That's completely beside the point. Does it take a root attack to make you not trust a compromised system? If a Windows-user gets attacked, how many users' files are affected? If a Unix-user gets attacked, how many users' files are affected? How is it different that the worm/virus has to attack the next user's files via email because the direct route is blocked on unix? How many real users does your home linux box know anyway? Are you sure?
Oh shut up. Will there be a version any time soon that is "officially it, the must download version"? If so, tell us about it, so everybody can finally download it and give this browser its place in the history of a competition won by MS. No more "the current release is just great" please. It isn't. The last one wasn't when you said it was and the one before wasn't either. I am willing to wait for good software, but I won't take any more bullshit about how great the development versions are already and how ueber-great the final thing will be. Don't tell me I should help the project then. The world is not all webbrowsers. Now mod me down.
Who cares if you can get root access? An intruder doesn't need access to root on your system to get the oh-so-valuable OS files. They can be downloaded for free from the net at redhat.com, suse.com or whereever. User files is exactly where it hurts! The only reason Linux has yet to see some really nasty widespread attack is "professional courtesy": Script kiddies don't attack the Leet OS (tm). Are the proof of concept virii not enough to make you believe? Do you really NEED a full blown attack?
since it doesnt take into account that we are more sensitive to changes in blue and yellow
Your comment was made on April 02, so you must be serious. We are least sensitive to changes in blue. Our intensity resolution is highest for green (out of the RGB primaries).
My brothers and me hosted several 2-day LAN parties from 5 to 18 players, so I'll just throw in some hints, too:
Plan for enough room and switch ports but don't count on everyone showing up. I think that parties planned for 8 players or less have a tendency not to meet expectations, becaue at least one or two won't show up and/or their computer is in some sort of unusable state, and before you know it, not a single teamstyle game will be played. If you do want to play team games, plan for at least 10 players or more (and even then some dedication to playing the *same* team game is required).
Cables are always too short. Have some spare UTP cables of the required length. Some people will bring too short a cable or simply forget to bring one at all.
If someone has serious trouble getting the network up and running software-wise, it helps if you know how to repair this part of Windows (or any other operating system in use). A complete OS reinstall is seldom necessary. This problem usually only plagues those who do not have a permanent LAN setup at home, but since around here few do have one, we have yet to see this knowledge go unused.
Make sure you know which powersockets are connected to the same breaker and leave some safety margin on each circuit. Lay out extension cords to support your planning before people arive. If free "master" sockets are in short supply, daisy chaining will occur. This will not only lead to more computers drawing current from the same circuit than you planned for, but also requires people to leave games and turn off computers if someone wants to leave early.
Have patches handy for all games which are going to be played. Different versions don't mix in a network game.
Yes, the definition includes "forcibly shutting up people". But no, "you disagree with and/or think may be 'dangerous'" is not part of it. Instead I require for the act to be political suppression that people are shut up "with the intention of strengthening your own position".
Suppose I took a picture of you, modified it to show you interviewing for a job at a competing company/having sex with kid/committing some other crime. Then I'd show this picture to your boss/around/etc. You'd probably have a hard time explaining this and not few would fail to correct their image (suppose I were really good at creating fake pictures). Now if you ask for such behaviour to be illegal you are asking for the same kind of "political suppression" which I am advocating. I am all for free speech, but people should not be allowed to hurt others on purpose, neither by physical action nor with words.
I don't advocate political suppression. You say that selling freedom in the name of security invariably leads to major violence in the long term. I doubt that it's the fact of freedom being limited which leads to aggression. It's lost balance which leads to aggression. And that is lost balance either in the freedom-security tradeoff or in some other way. The task is to keep the balance. While I do acknowledge that once you start limiting freedom it's easy to leave the path of balance in the direction of overregulation, I think that on the other hand you have already left the path of balance in the direction of underregulation if you don't make any freedom-security tradeoff at all.
There is a difference between banning Nazi memorabilia and banning web sites which openly demand aggression against individuals or groups.
