... just manage video configuration for programs that do direct video frame buffer access, or any such access that might be done in the kernel, for applications not involving X, or that can work better when bypassing X.
It can and it does work. The internet has a unique identifier for any given computer that is online at any given time. Yes, there is NAT and things that mean that many many machines have IPs like 192.168.1.1 but they are still uniquely addressable via the combination of IP addresses in the route to the machine (ie. the public IP used by the NAT router plus the local IP of the computer). MAC addresses and IPv6 addresses are numerous enough to uniquely identify users too. Further layers of apps/protocols/etc make these unique identifiers more user-friendly.
Web sites are fewer in number than there are people. So the domain names are usually adequate. People don't want to use IP addresses even with IPv4 (and will want to even less with IPv6). But even some domain names are getting unwieldy and that's with just several million of them. Scale that up to a few billion.
You don't. You choose a trustworthy provider. for some people that means BEING YOUR OWN PROVIDER--which is technically very possible with OpenID. Why would you need to hid your own information from yourself?
This is not a scalable solution. The problem isn't that MY OWN information might be utilized, but rather, that anyone's information might be utilized. The fix, using what OpenID has designed, would be to require everyone to be their own provider. And that doesn't fly.
Maybe the issue isn't clear. The problem with OpenID is that it allows authentication providers.
Also, isn't the present dog's breakfast of different authentication systems WORSE than OpenID? You give all this personal info, in varying formats, to multitudes of different entities and it is absolutely impossible to knwo where it is going. There are two sides to the traceability potentials in OpenID--and the flipside is that YOU can trace YOUR OWN info by providing your own identity. Proprietary systems or even big OpenID provider-only outfits like MSFT take that ability away.
There most certainly are problems with the existing system. But moving laterally isn't getting any closer to a clean universal solution.
No matter how OpenID is implemented that is ALWAYS how it works...THAT IS THE WHOLE POINT. You CANNOT have decentralised universal authentication schemes without the authentication provider plus an application provider being available. It's no different from Active Directory but on an internet-wide scale--you lose the ability to authorise if you lose contact with the AD server, even inf the DB server is on-line, but still AD/LDAP/Kerberos/whatever central directory service is considered essential in enterprise environments. Why are people find the concept to be a bad idea on the 'net?
I'm able to do a lot of SSH logins just find without having an authentication provider, and without giving the machine I login in to my password.
You are totally wrong. It simplifies a whole bunch of stuff. You keep your identity information with one provider of your choice--even yourself. You only need to remember one password (or two, if you have a backup identity) even if you had different aliases on every site (and login aliases would be easier to remember than passwords, and safe to reuse everywhere). OpenID-style authentication could be used to manage name, address, e-commerce info without having to re-enter it everywhere--you only have to deal with the provider (again, it could be yourself) which would make it practical to control who gets access to what info (so requests from openID consumers could be denied to sensitive info if they are not white-listed)
As soon as you login at one web site, you've now given them your password. They can now login on all your other sites. They know your universal ID. They know your universal password.
OpenID is more than having a single, simple login name used everywhere--that is the one place you are right. It
This is a bogus issue. Just choose a STANDARD FORMAT that is openly documented and unencumbered by patents (such as OGG with Vorbis and Theora). Since this is a non-DRM project, this will work. Then let the application developers make sure their products work right.
This whole idea of standards is so that data can be produced by any of a wide range of programs, and then accepted by any of a wide range or programs. Instead of targeting their product to a specific player, they need to target it to a specific standard, open, and unencumbered format. Standards are there to avoid this very problem BBC claims to have.
Then if BBC wants to be sure a player presents their product well, they should consider contacting the developers and financially sponsoring the project.
And how are they going to properly detect which channels are not being used? There are places where signals are present on virtually every channel except in the "lo band" (channels 2 to 6) and the reserved channel 37. These signals can be very weak, and not even detectable with a cheap antenna (rabbit ears or a simple loop for UHF), while fully receivable with a decent antenna. Some low power transmitter nearby with just a tiny antenna would fail to detect the transmitted signal, has no way to know what is being received by anyone, and would disrupt the TV signal.
The TV spectrum is actually shrinking. There are fewer channels available. While the digital technology can deal with things like stations being on adjacent channels, that allows for fewer TV channels, this capability is how the removal of channels 52-69 has been justified.
