Slashdot Mirror


User: slim

slim's activity in the archive.

Stories
0
Comments
3,940
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 3,940

  1. Re:I have to say it on Provider of Free Public Domain Music Re-Opens · · Score: 1

    I think it's analogous to typesetting text. So the order and timing of the notes is not copyrightable, but the way it is presented on the page is.

    If you produced your own illuminated manuscript of some Shakespeare verses, you'd expect copyright on that image.

    As for "why would you want to, they're horrible" - consider reading an original typesetting of a 17th century document -- all funny looking 'S's and 'E's -- versus reading it typeset in a modern font.

  2. PRS on Provider of Free Public Domain Music Re-Opens · · Score: 4, Interesting

    My house was a licensed premises in a former life, and yesterday I received a letter from the Performing Rights Society (UK), explaining that if music was played on the premises (whether recorded or performed live) then I was obliged to pay them for a license.

    The letter strongly implies that ALL music is in scope. I just have to decide whether I have the energy and inclination to enter a debate with them about out of copyright works, or works with a permissive license.

    This would all be for my own entertainment. Any suggestions?

  3. Re:A solution in search of a problem on Brightnets are Owner Free File Systems · · Score: 1

    Just to mix it up a bit, E XOR F is a chunk of wikipedia_dump.tar.Z. So, are you sharing PD text, top 40 pop, terrorist plans, pedophile porn, or none of the above?

    Ya know, on a completely tangential thought, if Wikipedia really was "a project that attempts to summarize all human knowledge" (as it claims on it's page about itself), then that last option would instead be "all of the above". Just saying.

    Good thought. But in the example, you're only sharing A, not E or F. And wikipedia is E XOR F. And only a small chunk of of it, at that.

  4. Re:Encryption on Brightnets are Owner Free File Systems · · Score: 1

    On aside note, assuming computing power is no problem, wouldn't it be better to distribute multiple MD5 hashes of 128kb chunks of a given file. Then through brute force reassemble the file by solving for what the MD5 represents.

    You do realise that MD5 is specifically designed to make this extremely difficult, right? So your "assuming computer power is no problem" is quite a leap.

  5. Re:Encryption on Brightnets are Owner Free File Systems · · Score: 2, Insightful

    [...] lawyer's won't be fazed by significant technical differences if the end result is the same - they'll sue you first and leave the questions to judges in subsequent decades.

    The key to this is who the "you" that gets sued is. There are three classes of participant in this data transfer: uploader, downloader, and cloud member.

    It seems to me that this scheme makes the uploader and the downloader guilty, but difficult to catch (you'd need to catch them exchanging URLs), and the cloud members not guilty of anything.

    Cloud members would have no idea whether they were hosting (chunks of) copyrighted top 40 MP3s, legally redistributable freeware, communications between Burmese freedom fighters or plots to bomb American civilians. I wonder how many people would be comfortable with that.

  6. Re:Encryption on Brightnets are Owner Free File Systems · · Score: 1

    Replying to my own post, but this IS just a sort of encryption - their main claim being because the data is encrypted, it's not copyright.

    I think the core concept is that you've got two chunks of data that XOR together to produce meaningful data, and there's an inherent symmetry such that you can't say which one's the key and which one's the encrypted data.

    Then you take those chunks independently and produce more chunks from other source material. So now chunk A is the 'key' to get X from B, Y from C, Z from D, etc. Or, an equally valid view, chunk A decrypts to X if you use B as the key, to Y if you use C as the key, to Z if you use D as the key.

    So, how can anyone say what A really is? It lots of things, and nothing, at once.

  7. Re:A solution in search of a problem on Brightnets are Owner Free File Systems · · Score: 2, Insightful

    If you want P2P, this is no better than BitTorrent - and at first glance not nearly as robust.

    If you're a seeder, it is "better" in the sense that (arguably) the chunks you're serving are not illegal to share.

