Your problem is, how do you communicate between the client and the server(s)? How do you determine who is going to send the file?
If Ana, Bert, and Chuck all have myfavtune.mp3, do they all just start spraying packets? You're going to need a way to talk back and forth.
Sue Mi, for example, requests myfavtune.mp3. She sends out her key and her IP. RIAA-Cop gets the request and sends back an OKIHAVEIT reponse, encrypted with Sue's public key, and RIAA-Cop's public key and IP. Sue sends back, encrypted, OKSENDTHEFILE. Same in reverse. Also, would you do away with browsing a node's file list? How would you work file swaps, then? What could reduce leeching?
Now, you can disperse the packets all you want and encrypt them all you want, but you still need unique information to route the packets unless you use a broadcast method that will not scale past a couple of transactions at a time.
You're protected from eavesdropping by an intermediate node, but not a compromised node actually sending or receiving the files in the P2P network.
RIAA-Cop then files a subpoena to your ISP requesting your particulars using the IP address, and you're no better off than you are now.
Think of the issue like a CDMA cell phone with good encryption. You need to have the phone ID itself to the tower in order to receive calls made to it, even though it would be hard to eavesdrop on the link, if you have access to the phone on the other end you're done for in terms of anonymity.
The only way around this would be server-client based. Every super node is a mediating server/router. Sue Mi sends a request to the server for file X, the server looks who has file X, and then mediates the exchange with no identifying information exchanged between Sue Mi and the sender. If the server keeps no logs, could be tough to trace after the fact who got what from whom.
But, the server is the weak point. If RIAA-Cop hacks a version of the software to hoover every request/send conversation with IP's and content, eveyone connecting trough that node is pretty well screwed.
9.
Governing Law and General Provisions. This Agreement will be
governed by the laws of Hungary, excluding
the application of its conflicts of law rules. This Agreement will
not be governed by the United Nations Convention on Contracts for
the International Sale of Goods, the application of which is
expressly excluded. If any part of this Agreement is found void and
unenforceable, it will not affect the validity of the balance of the
Agreement, which shall remain valid and enforceable according to its
terms. This Agreement shall automatically
terminate upon failure by you to comply with its terms. This
Agreement may only be modified in writing signed by an authorized
officer of Xupiter.
16.
Miscellaneous. (a) This Agreement constitutes the entire
agreement between the parties concerning the subject matter
hereof;(b) This Agreement and any dispute arising out of it shall be
governed by the laws of Hungary; (c) Unless
otherwise agreed in writing, all disputes relating to this Agreement
(excepting any dispute relating to intellectual property rights)
shall be subject to final and binding arbitration in the country of Hungary;
Every try to serve process in Hungary? Do you know what letters rogatory are?
To: debian-legal@lists.debian.org Subject: Open Letter to Michael Robertson From: bruce - at - perens.com (Bruce Perens) Date: Sat, 13 Apr 2002 00:24:54 -0700 User-agent: Mutt/1.3.28i
Attached is my open letter to Michael Robertson.
Thanks
Bruce
Title: Dear Michael Robertson Dear Michael Robertson, I don't think we've met, but you and I are partners. I'm one of the authors of the "Lindows" system.
First, I'd like to thank you for what Lindows.com has done to support Free Software: helping with the Debian and WINE conferences, contributing to the KDE League, and code contributions to WINE and through MP3.com.
I'm delighted to see you investing in a Linux-based desktop, and wish you all possible success in promoting it. Certainly you are welcome to sell copies of my software, and you don't have to pay me for the privilege. Modify it, use it for any purpose, all of that's fine.
But Michael, please remember that we are partners. For all that you've done for the Free Software community, we've done at least as much for you. And our partnership has rules that we are both honor-bound to follow. In the case of my work on Lindows, those rules are the terms of the GPL. You accepted those terms, and became my partner, when you chose to incorporate my software into your product and distribute it to others.
There is a pragmatic reason that I ask you to fulfill your source-code obligation any time you distribute a copy of my work from one legal entity to another: sadly, some companies never make it to release 1.0. In that case, the pre-release versions provide the only opportunity for a company to fulfill its source-code obligation. Another reason is that if we're lax in enforcing our terms with you, other companies will think they can violate those terms with impunity.
In addition to pragmatic reasons, there's principle. In entering into the GPL relationship, partners agree not to unilateraly modify their partnership, for example by overlaying the terms of a non-disclosure agreement upon the license. Partners agree not to delay their source-code obligation. You can be sure that I'll honor those terms when I distribute your code. If you want to behave differently, please negociate a new contract with me.
The terms of our partnership make it difficult for you to keep your system secret from your competitors before its release, and they obligate you to distribute the source for intermediate versions. Although this may cause you difficulty, it's necessary in order to operate a partnership that's fair to all parties. Some of those other parties are your competitors. We don't want to see them hold back changes from you, and we don't want to see anyone do needless, redundant work.
