Or another time, I was messing around with CSS and managed to create a neat little script that did text dropshadows. It took the length of the text based on font type and size (it only worked with one font) and calculated the correct offset for the top text. It worked really nice.
It is possible to abuse a standard and still have a valid CSS. If your effect relies on a certain font, how is it going to look on a text-only browser like lynx, or a system for the visually impaired? What if the user is using IE, but doesn't have that font installed?
The purpose of CSS is to separate the formatting of the document from the appearance. The style sheets cascade, meaning that a user could attach his own style sheet to your document to adjust for a disability, or lack of technology.
You may have written valid CSS, but you abused the standard and tried to do womething it was not intended to do. So, from a certain point of view, you were not "standards compliant" at all.
for someone so concerned with freedom RMS sure makes a lot of fuss about a name. What about my freedom to call something anything I like. Freedom of *speech* you know?
"Freedom of Speech" means that the federal government cannot imprison you for speaking your mind. RMS is not trying to give the government this power.
RMS is trying to receive credit for the GNU project's contributions to the operating environment, which are considerable. He has a valid point, and a good message, but I think he is using the wrong means to spread it.
I'll defend to the death, the rights of a content creator, to control how s/he chooses to redistribute their content.
That's really nice of you, but you're off-topic because no one is redistributing anyone else's content.
Barking Dogs is just linking to articles at the Dallas Morning News. The DMN is still distributing their own content, serving the pages from their own server.
My original post assumed a few things that perhaps needed to be stated. (1) The magical device needs no input (which goes against the law of conservation of matter), (2) the magical device can duplicate itself, and (3) the magical device needs no expertise to operate.
If any of those assumptions are false, then there would still be an economy.
Most likely, all of those assumptions would be false, but then this magical duplicator device is pretty far-fetched to begin with.
Imagine that there was a "duplication device" that could clone whatever you put into it... How would any manufaturer or store stay in business? Does this seem bad to anyone other than me?
If there were such a device, we wouldn't need business. Business is a means, not an end. There would be no need for money in a society where everyone has everything they want. There would be no need to work.
Some people would still do the things that they used to do for a living. For instance, I would still write software because I enjoy it. In the same spirit, someone would probably continue to make faster, safer cars, because they enjoy the activity, or want to see their loved ones drive safer cars.
No one would pay them. There would be no need for pay, because no one could offer them something they couldn't already have.
I have been running SuSE since 7.0 and have purchased 7.1-7.3
Do you upgrade your existing system (with the upgrade option) or back up your data and install fresh every time?
I am curious, because the last time I tried someone's "update" feature to upgrade my system (1997, Redhat 4.0) it made a mess. Since then, I have been backing up and installing fresh every time.
I currently run SuSE 7.2 and would like to move to 8.0 - so my question is, have you found SuSE's update to be clean, or should I continue to back up and install fresh?
There is also a Windows Eudora plugin, though it's still a little buggy. I'm working on it, give me time...;)
However, with email encryption, there is still the problem of validating keys. Most people don't understand why they have to check fingerprints and sign keys, and they get lost when you try to explain a "man in the middle" attack.
They may be organized, but they're not very smart. The affidavit concerning the keylogger used in the Scarfo case is worth a read. If I remember correctly, Scarfo was using Windows and AOL.
The Office CD you had included a virus? You should contact Microsoft immediately. They must've run a bad batch of CDs. I've never had one that was infected.
Ah, no.. I was intending it as a joke, calling "Outlook" a virus.. Oh, well, it looks like most people misunderstood it anyway.
I've never had a MS disc or disk ship with a virus either, though I did unwrap an AOL floppy one time to find it infected with AirCop.
I had to install Office on my computer at home last night, and I made a point to deselect Outlook. What do you know, it installed that damn virus anyway.
I looked at Herbivore, and you have a great idea, but your key exchange algorithm is vulnerable to a man-in-the-middle attack.
