Sorry to follow up on my own post...but I just learned something...
Let's say I'm trying to find some info on a guy named George A. Bush. I go to google, enter "George A Bush" and it gives me a bunch of results about President George W. Bush...telling me that "A" is a common word and was dropped from my search...I get the same result whether I enter it with or without quotes.
Now, I go to AltaVista and enter it with quotes, and while it does have some stupid crap about President George W. Bush before the listings, the listings are all specifically referring to somebody named George A. Bush...
NOW, I go BACK to google and enter "George +A Bush" and I get the results I'm after! Note that I have to use the quotes. When doing this, it forces the phrase and stops it from dropping the "A". Very nice.
Amen. This is the only reason I still use AltaVista as a backup search when Google is too assinine [mispelling intentional] to figure out that words in quotes are searches for exact phrases.
In some sense you could say that the people who integrate and deploy with open source components are contributing a great deal to the project by spreading the word to their clients / customers / user communities that they have so much faith in the quality of these components that they are willing to ship them with their own software. This is grass-roots evangelization, and is extremely important for any open source component to acquire the critical mass of developers / users required to breathe life into a project.
I somewhat agree. However, I think in this particular case the interest in using a free DB was not "faith" in the product, but rather simply because you can't beat the price...something for nothing...who isn't after that?
Ay any rate, more central to why I posted is this: why is Interbase/Firebird slighted so often? Every time there's a debate or discussion of Free/Open Source DBs, it's all "PostgreSQL this..." and "MySQL that..." like they're it.
Interbase started out a long time ago and gradually evolved into what it is today. It has been largely implemented in embedded space and has had all these nifty features people keep talking about adding to MySQL and PostgreSQL for years. Granted, it didn't exist as an open source product until recently...but it IS open source now, especially if you stick with Firebird. Other than the backdoor from hell that has been patched, why is it Interbase/Firebird gets no respect?
we had a requirement to be able to run in a pure Windows or Solaris 8.x environment. MySQL is the only major, free DBMS that fits that bill.
Umm, how about Interbase (or Firebird for that matter)? Definitely qualifies as "major" IMO, is being actively developed, and runs on Windows, Linux, Solaris, and others...
We had enough code of our own to write, we didn't have time to fix anyone else's product
So basically, you were just looking to get a DB you didn't have to pay for, didn't have to support, and didn't have to contribute anything back to. In other words: trying to get something for nothing...you're right, that is often the "truth in the industry."
Distributing keys through such extra channels (particularly ones which, like/., provide no significant authentication) can result in multiple, conflicting keys being publicly available
I disagree. I use keyservers, I posted my public key to/. I post it on my web site, I will e-mail, post it to usenet, and make bar-code scannable posters of it.
I feel that I can manage my keys. I can control which channels I distribute them through. I can revoke old keys. When managed appropriately, distributing keys via multiple channels provides additional opportunity to validate them against each other and provides some degree of protection from MITM attacks.
I agree that a keyserver should be the primary distribution channel, I think having others is just a way to hedge against a corrupt keyserver...even if the other channel is just another keyserver under a different organization's control.
I have on occassion written letters (and sent e-mails) to my local city council, my state government representatives, my governor, my federal representatives (both house and senate), the president, vice-president, secretary of state, secretary of defense, and to local, national, and international news media to voice my concerns.
I always make sure that when communicating with government officials that I only do so with the ones who represent ME. Writing a senator from some other state will get me nowhere (as it should be) as they do not represent me. They should not care what I think unless they represent me.
The only responses I have EVER gotten were from my local city council. All other responses I've received have been automated "thanks for your feedback" messages.
But that's really not the point. I don't care if they communicate back to me. The point of it is to let them know what their constituency thinks and feels on specific topics. They know (because I point out that I am a registered voter and that my vote directly effects them) that I will be watching. If they get the message, they'll do the right thing. Otherwise, I won't vote for them.
Well, I'm one who actually uses it. I sign messages all the time. I don't encrypt as often because not so many of my recipients also use PGP/GPG but some do so I can encrypt.
Additionally, my key is loaded onto keyservers and being on several security-related mailing lists, I often receive signed e-mails and I use keyservers to verify those signatures.
Also was willing to look into GPG but it doesn't integrate well (if at all with Outlook). Since this wasn't a technical oriented group (most of them didn't know how to change a defalt printer). It would have needed to be somewhat idiotproof.
Yes...I use Outlook...at work...
BUT, our backend mail server is HP OpenMail on Linux and I know how to configure Outlook properly. No one in our company has been touched by SirCam, etc. and all my e-mails are sent PLAIN TEXT (none of the HTML mail or BODY.RTF crap) and in this mode, using WinPT, Outlook integrates well with GPG. I type my message, then I press ALT+SHIFT+S to sign it or ALT+SHIFT+E to encrypt it and WinPT pops up a dialog for me to choose a key to sign/encrypt with (lets me have a default signing key) so I just type in my passphrase and the original message is cut out and the clear-signed message gets pasted in. Then I press CTRL+ENTER to send.
That is at least somewhat idiotproof. It may not be as pretty as PGP's integration, but then there's a bug with that that won't allow me to automatically sign on send, so I have to sign... then send... which is the same as with WinPT.
...separate from the Internet to keep it safe from hackers or terrorists...