You seem surprised that some people in the community aren't friendly to your company. Too many of us have seen companies attempt, sometimes cynically, to capitalize on our work without ever understanding the source of our success, and without being good partners. One of the reasons your company has come in for criticism is that Lindows.com looks too much like Corel, and even seems to be following Corel's history. Corel tried to hold back source during its beta test, and tried to overlay an NDA on top of the GPL terms. It later turned out that Corel had KDE changes in development without feeding them back for so long that the public KDE source and the Corel version could not be reconciled. We'd prefer not to see a replay of that.
I was distressed by your treatment of FSF and Bradley Kuhn, reported in Newsforge. Brad is a reasonable person and is advised by a top-notch attorney, Professor Eben Moglen of the Columbia University Law School. As another of your partners, Brad was within his rights to ask to see the source. The comment you made about "eating your young" is inappropriate. In your place, I'd apologize to Brad and make sure that your company is fulfilling its entire obligation on a timely basis.
You also commented about the lack of successful Linux companies. This is not due to the community treatment of Linux businesses, but the fact that Open Source is not a business and should not be treated as one. It's successful when operated as a cost-center, in businesses that make their money some other way. The most successful ones use the software they develop for some business purpose: for example, Apache developers use the software to implement web sites for their business, IBM and HP make money by selling hardware that runs with Linux, not by selling Linux. Eric Raymond and others theorized that support would be a good way to fund Open Source, but the support model has under-performed so far, because the early adopters are too self-supporting. Sales of proprietary software to support the Open Source development are also underperforming, as Linux customers, even within the Fortune 500, have become wary of dependence on non-Open-Source. Thus, no Linux distribution has been more than marginally profitable so far. My surmise is that over the long term a non-profit like Debian supported by hardware manufacturers and other businesses will work best. But I'd be delighted to see you prove me wrong.
Michael, please email bruce - at - perens.com if there's anything I can help you with.
Google currently does not recognize search terms containing exclamation points, question marks, the @ sign, and other such characters. These characters are so common that including them in Google's index would greatly increase its size and hurt search performance. Furthermore, the use of punctuation on the Web is so inconsistent (for example, there's no obvious way to decide between Mr. and Mr) that including it in the query often does more harm than good.
That said, we know that many useful search terms do contain such characters. We've generated exceptions for terms like C++ and are studying ways to enable search terms like F# and C/net. We'll keep your feedback in mind as we work to improve the quality of our search.
For more information, visit http://www.google.com/help/refinesearch.html. Other helpful information can be found at http://groups.google.com in the http://groups.google.com/groups?hl=en&group=g oogle.public.support.general group.
Please don't hesitate to contact us with any other questions or concerns. Thanks for your interest in Google.
I really love google. I remember when AltaVista became a junky, bolated portal loaded with ads and cruft. Google was like a breath of fresh air--light, fast, and accurate.
The quibbles I have with Google are the lack of more advanced search features. This is a design choice to keep thinks fast.
Here's an idea: a paid subscription to Google (GooglePro?) to allow searches with pattern matching, term proximity, non-alpha characters (C#,.NET, 1.5" all stump google), date limits, etc.
Keep the good and add more real features (more steak for more $, not the AltaVista disaster of artificial sizzle only).
I see OS/2 all the time at my local used bookstore, which also sells used software and music CD's. It's usually like $10, with manuals, or something like that.
here [www.artima.com]. It's a 12 part continuation of the JavaWorld article.
Topics include how much subclasses should be "trusted", immutables, reasons for disallowing inheritance, copy v. cloning, factory methods versus constructors, and more.
No. The reasoning is that access to legal advice will be chilled if a client thinks the attorney can be forced to divulge the contents of his communication to the attorney. If a person has already committed an act and wants to know what kind of legal shape he's in--and assume for the moment he thinks he's made a pretty bad mistake--he's not likely to talk to someone that will possibly snitch (or be forced to snitch) him out.
Similarly, when the government prosecutes a criminal defendant--wants to take away his liberty or perhaps even his life--the accused has an absolute right to legal advice at all "critial stages." This advice should be confidential, otherwise the incentive is for the client to clam up or lie to the attorney, making a defense and or plea negotiation very very difficult. (Put yourself in the shoes of the defendant--would you open up about an event in a death penalty case to your lawyer when the Justice Department is both trying to kill you and listening in!)
Finally, keep in mind that the attoney-client privilige does not apply to serious future criminal conduct and cannot be used to shield plans to facilitate future criminal activity, especially if violence is involved. The ABA and every state has ethical rules when a lawyer must report, may report, an must not report things he or she learns during the course of representation. And, as others have mentioned, the USA can always try and get a court order to monitor converstations if they have real evidence (not just some wild guess or a "hunch") that criminal activity is afoot and being aided by sham attorney-client contact. Now the court is out of the loop, evidence is not required, and the fox is guarding the henhouse.