The FCC has also severely limited applications for new TV stations during the digital transition. After the transition is over (February 2009 is just the big peak, not the end), more new station applications are expected, especially for low power stations.
Using the radio spectrum for fixed point to fixed point connections on land is the wrong use. What we need, instead, is for "last mile fiber" to be installed to each home and business, and allow that fiber to be used at the other end by the provider chosen by the home dweller or business operator that it terminates at. Eventually, all TV should even go that way, which would free up even more spectrum (174-216 MHz, 470-608 MHz, 614-698 MHz), for mobile services where being tethered by a wire or fiber is not an option.
That isn't the job of OpenID--that is the job of the OpenID consumer as far as I can tell. You wouldn't WANT OpenIDs to be simple like yahoo or twitter or DNS, because you cannot guarantee uniqueness and name squatters will just take all the simple ones and you have the same old problem again.
And this is why a universal ID system just can't work.
Proper implementation of OpenIDs would map the more complicated but unique URI-style ID to your site alias, and like any proper forum site does with email addresses your openID would be hidden from view for privacy reasons (so you don't get spammers and general marketing scum crawling forums to scrape your ID off of them and create a profile on you).
But how do I hide it from the web provider I log in to? They getting too much information with this. With the usual way, I use a throw-away email address to sign-up.
This way you can create a site-based avatar but have the same credentials globally. Also, a good OpenID consumer would provide for one-to-many mapping, so that one actual user on the site could log in with any number of credentials. That way, if your OpenID provider leaves you in the lurch (say MSFT botches up their service to discourage people from using it and uses that as justification to shut the service down) the OpenID consumer can fall back to an alternative (even its own auth scheme instead of openID).
That's just another potential flaw.
When you log into such an OpenID compliant site it would work similar to Ubuntu's login--you would get a prompt for your user ID, then when you submit it would go away to see what ID provider/scheme you use then forward you to the proper authentication provider's site for the password (or whatever method they use to verify your ID). The site-specific profile determines the default, or you can override the default by entering the desired OpenID instead of your "simple alias".
You are now dependent on 2 provider's being up at the same time (unless you host your own authentication server). And this still doesn't provide any simplification like using the same ID to login everywhere (unless you login with a big long complicated one).
But no matter what you do, it really isn't practical to scale up IDs to world wide (billions) and have simple ones for everyone.
I want to be able to just login with my simple username Skapare, not some site name. That's not what OpenID does. And it really isn't going to work very well with billions of people all wanting nice simple names.
See the list of software. If you can't get any of those to run on DD-WRT with a web server (I note that there is no tiny implementation in C, yet), then see the protocol and write your own (please share).
If there should be a processing fee, then that fee should be paid by the accused if the content is found to be infringing.
Sure. Once the content is found to be infringing, and is not simply a legal fair-use, then the infringer should pay the costs to the infringed victim. It's up to a court to make the final decision. The infringed victim would likely already be asking for other damages. The cost of the takedown fee can be one of those. I have no problem with that.
Unfortunately, we don't get to just make up rules about how the phone system should work. The reality is that a company with a PRI gets to send whatever Caller ID number they want, and there are perfectly valid reasons for wanting to send a number that isn't active on that trunk (such as sending a toll free number or a call-back number for an inbound call center). The solution is for the FCC to make it a crime to spoof Caller ID in order to commit a crime, but I suspect that this is already illegal.
We do get to make rules and laws regarding commerce and fraud. We do get to choose how to make those rules and laws work. And merely making it a crime to spoof Caller ID won't stop those people who are already committing a crime (the scam they are doing in the calls). What we need is a Caller ID that can be trusted.
So be a little more creative. The law that requires validation of transmitted numbers can include a clause that allows a phone customer to submit additional phone numbers, which must be researched to verify that they really are owned by the phone customer (even if that number is obtained through a different phone company). If valid, the number can be added to the account.
The point is, we need to be sure the numbers are valid. Arguably, spoofing caller ID is already fraud. But the crimes will just continue to happen. Callers can continue to just not send caller ID if other laws allow them to do that. This just makes sure a caller ID number is valid. There is no value to legitimate phone users to have invalid caller ID info. And I don't want to go so far as to require phone companies to record the track of every phone call ever made just to track down scammers (although certain government entities appear to be doing just that, already).