For instance, let's say Alice sends an email to Bob, and it's the first time they've emailed each other. Her Herbivore-compliant MUA automatically attaches her public key. I intercept the email and replace her public key with a different public key - one that appears to be from her, but for which I have the private key. Then I send this email on to Bob.
Because Bob's MUA automatically accepts Alice's key, he doesn't think to verify the key fingerprint with Alice, and he fires off an encrypted response. I intercept the response, decrypt it, read it, and then re-encrypt it (or anything I want, really) with Alice's real public key and send it on to her.
I now have the power to read or change any email that Bob sends to Alice. You can extend this example to see how I could gain the same power over email sent from Alice to Bob.
There is really no way to escape the need to check fingerprints and sign keys. Eventually, the user can build up a web of trust, so that he may not have to personally verify a new key. When he starts, though, he's going to have to check some fingerprints.
If you can make fingerprint checking and webs of trust easy to understand for the nontech, then you will change the world. Good luck!
Yep. I'll stick with my Telecaster and my Boogie, and all the analog cables and 70s stomp boxes in between.
I once called Roland to find out exactly when my Phase II was manufactured, and they had no record of ever manufacturing anything called a "Phase II." It was too old to have been entered into their new-fangled computers.
I've played with all the Line6 stuff; I've put it on tape side by side with the Boogie, and their best rectifier model just can't touch the real thing.
1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty;...
So yes, you could rip out all the comments as to who did what, but you are required to maintain the copyright notice which would include the developer's names. You can even rename it to Brianux, as long as you maintain that copyright notice, which would include Linus Torvalds, et. al.
IIRC Linux Kohan came out only days after the Windows release. For that title, I believe Loki had worked concurrently with the game developers so the two versions would be available at roughly the same time.
But in most cases, you're right. By the time the Loki port gets out, the game is old news.
But then there's people like me who are still playing Baldur's Gate and won't buy BG2 until I finish the first. I bought q3a for linux in a store for $10 about a month ago. I'm just not in to games enough to buy them when they come out. I rarely have time to play them, so by the time I get around to buying them they've been out for a while already.
Also, even though I am a linux user, I don't mind paying money for a good game. In fact, every time I upgrade my linux distribution, I make a point to buy a boxed version at CompUSA or Best Buy. I know I could download it, or get one of those budget CDs, but I like to support linux companies by buying their products. $40 for SuSE Personal is money well spent, in my mind.
It's also a source of great amusement for me to converse with CompUSA salespeople about linux distributions. That's more fun than any video game.
I could see it as potentially useful for some, but I certainly wouldn't go far as to call anyone who doesn't have it as lame.
Yeah, that was a rash statement that I regret making.
Not if all you want to do is validate that the person is indeed "aozilla", whatever that is.
That still doesn't work because slashdot's database could have been compromised, so you would be sending a (possibly) compromised key over https.
If someone emails me, claiming to be "aozilla," and we exchange public keys and then validate them on the phone, I now have a secure communications channel with that person, whoever it is. I still have no way to verify that it is the same person who posted under the name "aozilla" unless the post I read was signed by the same key that I have just validated.
Since we don't sign posts on slashdot, there is really no way to verify that the person you are talking to is the same person who made the post, even if you have verified that the key in the user account matches the key of the person you are talking to.
Since your userpage is not accessible via https, having your public key there doesn't exactly do much good.
It's better than nothing.
Of course, even if it was available over https, you would have to trust that slashdot was not compromised, and that slashdot's installation of SSL had not been compromised (i.e. compiled with a backdoor, or compiled with a compiler that knew to compile backdoors into SSL).
https or not, you're still going to have to validate a key by either checking the fingerprint with that person in a "secure" way, or by validating it through your web of trust. Just because you got it through https doesn't mean you're not vulnerable to a man-in-the-middle attack.
So yeah, it doesn't do much good technically, but I think it does social good since it eliminates that first "what's your key" email, and lets you get right to the validation part.