"Trust us, we're the government" does not fly with this American. Patriotisim means protecting core values during difficult times, not pasting a flag on your SUV and repealing the Bill of Rights.
Use counterpane's password safe (blowfish based). Yes, a logger will get that db's password, but you could keep the db on removable (and maybe flashable) media. Future versions of password safe could also use some kind of keyboard obfuscation technique, displaying some kind of translation table on the display, e.g.
Any "three letter" agency is unlikely to waste time and resources trying to cryptanalyze your PGP key/message. Instead, harwdware or software will be installed (pursuant to a court order, we hope) to capture keystrokes. Then, presto, all they need to do is type in your password.
There might be ways to frustrate some of this activity. One way might be to have the encryption software display random letter pairs in order to have the keyboard input differ from the actual password. There should also be padding keystrokes prompted by the software.
This method would slow things down, but with that CCD camera looking over your shoulder, I think the game would be up shortly.
Remember, security is a system and a process, not a single program or device in isolation. And it's hard to get right!
Once the attack is over, you go to the police. In our society, normal citizens are only allowed to use force that would otherwise be illegal, when the police are out reasonable reach...Like when you have shotgun in your face.
Sort-of. You are allowed various self-help remedies under certain circumstances.
Also, you *do not* need the police under many sets of circumstances. You can obtain court orders in the civil context that allow you access to seize the property of others (although you may need the Sheriff or US Marshal to preserve the peace or execute the court order).
Also, the police have exeactly the same rights as other citizens to use reasonable force, up to and including deadly physical force. They may use it to protect themselves or others from imminent danger. The practical side, though, is that--cop or no cop--if you use deadly physical force you'd better be right, or your butt is toast. Cops might get more of a benefit of this doubt on this as a practical matter, because we entrust this function to them. (There are also rules regarding the arrest aspect of physical force, but I'm talking here about the self-defense aspect.)
My second scenario is like a trespass analogy (and as I said, is likely illegal as I phrased it). Trespass is jusitified under many circumstances.
You are right, though--with regard to physical force or other intrusions upon the person or property of others, you must generally stop once the exegency is over and resort to the cops or the courts before you go further. Remeber, even the cops will need the power of the court under most circumstances (search warrant, arrest warrant, etc.) just like an individual (writ of replevin, forcible entry and detainer (for evicitions), seizure of evidence for a civil matter, and so on).
Well, that's not exactly right either. Remember, you're talking about laws dealing with *physical* force, not retaliatory/defensive computer intrusions.
Your scenario would be: Adam breaks into my server, so I go over and shoot Adam, or break his mousing arm with a baseball bat.
Compare: Adam breaks into my server and steals confidential data. I trace the attack back to Adam, infiltrate his workstation, and perform a destructive format of all of his hard drives.
IMHO, this latter form of "self help" is more of a grey area, legally. However, it may have negative practical consequences. (Piss off a black-hat subculture and risk annoying attacks from all quarters -- c.f. middle-east style escalation.)
IMO, an anti-worm worm is possibly illegal, and could lead to lots of civil liability if a bug is present in the code that trashes a server somewhere and they find out you released the anti-worm.
Not only is this a reduction in choice for users, but it's also a probable rollback of free software. As this Slashdot story mentioned, USWest.net presented slides showing thier extensive use of FreeBSD.
Of course, this is embarassing stuff to Microsoft, especially on their own systems.
Even though here in AZ uunet seemed to service the MSN dial-ups, I can't help but wonder if MS won't wipe out the FreeBSD infrastructure USWest.net (Qwest.net) has in place.
---
In a hundred-mile march,
Re:Windows NT was originally designed for the i860
on
What 1.7Ghz Is Like
·
· Score: 1
A pretty decent account of the early days of NT can be found in the book Showstopper! by G. Pascal Zachary. I'd never heard of the i860 chip until I read the book. (Search at your favorite booksite.)
According to the book, the i860 was a RISC chip pushed by intel in order to be "buzzword compliant." Because no-one was making a working coputer, MS had to build a prototype for development use.
MS soon found that the i860 had some major problems--and some suspected some of this was out of Intel's concern for cutting too much into profits from their X86 family. To make matters worse, there were no good debuggers or other tools for the i860, so much work was done on an i860 emulator running on an i386 (at a crawl!). The whole setup was so flaky no one could tell if it was code that was broken or the hardware as they tried to develop for the chip.
Finally, of course, MS gave up on the i860 and developed for X86, Mips, and Alpha (From Digital, Cutler's esrtwhile employer who nixed the precurser to NT, "Mica"), and then dwindled the OS's reach to X86 only in later releases.
I wonder if we'll ever see a desktop/server version of NT (2000/XP/whatever) on non-intel harwdare again? (Of course I'm posting this from FreeBSD and Opera, so what do I care:)
See my post below. Illegal search & seizure and the exclusionary rule only apply to the government in a criminal case, not to a private person. The Constitution restricts state action, not private persons. Doing such things may leave you liable for damages, however. See my post below for more on admissibility in a civil case.
