from the free-as-in-good-bye-privacy dept.
Many of you wrote in to note that the latest edition of Slashdot is now free... except for the part that it runs commercials while you browse. (They don't even give you the option to buy a non-ad-filled commercial version if you like). It seems as though this advertising thing has also be applied to the other platforms. What do you guys think of ads in your web pages? Is it worth giving up your privacy for a free page, or paying fifty bucks for the HTML file? Personally, I'll stick to kuro5hin.
That's not what I meant. The reason you typically use console apps when learning these things is because you're focusing on the that particular thing. If you throw in a nice GUI behind it, that adds more complexity and detracts from the idea behind the project or assignment.
I still think that, at a beginning level, the theory should be focused on, but that doesn't mean that UI and GUI stuff should be ignored. It just means that they shouldn't be the focus, at least not for that class. It's just not something that should be focused on in the intro programming classes.
I agree. It sounds like a lot of the whining in this thread is because the posters are upset that their preferred developing environment isn't being used and are ignoring the real issue here.
Simply moving over to gcc won't improve this class, however, despite what a lot of the posters seem to imply. This seems to be the equivalent of using gcc but teaching the Qt library exclusively. It's still not teaching programming concepts. Heck, even if they were focusing solely on the Standard C libraries, it's the same issue -- a particular package is being taught and not concepts that apply to all programming.
To teach this class "right" using the tools they have right now, they'd need to make console apps exclusively (even though using VC++ for it is overkill) and start going over linked lists and binary trees. The tools aren't the problem; it's the material itself.
"Have I changed my mind about electronic voting? No, because the punchline is: New Mexico still uses dead trees. The bug was in the software that counts paper ballots."
However, would the bug have even been found if there weren't a paper trail to audit? Possibly not. What if there weren't even a recount? We wouldn't be here talking about it, that's for sure.
If we're going to use a fully electronic voting system (and hopefully not Internet voting -- too many problems with that), we're going to have to be damn sure there aren't any bugs, since the computer system will be the only thing we have to go on.
So how much testing would we have to do on an electronic voting system? What happens if a bug is discovered the day before elections are held? Is it possible to fix it and then fully test the system before it's used the next day? If not, what do you fall back on?
What do you do about voters who've never used a computer before? (Yes, they do exist, believe it or not.) No matter how easy-to-use you make it, they're still going to be uneasy with it, afraid they're going to make a mistake, and possibly not even trust it. And you can't have an election official go with them and show them how to use it, although you could set up a test-only box with "dummy" candidates and parties for tutorial use (you don't want to advocate any candidates or parties). I'm thinking of my grandmother here, who automatically assumes any computer system is "too hard to use" even if someone shows here exactly what to do each time. In other words, take the confusion generated by the Florida "butterfly" ballots and multiply it by ten.
If done properly, an electronic voting system can be more accurate than the paper ballots we use now. But I can probably count the number of 100% bug-free, 100% reliable computer systems I've ever encountered on the fingers on my left foot.
One solution to this might be to use an electronic system to record and tally the votes, but also print out a "receipt" with the votes the person made, and put that into the ballot box. The receipt would have to be in a form where the voter could verify that the selected candidates are correct (i.e., encrypting it wouldn't be any good -- the computer could still have made an error), and put that receipt into the ballot box a la a paper ballot. That way, there's a paper audit trail you can use to verify votes in case the computer's tally is called into question for whatever reason. (Of course, I'm sure there are some flaws in this system, but my point is there has to be some way to audit a computer-based voting system).
That's not quite what the original poster meant....
The OP was attacking not a "moderate position on copyright law" but the selectively taking contradictory extreme positions depending on who holds the copyright. Ever read the stories about GPL violations? A lot of the same people bemoaning those violations will go out of their way to boast that they download all their music off of Napster in order to stick it to the RIAA. That's not a moderate stance -- it's being inconsistent at best, hypocritical at worst (i.e, my copyright should be protected, and my license should be respected, but not yours).
How many people on/. would get up in arms if an abandonware site started distributing binary-only versions of programs released under the GPL a few years ago and are no longer maintained or supported by the original author? Same principle, but you'd get an entirely different response than you'll find on this thread.