A variant of the DMCA that merely granted ISPs the safe-harbor in exchange for identifying who placed the content online, and required a court order from a federal judge for a takedown, would have worked just as well in terms of enabling content hosting providers like YouTube. The RIAA and MPAA would certainly have not liked it. So while the safe-harbor aspect of the DMCA certainly had its benefits, other aspects of the DMCA clearly do not.
It's time to make some revisions on the DMCA, such shortening the takedown period, and requiring a federal judge's temporary restraining order to extend it. There should also be a minimum base damage liability for a false or fraudulent takedown (I propose $250 per day). Thus, even for individuals not making any money from content, there is something to recover from all those embarrassing days their content was gone. There should also be $25 processing fee paid to the ISPs per takedown. No more freebies.
I'm sure a lot of people reading this would argue that it should just go away. Well, that is very unlikely to happen.
The workers in the polling place gave us pencils with erasers to use. They said large fingers were causing multiple selections to be made. Apparently the touch sensors are overly sensitive, and cannot distinguish between the middle region being pressed. My guess is if the finger is being released unevenly, it registers the vote where the sensing was last received, which might be above or below depending on the angle of the finger. It worked correctly for me using the eraser end of the pencil.
There was also a sealed box with a long window on the side showing a paper roll with each selection being printed on it in text. It printed exactly what I voted for, as seen through the box. When the vote was finally confirmed, it printed some bar codes, which I assume is some kind of coding for the vote, maybe with a hash checksum. Presumably, if there is any need or demand for a paper audit, those rolls could be accessed and votes counted from there.
Then we won't need to deal with DST at all. Computers can be programmed/engineered to track time by geographic position. And they can always use UTC for an absolute time.
... then I should be able to build my own media playback device, using their source code, and it will work when I have the corresponding media and license key. If I choose to do such an implementation as a software "device" in my Linux based computer, will it really work? To me, that will be the big test.
A lot of these calls actually do come from overseas, usually the Caribbean or Africa. Some have been tracked to Pakistan, too. The phone companies need to block calls from overseas circuits with a domestic caller ID info attached.
You are referring to the victim's phone company. Sure, they are (probably) not involved in the spoofed phone calls in the first place. But the phone company providing services to the scammer is. That other phone company can stop the spoofing. But it costs some money to do so because it requires some added software on each phone switch to check the caller ID info to see that it matches the phone numbers on the customer's trunk circuit. Since that other phone company and the scammer are not in a business relationship with the victim, it would take passing a law to force this to happen. They should be required to have these checks in place along with both civil and criminal penalties for failure to do so.
The telco can transmit the caller ID info anyway, because they have no "intent to defraud, cause harm, or wrongfully obtain anything of value". Instead, this qualification should be removed so that the telco itself is disallowed to transmit a caller ID that is wrong. They have the means to determine if it is wrong (at least the first telco the caller is serviced by).
That's a different concept... useful, but it doesn't prevent any false statements by the person doing the calling. It certainly can help against robot calls. But the original story is about calls that people are involved in, who refuse to reveal their true identity, and falsify the caller ID.
What is wanted is validation of the caller ID info by a trusted party that would be in a position to know if it is correct or not. I see no reason to complete a call if the caller ID info is false under any circumstance (this would not apply to completing a call with no caller ID info provided).
... that larger businesses with lots of phone lines have connected via a trunk circuit to their telco (which doesn't vet the caller ID info against the numbers assigned to that customer).
What is needed is a law that applies to the telcos. It should require them to do the following in their telephone network. When a call is being established from a source that provides its own caller ID info (e.g. a customer phone switch), then the telco switch should do a lookup of the provided number against the list of numbers assigned to the customer connected through the circuit to that switch. If it is not in the list, the call is not completed. No circuit is allowed to be connected to a switch unless the phone number list is available for it, or it comes from another telco. There would be certain exemptions for government law enforcement and intelligence operations.
Slashdot Mirror
... just manage video configuration for programs that do direct video frame buffer access, or any such access that might be done in the kernel, for applications not involving X, or that can work better when bypassing X.
