from the monorail into the base of it behind some transparent bricks... it was possibly the most marketable part.
Of course, it never stopped us from buying more Legos... including all four of the aforementioned rip off sets.
So colo a box with your land-line provider at the opposite end of the link and tunnel to it. Problem solved.
Would you say the same for a Linux Distro then? Personally, I enjoy Linux coming with a ton of free apps.
That's all a distro is. Most distributors do some leg work on the software that they eventually distribute, but by large, they don't actually produce any of it. And they don't have to have meetings and make deals to put any of it on the CD, they just do it. Such is free software.
With Windows, though, all that stuff on the CD is either a Microsoft piece of code or some code that got on there via a hearty round of business meetings. There certainly was no end-user input on the subject of which of a particular genre of gizmo was chosen.
Take these two examples:
Red Hat was at one time, and I haven't followed much, but probably still is a very big GNOME supporter. That is, they employed quite a few developers who hacked on GNOME. However, since KDE is just as or more popular, it's also on the CD. Mind you that despite Red Hat's involvement, GNOME is still not a "Red Hat product".
Microsoft produced Internet Explorer. I don't think there is any doubt that Internet Explorer is a Microsoft product, or for that matter that it is a Microsoft product to a far greater extent than even Red Hat Package Manager is a "Red Hat product". Jump back a few years and think about browser market share in, for example, 1997. Did Microsoft ever include the more popular browser in its distribution of Windows? Not until recently, when the browser it did include became the most popular browser. Exactly the same situation exists with WinAmp and Windows Media Player, with the exception that there is still hope for WinAmp if certain goverments and their appropriate organs rightly apply the law.
I was refering to the actual directory structure and the fact that there actually are only 8 and 3 characters allocated. The only time a null terminator is necessary or even possible in a DOS filename is if the name is less than 8 characters or the extension is less than 3. Under any other circumstance, the allotted space is simply filled up completely and the kernel knows where the end is implicitly.
What ever made you think I was talking about your C ode?
You are obviously someone who has never modified a DOS directory in a hex editor.
Just musing... I very rarely print anything. Maybe two or three pages per year.
What about printing? Can you print those onto transparencies without the 10"
screwing things up?
Sure, just make up a stylesheet that causes your presentation to be printable, call it "printable.css" and then switch that one occurence of the string "presentable.css" to "printable.css" in your presentation when you want to print it.
You're assuming that the phrase "you've nothing to fear - if you are not breaking the law" is the voice of law enforcement. I was assuming it was the voice of Congress. Remember, law enforcement doesn't actually have this power in the United States and won't if intelligent people would just respond appropriately to their Congresscritters. Budget considerations are possibly Congress' biggest soft spot. Pointing out the enormous expense of watching every innocent person without any resulting benefit in public or national security would definitely make a lot of legislators think twice. The trouble is that it's really hard for a less capable mind to understand why there's no benefit.
Government say about surveillance - "you've nothing to fear - if you are not breaking the law"
To this there exists this proper response: "If I'm not breaking the law, then you're wasting your time, as well as mine and everyone else's tax money by watching me, and you've got nothing to show for all that expenditure because I'm not breaking the law. Go after actual suspects."
Why is it OK to open someone's mail with a court order, but it's not OK to read their e-mail with a court order? Why is it OK to tap someone's phone with a court order, but it's not OK to tap the new cellphone they just bought, with a court order?
I think the problem many people see, which I'm not completely in agreement with but I'll swallow for a few minutes at a time, is that opening people's mail and tapping their phones is a multilateral business, i.e. law enforcement can't do it on their own, they actually have to get the USPS or a phone company's help. USPS and the telco's don't have to do squat unless there is a court order. I think email is pretty much in that same bag, law enforcement has to get someone's help in order to get any access at all, legal or not. We kind of have to trust our carriers in that respect, that they won't let just anyone, even law enforcement, see our communications without proper authority to do so. However, cell and cordless phone conversations can be had unilaterally without anyone's help, and so that natural check just doesn't exist there. For those of us using wireless networks, that natural check is gone from our email, too. Therein lies the debate over encryption. So I have mixed feelings on the subject, but I think those are the issues people have and why the new tech is (possibly) demonstrably different from the old tech.
why transliterate. Just use unicode.
That would work if we knew they were using unicode, but we don't. They could just as easily be using a transliteration into Roman letters.
I wouldn't want to look at walls in my own house and be shown advertisements.
Unless the glasses are surgically implanted onto your face, it's really not that big a deal.
And don't forget...
Cheese
...the friendly worm.
1) Install (patches|updates|hotfixes) immediately. Preferrably, run a tool that handles this task semi-automatically, or if you're brave, completely automatically.
2) Don't run servers as (root|Administrator|God). Create an account for each server and run it as that user. However, have root own the binaries, configs, docs, and sundry associated with the server. Distributors should handle this.
3) [For distributors] Don't turn things on by default. People won't realize they're running them. If they want it, they'll turn it on themselves.
Of course they like monopolies...
Imagine you are a regulator (if such a thing truely exists). It is your job to look out over an industry and make sure everyone is following the rules.
Your job is easiest when the industry consists of:
a) a few big companies
b) one huge company
c) lots of small companies and a few big ones
d) thousands of tiny companies and no big ones
Correct answer: b. Your job is easiest when you only have one company to watch.
So naturally, the government, who is the number one employer of regulators, would like to downsize as much as possible just like any big business (cough) so that they can (cough) maximize prof^H^H^H^H efficiency (cough). In order to do that, they need to lighten the load on all those regulators, and so, the government favors monopolies.
And that brief analysis doesn't even begin to take politics into account.
If all that garbage down at the bottom of a signed whatever is not an encrypted hash, timestamp, key id, etc, then would you please explain what it is?
And you're right, strictly speaking, having certificates does not require strong encryption. But if you've got them, there's not much you can actually do with them that doesn't require strong encryption.
So? Then whoever is modifying the content on the sly will also send the MD5 hash in advance, and separate from the actual content.
If you did that, then how could I verify the MD5 sum?
"Signing" content with MD5 would be pointless. If I were going to modify the content, I'd update the MD5 sum, too. You can't do that with PGP unless you've got the private key.