Slashdot Mirror
It is possible to abuse a standard and still have a valid CSS. If your effect relies on a certain font, how is it going to look on a text-only browser like lynx, or a system for the visually impaired? What if the user is using IE, but doesn't have that font installed?
The purpose of CSS is to separate the formatting of the document from the appearance. The style sheets cascade, meaning that a user could attach his own style sheet to your document to adjust for a disability, or lack of technology.
You may have written valid CSS, but you abused the standard and tried to do womething it was not intended to do. So, from a certain point of view, you were not "standards compliant" at all.
"Freedom of Speech" means that the federal government cannot imprison you for speaking your mind. RMS is not trying to give the government this power.
RMS is trying to receive credit for the GNU project's contributions to the operating environment, which are considerable. He has a valid point, and a good message, but I think he is using the wrong means to spread it.
Man I wish I had some mod points. Great post.
For every problem, government is a solution. It is very rarely, however, the best solution.
I'll defend to the death, the rights of a content creator, to control how s/he chooses to redistribute their content.
That's really nice of you, but you're off-topic because no one is redistributing anyone else's content.
Barking Dogs is just linking to articles at the Dallas Morning News. The DMN is still distributing their own content, serving the pages from their own server.
According to one of the linked articles that you evidently did not read, N-Sync ended up "on the cutting room floor."
My original post assumed a few things that perhaps needed to be stated. (1) The magical device needs no input (which goes against the law of conservation of matter), (2) the magical device can duplicate itself, and (3) the magical device needs no expertise to operate.
If any of those assumptions are false, then there would still be an economy.
Most likely, all of those assumptions would be false, but then this magical duplicator device is pretty far-fetched to begin with.
Imagine that there was a "duplication device" that could clone whatever you put into it ... How would any manufaturer or store stay in business? Does this seem bad to anyone other than me?
If there were such a device, we wouldn't need business. Business is a means, not an end. There would be no need for money in a society where everyone has everything they want. There would be no need to work.
Some people would still do the things that they used to do for a living. For instance, I would still write software because I enjoy it. In the same spirit, someone would probably continue to make faster, safer cars, because they enjoy the activity, or want to see their loved ones drive safer cars.
No one would pay them. There would be no need for pay, because no one could offer them something they couldn't already have.
I have been running SuSE since 7.0 and have purchased 7.1-7.3
Do you upgrade your existing system (with the upgrade option) or back up your data and install fresh every time?
I am curious, because the last time I tried someone's "update" feature to upgrade my system (1997, Redhat 4.0) it made a mess. Since then, I have been backing up and installing fresh every time.
I currently run SuSE 7.2 and would like to move to 8.0 - so my question is, have you found SuSE's update to be clean, or should I continue to back up and install fresh?
However, with email encryption, there is still the problem of validating keys. Most people don't understand why they have to check fingerprints and sign keys, and they get lost when you try to explain a "man in the middle" attack.
They may be organized, but they're not very smart. The affidavit concerning the keylogger used in the Scarfo case is worth a read. If I remember correctly, Scarfo was using Windows and AOL.
Let's avoid "long distance" charges by using the exact same phone lines...
No, you're using a different network.
The Office CD you had included a virus? You should contact Microsoft immediately. They must've run a bad batch of CDs. I've never had one that was infected.
Ah, no.. I was intending it as a joke, calling "Outlook" a virus.. Oh, well, it looks like most people misunderstood it anyway.
I've never had a MS disc or disk ship with a virus either, though I did unwrap an AOL floppy one time to find it infected with AirCop.
I had to install Office on my computer at home last night, and I made a point to deselect Outlook. What do you know, it installed that damn virus anyway.
I looked at Herbivore, and you have a great idea, but your key exchange algorithm is vulnerable to a man-in-the-middle attack.
For instance, let's say Alice sends an email to Bob, and it's the first time they've emailed each other. Her Herbivore-compliant MUA automatically attaches her public key. I intercept the email and replace her public key with a different public key - one that appears to be from her, but for which I have the private key. Then I send this email on to Bob.