It can and it does work. The internet has a unique identifier for any given computer that is online at any given time. Yes, there is NAT and things that mean that many many machines have IPs like 192.168.1.1 but they are still uniquely addressable via the combination of IP addresses in the route to the machine (ie. the public IP used by the NAT router plus the local IP of the computer). MAC addresses and IPv6 addresses are numerous enough to uniquely identify users too. Further layers of apps/protocols/etc make these unique identifiers more user-friendly.
Web sites are fewer in number than there are people. So the domain names are usually adequate. People don't want to use IP addresses even with IPv4 (and will want to even less with IPv6). But even some domain names are getting unwieldy and that's with just several million of them. Scale that up to a few billion.
You don't. You choose a trustworthy provider. for some people that means BEING YOUR OWN PROVIDER--which is technically very possible with OpenID. Why would you need to hid your own information from yourself?
This is not a scalable solution. The problem isn't that MY OWN information might be utilized, but rather, that anyone's information might be utilized. The fix, using what OpenID has designed, would be to require everyone to be their own provider. And that doesn't fly.
Maybe the issue isn't clear. The problem with OpenID is that it allows authentication providers.
Also, isn't the present dog's breakfast of different authentication systems WORSE than OpenID? You give all this personal info, in varying formats, to multitudes of different entities and it is absolutely impossible to knwo where it is going. There are two sides to the traceability potentials in OpenID--and the flipside is that YOU can trace YOUR OWN info by providing your own identity. Proprietary systems or even big OpenID provider-only outfits like MSFT take that ability away.
There most certainly are problems with the existing system. But moving laterally isn't getting any closer to a clean universal solution.
No matter how OpenID is implemented that is ALWAYS how it works...THAT IS THE WHOLE POINT. You CANNOT have decentralised universal authentication schemes without the authentication provider plus an application provider being available. It's no different from Active Directory but on an internet-wide scale--you lose the ability to authorise if you lose contact with the AD server, even inf the DB server is on-line, but still AD/LDAP/Kerberos/whatever central directory service is considered essential in enterprise environments. Why are people find the concept to be a bad idea on the 'net?
I'm able to do a lot of SSH logins just find without having an authentication provider, and without giving the machine I login in to my password.
You are totally wrong. It simplifies a whole bunch of stuff. You keep your identity information with one provider of your choice--even yourself. You only need to remember one password (or two, if you have a backup identity) even if you had different aliases on every site (and login aliases would be easier to remember than passwords, and safe to reuse everywhere). OpenID-style authentication could be used to manage name, address, e-commerce info without having to re-enter it everywhere--you only have to deal with the provider (again, it could be yourself) which would make it practical to control who gets access to what info (so requests from openID consumers could be denied to sensitive info if they are not white-listed)
As soon as you login at one web site, you've now given them your password. They can now login on all your other sites. They know your universal ID. They know your universal password.
OpenID is more than having a single, simple login name used everywhere--that is the one place you are right. It
What are you afraid of? That you might have to choose more than one for yourself?
This is a bogus issue. Just choose a STANDARD FORMAT that is openly documented and unencumbered by patents (such as OGG with Vorbis and Theora). Since this is a non-DRM project, this will work. Then let the application developers make sure their products work right.
This whole idea of standards is so that data can be produced by any of a wide range of programs, and then accepted by any of a wide range or programs. Instead of targeting their product to a specific player, they need to target it to a specific standard, open, and unencumbered format. Standards are there to avoid this very problem BBC claims to have.
Then if BBC wants to be sure a player presents their product well, they should consider contacting the developers and financially sponsoring the project.
And how are they going to properly detect which channels are not being used? There are places where signals are present on virtually every channel except in the "lo band" (channels 2 to 6) and the reserved channel 37. These signals can be very weak, and not even detectable with a cheap antenna (rabbit ears or a simple loop for UHF), while fully receivable with a decent antenna. Some low power transmitter nearby with just a tiny antenna would fail to detect the transmitted signal, has no way to know what is being received by anyone, and would disrupt the TV signal.
The TV spectrum is actually shrinking. There are fewer channels available. While the digital technology can deal with things like stations being on adjacent channels, that allows for fewer TV channels, this capability is how the removal of channels 52-69 has been justified.