That's what the OP was attacking.
--
Re:Initial breakin was via email trojan
on
Microsoft Cracked
·
· Score: 1
"It should now be completely clear that attachment-running programs such as Outlook are dangerous and should not be used by any business which has sensitive data, i.e. any business at all."
Does anyone actually believe that a clueless user would choose not to run an e-mail attachment solely on the basis that he/she couldn't run it with only one click? Does anyone actually think they wouldn't save the exe/com/vbs/whatever to the hard disk and then run it?
Automatically running scripts embedded in the HTML of an e-mail message, yes, Outlook is responsible for that. But allowing the user to run or open an attached file, no, the user is responsible for that.
Heck, I suppose you could call bash an "attachment-running program" too, but I'd hardly blame it because a clueless user ran an executable that some anonymous person e-mailed him.
Dude, don't you see? I'm Fighting The Man (TM). I'm Raging Against The Machine (TM). I can "plug in, log on, and drop out" since meatspace has no bearing whatsoever on the Internet! Dude, they'll never touch me! I'm 31337!
(BTW, who the hell modded the original post +1 Interesting? Maybe -1 Clueless is better?)
"Well, the excuse for state sponsored gambling (aka the lottery) is that a significant portion of the proceeds goes to education."
Technically, yes, but not really. Sure, most states are requires to put all the profits from lotteries into funding education. But it really doesn't help education because they replace the source of education funding instead of augmenting it.
For example (making up numbers), say a state initially has a $300 million budget to go to education. They start a lottery with the excuse of "it's for the schools!" and get $250 million from the lottery over the course of a year. However, the state still pays only $300 million into education -- they just reduced the non-lottery-funding from $300 million to $50 million. Thus, they now have $250 million that is available to spend on anything, and even though the actual dollars from the lottery are going to education, it really doesn't change anything.
Not saying that all states do it, but most of them do do this to some extent. Amazing how "it's for the children!" works for a lot of things, isn't it?
IMHO, though, the original British version "Robot Wars" is better. They make the robots run through an obstacle course first, and then a knock-stuff-down competition before the three battles begin. You can't win by just making a battle bot, since you have the other stuff to get to first.
Wow this is getting OT, but oh well. If you're lucky your local PBS station will air Robot Wars. (If you're really lucky you'll live in the UK! <g>)
"To me it seems completely bogus to base your design on the assumption that you will reboot frequently."
In related news, Microsoft announced today that the forced-weekly-reboot feature of Windows 2000 + IIS allows for greater security, because it forces the system to generate a new key. A Microsoft spokesperson criticized the use of Linux for web servers as "Irresponsible -- why, you're using the same key for 817 days! With our system, you'd be hard pressed to get the system to use the same key for more than five days straight!"
if the damn universities had done their job and audited Carnivore in the first place.
How would that change anything? Here's what the FBI basically said to the universities:
You can't look at everything. You can only look at the tiny pieces of the system that we give you.
You are supposed to look for any holes in it. (Since they don't have access to everything, there's no way they could tell if it violates, oh, say the fourth amendment etc.)
You can't tell people about any problems you find. You can only tell us. But if everything checks out, you can announce that.
The whole "university review of Carnivore" was a farce. Even had any universities accepted the request to look at the system, they probably wouldn't have been able to find any rights violations in it because they wouldn't be shown those parts of the code (if they do in fact exist (not saying they don't, either)).
Is this what the founding fathers had in mind when they penned "no unreasonable search and seizure"?
Could you please explain what you mean by "unreasonable search and seizure"? I would assume that the university had logs of his Ethernet usage. He was probably sucking up a lot of bandwidth running the FTP server and advertizing it over the Internet. That'd be a red flag if I were monitoring usage of my network. Remember, the connection is the university's property, not the student's.
Also, if OSU is anything like my university, you have to agree to some TOS before they give you Ethernet access. I'm sure there was a clause in there prohibiting using your connection to commit copyright infringement, especially serving illegal MP3s [0] and movies. Heck, technically you aren't supposed to use it for anything but academic purposes, but most if not all universities non't care too much about what you download. Running a server, though, is another matter entirely. So, he would be in violation of school policy.