Because Bob's MUA automatically accepts Alice's key, he doesn't think to verify the key fingerprint with Alice, and he fires off an encrypted response. I intercept the response, decrypt it, read it, and then re-encrypt it (or anything I want, really) with Alice's real public key and send it on to her.
I now have the power to read or change any email that Bob sends to Alice. You can extend this example to see how I could gain the same power over email sent from Alice to Bob.
There is really no way to escape the need to check fingerprints and sign keys. Eventually, the user can build up a web of trust, so that he may not have to personally verify a new key. When he starts, though, he's going to have to check some fingerprints.
If you can make fingerprint checking and webs of trust easy to understand for the nontech, then you will change the world. Good luck!
Anyone know how widespread this is?
SuSE with their YOU (Your Online Update)
YOU == YAST Online Update
Yep. I'll stick with my Telecaster and my Boogie, and all the analog cables and 70s stomp boxes in between.
I once called Roland to find out exactly when my Phase II was manufactured, and they had no record of ever manufacturing anything called a "Phase II." It was too old to have been entered into their new-fangled computers.
I've played with all the Line6 stuff; I've put it on tape side by side with the Boogie, and their best rectifier model just can't touch the real thing.
Well, I selected (+1, Informative), but for some reason it used (-1, Overrated). I am posting here in hopes that it will erase my moderation.
I'm very sorry.
Is this, by any chance, you?
From the GPL:
1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty;...
So yes, you could rip out all the comments as to who did what, but you are required to maintain the copyright notice which would include the developer's names. You can even rename it to Brianux, as long as you maintain that copyright notice, which would include Linus Torvalds, et. al.
IIRC Linux Kohan came out only days after the Windows release. For that title, I believe Loki had worked concurrently with the game developers so the two versions would be available at roughly the same time.
But in most cases, you're right. By the time the Loki port gets out, the game is old news.
But then there's people like me who are still playing Baldur's Gate and won't buy BG2 until I finish the first. I bought q3a for linux in a store for $10 about a month ago. I'm just not in to games enough to buy them when they come out. I rarely have time to play them, so by the time I get around to buying them they've been out for a while already.
Also, even though I am a linux user, I don't mind paying money for a good game. In fact, every time I upgrade my linux distribution, I make a point to buy a boxed version at CompUSA or Best Buy. I know I could download it, or get one of those budget CDs, but I like to support linux companies by buying their products. $40 for SuSE Personal is money well spent, in my mind.
It's also a source of great amusement for me to converse with CompUSA salespeople about linux distributions. That's more fun than any video game.
I can't get in either. I set Junkbuster to report itself as:
Mozilla/5.0 (Compatible; WebPong/2.5; Atari 2600)
So what's Microsoft got against Atari?
How about vmware? It works now!
Yeah, that was a rash statement that I regret making.
Not if all you want to do is validate that the person is indeed "aozilla", whatever that is.
That still doesn't work because slashdot's database could have been compromised, so you would be sending a (possibly) compromised key over https.
If someone emails me, claiming to be "aozilla," and we exchange public keys and then validate them on the phone, I now have a secure communications channel with that person, whoever it is. I still have no way to verify that it is the same person who posted under the name "aozilla" unless the post I read was signed by the same key that I have just validated.
Since we don't sign posts on slashdot, there is really no way to verify that the person you are talking to is the same person who made the post, even if you have verified that the key in the user account matches the key of the person you are talking to.
It's better than nothing.
Of course, even if it was available over https, you would have to trust that slashdot was not compromised, and that slashdot's installation of SSL had not been compromised (i.e. compiled with a backdoor, or compiled with a compiler that knew to compile backdoors into SSL).
https or not, you're still going to have to validate a key by either checking the fingerprint with that person in a "secure" way, or by validating it through your web of trust. Just because you got it through https doesn't mean you're not vulnerable to a man-in-the-middle attack.
So yeah, it doesn't do much good technically, but I think it does social good since it eliminates that first "what's your key" email, and lets you get right to the validation part.