The FCC has also severely limited applications for new TV stations during the digital transition. After the transition is over (February 2009 is just the big peak, not the end), more new station applications are expected, especially for low power stations.
Using the radio spectrum for fixed point to fixed point connections on land is the wrong use. What we need, instead, is for "last mile fiber" to be installed to each home and business, and allow that fiber to be used at the other end by the provider chosen by the home dweller or business operator that it terminates at. Eventually, all TV should even go that way, which would free up even more spectrum (174-216 MHz, 470-608 MHz, 614-698 MHz), for mobile services where being tethered by a wire or fiber is not an option.
That isn't the job of OpenID--that is the job of the OpenID consumer as far as I can tell. You wouldn't WANT OpenIDs to be simple like yahoo or twitter or DNS, because you cannot guarantee uniqueness and name squatters will just take all the simple ones and you have the same old problem again.
And this is why a universal ID system just can't work.
Proper implementation of OpenIDs would map the more complicated but unique URI-style ID to your site alias, and like any proper forum site does with email addresses your openID would be hidden from view for privacy reasons (so you don't get spammers and general marketing scum crawling forums to scrape your ID off of them and create a profile on you).
But how do I hide it from the web provider I log in to? They getting too much information with this. With the usual way, I use a throw-away email address to sign-up.
This way you can create a site-based avatar but have the same credentials globally. Also, a good OpenID consumer would provide for one-to-many mapping, so that one actual user on the site could log in with any number of credentials. That way, if your OpenID provider leaves you in the lurch (say MSFT botches up their service to discourage people from using it and uses that as justification to shut the service down) the OpenID consumer can fall back to an alternative (even its own auth scheme instead of openID).
That's just another potential flaw.
When you log into such an OpenID compliant site it would work similar to Ubuntu's login--you would get a prompt for your user ID, then when you submit it would go away to see what ID provider/scheme you use then forward you to the proper authentication provider's site for the password (or whatever method they use to verify your ID). The site-specific profile determines the default, or you can override the default by entering the desired OpenID instead of your "simple alias".
You are now dependent on 2 provider's being up at the same time (unless you host your own authentication server). And this still doesn't provide any simplification like using the same ID to login everywhere (unless you login with a big long complicated one).
But no matter what you do, it really isn't practical to scale up IDs to world wide (billions) and have simple ones for everyone.
I want to be able to just login with my simple username Skapare, not some site name. That's not what OpenID does. And it really isn't going to work very well with billions of people all wanting nice simple names.
The community embraces OpenID with the same zeal they would embrace OpenTeleMarketing.
See the list of software. If you can't get any of those to run on DD-WRT with a web server (I note that there is no tiny implementation in C, yet), then see the protocol and write your own (please share).
If there should be a processing fee, then that fee should be paid by the accused if the content is found to be infringing.
Sure. Once the content is found to be infringing, and is not simply a legal fair-use, then the infringer should pay the costs to the infringed victim. It's up to a court to make the final decision. The infringed victim would likely already be asking for other damages. The cost of the takedown fee can be one of those. I have no problem with that.
Unfortunately, we don't get to just make up rules about how the phone system should work. The reality is that a company with a PRI gets to send whatever Caller ID number they want, and there are perfectly valid reasons for wanting to send a number that isn't active on that trunk (such as sending a toll free number or a call-back number for an inbound call center). The solution is for the FCC to make it a crime to spoof Caller ID in order to commit a crime, but I suspect that this is already illegal.
We do get to make rules and laws regarding commerce and fraud. We do get to choose how to make those rules and laws work. And merely making it a crime to spoof Caller ID won't stop those people who are already committing a crime (the scam they are doing in the calls). What we need is a Caller ID that can be trusted.
So be a little more creative. The law that requires validation of transmitted numbers can include a clause that allows a phone customer to submit additional phone numbers, which must be researched to verify that they really are owned by the phone customer (even if that number is obtained through a different phone company). If valid, the number can be added to the account.
The point is, we need to be sure the numbers are valid. Arguably, spoofing caller ID is already fraud. But the crimes will just continue to happen. Callers can continue to just not send caller ID if other laws allow them to do that. This just makes sure a caller ID number is valid. There is no value to legitimate phone users to have invalid caller ID info. And I don't want to go so far as to require phone companies to record the track of every phone call ever made just to track down scammers (although certain government entities appear to be doing just that, already).