Your distrust against national government is well respected, but I don't trust society in its current state much more. After all, it could not avoid being governed. Balance is not easy to keep and it's a process, not a state.
Hey, I said that this ethnic group were spawn of the devil, but prove I assaulted members of that ethnic group.
This is not an example of a condition mistreated as an act. Saying something IS an act. Words can do as much harm as physical aggression can.
In theory, laws are created for the benefit of society as a whole or to protect those who can not defend themselves sufficiently against attacks which the majority considers "immoral". Laws are agreements on limiting everyone's freedom in exchange for something else: security and hopefully better "overall throughput" (resulting in a better situation for the individual).
Now that was easy. The hard part is deciding how to limit freedom to gain some advantage (over a no-limits society). Two problems with this are obvious: First, you can hardly predict the results of adding a rule to the system, just like you can't predict the outcome of not adding the rule. Second, it is impossible to get the full picture on how much the sacrifice and the (intended) gain mean to "the public".
Because these two problems can't be solved, there are several approaches to making good decisions nevertheless. Some say, you can't predict anything and no one knows if it's even worth it, so don't bother and let evolution have her way. They choose anarchy. Then there are others who take the opposite approach. They establish morals, try to make educated guesses about near future developments and base the rules on this "best effort" information. These tend to overregulate sooner or later. But there really is no way to rationally decide which approach is best and thus in the end *evolution has her way* on this higher abstraction level.
The problem with banning Nazi sites is that the outcome of such laws are extremely hard to predict. Is the effect that Nazi propaganda has on uneducated or unexperienced people (kids come to mind) more or less important than the effect of making Nazi ideology more interesting (or even believable) by pushing it underground? People naturally disagree on this topic and depending on your historical background you fear one effect more than the other.
Only prototypes need be built. We don't have to mass-produce a series of Babbage engines, then vacuum-tube colossi, then generation after generation of PCs. We would need only a few older computers in order to develop newer ones.
It wouldn't work that way. People usually want to do things better the second time. That would result in major screw-ups because some "better ways" don't translate as nicely to reality as they are expected to do. We would end up in a development situation so different from every point in history that "just repeating history" would be impossible. Sure, some major mistakes would not be repeated, but others would be made. Developers would try to skip evolutionary steps and slip. Small mutations result in better adapted species, big mutations result in extinct species. And of course some non-developers would argue that waiting for the "final thing" would take too long - so demand for intermediate products would be there.
The second try would be faster, but not that much faster. You are underestimating chaos.
This is exactly why the internet is a Bad Thing (tm). People start to talk about news and look for factual information in all the different places. Hell, they might even find truth that way. Goes without saying that this is absolutely counterproductive. Nobody's going to believe what once would have made everybody a happy little consumer. Don't you see that you're causing people trouble? I want to believe.
Re:Open Source will change our civilisation.
on
Rebel Code
·
· Score: 1
There is not a single communist state in existence right now. Those are all socialist states. Communism won't work anytime soon. Don't fall for propaganda and mix up the names. Heidi was writing about communism, which - should it ever come true - is a good thing. Don't accept surrogates, though.
Re:Open Source will change our civilisation.
on
Rebel Code
·
· Score: 1
You mixed up communism with socialism. In communism, there is no central control. Yes, there is no individual property in communism, but that is because there is no need for it. On the other hand you've just made yourself the example why true communism is much more than 100 years away...
Re:Open Source will change our civilisation.
on
Rebel Code
·
· Score: 1
True communism is just 100 years away? You gotta be kidding. When parents moan about how "degenerated" the next generation is, the grandparents usually remind them that from their point of view, not much has changed at all. Society's ways are *really* slow. Don't rush it or it might break. Again.
He's not describing a one-time pad, since the "pad" is public.