I'm afraid you don't know what you're talking about. In a civil action, people don't "file charges." Only a government prosecutor can "file charges"--or more accurately seek an indictment by grand jury or by information with a preliminary hearing in front of a magistrate. Your points might apply if you were talking about ethical violations relating to prejudicial pretrial pubilicity by the government (state prosecutors or Fed. Assistant U.S. Attorneys). Similarly, innocent until proven guilty is a criminal concept; civil plaintiffs have the burden of proof/pursuasion (with a "more likely than not" standard).
Re. defamation, remember that truth is a defense. Stated another way, you can only defame someone with false statements. Second, some matters of public interest are covered by a qualified, constitutional privilige established by the Spreme Court in New York Times v. Sullivan. With a public figure or matter of public controversy, a plaintiff must often prove "actual malice," meaning not "spite or ill will" but that the defendant had "knowledge of falsity or reckless disregard for truth," but nevertheless published the statement(s). However, if the plaintiff is a private person and has not injected him/herself into a public controversy, then the plaintiff only needs to prove that the defendant was negligent in publishing the defamatory material.
With a private person & private controversy, usually negligence means falling below what a reasonable person or reasonable publisher would have done under the same circumstances.
There are other torts that might apply, however, like invasion of privacy.
One interesting question is whether obtaining the logs violated the Electronic Communications Protection Act (ECPA), 18 U.S.C. 2510 et seq.
Re. admissibility, pre-publication or not keeping something a secret has no bearing. All relevant evidence not otherwise inadmissible comes in. "Relevant" usually means "having any tendency to make the existence of any fact that is of consequence to the determination of the action more probable or less probable". An easy standard. Some possible grounds for inadmissibility:
Authentication. Under Rule of Evidence 901, there must be authentication or identification of what the evidence is and that it's genuine. This can be, e.g., by a person with personal knowledge, by expert testimony, or that the method or process was accurate.
Heresay. Hearsay is not admissible except as provided by the rules. Heresay is a statement made out of court offered for the truth of the matter asserted. However, it is not heresay if the statement was made by a "party opponent," that is the person you are suing or being sued by. There are other qualifications and exclusions (see Fed. Rules of Evidence 801-806).
In all, electronic records are viewed by the majority of courts to be no better and no worse than any other kind of evidence.
Remember, OpenBSD is about fixing such things as buffer overflows and configuration problems in a stock Unix configuration. SE Linux and Trusted BSD go i a different direction by modifying and augmenting the security model for trust and permissions designed to allow for finer grained, strictly enforced security policies.
No offense to OpenBSD (I use OpenBSD), but the projects are very different. For my use as a development box and workstation, all this ACL and Flask stuff would just be a PITA. On a multi-user system with important information in play, this makes a lot of sense, but will probably take some cluefull admining to implement correctly.
I wonder if, e.g., any web hosting companies will look into this (protect users from each other and the system itself; protect the system from the internet at large) and be able to actually grok it. My webhost are pretty good (hacked parts of the FreeBSD VM system into Linux 2.2, e.g.), but this is security policy stuff can get pretty hairy--getting everyhing to work just right without breaking everything (think about getting a firewall right).
Why stop there -- I'm gonna put up a crap load of paper satellites. They burn better on reentry, use less fuel to manuever, and best of all, they might not completely destroy the ISS if they change their orbit.
I'm no MS shill (I'm typing this from my OpenBSD laptop) running lynx) but I will say that MS office runs pretty well on my 128MB, Win2k, 300MHz AMD box at work. Even 96MB is OK for Word, Outlook, and a couple of MSIE windows (home PC).
It's a standard slashdot line that Office is bloatware and a pig. I happen to find Word pretty snappy (surprisingly so). I found StarOffice and WordPerfect almost unusable on similar hardware.
Of course, server apps are another matter-- give me Apache/PHP4/Python/PostgreSQL on the above hardware over IIS+MS-SQL+ASP (cringe) any day!
Cringe says the information is back on line. I poked around for quite a bit and did a bunch of searches on NetworkWorld
Fusion. There's no link from the InfoWorld article.
If this is the right site (IDG publication), they certainly aren't making this easy to get to.
And Japan has an awesome group of *BSD hackers. Most of the mobile stuff for FreeBSD comes from Japanese hackers (PAO. (The Japanese are really crazy about mobile computing.)
I love this quote from Warner Losh:
WL: Itojun-san of the Kame project in Japan seems to be six different people inhabiting one body, as far as his ability to hack [the network protocol stack]. He makes sure that FreeBSD, OpenBSD, NetBSD, and BSDi remain in sync with the main Kame repositories. For the OpenBSD Crypto2000 sort-of-mini-conference, he attended and got no sleep. When his roommate went to sleep, Itojun was hacking. When he woke up in the middle of the night, Itojun was hacking. When he woke up in the morning, Itojun was hacking.