If they didn't confiscate his computer, how much do you want to bet the student wouldn't have immediately deleted all his MP3s, his FTP server, and use something to continually wipe his free disk space until he was investigated? You can't allow someone suspected of violating the school's policy to have direct access to the evidence!
[0] Note that I'm not saying MP3s themselves are illegal. However, I'm willing to bet he didn't have permission from the RIAA or the artists themselves to offer those MP3s to anybody and everybody.
Actually, my personal favorite option is this, under Security -> Miscelaneous:
Software Channel Permissions:
[ ] High Safety
[ ] Low Safety
[ ] Medium Safety
Don't you love how they give you an undocumented option to change the safety for this? And yes, "Medium Safety" is the default. (Who would set this to anything but "High Safety"?! "Oh, no, 'Low Safety' sound good enough for me....")
What the f[s]ck is pornographic about foreign language translations?!!??!
I believe the reasoning is that you could use the "Translate Web Page" option on BabelFish to translate a porno site's page. Then, since the URL of the page you load comes from babelfish.altavista.com and not blockedpornsite.com, it gets past the filter proxy. What you get back is a page with a bunch of porno pics and some translated text, without setting off the filter proxy.
So, I'm sure that's the suits' reasoning behind it. Of course, it's completely stupid, since there is a huge legitimate use for BabelFish (actually translating pages or text!). I don't agree with this decision at all, but I'm 99% sure it's why they chose to do so.
BTW, good luck trying to convince them to remove CyberPatrol or, even better, get CyberPatrol to deblacklist BabelFish. But just think of all the warm fuzzies you'll have knowing that your inability to translate foreign languages is Protecting The Children (TM).
You don't have to make a computer (or anything) entirely crack-proof. Like you said, that's impossible.
But you can throw up enough security and defenses to make it not worth the attacker's time, or at least to encourage him to look for someone who hasn't bothered to lock down properly.
Sure, if you want to break into system X, given enough time and effort, you'll be able to. But if system X is even reasonably secured, the attacker would more likely look for a system that's easier to crack.
So, in short, just because it's impossible to so something perfectly doesn't mean we should go home and not try to do it well.
Actually, if it's truly random, there's exactly the same chance of it happening again (after it happened once the first time) as there was of it happening the first time. They'll be fully independent events, so the probabilities of each are the same.
Of course, the chances of generating two new keys and having them use the same k is awfully small. To be precise, the square of the probability of k being picked once.
Blacklisting used k values actually decreases the randomness even though it makes it look truly random. But then it'll be less secure.
I find it interesting how Windows keeps looking more and more like UNIX.
Just like how Linux desktop managers (eg KDE and Gnome) keep looking more and more like Windows.
It's simple. Windows has the better GUI, so Gnome & KDE will try to imitate it more. Linux has a better underlying structure, so Windows will try to imitate it more.
"Due to changes in the industry regarding volunteers, effective Sept. 30, 2000, OSI will no longer provide free player accounts or other added value to members of all [Ultima Online] Volunteer Programs."
So, if I'm reading this correctly, OSI (in this case) isn't actually terminating the Volunteer Programs, but just eliminating any of the perks/compensation that go along with it. Does that actually shield them from lawsuits? Or does it change the claim from "You aren't paying me minimum wage for my work!" to "You aren't paying me at all for my work!"?
Either way, legal necessity or not, these companies are shooting themselves in the foot PR-wise. It's a lose-lose situation.
Although reading this article made me wonder what the legal distinction between "employee" and "volunteer" is. Is a volunteer just someone who willingly works for nothing? Is an employee nothing but a compensated volunteer?
Rationally, if one of these volunteers isn't happy with the perks they're getting, no one's forcing them to be a volunteer. I seriously doubt people are making any kind of living off of this -- they surely have a real job or something. So wouldn't that rationally (note: not necessarily legally) render the point moot?
Slashdot Mirror
Slashdot is free... If You Want Commercials
from the free-as-in-good-bye-privacy dept.