    Let's say you're serving just one chunk - A. A on its own is useless, and very difficult to demonstrate as illegal. Other people are serving B, C, D, E, F. A XOR B is a chunk of project_gutenberg_king_james_bible.txt. A XOR C is a chunk of britney_spears_toxic.mp3. A XOR D is a chunk of terrorist_plans.pdf. A XOR E is a chunk of lolita_rape.avi. Just to mix it up a bit, E XOR F is a chunk of wikipedia_dump.tar.Z

    So, are you sharing PD text, top 40 pop, terrorist plans, pedophile porn, or none of the above? Is A the key to E or vice versa? Is F the key to E or vice versa? Every one of these chunks can *simultaneously* be part of a completely innocuous file, and part of something illegal or immoral.

    It seems that there is a certain sort of person who likes to facilitate illegal filesharing. The advantage to those guys is that you can deny knowingly sharing copyrighted material. It's not just plausible deniability - you'd actually be telling the truth.

    The downside is you don't get to choose what to share. I get the impression that many sharers rather like to know what it is they're distributing. Here you could be facilitating terrible things, and you'd never know..

  8. Make it climb and I'm in. on IRobot Looj Gutter Cleaning Robot Review · · Score: 1

    Like many other urban Britons, I have a flat in a moderately tall building (3 storeys in my case). Health and safety rules preclude ladders this tall, so basically any time maintenance is needed, you have to work from indoors or use scaffolding.

    It would be /really/ handy to have a remote control gutter cleaning tool (I hesitate to use the word robot) that climbs the inside of a downpipe in order to reach the guttering. Someone make it. I'll buy it.

  9. Re:hipotesis on When Is a Self-Signed SSL Certificate Acceptable? · · Score: 2, Informative

    Except that the certificate authority also issues the private key at the same time. Otherwise they couldn't validate the signature themselves. No.

    1. User generates a public/private key pair
    2. User sends request to CA, containing their public key - nothing confidential here
    3. CA verifies identify of requestor by whatever means their process specifies (increasingly lax, it seems)
    4. CA creates certificate and signs it with CA private key
    5. Certificate may now be given to anyone - it contains nothing confidential.
    6. Owner of the private key can authenticate themselves - "Look, I've signed this with my private key. And this certificate proves that the public key you use to verify the signature is mine."
  10. Re:Always. on When Is a Self-Signed SSL Certificate Acceptable? · · Score: 1

    So, who is responsible for a phishing attack using a legitimate cert?

    You can say 'the user' all you want, but certs themselves are to blame. They are not a usable authentication tool, despite the claims.

    I don't get it.

    The browser's doing it's job: it displays the hostname.
    The certificate's doing it's job: it validates that the server is run by someone who owns that hostname's private key.

    If private data is sent to the wrong hostname, how is this not the user's fault?

  11. Re:hipotesis on When Is a Self-Signed SSL Certificate Acceptable? · · Score: 5, Informative

    Infact, having a third party signing your certificate potentially reduces it's security, since they are now in possession of the certificate too, and have likely transmitted it to you via plain text email.

    HUH?

    There is nothing whatsoever that is confidential in an X.509 certificate.

    It is a chunk of bytes that says "Public key P corresponds to identity I, according to authority A", and it contains a signature created using A's private key, which ANYONE can check using A's public key.

    During the whole request and issue process, the secret bit -- I's private key, never leaves I's possession.

    The certificate could be printed in the New York Times, with no loss of security.

  12. Re:Interesting on When Is a Self-Signed SSL Certificate Acceptable? · · Score: 1

    Why would you feel more comfortable if the guy in the truck had paid fifty bucks to get a signed document saying "I'm authorized to do what I'm doing. Signed: Epstein's Mom"?

    It doesn't say "I'm authorised to do what I'm doing", it says "The bearer of this certificate is John Smith, 23 Foo Street, Bartown".

    And it's not signed "Epstein's Mom", it's signed "Trusted Identity Corporation".

    So, if your jiffy bag full of diamonds goes missing, you can go to the police and state with a high degree of confidence who had them when you last saw them.

    Whether or not you consider "Trusted Identity Corporation" (Verisign, Thawte, whatever) to have done an adequate job of identifying John Smith before issuing him a certificate, is another matter. If you don't, remove their CAs from your browser.

  13. Re:Interesting on When Is a Self-Signed SSL Certificate Acceptable? · · Score: 1

    If someone knocked to your door and asked for your money would you give it to him because he has a bulletproof truck so the money will be safe all the way to whatever it is going to? Or would you trust the guy in the truck because he showed you a self-signed document saying: "I am authorised to do what I'm doing. Signed: me." Of course not!