We can always change the permissions of eth0 to allow it to be put into promiscuous mode by another user if we want.
Letting any user put the NIC into promisc mode isn't a security hazard?
Problem 2:
The statement that there are only two levels of security is completly untrue. You can have as many levels of security as you have users and groups.
This is just wrong. Read up on ACLs, Capabilities, Mandatory Access Control, Auditing.
Traditional UNIX environments have provided extremely limited expressiveness in file system permissions, limited to a single user (owner), a system administrator-defined group, and a set of rights defined for the remainder of users on the system. Access control lists allow for the fine-grained expression of discretionary rights associated with files and other system objects.
Slashdot Mirror
Your problem is, how do you communicate between the client and the server(s)? How do you determine who is going to send the file?
If Ana, Bert, and Chuck all have myfavtune.mp3, do they all just start spraying packets? You're going to need a way to talk back and forth.
Sue Mi, for example, requests myfavtune.mp3. She sends out her key and her IP. RIAA-Cop gets the request and sends back an OKIHAVEIT reponse, encrypted with Sue's public key, and RIAA-Cop's public key and IP. Sue sends back, encrypted, OKSENDTHEFILE. Same in reverse. Also, would you do away with browsing a node's file list? How would you work file swaps, then? What could reduce leeching?
Now, you can disperse the packets all you want and encrypt them all you want, but you still need unique information to route the packets unless you use a broadcast method that will not scale past a couple of transactions at a time.
You're protected from eavesdropping by an intermediate node, but not a compromised node actually sending or receiving the files in the P2P network.
RIAA-Cop then files a subpoena to your ISP requesting your particulars using the IP address, and you're no better off than you are now.
Think of the issue like a CDMA cell phone with good encryption. You need to have the phone ID itself to the tower in order to receive calls made to it, even though it would be hard to eavesdrop on the link, if you have access to the phone on the other end you're done for in terms of anonymity.
The only way around this would be server-client based. Every super node is a mediating server/router. Sue Mi sends a request to the server for file X, the server looks who has file X, and then mediates the exchange with no identifying information exchanged between Sue Mi and the sender. If the server keeps no logs, could be tough to trace after the fact who got what from whom.
But, the server is the weak point. If RIAA-Cop hacks a version of the software to hoover every request/send conversation with IP's and content, eveyone connecting trough that node is pretty well screwed.
Thoughts?
Every try to serve process in Hungary? Do you know what letters rogatory are?
To: debian-legal@lists.debian.org
.
Subject: Open Letter to Michael Robertson
From: bruce - at - perens.com (Bruce Perens)
Date: Sat, 13 Apr 2002 00:24:54 -0700
User-agent: Mutt/1.3.28i
Attached is my open letter to Michael Robertson.
Thanks
Bruce
Title: Dear Michael Robertson
Dear Michael Robertson,
I don't think we've met, but you and I are partners. I'm one of the authors of the "Lindows" system.
First, I'd like to thank you for what Lindows.com has done to support Free Software: helping with the Debian and WINE conferences, contributing to the KDE League, and code contributions to WINE and through MP3.com
I'm delighted to see you investing in a Linux-based desktop, and wish you all possible success in promoting it. Certainly you are welcome to sell copies of my software, and you don't have to pay me for the privilege. Modify it, use it for any purpose, all of that's fine.
But Michael, please remember that we are partners. For all that you've done for the Free Software community, we've done at least as much for you. And our partnership has rules that we are both honor-bound to follow. In the case of my work on Lindows, those rules are the terms of the GPL. You accepted those terms, and became my partner, when you chose to incorporate my software into your product and distribute it to others.
There is a pragmatic reason that I ask you to fulfill your source-code obligation any time you distribute a copy of my work from one legal entity to another: sadly, some companies never make it to release 1.0. In that case, the pre-release versions provide the only opportunity for a company to fulfill its source-code obligation. Another reason is that if we're lax in enforcing our terms with you, other companies will think they can violate those terms with impunity.
In addition to pragmatic reasons, there's principle. In entering into the GPL relationship, partners agree not to unilateraly modify their partnership, for example by overlaying the terms of a non-disclosure agreement upon the license. Partners agree not to delay their source-code obligation. You can be sure that I'll honor those terms when I distribute your code. If you want to behave differently, please negociate a new contract with me.
The terms of our partnership make it difficult for you to keep your system secret from your competitors before its release, and they obligate you to distribute the source for intermediate versions. Although this may cause you difficulty, it's necessary in order to operate a partnership that's fair to all parties. Some of those other parties are your competitors. We don't want to see them hold back changes from you, and we don't want to see anyone do needless, redundant work.
You seem surprised that some people in the community aren't friendly to your company. Too many of us have seen companies attempt, sometimes cynically, to capitalize on our work without ever understanding the source of our success, and without being good partners. One of the reasons your company has come in for criticism is that Lindows.com looks too much like Corel, and even seems to be following Corel's history. Corel tried to hold back source during its beta test, and tried to overlay an NDA on top of the GPL terms. It later turned out that Corel had KDE changes in development without feeding them back for so long that the public KDE source and the Corel version could not be reconciled. We'd prefer not to see a replay of that.