Technically you're right. The difference is in the secrecy of the pad. He substitutes the secure agreement on the pad with a semi-secure agreement on a selection, which is made from a pool of pads so big that it can't be stored. The secrecy of the pad is achieved by delaying the availability of information long enough to make it useless. The pad is lost (equivalent to secret) if the startpoint message can not be compromised before the pad is transmitted. Again, all of this is based on the assumption that the pad-pool can not be recorded.
No you don't. Well, theoretically, yes, computers are used to generate the streams. But the streams are *generated*, not replayed from storage. Overusing the satellite idea: TV-Streams are not played directly from "tape archives". They are composited from raw content and channel logos, brightness contrast and color are probably adjusted, ads are inserted. And after all that, the stream is compressed. These real time modifications happen all the time and are not stored. While there is limited "raw" content (even that isn't entirely true with live transmissions), the actual stream is always different. Huge streams of data are generated on the fly. In the end, it's of course up to you if you believe that it's too much to store.
The number and bandwith of available "random" number streams will increase just like processing power and storage grow. The assumption is that at any given time the amount of data that would have to be stored is massively bigger than what can be stored. If that assumption is true depends on several factors, including Alice's and Bob's laziness, geographic distance between Alice and Bob (streams have to be available unaltered to *both*), timeframe of communication (the longer the more secure), strength of the cryptography used for communicating the stream pointer and probably a lot more. I don't think that this assumption can be proven to be true. I think that factors like laziness of the stream-choosing side are probably a more important reason for failure of such an encryption effort than storage capacity growth.
Encryption is done via one-time-pad. That method is proven to be secure, if the pad is sufficiently random and unknown to attackers.
The pad is not created by "Alice" or "Bob". Instead, they agree on a publicly available pad. This agreement, not the pad itself, is communicated through a standard cryptography channel, which ensures a reasonable delay before attackers can read the agreement.
The attacker has to be able to store all possible random pads from the time the agreement was sent to the time when the attacker breaks the encryption of the agreement message.
The number of available random number streams and the combined bandwith of these streams is high enough to ensure that noone can save these streams long enough to later select the right stream or combination of streams as the decryption pad.
Note that the pad does not have to be transmitted if Alice and Bob can agree on a stream which can be received by both and the set of streams available to both is big enough to ensure no one can store all of these streams. This should generally be possible because there is no reason why only raw streams can be used. Randomness can be created by algorithmically selecting parts of streams. Just like the lowest significant bit of a digitized image is more random than bits of higher significance, this kind of selection is practical for other streams, too.
The weakness is in the assumption that huge amounts of streamdata have to be stored to attack the encrypted link. This assumption is only true if communication is slow: Alice and Bob agree on streamdata from a long timeframe. When Alice and Bob are known to communicate in near real time then their one time pads can only be from a short timeframe and thus the attacker has to store only limited amounts of random streamdata. Security scales with availability of random streams which are available to both sender and receiver and timeframe after which a message must be received.
I searched bugzilla. The user interface interface misfeature and the Java bug had both been reported already. I know to little about the exact circumstances of the crash without Java to search for or even report that bug.
The story is about webbrowsers so I thought it was ok to focus on the browsers and leave operating system advocacy out of it. I don't care whether Linux or Windows is the better operating system. What I do care about is this: Will the WaSP initiative work? Will the majority of users switch browsers anytime soon? And if they do, which one will it be?
Yes, you can try to educate the world. Problem is, it won't work by insulting people and looking down on them.
I am "going back" to Netscape 4.76. Please understand that I haven't lost my patience yet, but some people are starting to recommend mozilla to Joe everyday user - these are the ones who seem to have lost their patience. That's only going to create the impression of Mozilla being a buggy, incomplete and heavy piece of software. "Users" will see that what was recommended to them as "stable" doesn't meet their expectations and when Mozilla 1.0 is going to be advertised as "stable", why should they believe that? Recommending Mozilla to non-developers now is creating an image problem for the project.