    Your whole post is right on the money. But just to play devil's advocate, you might trust this unauthenticated man to delivery a low-value parcel in his high security truck. If he then returned, providing a good service again and again, each time presenting the same self-signed authentication, you might then trust him to delivery something more valuable.


    Just as in the real world, computer security is all about risk assessment. Unfortunately, the designers of PKI haven't succeeded in making it simple enough that most people can make an educated assessment -- because it's hard.

  14. Re:Interesting on When Is a Self-Signed SSL Certificate Acceptable? · · Score: 1

    because it is "self-signed" (which means that it is signed by itself, for those not familiar with the SSL lingo). Gee, thanks for solving that mystery for the rest of us! I get the impression that many posters think that it means 'signed by the owner', which is a bit more general than the strict meaning: 'signed using the private key corresponding to the public key in the certificate'.

  15. Re:Always. on When Is a Self-Signed SSL Certificate Acceptable? · · Score: 1

    Certs are very poor authentication tokens.

    Maybe so, but poor or not, authentication is their function. You don't need a certificate for encryption.


    I sometimes wonder why the designers of SSL mandated a certificate at the server end. I guess they couldn't think of a situation where you'd want to encrypt data to/from a completely arbitrary unauthenticated entity.

  16. Better than the alternative on When Is a Self-Signed SSL Certificate Acceptable? · · Score: 1

    The alternative to accepting individual certificates, is for 'Hypothetical Piracy Enablers' HPE to create their own CA, and for you to accept their CA certificate as a trusted signer.

    There's nothing technically difficult about becoming a CA. OpenSSL can handle the bit-twiddling aspect with no problem. The hard bit about being a CA is all the authentication that's supposedly done before signing a certificate, and the risk and liability responsibilities taken on.

    It sounds very convenient to accept HPE's CA certificate -- but wait -- that would mean that if some crook could persuade HPE to sign a certificate for (say) hsbc.com, your browser would accept it every time.

    So, in this case, since you probably don't trust the signer all that much, it's better to accept the self-signed site certificate.

  17. Re:One does not follow the other... on Japan Imposes "Fine On Fat" · · Score: 1

    Where I'm from friends don't impose their own views of what is and is not bad on you.

    If I'm an adult and make an informed decision to smoke cigarettes I really don't see how that's any business of yours or the Governments.

    I bet there's some vice where suddenly you'd change your tune. Would you intervene if a friend was getting into crack cocaine?


    The fact that there's a sin tax indicates that the electorate, on balance, wants to interfere with your right to smoke cheaply (either that, or democracy isn't working - let's leave that discussion for another day) for your own good. Whether /you/ see it as their business or not, is immaterial.


    Incidentally I see this as a much better way to fight the harmful effects of drugs. I advocate the legalisation of all drugs, to be sold through licensed businesses with high taxation; the proceeds would be spent on activities to lower drug use.

  18. Re:One does not follow the other... on Japan Imposes "Fine On Fat" · · Score: 1


    We should get rid of cigarette taxes altogether, IMHO. It's a great idea in theory but why the hell should the Government be regulating what I do with my body?
    Because friends don't let friends ${bad_thing}. So (if we lived in the same country) I am helping you, by voting for a government that dissuades you from ${bad_thing}.

    The revenue, the cost of cigarette related healthcare, those are secondary matters in my opinion.

  19. Re:What about the codecs for backing up? on Best Way To Store Digital Video For 20 Years? · · Score: 1

    What are the odds of any of these formats being playable in 20 years time, or just transcodeable? If you're seriously worried about this, include the source code for mplayer (and associated libraries) in your backup.
  20. Re:Cassette or Floppy Diskette on Best Way To Store Digital Video For 20 Years? · · Score: 1

    And how many that don't?

    The last time I needed to recover data from a 10 year old 40 track 5.25" floppy, after much effort, I found it was completely blank. Not even a sector editor could find anything.