I was distressed by your treatment of FSF and Bradley Kuhn, reported in Newsforge. Brad is a reasonable person and is advised by a top-notch attorney, Professor Eben Moglen of the Columbia University Law School. As another of your partners, Brad was within his rights to ask to see the source. The comment you made about "eating your young" is inappropriate. In your place, I'd apologize to Brad and make sure that your company is fulfilling its entire obligation on a timely basis.
You also commented about the lack of successful Linux companies. This is not due to the community treatment of Linux businesses, but the fact that Open Source is not a business and should not be treated as one. It's successful when operated as a cost-center, in businesses that make their money some other way. The most successful ones use the software they develop for some business purpose: for example, Apache developers use the software to implement web sites for their business, IBM and HP make money by selling hardware that runs with Linux, not by selling Linux. Eric Raymond and others theorized that support would be a good way to fund Open Source, but the support model has under-performed so far, because the early adopters are too self-supporting. Sales of proprietary software to support the Open Source development are also underperforming, as Linux customers, even within the Fortune 500, have become wary of dependence on non-Open-Source. Thus, no Linux distribution has been more than marginally profitable so far. My surmise is that over the long term a non-profit like Debian supported by hardware manufacturers and other businesses will work best. But I'd be delighted to see you prove me wrong.
Michael, please email bruce - at - perens.com if there's anything I can help you with.
Thanks
Bruce Perens
Quote the google team:
.g oogle .public.support.general
Google currently does not recognize search terms containing exclamation
points, question marks, the @ sign, and other such characters. These
characters are so common that including them in Google's index would
greatly increase its size and hurt search performance. Furthermore, the
use of punctuation on the Web is so inconsistent (for example, there's no
obvious way to decide between Mr. and Mr) that including it in the query
often does more harm than good.
That said, we know that many useful search terms do contain such
characters. We've generated exceptions for terms like C++ and are studying
ways to enable search terms like F# and C/net. We'll keep your feedback in
mind as we work to improve the quality of our search.
For more information, visit http://www.google.com/help/refinesearch.html
Other helpful information can be found at http://groups.google.com in the
http://groups.google.com/groups?hl=en&group=
group.
Please don't hesitate to contact us with any other questions or concerns.
Thanks for your interest in Google.
Regards,
The Google Team
I really love google. I remember when AltaVista became a junky, bolated portal loaded with ads and cruft. Google was like a breath of fresh air--light, fast, and accurate.
.NET, 1.5" all stump google), date limits, etc.
The quibbles I have with Google are the lack of more advanced search features. This is a design choice to keep thinks fast.
Here's an idea: a paid subscription to Google (GooglePro?) to allow searches with pattern matching, term proximity, non-alpha characters (C#,
Keep the good and add more real features (more steak for more $, not the AltaVista disaster of artificial sizzle only).
I see OS/2 all the time at my local used bookstore, which also sells used software and music CD's. It's usually like $10, with manuals, or something like that.
Topics include how much subclasses should be "trusted", immutables, reasons for disallowing inheritance, copy v. cloning, factory methods versus constructors, and more.
FAU Directory Search for 'blass'
Blass, Piotr (No eMail Address Listed)
Title : Instructor
Department : Computer Science & Engineering
Bldg / Room : S&E 300
Phone Ext : 72822
Similarly, when the government prosecutes a criminal defendant--wants to take away his liberty or perhaps even his life--the accused has an absolute right to legal advice at all "critial stages." This advice should be confidential, otherwise the incentive is for the client to clam up or lie to the attorney, making a defense and or plea negotiation very very difficult. (Put yourself in the shoes of the defendant--would you open up about an event in a death penalty case to your lawyer when the Justice Department is both trying to kill you and listening in!)
Finally, keep in mind that the attoney-client privilige does not apply to serious future criminal conduct and cannot be used to shield plans to facilitate future criminal activity, especially if violence is involved. The ABA and every state has ethical rules when a lawyer must report, may report, an must not report things he or she learns during the course of representation. And, as others have mentioned, the USA can always try and get a court order to monitor converstations if they have real evidence (not just some wild guess or a "hunch") that criminal activity is afoot and being aided by sham attorney-client contact. Now the court is out of the loop, evidence is not required, and the fox is guarding the henhouse.
"Trust us, we're the government" does not fly with this American. Patriotisim means protecting core values during difficult times, not pasting a flag on your SUV and repealing the Bill of Rights.
Use counterpane's password safe (blowfish based). Yes, a logger will get that db's password, but you could keep the db on removable (and maybe flashable) media. Future versions of password safe could also use some kind of keyboard obfuscation technique, displaying some kind of translation table on the display, e.g.
Don't people realize this is a joke? (Memorized a PGP *key*--not a passphrase!)
