Part of the problem is that the US (Federal) Government does not have an all-inclusive internet plan. Not all of the websites look or work the same. They are not laid out the same. They do not all use the same hardware or software. Neither should they be: the SEC has *far* different operating requirements than the CIA, NSA or FBI. Also, as has been mentioned, most of the 'US government' (i.e. all governments, not just federal) is NOT the Federal government, but state and local governments.
Even if you're not paying, it's not really anonymous; they have your ip adress at the least.
This is very true. Look at the lengths you have to go to to keep your email anonymous through the various anonymizing protocols/services. The truly paranoid will use multiple servers so that there is no single point of failure -- and cracking the chain requires a significant amount of resources. As with anything in the privacy/security/encryption arena, anything can be cracked, it is just a matter of the amount of time and resources that can be devoted to cracking and the amount of convenience that you are willing to give up for this security.
If you're just looking to bypass the corporate filtering-proxy, it won't take rocket science. If you're paranoid and don't want 'them' tracking you, well, that's another story... 'they' have infinite resources and time...;)
In addition, dying in battle is different than dying a slow, agonizing death by smallpox - I think it would be harder to get martyrs to take smallpox.
True, but if you're going to martyr yourself anyway, you could always put a bullet in your head (or take poison, or have a buddy put the lights out for you, etc) after you've infected a critical mass of victims.
the smallpox vaccine works extremely quickly
Sure, if you want to assume that the smallpox you're vaccinating against is the same smallpox that is causing the outbreak. If the virus has been modified, the vaccine might not work...
Poorly edited, poorly written. What was his conclusion anyway? Maybe I'm looking for too many technical details, but ending with "diversity improves security" implies that the solution is simply to replace *some* BIND servers with other servers. Yeah, that should work. Duh.
He went on to argue that "most security holes are due to buggy software. All the cryptography in the world is not going to change the buggy software problem."
In my experience, most security holes are caused by careless or ignorant users. Even if you take all the bugs out of all the software, there are still going to be security holes. Its like the locked doors at work: secure entrances are pointless if you hold the door open for the guy behind you (and you don't know the guy behind you).
under american law, after all, I can shoot someone if they break into my home
Uhhh... I'm not sure what "american law" you're thinking of, but (to my knowledge) there is no uniform law across all 50 states regarding how you may treat home invaders. Be careful spreading this type of misinformation around unless you have facts. OTOH, I'll quicly admit I'm wrong if you can show me a section of the USC that deals with this issue. As far as I know, this issue is left up to the various states, each of which treats it differently.
The GPL would not have to exist, however, if there was no such thing as copyright law. The code could be as free as you like, without the need to protect it from companies that would otherwise hoarde it.
Not *quite* true. If there were no such thing as copyright law, the GPL *couldn't* exist. You would lose the freedoms that the GPL provides. A company could take code, make modifications, and only release binaries -- never the source. Everything would (by definition) be in the public domain.
Of course, nobody would make any money selling shrinkwrap-software, so it probably wouldn't really matter as much...
Not that I disagree with most of what you say, and this really wasn't your point, but:
The way to avoid being struck by your enemies is to have no enemies.
Show me a man with no enemies, and I'll show you a man who never did anything worthwhile. If you're not pissing someone off, you're not doing anything...
often I'd go out at noon on a Saturday for brunch and movies with other friends, come back at 5, and Moose would still be sitting there at my desk in his bathrobe, no lights on, stereo on but no music, transfixed.
My roommate had a similar problem with the original. I'd go to bed at midnight, wake up at 7, he'd be landing on Mars. It wasn't a serious problem until the Friday afternoon that he mixed in some rum, got excited, and blew the speakers on my stereo...
If I understand this correctly, FT made a contract with Mosfet to pay him to code specific software.
You're also assuming that Mosfet fulfilled his end of the bargain. Who's to say that he never finished his assignment as given by FT. Not that I'm willing to give FT the benefit of the doubt, but (from all accounts) Mosfet ain't no saint either...
Heh. Good laugh on the FT site: "FT OSX". They'll steal just about anything, eh? BTW, can someone tell me what "anti-sniffer technology" is?
Uhhh... "sick company"? Check their latest 10Q for the amount of cash on hand. (Hint: it is in the billions, and the number rhymes with "dirty pix".) They can afford to have a massive marketing budget, even when IT budgets are shrinking and consumers seem to have stopped spending. When their cash level drops below, oh say $20b, then you can start worrying...