A variant of the DMCA that merely granted ISPs the safe-harbor in exchange for identifying who placed the content online, and required a court order from a federal judge for a takedown, would have worked just as well in terms of enabling content hosting providers like YouTube. The RIAA and MPAA would certainly have not liked it. So while the safe-harbor aspect of the DMCA certainly had its benefits, other aspects of the DMCA clearly do not.
It's time to make some revisions on the DMCA, such shortening the takedown period, and requiring a federal judge's temporary restraining order to extend it. There should also be a minimum base damage liability for a false or fraudulent takedown (I propose $250 per day). Thus, even for individuals not making any money from content, there is something to recover from all those embarrassing days their content was gone. There should also be $25 processing fee paid to the ISPs per takedown. No more freebies.
I'm sure a lot of people reading this would argue that it should just go away. Well, that is very unlikely to happen.
Tyhaty asnd/ort "fgat fgingerts".
The workers in the polling place gave us pencils with erasers to use. They said large fingers were causing multiple selections to be made. Apparently the touch sensors are overly sensitive, and cannot distinguish between the middle region being pressed. My guess is if the finger is being released unevenly, it registers the vote where the sensing was last received, which might be above or below depending on the angle of the finger. It worked correctly for me using the eraser end of the pencil.
There was also a sealed box with a long window on the side showing a paper roll with each selection being printed on it in text. It printed exactly what I voted for, as seen through the box. When the vote was finally confirmed, it printed some bar codes, which I assume is some kind of coding for the vote, maybe with a hash checksum. Presumably, if there is any need or demand for a paper audit, those rolls could be accessed and votes counted from there.
The machines were "iVotronic" models.
Then we won't need to deal with DST at all. Computers can be programmed/engineered to track time by geographic position. And they can always use UTC for an absolute time.
... then I should be able to build my own media playback device, using their source code, and it will work when I have the corresponding media and license key. If I choose to do such an implementation as a software "device" in my Linux based computer, will it really work? To me, that will be the big test.
A lot of these calls actually do come from overseas, usually the Caribbean or Africa. Some have been tracked to Pakistan, too. The phone companies need to block calls from overseas circuits with a domestic caller ID info attached.
You are referring to the victim's phone company. Sure, they are (probably) not involved in the spoofed phone calls in the first place. But the phone company providing services to the scammer is. That other phone company can stop the spoofing. But it costs some money to do so because it requires some added software on each phone switch to check the caller ID info to see that it matches the phone numbers on the customer's trunk circuit. Since that other phone company and the scammer are not in a business relationship with the victim, it would take passing a law to force this to happen. They should be required to have these checks in place along with both civil and criminal penalties for failure to do so.
The telco can transmit the caller ID info anyway, because they have no "intent to defraud, cause harm, or wrongfully obtain anything of value". Instead, this qualification should be removed so that the telco itself is disallowed to transmit a caller ID that is wrong. They have the means to determine if it is wrong (at least the first telco the caller is serviced by).
That's a different concept ... useful, but it doesn't prevent any false statements by the person doing the calling. It certainly can help against robot calls. But the original story is about calls that people are involved in, who refuse to reveal their true identity, and falsify the caller ID.
What is wanted is validation of the caller ID info by a trusted party that would be in a position to know if it is correct or not. I see no reason to complete a call if the caller ID info is false under any circumstance (this would not apply to completing a call with no caller ID info provided).
... that larger businesses with lots of phone lines have connected via a trunk circuit to their telco (which doesn't vet the caller ID info against the numbers assigned to that customer).
What is needed is a law that applies to the telcos. It should require them to do the following in their telephone network. When a call is being established from a source that provides its own caller ID info (e.g. a customer phone switch), then the telco switch should do a lookup of the provided number against the list of numbers assigned to the customer connected through the circuit to that switch. If it is not in the list, the call is not completed. No circuit is allowed to be connected to a switch unless the phone number list is available for it, or it comes from another telco. There would be certain exemptions for government law enforcement and intelligence operations.
... our 37,964 overlords.
... post his email address (even if obscured from spammers) on that page.
... the hosting provider sued for misapplication of DCMA. I'm sure it would never happen, but I'd sure love to see it happen.