9aebdbd054a6cfc9db5bcb8f3eaa82c9d8b925018b7795401 3e170025a7f420beb57b7b905869b53a24d08ce5cb76dc812 e8081e4140704e0d3875dee731962f56420f6eea5cd081051 3fe9fcb0227852ec4fd289ced1b3e87b62f6ce5fcef955273 d28e916db157e6ff7b1038db41608da42d701f83d9ed34a90 c6047705a6657bb75347718d17879be72f38296b13ddab9df 4fc7cf2c6a0fb03e86efa18dc0123ffba51a0afb6c8d97764 0faf1dfde83c96186524a02879e84e22503c3d95ca6638088 9da78ea0ba8ba68c3b2167442a059fe13654ac75f422374e4 648bfb6d35dfde06ba961dee283e0cbb4fc682f32fea08138
14c62806b433e9bb332cab
Kind of catchy, eh? I think I could write music to it.
Yeah, I memorized my DNA sequence in case I ever have to re-create myself.
Any "three letter" agency is unlikely to waste time and resources trying to cryptanalyze your PGP key/message. Instead, harwdware or software will be installed (pursuant to a court order, we hope) to capture keystrokes. Then, presto, all they need to do is type in your password.
There might be ways to frustrate some of this activity. One way might be to have the encryption software display random letter pairs in order to have the keyboard input differ from the actual password. There should also be padding keystrokes prompted by the software.
This method would slow things down, but with that CCD camera looking over your shoulder, I think the game would be up shortly.
Remember, security is a system and a process, not a single program or device in isolation. And it's hard to get right!
Sort-of. You are allowed various self-help remedies under certain circumstances.
Also, you *do not* need the police under many sets of circumstances. You can obtain court orders in the civil context that allow you access to seize the property of others (although you may need the Sheriff or US Marshal to preserve the peace or execute the court order).
Also, the police have exeactly the same rights as other citizens to use reasonable force, up to and including deadly physical force. They may use it to protect themselves or others from imminent danger. The practical side, though, is that--cop or no cop--if you use deadly physical force you'd better be right, or your butt is toast. Cops might get more of a benefit of this doubt on this as a practical matter, because we entrust this function to them. (There are also rules regarding the arrest aspect of physical force, but I'm talking here about the self-defense aspect.)
My second scenario is like a trespass analogy (and as I said, is likely illegal as I phrased it). Trespass is jusitified under many circumstances.
You are right, though--with regard to physical force or other intrusions upon the person or property of others, you must generally stop once the exegency is over and resort to the cops or the courts before you go further. Remeber, even the cops will need the power of the court under most circumstances (search warrant, arrest warrant, etc.) just like an individual (writ of replevin, forcible entry and detainer (for evicitions), seizure of evidence for a civil matter, and so on).
Well, that's not exactly right either. Remember, you're talking about laws dealing with *physical* force, not retaliatory/defensive computer intrusions.
Your scenario would be: Adam breaks into my server, so I go over and shoot Adam, or break his mousing arm with a baseball bat.
Compare: Adam breaks into my server and steals confidential data. I trace the attack back to Adam, infiltrate his workstation, and perform a destructive format of all of his hard drives.
IMHO, this latter form of "self help" is more of a grey area, legally. However, it may have negative practical consequences. (Piss off a black-hat subculture and risk annoying attacks from all quarters -- c.f. middle-east style escalation.)
IMO, an anti-worm worm is possibly illegal, and could lead to lots of civil liability if a bug is present in the code that trashes a server somewhere and they find out you released the anti-worm.
Not only is this a reduction in choice for users, but it's also a probable rollback of free software. As this Slashdot story mentioned, USWest.net presented slides showing thier extensive use of FreeBSD.
Of course, this is embarassing stuff to Microsoft, especially on their own systems.
Even though here in AZ uunet seemed to service the MSN dial-ups, I can't help but wonder if MS won't wipe out the FreeBSD infrastructure USWest.net (Qwest.net) has in place.
---
In a hundred-mile march,
A pretty decent account of the early days of NT can be found in the book Showstopper! by G. Pascal Zachary. I'd never heard of the i860 chip until I read the book. (Search at your favorite booksite.)
According to the book, the i860 was a RISC chip pushed by intel in order to be "buzzword compliant." Because no-one was making a working coputer, MS had to build a prototype for development use.
MS soon found that the i860 had some major problems--and some suspected some of this was out of Intel's concern for cutting too much into profits from their X86 family. To make matters worse, there were no good debuggers or other tools for the i860, so much work was done on an i860 emulator running on an i386 (at a crawl!). The whole setup was so flaky no one could tell if it was code that was broken or the hardware as they tried to develop for the chip.
Finally, of course, MS gave up on the i860 and developed for X86, Mips, and Alpha (From Digital, Cutler's esrtwhile employer who nixed the precurser to NT, "Mica"), and then dwindled the OS's reach to X86 only in later releases.