All too often a clueless construction worker rips up a section of fiber and causes some havok.
Or a not-so-clueless "backhoe operator" takes a chunk out of a section of fiber, crippling the nation's communications infrastructure to enable other mayhem to take place. Be afraid. Be very afraid.
How does pure Hydrogen compare to Propane? It needs Oxygen to burn too and as a gas it ought to dissipate fairly rapidly. But a propane leak is still very dangerous, so why would Hydrogen be safer?
I'm not certain, but isn't propane (C3H8) heavier than air (roughly 70% N2, 20% O2)? This means that the gas released from a propane leak will not dissipate as quickly as a hydrogen leak. Sure, both gases will cause a bad fire if ignited. Its just more likely that the propane will still be around when an ignition source is provided...
What I don't understand is why the engineers would settle for a one hour fire rating
One would presume they were operating on the theory that they would be able to contain a fire locally within one hour. Any fire that was started "conventionally" and not fuelled by an airliner full of jet fuel would have been able to have been contained by the buildings' fire suppression systems relatively quickly.
You forgot the gaping hole otherwise known as the Office document format...
What the hell are you smoking??
Sendmail and bind can not be patched in such a way as to eventually become completely secure. The architecture underlying sendmail is not conducive to creating security. These packages should be taken out of use. There are alternatives to BIND and Sendmail: use djbdns and qmail. I haven't used djbdns, but given the quality and ease of configuration for qmail, I wouldn't hesitate to recommend anything from DJ Bernstein. See http://cr.yp.to/djbdns.html and http://cr.yp.to/qmail.html.
It's a pity about the licensing on DJB's stuff. Otherwise I would imagine that they would be included in more distributions...
...because I can't come up with any reason for the embedded market to inflate that significantly that quickly
Uhhh... you don't *work* in the embedded market, do you? I write embedded software. The market is already huge. Don't think about where you *might* want to put microprocessors, think about where they already are: phones (cell/cordless), tvs, set-top boxes, microwave ovens, vcrs/dvds, stereo equipment,... the list goes on and on. Motorola, TI, and Intel are all big players in this market (among many others). As for transmeta being a player? The embeded market moves slower than that...
Don't just complain about infringements upon your civil liberties. Send a brief, polite letter with a VERY CLEAR MESSAGE to your elected representatives. The U. S. House of Representatives maintains a "write your rep" service at http://www.house.gov/writerep/. Compose your letter and send it off. Your voice counts more than you think; those who speak up are generally considered to represent the thoughts of as many as 50 people who think the same but don't necessarily speak up.
Companies also set the "right price" which could not be discounted - which protected mom and pops, as well as big companies because they didn't have to worry about competing on price. This doesn't just benefit the mom and pops, it benefits consumers -- albeit indirectly. You won't run into a situation where Some Big Box Store (Wal Mart?) comes into town, cuts prices below whatever anyone else in town is charging until all others in town are out of business, then jacks the prices above the point they were to begin with.
Corporations aren't legally bound to serve anyone except their stockholders.
Ideally, a corporation will cease to exist if it fails to provide value to its customers. This, of course, assumes that the marketplace works. Monopolies (see MS, AOLTW, AT&T, Verizon, etc) tend to prevent the marketplace from working in this manner.
Most governments have to at least pay lip-service to serving its citizens. Corporations don't even have to do that.
What rock have you been living under? Do the governments of China, Iraq, Iran, Afghanistan, or Cuba pay even lip-service to serving their citizens? If they do, it is nominal at best. Most of the world is not free.
Also, I don't have to own shares in my government to take part in its voting system.
No, you don't have to own shares in the government (a voluntary activity). But if you don't pay your taxes, you will eventually be labelled a felon, and you will thus lose your right to vote. (Note that the IRS claims that the US tax system is voluntary. As noted above, you can "volunteer" to pay taxes, or you can "volunteer" to go to jail.) It is also quite difficult in many areas of the country to vote if you are homeless or transient.
As for the previous poster's comment about corporations not being able to hire armies: what is to stop them? Why couldn't MS hire some goons, buy weaponry (guns, ammo, artillery, tanks, missiles, and a few helicopters), and take over a small country (like Australia)?
The scheme you describe probably isn't as bad as what currently happens, but it is still vulnerable to "man-in-the-middle" attacks. You're wrong about the one simple handshake -- there is also a transaction needed to look up the public key for the server, and then for the client. This is wherein the vulnerability lies:
Alice wants to buy a widget from Bob. Charlie is sitting on the wire during the conversation. Alice asks for Bob's public key, Charlie intercepts the request and returns his own.