Many of you wrote in to note that the latest edition of Slashdot is now free... except for the part that it runs commercials while you browse. (They don't even give you the option to buy a non-ad-filled commercial version if you like). It seems as though this advertising thing has also be applied to the other platforms. What do you guys think of ads in your web pages? Is it worth giving up your privacy for a free page, or paying fifty bucks for the HTML file? Personally, I'll stick to kuro5hin.
--
Too bad it's this post with s/bruce perens/anne marie/ig.
--
That's not what I meant. The reason you typically use console apps when learning these things is because you're focusing on the that particular thing. If you throw in a nice GUI behind it, that adds more complexity and detracts from the idea behind the project or assignment.
I still think that, at a beginning level, the theory should be focused on, but that doesn't mean that UI and GUI stuff should be ignored. It just means that they shouldn't be the focus, at least not for that class. It's just not something that should be focused on in the intro programming classes.
--
I agree. It sounds like a lot of the whining in this thread is because the posters are upset that their preferred developing environment isn't being used and are ignoring the real issue here.
Simply moving over to gcc won't improve this class, however, despite what a lot of the posters seem to imply. This seems to be the equivalent of using gcc but teaching the Qt library exclusively. It's still not teaching programming concepts. Heck, even if they were focusing solely on the Standard C libraries, it's the same issue -- a particular package is being taught and not concepts that apply to all programming.
To teach this class "right" using the tools they have right now, they'd need to make console apps exclusively (even though using VC++ for it is overkill) and start going over linked lists and binary trees. The tools aren't the problem; it's the material itself.
--
Yes, but the important question is, did it adversely affect the amount of relevant, necessary porn browsing? <g>
--
However, would the bug have even been found if there weren't a paper trail to audit? Possibly not. What if there weren't even a recount? We wouldn't be here talking about it, that's for sure.
If we're going to use a fully electronic voting system (and hopefully not Internet voting -- too many problems with that), we're going to have to be damn sure there aren't any bugs, since the computer system will be the only thing we have to go on.
So how much testing would we have to do on an electronic voting system? What happens if a bug is discovered the day before elections are held? Is it possible to fix it and then fully test the system before it's used the next day? If not, what do you fall back on?
What do you do about voters who've never used a computer before? (Yes, they do exist, believe it or not.) No matter how easy-to-use you make it, they're still going to be uneasy with it, afraid they're going to make a mistake, and possibly not even trust it. And you can't have an election official go with them and show them how to use it, although you could set up a test-only box with "dummy" candidates and parties for tutorial use (you don't want to advocate any candidates or parties). I'm thinking of my grandmother here, who automatically assumes any computer system is "too hard to use" even if someone shows here exactly what to do each time. In other words, take the confusion generated by the Florida "butterfly" ballots and multiply it by ten.
If done properly, an electronic voting system can be more accurate than the paper ballots we use now. But I can probably count the number of 100% bug-free, 100% reliable computer systems I've ever encountered on the fingers on my left foot.
One solution to this might be to use an electronic system to record and tally the votes, but also print out a "receipt" with the votes the person made, and put that into the ballot box. The receipt would have to be in a form where the voter could verify that the selected candidates are correct (i.e., encrypting it wouldn't be any good -- the computer could still have made an error), and put that receipt into the ballot box a la a paper ballot. That way, there's a paper audit trail you can use to verify votes in case the computer's tally is called into question for whatever reason. (Of course, I'm sure there are some flaws in this system, but my point is there has to be some way to audit a computer-based voting system).
--
That's not quite what the original poster meant....
The OP was attacking not a "moderate position on copyright law" but the selectively taking contradictory extreme positions depending on who holds the copyright. Ever read the stories about GPL violations? A lot of the same people bemoaning those violations will go out of their way to boast that they download all their music off of Napster in order to stick it to the RIAA. That's not a moderate stance -- it's being inconsistent at best, hypocritical at worst (i.e, my copyright should be protected, and my license should be respected, but not yours).
How many people on /. would get up in arms if an abandonware site started distributing binary-only versions of programs released under the GPL a few years ago and are no longer maintained or supported by the original author? Same principle, but you'd get an entirely different response than you'll find on this thread.
That's what the OP was attacking.