Slashdot Mirror
That's completely beside the point. Does it take a root attack to make you not trust a compromised system? If a Windows-user gets attacked, how many users' files are affected? If a Unix-user gets attacked, how many users' files are affected? How is it different that the worm/virus has to attack the next user's files via email because the direct route is blocked on unix? How many real users does your home linux box know anyway? Are you sure?
Oh shut up. Will there be a version any time soon that is "officially it, the must download version"? If so, tell us about it, so everybody can finally download it and give this browser its place in the history of a competition won by MS. No more "the current release is just great" please. It isn't. The last one wasn't when you said it was and the one before wasn't either. I am willing to wait for good software, but I won't take any more bullshit about how great the development versions are already and how ueber-great the final thing will be. Don't tell me I should help the project then. The world is not all webbrowsers. Now mod me down.
Who cares if you can get root access? An intruder doesn't need access to root on your system to get the oh-so-valuable OS files. They can be downloaded for free from the net at redhat.com, suse.com or whereever. User files is exactly where it hurts! The only reason Linux has yet to see some really nasty widespread attack is "professional courtesy": Script kiddies don't attack the Leet OS (tm). Are the proof of concept virii not enough to make you believe? Do you really NEED a full blown attack?
since it doesnt take into account that we are more sensitive to changes in blue and yellow
Your comment was made on April 02, so you must be serious. We are least sensitive to changes in blue. Our intensity resolution is highest for green (out of the RGB primaries).
complete idiots, whose only real skill is self promotion.
Sounds like big business to me...
My brothers and me hosted several 2-day LAN parties from 5 to 18 players, so I'll just throw in some hints, too:
Plan for enough room and switch ports but don't count on everyone showing up. I think that parties planned for 8 players or less have a tendency not to meet expectations, becaue at least one or two won't show up and/or their computer is in some sort of unusable state, and before you know it, not a single teamstyle game will be played. If you do want to play team games, plan for at least 10 players or more (and even then some dedication to playing the *same* team game is required).
Cables are always too short. Have some spare UTP cables of the required length. Some people will bring too short a cable or simply forget to bring one at all.
If someone has serious trouble getting the network up and running software-wise, it helps if you know how to repair this part of Windows (or any other operating system in use). A complete OS reinstall is seldom necessary. This problem usually only plagues those who do not have a permanent LAN setup at home, but since around here few do have one, we have yet to see this knowledge go unused.
Make sure you know which powersockets are connected to the same breaker and leave some safety margin on each circuit. Lay out extension cords to support your planning before people arive. If free "master" sockets are in short supply, daisy chaining will occur. This will not only lead to more computers drawing current from the same circuit than you planned for, but also requires people to leave games and turn off computers if someone wants to leave early.
Have patches handy for all games which are going to be played. Different versions don't mix in a network game.
Yes, the definition includes "forcibly shutting up people". But no, "you disagree with and/or think may be 'dangerous'" is not part of it. Instead I require for the act to be political suppression that people are shut up "with the intention of strengthening your own position".
Suppose I took a picture of you, modified it to show you interviewing for a job at a competing company/having sex with kid/committing some other crime. Then I'd show this picture to your boss/around/etc. You'd probably have a hard time explaining this and not few would fail to correct their image (suppose I were really good at creating fake pictures). Now if you ask for such behaviour to be illegal you are asking for the same kind of "political suppression" which I am advocating. I am all for free speech, but people should not be allowed to hurt others on purpose, neither by physical action nor with words.
Does Co$ send a little box with a pen and piece of paper with your name on it to you then? Sorry if they don't, but that thought crossed my mind...
I don't advocate political suppression. You say that selling freedom in the name of security invariably leads to major violence in the long term. I doubt that it's the fact of freedom being limited which leads to aggression. It's lost balance which leads to aggression. And that is lost balance either in the freedom-security tradeoff or in some other way. The task is to keep the balance. While I do acknowledge that once you start limiting freedom it's easy to leave the path of balance in the direction of overregulation, I think that on the other hand you have already left the path of balance in the direction of underregulation if you don't make any freedom-security tradeoff at all.