It is not as simple as it sounds: "PKI" is the buzzword here: "Public Key Infrastructure", which doesn't really exist for commercial transactions in the way that you describe.
The Novus/Discover people are actually a treat to deal with (a rare occurance in this industry). I haven't used their one-time-number service yet (requires Java, which is IMHO unsupported in release-quality versions of Netscape), but you can find more info at the bottom of the page here
The value to consumers seems to mainly be convenience (everyone has had to replace a lost/stolen cc, right?). The value to merchants goes further, specifically in "card not present" transactions (e.g. online transactions). In these cases, if the consumer later claims that the charge is fraudulent, the cc will charge-back the merchant for the amount of the transaction: the consumer wins, the cc wins, the theif wins, and the merchant loses. It amounts to a significant portion of expenses for online businesses. Progress in this area will greatly benefit these businesses (especially small, online-only businesses).
For C++, Bjarne Stroustrup's "The C++ Programming Language" is the essential reference.
A couple of tomes from Microsoft Press are also valuable when it comes to thinking about the actual practices of writing code: Code Complete (Steve McConnell) and Writing Solid Code (Steve Maguire).
Others have mentioned the Dragon Book (Aho et al), The Mythical Man Month (Brooks) and anything by Knuth.
I would also recommend Programming Pearls (Chan, Bentley), The Psychology of Computer Programming (Weinberg), and for a taste of theory A Discipline of Programming (Dijkstra).
Most of the above books are "older" and all have help up with time.
date of birth and social security numbers should not be necessary to open an account with anyone, but a bank
And what is special about a bank? Since the banking industry was deregulated a couple of years ago, your bank is also (check all that apply):
an insurance company
a stock broker
a "financial supermarket"
a real-estate broker
a mortgage broker
a credit-card issuer
a venture capital firm
a bond underwriter
a market maker (nasdaq) or market specialist (nyse)
Your bank not only isn't capable of keeping your details secret, it doesn't want to. Your personal information is a MONEY MAKER!
And don't trust the government either: the state of South Carolina (I think it was SC, I may be a little off) was selling drivers' license photos for drivers licenses to private companies!
Slashdot Mirror
Part of the problem is that the US (Federal) Government does not have an all-inclusive internet plan. Not all of the websites look or work the same. They are not laid out the same. They do not all use the same hardware or software. Neither should they be: the SEC has *far* different operating requirements than the CIA, NSA or FBI. Also, as has been mentioned, most of the 'US government' (i.e. all governments, not just federal) is NOT the Federal government, but state and local governments.
Even if you're not paying, it's not really anonymous; they have your ip adress at the least.
;)
This is very true. Look at the lengths you have to go to to keep your email anonymous through the various anonymizing protocols/services. The truly paranoid will use multiple servers so that there is no single point of failure -- and cracking the chain requires a significant amount of resources. As with anything in the privacy/security/encryption arena, anything can be cracked, it is just a matter of the amount of time and resources that can be devoted to cracking and the amount of convenience that you are willing to give up for this security.
If you're just looking to bypass the corporate filtering-proxy, it won't take rocket science. If you're paranoid and don't want 'them' tracking you, well, that's another story... 'they' have infinite resources and time...
In addition, dying in battle is different than dying a slow, agonizing death by smallpox - I think it would be harder to get martyrs to take smallpox.
True, but if you're going to martyr yourself anyway, you could always put a bullet in your head (or take poison, or have a buddy put the lights out for you, etc) after you've infected a critical mass of victims.
the smallpox vaccine works extremely quickly
Sure, if you want to assume that the smallpox you're vaccinating against is the same smallpox that is causing the outbreak. If the virus has been modified, the vaccine might not work...
Poorly edited, poorly written. What was his conclusion anyway? Maybe I'm looking for too many technical details, but ending with "diversity improves security" implies that the solution is simply to replace *some* BIND servers with other servers. Yeah, that should work. Duh.
He went on to argue that "most security holes are due to buggy software. All the cryptography in the world is not going to change the buggy software problem."
In my experience, most security holes are caused by careless or ignorant users. Even if you take all the bugs out of all the software, there are still going to be security holes. Its like the locked doors at work: secure entrances are pointless if you hold the door open for the guy behind you (and you don't know the guy behind you).
under american law, after all, I can shoot someone if they break into my home
Uhhh... I'm not sure what "american law" you're thinking of, but (to my knowledge) there is no uniform law across all 50 states regarding how you may treat home invaders. Be careful spreading this type of misinformation around unless you have facts. OTOH, I'll quicly admit I'm wrong if you can show me a section of the USC that deals with this issue. As far as I know, this issue is left up to the various states, each of which treats it differently.