--
"It should now be completely clear that attachment-running programs such as Outlook are dangerous and should not be used by any business which has sensitive data, i.e. any business at all."
Does anyone actually believe that a clueless user would choose not to run an e-mail attachment solely on the basis that he/she couldn't run it with only one click? Does anyone actually think they wouldn't save the exe/com/vbs/whatever to the hard disk and then run it?
Automatically running scripts embedded in the HTML of an e-mail message, yes, Outlook is responsible for that. But allowing the user to run or open an attached file, no, the user is responsible for that.
Heck, I suppose you could call bash an "attachment-running program" too, but I'd hardly blame it because a clueless user ran an executable that some anonymous person e-mailed him.
--
Dude, don't you see? I'm Fighting The Man (TM). I'm Raging Against The Machine (TM). I can "plug in, log on, and drop out" since meatspace has no bearing whatsoever on the Internet! Dude, they'll never touch me! I'm 31337!
(BTW, who the hell modded the original post +1 Interesting? Maybe -1 Clueless is better?)
--
"Well, the excuse for state sponsored gambling (aka the lottery) is that a significant portion of the proceeds goes to education."
Technically, yes, but not really. Sure, most states are requires to put all the profits from lotteries into funding education. But it really doesn't help education because they replace the source of education funding instead of augmenting it.
For example (making up numbers), say a state initially has a $300 million budget to go to education. They start a lottery with the excuse of "it's for the schools!" and get $250 million from the lottery over the course of a year. However, the state still pays only $300 million into education -- they just reduced the non-lottery-funding from $300 million to $50 million. Thus, they now have $250 million that is available to spend on anything, and even though the actual dollars from the lottery are going to education, it really doesn't change anything.
Not saying that all states do it, but most of them do do this to some extent. Amazing how "it's for the children!" works for a lot of things, isn't it?
--
Yes, interesting, but you do realize there's only one possible answer he can give to this, right? (OK, two if you count "[REDACTED]" as an answer.)
--
Er... you forgot "slash." Who says a TLD can't be 0x00?
--
Yeah, but those nine minutes are pretty cool.
IMHO, though, the original British version "Robot Wars" is better. They make the robots run through an obstacle course first, and then a knock-stuff-down competition before the three battles begin. You can't win by just making a battle bot, since you have the other stuff to get to first.
Wow this is getting OT, but oh well. If you're lucky your local PBS station will air Robot Wars. (If you're really lucky you'll live in the UK! <g>)
--
"To me it seems completely bogus to base your design on the assumption that you will reboot frequently."
In related news, Microsoft announced today that the forced-weekly-reboot feature of Windows 2000 + IIS allows for greater security, because it forces the system to generate a new key. A Microsoft spokesperson criticized the use of Linux for web servers as "Irresponsible -- why, you're using the same key for 817 days! With our system, you'd be hard pressed to get the system to use the same key for more than five days straight!"
(or maybe not...)
--
if the damn universities had done their job and audited Carnivore in the first place.
How would that change anything? Here's what the FBI basically said to the universities:
The whole "university review of Carnivore" was a farce. Even had any universities accepted the request to look at the system, they probably wouldn't have been able to find any rights violations in it because they wouldn't be shown those parts of the code (if they do in fact exist (not saying they don't, either)).
--
Is this what the founding fathers had in mind when they penned "no unreasonable search and seizure"?
Could you please explain what you mean by "unreasonable search and seizure"? I would assume that the university had logs of his Ethernet usage. He was probably sucking up a lot of bandwidth running the FTP server and advertizing it over the Internet. That'd be a red flag if I were monitoring usage of my network. Remember, the connection is the university's property, not the student's.
Also, if OSU is anything like my university, you have to agree to some TOS before they give you Ethernet access. I'm sure there was a clause in there prohibiting using your connection to commit copyright infringement, especially serving illegal MP3s [0] and movies. Heck, technically you aren't supposed to use it for anything but academic purposes, but most if not all universities non't care too much about what you download. Running a server, though, is another matter entirely. So, he would be in violation of school policy.