I wonder if we'll ever see a desktop/server version of NT (2000/XP/whatever) on non-intel harwdare again? (Of course I'm posting this from FreeBSD and Opera, so what do I care :)
---
In a hundred-mile march,
---
In a hundred-mile march,
I'm afraid you don't know what you're talking about. In a civil action, people don't "file charges." Only a government prosecutor can "file charges"--or more accurately seek an indictment by grand jury or by information with a preliminary hearing in front of a magistrate. Your points might apply if you were talking about ethical violations relating to prejudicial pretrial pubilicity by the government (state prosecutors or Fed. Assistant U.S. Attorneys). Similarly, innocent until proven guilty is a criminal concept; civil plaintiffs have the burden of proof/pursuasion (with a "more likely than not" standard).
Re. defamation, remember that truth is a defense. Stated another way, you can only defame someone with false statements. Second, some matters of public interest are covered by a qualified, constitutional privilige established by the Spreme Court in New York Times v. Sullivan. With a public figure or matter of public controversy, a plaintiff must often prove "actual malice," meaning not "spite or ill will" but that the defendant had "knowledge of falsity or reckless disregard for truth," but nevertheless published the statement(s). However, if the plaintiff is a private person and has not injected him/herself into a public controversy, then the plaintiff only needs to prove that the defendant was negligent in publishing the defamatory material.
With a private person & private controversy, usually negligence means falling below what a reasonable person or reasonable publisher would have done under the same circumstances.
There are other torts that might apply, however, like invasion of privacy.
One interesting question is whether obtaining the logs violated the Electronic Communications Protection Act (ECPA), 18 U.S.C. 2510 et seq.
Re. admissibility, pre-publication or not keeping something a secret has no bearing. All relevant evidence not otherwise inadmissible comes in. "Relevant" usually means "having any tendency to make the existence of any fact that is of consequence to the determination of the action more probable or less probable". An easy standard. Some possible grounds for inadmissibility:
In all, electronic records are viewed by the majority of courts to be no better and no worse than any other kind of evidence.
---
In a hundred-mile march,
Remember, OpenBSD is about fixing such things as buffer overflows and configuration problems in a stock Unix configuration. SE Linux and Trusted BSD go i a different direction by modifying and augmenting the security model for trust and permissions designed to allow for finer grained, strictly enforced security policies.
No offense to OpenBSD (I use OpenBSD), but the projects are very different. For my use as a development box and workstation, all this ACL and Flask stuff would just be a PITA. On a multi-user system with important information in play, this makes a lot of sense, but will probably take some cluefull admining to implement correctly.
I wonder if, e.g., any web hosting companies will look into this (protect users from each other and the system itself; protect the system from the internet at large) and be able to actually grok it. My webhost are pretty good (hacked parts of the FreeBSD VM system into Linux 2.2, e.g.), but this is security policy stuff can get pretty hairy--getting everyhing to work just right without breaking everything (think about getting a firewall right).
---
In a hundred-mile march,
Why stop there -- I'm gonna put up a crap load of paper satellites. They burn better on reentry, use less fuel to manuever, and best of all, they might not completely destroy the ISS if they change their orbit.
---
In a hundred-mile march,
I'm no MS shill (I'm typing this from my OpenBSD laptop) running lynx) but I will say that MS office runs pretty well on my 128MB, Win2k, 300MHz AMD box at work. Even 96MB is OK for Word, Outlook, and a couple of MSIE windows (home PC).
It's a standard slashdot line that Office is bloatware and a pig. I happen to find Word pretty snappy (surprisingly so). I found StarOffice and WordPerfect almost unusable on similar hardware.
Of course, server apps are another matter-- give me Apache/PHP4/Python/PostgreSQL on the above hardware over IIS+MS-SQL+ASP (cringe) any day!
---
In a hundred-mile march,
My reaction was: how retarded!
Isn't it easy to do a lookup in your database to see if the prices match what's being bought, and put some integrity constraints into the system?
I sure would if it was my money on the line!
---
In a hundred-mile march,
Cringe says the information is back on line. I poked around for quite a bit and did a bunch of searches on NetworkWorld Fusion. There's no link from the InfoWorld article.
If this is the right site (IDG publication), they certainly aren't making this easy to get to.
Why did I spend 20 minutes on this?
---
In a hundred-mile march,
And Japan has an awesome group of *BSD hackers. Most of the mobile stuff for FreeBSD comes from Japanese hackers (PAO. (The Japanese are really crazy about mobile computing.) I love this quote from Warner Losh:
(Read the whole article at DDJ: A Roundtable on BSD, Security, and Quality )---
In a hundred-mile march,
Problem 1:
Letting any user put the NIC into promisc mode isn't a security hazard?
Problem 2:
This is just wrong. Read up on ACLs, Capabilities, Mandatory Access Control, Auditing.
(From trustedbsd.org).
Here is a good intro to capabilities.
---
In a hundred-mile march,