The GPL would not have to exist, however, if there was no such thing as copyright law. The code could be as free as you like, without the need to protect it from companies that would otherwise hoarde it.
Not *quite* true. If there were no such thing as copyright law, the GPL *couldn't* exist. You would lose the freedoms that the GPL provides. A company could take code, make modifications, and only release binaries -- never the source. Everything would (by definition) be in the public domain.
Of course, nobody would make any money selling shrinkwrap-software, so it probably wouldn't really matter as much...
What about my thumb? I could put out your eye!! Only my right one, though, I'm not quite coordinated enough with my left hand (yet) to do much damage.
Not that I disagree with most of what you say, and this really wasn't your point, but:
The way to avoid being struck by your enemies is to have no enemies.
Show me a man with no enemies, and I'll show you a man who never did anything worthwhile. If you're not pissing someone off, you're not doing anything...
often I'd go out at noon on a Saturday for brunch and movies with other friends, come back at 5, and Moose would still be sitting there at my desk in his bathrobe, no lights on, stereo on but no music, transfixed.
My roommate had a similar problem with the original. I'd go to bed at midnight, wake up at 7, he'd be landing on Mars. It wasn't a serious problem until the Friday afternoon that he mixed in some rum, got excited, and blew the speakers on my stereo...
If I understand this correctly, FT made a contract with Mosfet to pay him to code specific software.
You're also assuming that Mosfet fulfilled his end of the bargain. Who's to say that he never finished his assignment as given by FT. Not that I'm willing to give FT the benefit of the doubt, but (from all accounts) Mosfet ain't no saint either...
Heh. Good laugh on the FT site: "FT OSX". They'll steal just about anything, eh? BTW, can someone tell me what "anti-sniffer technology" is?
Uhhh... "sick company"? Check their latest 10Q for the amount of cash on hand. (Hint: it is in the billions, and the number rhymes with "dirty pix".) They can afford to have a massive marketing budget, even when IT budgets are shrinking and consumers seem to have stopped spending. When their cash level drops below, oh say $20b, then you can start worrying...
All too often a clueless construction worker rips up a section of fiber and causes some havok.
Or a not-so-clueless "backhoe operator" takes a chunk out of a section of fiber, crippling the nation's communications infrastructure to enable other mayhem to take place. Be afraid. Be very afraid.
Forgot this in my previous post:
How does pure Hydrogen compare to Propane? It needs Oxygen to burn too and as a gas it ought to dissipate fairly rapidly. But a propane leak is still very dangerous, so why would Hydrogen be safer?
I'm not certain, but isn't propane (C3H8) heavier than air (roughly 70% N2, 20% O2)? This means that the gas released from a propane leak will not dissipate as quickly as a hydrogen leak. Sure, both gases will cause a bad fire if ignited. Its just more likely that the propane will still be around when an ignition source is provided...
What I don't understand is why the engineers would settle for a one hour fire rating
One would presume they were operating on the theory that they would be able to contain a fire locally within one hour. Any fire that was started "conventionally" and not fuelled by an airliner full of jet fuel would have been able to have been contained by the buildings' fire suppression systems relatively quickly.
You forgot the gaping hole otherwise known as the Office document format...
What the hell are you smoking??
Sendmail and bind can not be patched in such a way as to eventually become completely secure. The architecture underlying sendmail is not conducive to creating security. These packages should be taken out of use. There are alternatives to BIND and Sendmail: use djbdns and qmail. I haven't used djbdns, but given the quality and ease of configuration for qmail, I wouldn't hesitate to recommend anything from DJ Bernstein. See http://cr.yp.to/djbdns.html and http://cr.yp.to/qmail.html.
It's a pity about the licensing on DJB's stuff. Otherwise I would imagine that they would be included in more distributions...
Uhhh... you don't *work* in the embedded market, do you? I write embedded software. The market is already huge. Don't think about where you *might* want to put microprocessors, think about where they already are: phones (cell/cordless), tvs, set-top boxes, microwave ovens, vcrs/dvds, stereo equipment,
Don't just complain about infringements upon your civil liberties. Send a brief, polite letter with a VERY CLEAR MESSAGE to your elected representatives. The U. S. House of Representatives maintains a "write your rep" service at http://www.house.gov/writerep/. Compose your letter and send it off. Your voice counts more than you think; those who speak up are generally considered to represent the thoughts of as many as 50 people who think the same but don't necessarily speak up.