If they didn't confiscate his computer, how much do you want to bet the student wouldn't have immediately deleted all his MP3s, his FTP server, and use something to continually wipe his free disk space until he was investigated? You can't allow someone suspected of violating the school's policy to have direct access to the evidence!
Oh, I forgot though, pirating MP3s etc. is *good* because it screws The Man. But make software that allows you to violate the GPL and you get crucified.
[0] Note that I'm not saying MP3s themselves are illegal. However, I'm willing to bet he didn't have permission from the RIAA or the artists themselves to offer those MP3s to anybody and everybody.
--
Actually, my personal favorite option is this, under Security -> Miscelaneous:
Software Channel Permissions:
[ ] High Safety
[ ] Low Safety
[ ] Medium Safety
Don't you love how they give you an undocumented option to change the safety for this? And yes, "Medium Safety" is the default. (Who would set this to anything but "High Safety"?! "Oh, no, 'Low Safety' sound good enough for me....")
--
What the f[s]ck is pornographic about foreign language translations?!!??!
I believe the reasoning is that you could use the "Translate Web Page" option on BabelFish to translate a porno site's page. Then, since the URL of the page you load comes from babelfish.altavista.com and not blockedpornsite.com, it gets past the filter proxy. What you get back is a page with a bunch of porno pics and some translated text, without setting off the filter proxy.
So, I'm sure that's the suits' reasoning behind it. Of course, it's completely stupid, since there is a huge legitimate use for BabelFish (actually translating pages or text!). I don't agree with this decision at all, but I'm 99% sure it's why they chose to do so.
BTW, good luck trying to convince them to remove CyberPatrol or, even better, get CyberPatrol to deblacklist BabelFish. But just think of all the warm fuzzies you'll have knowing that your inability to translate foreign languages is Protecting The Children (TM).
--
You don't have to make a computer (or anything) entirely crack-proof. Like you said, that's impossible.
But you can throw up enough security and defenses to make it not worth the attacker's time, or at least to encourage him to look for someone who hasn't bothered to lock down properly.
Sure, if you want to break into system X, given enough time and effort, you'll be able to. But if system X is even reasonably secured, the attacker would more likely look for a system that's easier to crack.
So, in short, just because it's impossible to so something perfectly doesn't mean we should go home and not try to do it well.
--
Of course it's real! Didn't you read the article?
See? C'mon, these guys are fine, upstanding young men. You don't think they'd actually lie, do you?
</SARCASM>
First rule: if the person saying something explicitly tells you that it isn't a lie...it probably is.
--
Of course, the chances of generating two new keys and having them use the same k is awfully small. To be precise, the square of the probability of k being picked once.
Blacklisting used k values actually decreases the randomness even though it makes it look truly random. But then it'll be less secure.
OK, I'm done now.
--
Welcome to the new world order. Read books instead.
You mean like these books?
--
I find it interesting how Windows keeps looking more and more like UNIX.
Just like how Linux desktop managers (eg KDE and Gnome) keep looking more and more like Windows.
It's simple. Windows has the better GUI, so Gnome & KDE will try to imitate it more. Linux has a better underlying structure, so Windows will try to imitate it more.
--
From the article:
So, if I'm reading this correctly, OSI (in this case) isn't actually terminating the Volunteer Programs, but just eliminating any of the perks/compensation that go along with it. Does that actually shield them from lawsuits? Or does it change the claim from "You aren't paying me minimum wage for my work!" to "You aren't paying me at all for my work!"?
Either way, legal necessity or not, these companies are shooting themselves in the foot PR-wise. It's a lose-lose situation.
Although reading this article made me wonder what the legal distinction between "employee" and "volunteer" is. Is a volunteer just someone who willingly works for nothing? Is an employee nothing but a compensated volunteer?
Rationally, if one of these volunteers isn't happy with the perks they're getting, no one's forcing them to be a volunteer. I seriously doubt people are making any kind of living off of this -- they surely have a real job or something. So wouldn't that rationally (note: not necessarily legally) render the point moot?
--
I forget who said "I don't care who does the electin', longs I get to do the nominatin'." Heuy Long, I think.
I think it was George Washington Plunkett, graftmaster extraordinaire, who said that. But definitely not senator Huey Long.
--