There is a difference between banning Nazi memorabilia and banning web sites which openly demand aggression against individuals or groups.
Your distrust against national government is well respected, but I don't trust society in its current state much more. After all, it could not avoid being governed. Balance is not easy to keep and it's a process, not a state.
Hey, I said that this ethnic group were spawn of the devil, but prove I assaulted members of that ethnic group.
This is not an example of a condition mistreated as an act. Saying something IS an act. Words can do as much harm as physical aggression can.
In theory, laws are created for the benefit of society as a whole or to protect those who can not defend themselves sufficiently against attacks which the majority considers "immoral". Laws are agreements on limiting everyone's freedom in exchange for something else: security and hopefully better "overall throughput" (resulting in a better situation for the individual).
Now that was easy. The hard part is deciding how to limit freedom to gain some advantage (over a no-limits society). Two problems with this are obvious: First, you can hardly predict the results of adding a rule to the system, just like you can't predict the outcome of not adding the rule. Second, it is impossible to get the full picture on how much the sacrifice and the (intended) gain mean to "the public".
Because these two problems can't be solved, there are several approaches to making good decisions nevertheless. Some say, you can't predict anything and no one knows if it's even worth it, so don't bother and let evolution have her way. They choose anarchy. Then there are others who take the opposite approach. They establish morals, try to make educated guesses about near future developments and base the rules on this "best effort" information. These tend to overregulate sooner or later. But there really is no way to rationally decide which approach is best and thus in the end *evolution has her way* on this higher abstraction level.
The problem with banning Nazi sites is that the outcome of such laws are extremely hard to predict. Is the effect that Nazi propaganda has on uneducated or unexperienced people (kids come to mind) more or less important than the effect of making Nazi ideology more interesting (or even believable) by pushing it underground? People naturally disagree on this topic and depending on your historical background you fear one effect more than the other.
...which was celebrated for the first time on 26th of May in '99 (cddb=52699). The show is rerun annually.
Only prototypes need be built. We don't have to mass-produce a series of Babbage engines, then vacuum-tube colossi, then generation after generation of PCs. We would need only a few older computers in order to develop newer ones.
It wouldn't work that way. People usually want to do things better the second time. That would result in major screw-ups because some "better ways" don't translate as nicely to reality as they are expected to do. We would end up in a development situation so different from every point in history that "just repeating history" would be impossible. Sure, some major mistakes would not be repeated, but others would be made. Developers would try to skip evolutionary steps and slip. Small mutations result in better adapted species, big mutations result in extinct species. And of course some non-developers would argue that waiting for the "final thing" would take too long - so demand for intermediate products would be there.
The second try would be faster, but not that much faster. You are underestimating chaos.
This is exactly why the internet is a Bad Thing (tm). People start to talk about news and look for factual information in all the different places. Hell, they might even find truth that way. Goes without saying that this is absolutely counterproductive. Nobody's going to believe what once would have made everybody a happy little consumer. Don't you see that you're causing people trouble? I want to believe.
There is not a single communist state in existence right now. Those are all socialist states. Communism won't work anytime soon. Don't fall for propaganda and mix up the names. Heidi was writing about communism, which - should it ever come true - is a good thing. Don't accept surrogates, though.
You mixed up communism with socialism. In communism, there is no central control. Yes, there is no individual property in communism, but that is because there is no need for it. On the other hand you've just made yourself the example why true communism is much more than 100 years away...
True communism is just 100 years away? You gotta be kidding. When parents moan about how "degenerated" the next generation is, the grandparents usually remind them that from their point of view, not much has changed at all. Society's ways are *really* slow. Don't rush it or it might break. Again.
Yes, this can be compromised. What you think is gone isn't. Check http://slashdot.org/articles/00/07/17/049206.shtml #163
He's not describing a one-time pad, since the "pad" is public.