Companies also set the "right price" which could not be discounted - which protected mom and pops, as well as big companies because they didn't have to worry about competing on price.
This doesn't just benefit the mom and pops, it benefits consumers -- albeit indirectly. You won't run into a situation where Some Big Box Store (Wal Mart?) comes into town, cuts prices below whatever anyone else in town is charging until all others in town are out of business, then jacks the prices above the point they were to begin with.
Bzzt! Wrong. This title has already been taken. I'm not sure if he was the first to manage this feat, but:
Germany was a "free country" when the Nazi party was elected into the second largest position in the German government in 1930.
Hitler was eventually appointed Chancellor in 1933 as part of a change of government that was within the law.
Within weeks he became dictator of a "free country".
(Obviously you can't be dictator of a free country as it becomes non-free after the installation of a dictator, but that's a separate matter.)
Corporations aren't legally bound to serve anyone except their stockholders.
Ideally, a corporation will cease to exist if it fails to provide value to its customers. This, of course, assumes that the marketplace works. Monopolies (see MS, AOLTW, AT&T, Verizon, etc) tend to prevent the marketplace from working in this manner.
Most governments have to at least pay lip-service to serving its citizens. Corporations don't even have to do that.
What rock have you been living under? Do the governments of China, Iraq, Iran, Afghanistan, or Cuba pay even lip-service to serving their citizens? If they do, it is nominal at best. Most of the world is not free.
Also, I don't have to own shares in my government to take part in its voting system.
No, you don't have to own shares in the government (a voluntary activity). But if you don't pay your taxes, you will eventually be labelled a felon, and you will thus lose your right to vote. (Note that the IRS claims that the US tax system is voluntary. As noted above, you can "volunteer" to pay taxes, or you can "volunteer" to go to jail.) It is also quite difficult in many areas of the country to vote if you are homeless or transient.
As for the previous poster's comment about corporations not being able to hire armies: what is to stop them? Why couldn't MS hire some goons, buy weaponry (guns, ammo, artillery, tanks, missiles, and a few helicopters), and take over a small country (like Australia)?
Alice wants to buy a widget from Bob. Charlie is sitting on the wire during the conversation. Alice asks for Bob's public key, Charlie intercepts the request and returns his own.
It is not as simple as it sounds: "PKI" is the buzzword here: "Public Key Infrastructure", which doesn't really exist for commercial transactions in the way that you describe.
The Novus/Discover people are actually a treat to deal with (a rare occurance in this industry). I haven't used their one-time-number service yet (requires Java, which is IMHO unsupported in release-quality versions of Netscape), but you can find more info at the bottom of the page here
The value to consumers seems to mainly be convenience (everyone has had to replace a lost/stolen cc, right?). The value to merchants goes further, specifically in "card not present" transactions (e.g. online transactions). In these cases, if the consumer later claims that the charge is fraudulent, the cc will charge-back the merchant for the amount of the transaction: the consumer wins, the cc wins, the theif wins, and the merchant loses. It amounts to a significant portion of expenses for online businesses. Progress in this area will greatly benefit these businesses (especially small, online-only businesses).
A couple of tomes from Microsoft Press are also valuable when it comes to thinking about the actual practices of writing code: Code Complete (Steve McConnell) and Writing Solid Code (Steve Maguire).
Others have mentioned the Dragon Book (Aho et al), The Mythical Man Month (Brooks) and anything by Knuth.
I would also recommend Programming Pearls (Chan, Bentley), The Psychology of Computer Programming (Weinberg), and for a taste of theory A Discipline of Programming (Dijkstra).
Most of the above books are "older" and all have help up with time.
And what is special about a bank? Since the banking industry was deregulated a couple of years ago, your bank is also (check all that apply):
- an insurance company
- a stock broker
- a "financial supermarket"
- a real-estate broker
- a mortgage broker
- a credit-card issuer
- a venture capital firm
- a bond underwriter
- a market maker (nasdaq) or market specialist (nyse)
Your bank not only isn't capable of keeping your details secret, it doesn't want to. Your personal information is a MONEY MAKER!And don't trust the government either: the state of South Carolina (I think it was SC, I may be a little off) was selling drivers' license photos for drivers licenses to private companies!