  21. Re:geocaching in a paranioa-state on Geohashing Meets an Angry Rancher With Firearms · · Score: 1

    Too many people wigging out nowadays with the "unattended package" scares to geocache anymore. If you go out in the woods and leave something hidden, or interact with something hidden, and someone sees you, too great of odds that they will call the bomb squad or DNR or something like that. So we should stop doing something perfectly legal and innocent, just in case someone mistakes it for a different activity?
  22. Re:Tories vs Labor on UK Can Now Hold People Without Charge For 42 Days · · Score: 1

    It's more that Labour moved right than that the Tories moved left.

    So now there's no electable left-wing party. It's a tragedy.

  23. Re:Why complain? on Open Source Killing Commercial Developer Tools · · Score: 1

    If you don't have a .emacs file then you kind of missed the point with Emacs.

    Of particular benefit is a function like:

    (global-set-key [A-f10] 'electric-buffer-list)

    which binds a key to a function.

    The problem with this that you begin your Emacs life with something that's hardly usable - having to memorise verbose commands like (I paraphrase because I never did manage to commit them to long term memory) meta-x-save-buffer, meta-x-quit, meta-x-return-to-tutorial... ... and the posited solution is that you immediately become a power user, and start binding commands to key combinations - which is effectively designing your own UI. I write servers and command line apps. I'm not very good at writing UIs, even ones for myself.

    I get the impression that you could get very fluent at Emacs, yet without your .emacs loaded - or worse, with someone else's .emacs loaded - be totally flummoxed.

    Yeah, you can also customise vim's UI - but I don't because I already know how to use it as it is.
  24. Re:A Complete Load of Fetid Rabbit Droppings on Open Source Killing Commercial Developer Tools · · Score: 2, Interesting

    If you can live with emacs - and not feel sick to the stomach using something written and endorsed by Stallman Good lord, do you have to grit your teeth every time you use GNU date or GNU grep?

    Face it, Emacs users love it. I've never got past the initial learning curve - my poor weak head can't retain the most basic Emacs commands such as save or quit, for long enough to use them next time. I never had that problem with vi. But that's not the point. Emacs users are not using it because they're cheap. They use it because they like it.

    You don't see vendors with successful products (i.e. Visual SlickEdit editor - powerful and platform-independent) whining about OSS authors owning the market. Without a doubt, they'd do better in the absence of Open Source. The reason they don't whine is that they recognise that there's no reason the playing field should be biased to their advantage.
  25. Re:So now we have the on Scientists Surprised to Find Earth's Biosphere Booming · · Score: 1

    So why should I have to give up my reproductive rights or feel guilt for doing what has brought 100% of the people in the world here?

    That's great that you are able to live that close to your job. I used to live a nice twenty minute stroll from work too. I worked there for seven years. I reached the pinnacle of what I could do there and as the company was recently taken over by an overseas mega-corp, I decided it was time to pursue different opportunities. My new job is a bit out of "strolling range". For that matter, any house within strolling range of my new job is out of our price range. So I need a vehicle to get there and back.

    Is that a sin? NO.

    [snip]

    And that is the problem. People like you don't like that I drive a car. People like you don't like that I have a child. It bugs you that I use up so many resources. No, neither of those things bug me at all. What bugs me is that you seem to want those things to stay artificially cheap. You chose ("I decided") to take a job further from home. Fuel cost is a factor in that choice. Markets will see to it that your reliance on scarce resources becomes more expensive as they get scarcer. That's fine. What bugs me is that people whine when it happens.

    Likewise, I wouldn't deign to deprive you of your right to breed. But I don't see other people's taxes should make parenthood an even more attractive prospect than it is already.

    So, you are going to take a woman that can support herself, and make her artificially dependent of the government because you want to artificially drive up the fuel prices to punish me for my lifestyle choices? Well, I come from a society where artificial dependence on the government is considered pretty normal. But our disagreement seems to hinge on this: you think I'm advocating 'artificially high' fuel costs. I think you're advocating 'artificially low' fuel pricing.

    Seriously, I hope we develop some alternative fuels and crops soon, so that people can drive around and reproduce cheaply. Until then, as oil becomes scarcer, it's going to get more expensive and we're going to have to make difficult choices -- grit our teeth and pay what it costs, or use less.

    BTW Smug as I am about the walk to work, I'm no eco saint. I do own a car. I piss away electricity and heating fuel. But I don't complain about the price.