Technically you're right. The difference is in the secrecy of the pad. He substitutes the secure agreement on the pad with a semi-secure agreement on a selection, which is made from a pool of pads so big that it can't be stored. The secrecy of the pad is achieved by delaying the availability of information long enough to make it useless. The pad is lost (equivalent to secret) if the startpoint message can not be compromised before the pad is transmitted. Again, all of this is based on the assumption that the pad-pool can not be recorded.
No you don't. Well, theoretically, yes, computers are used to generate the streams. But the streams are *generated*, not replayed from storage. Overusing the satellite idea: TV-Streams are not played directly from "tape archives". They are composited from raw content and channel logos, brightness contrast and color are probably adjusted, ads are inserted. And after all that, the stream is compressed. These real time modifications happen all the time and are not stored. While there is limited "raw" content (even that isn't entirely true with live transmissions), the actual stream is always different. Huge streams of data are generated on the fly. In the end, it's of course up to you if you believe that it's too much to store.
The number and bandwith of available "random" number streams will increase just like processing power and storage grow. The assumption is that at any given time the amount of data that would have to be stored is massively bigger than what can be stored. If that assumption is true depends on several factors, including Alice's and Bob's laziness, geographic distance between Alice and Bob (streams have to be available unaltered to *both*), timeframe of communication (the longer the more secure), strength of the cryptography used for communicating the stream pointer and probably a lot more. I don't think that this assumption can be proven to be true. I think that factors like laziness of the stream-choosing side are probably a more important reason for failure of such an encryption effort than storage capacity growth.
- Encryption is done via one-time-pad. That method is proven to be secure, if the pad is sufficiently random and unknown to attackers.
- The pad is not created by "Alice" or "Bob". Instead, they agree on a publicly available pad. This agreement, not the pad itself, is communicated through a standard cryptography channel, which ensures a reasonable delay before attackers can read the agreement.
- The attacker has to be able to store all possible random pads from the time the agreement was sent to the time when the attacker breaks the encryption of the agreement message.
- The number of available random number streams and the combined bandwith of these streams is high enough to ensure that noone can save these streams long enough to later select the right stream or combination of streams as the decryption pad.
Note that the pad does not have to be transmitted if Alice and Bob can agree on a stream which can be received by both and the set of streams available to both is big enough to ensure no one can store all of these streams. This should generally be possible because there is no reason why only raw streams can be used. Randomness can be created by algorithmically selecting parts of streams. Just like the lowest significant bit of a digitized image is more random than bits of higher significance, this kind of selection is practical for other streams, too.The weakness is in the assumption that huge amounts of streamdata have to be stored to attack the encrypted link. This assumption is only true if communication is slow: Alice and Bob agree on streamdata from a long timeframe. When Alice and Bob are known to communicate in near real time then their one time pads can only be from a short timeframe and thus the attacker has to store only limited amounts of random streamdata. Security scales with availability of random streams which are available to both sender and receiver and timeframe after which a message must be received.
Hint: Who controls .COM?
I searched bugzilla. The user interface interface misfeature and the Java bug had both been reported already. I know to little about the exact circumstances of the crash without Java to search for or even report that bug.
The story is about webbrowsers so I thought it was ok to focus on the browsers and leave operating system advocacy out of it. I don't care whether Linux or Windows is the better operating system. What I do care about is this: Will the WaSP initiative work? Will the majority of users switch browsers anytime soon? And if they do, which one will it be?
Yes, you can try to educate the world. Problem is, it won't work by insulting people and looking down on them.
I am "going back" to Netscape 4.76. Please understand that I haven't lost my patience yet, but some people are starting to recommend mozilla to Joe everyday user - these are the ones who seem to have lost their patience. That's only going to create the impression of Mozilla being a buggy, incomplete and heavy piece of software. "Users" will see that what was recommended to them as "stable" doesn't meet their expectations and when Mozilla 1.0 is going to be advertised as "stable", why should they believe that? Recommending Mozilla to non-developers now is creating an image problem for the project.