Of course, no hacker or terrorist would ever be able to infiltrate a TELCO!!! Unless the government runs its own fiber and hires its own staff to control all those lines and basically be its own GSP (GovNet Service Provider), they will always be subject to AT&T, WorldNet, Sprint, Qwest, et. al. hiring lowlifes to sniff^H^H^H^H^Hmonitor all those "private" WAN lines. Even if they impose strick regulations on the service providers requiring them to hire only people with security clearances, it just seems ridiculous to say that separate from the Internet = safe. (Which is a far cry from the truth...)
Or in his own words: 'To speak of a fine when Microsoft has not yet disputed the Commission's preliminary findings both in fact and law -- as it it's right -- is premature.'
Nevermind the typo using the word "it" instead of "is" in that quote, I feel bad for that poor apostrophe.
BTW, I actually attended the Ig Nobel Prize ceremony, and it was hilarious. I would highly recommend anyone in the Cambridge/Boston area attend next year if at all possible.
Not being in the area, I watched the live webcast. There were definitely some excellent parts. I think the webcast left a lot to be desired, but what can I expect for free? I'm sure actually being there is 10 times better.
Re:Shower Curtain Prior Art
on
IgNobel Awards
·
· Score: 1
What I do is use a blow drier to negate the inward forces.
Why not just install those plexiglass sliding doors in your shower? That's what mine has and they never suck inward...at least not visibly.
The point of my original Ask/. posting was to get a feel for what all of you do.
I use GPG for e-mails. I rely on physical security for the contents of my hard drive. I really don't have that much to protect and figure if the NSA or CIA really want to know, they'll just kidnap me and beat it out of me, so what's the friggin' point?
I even use GPG on Win32 systems with a nice front end called Windoze Privacy Tray that allows hotkeys to encrypt/sign the clipboard and such. And it works well with Outlook so long as you set it to PLAIN TEXT only e-mails (which of course, I do). I just press Alt+Shift+S and a password box pops up asking for my key's passphrase, I enter it and hit enter and the message gets signed.
Note that I sign a lot of e-mail, but I don't encrypt so much. Problem is most recipients don't use PGP/GPG so it does no good to encrypt. But the signing still helps those who can use the signature and it also gives me a chance for advocacy.
What's that signature stuff after your e-mail? Well, that's a great question! Let me tell you about it...
Carnivore intercept: 10-sep-2001 10:11:12
From: yourself
To: remailer@havenco.com ...
Carnivore intercept: 10-sep-2001 10:11:13
From: remailer@havenco.com
To: ussama.bin@hilltop.af
That's not how it works. If you're using remailers appropriately, they mix things up. Like this:
You send an e-mail at 10:11:12 on 10-sep-2001, but it won't re-mail it for anywhere from a few minutes to a few days later.
You never post from an account that is traceable to you. Perhaps you go to the library and sign up for a free hotmail account, then send your e-mail. The ultimate receiver of your message doesn't care what's on the From: line. Only your GPG/PGP signature matters.
You encrypt the message in two wrappers. One is for your end-recipient, the second is for the remailer. Then, the remailer decrypts its wrapper to get to the real message (still encrypted) plus a public-key block for the final recipient. It strips out the public key block and adds some garbage before and/or after the still-encrypted message, then re-encrypts it using the final recipient's public key. Now when it leaves the remailer, the statistical analysis necessary to prove it matches a particular incoming message is non-trivial.
You NEVER send e-mails to people. You using a mail-to-news gateway and post to alt.test or something.
That's just a start...you can really get carried away. But hey, just because you're paranoid, it doesn't mean they AREN'T out to get you...
128-bit is not a laugh. It is very difficult to decrypt that. The problem with 128 bits (not to mention 4096!!!) is key management. How do you remember a key with that much entropy without writing it down somewhere?
A 128-bit key full of entropy is difficult to brute-force for a symmetric cypher like IDEA, 3DES, Blowfish, Twofish, CAST5, etc.
For cyphers utilizing key-pairs, 128 bits is not sufficient. This is why GPG/PGP will use 4096 bit RSA/DH/ElGamal keys to encrypt the 128-bit IDEA/CAST/Blowfish/3DES key used to encrypt the actual message.
Algorithms like RSA are inefficient for encrypting LARGE plaintexts. Symmetric cyphers typically are better at this.
As for key-management, that is a problem. I find bizcard CD-Rs work well for holding onto private keys. Public key rings can stay on the hard drive.
...Not that any of this matters because I don't really have any secrets to hide.
You still have to have a text editor and a compiler on the general purpose computer you use to set the thing up though.
Compilers are not necessary for a general purpose computer. They are often necessary to Linux and *BSD users who can't always get what they want pre-compiled...but you can install many Linux distros without gcc/egcs and still have a highly functional general purpose computer...same can be said for all Windows platforms, OS/2, Mac OSes, etc. The compiler is an option, not a necessity.
My thought was more, if there are alternative tools to the GNU tools, what would it take to make a desktop OS environment devoid of GNU tools.
Meant to write:
My thought was more: if there are alternative tools to the GNU tools, what would it take to make a desktop OS environment devoid of GNU tools...but still using the Linux kernel?
Repeating the FSF's efforts just because RMS gets silly about the color of a doghouse is illogical even by human standards.
I wouldn't do it to spite RMS et. al., only as a learning experience.
I am not talking about writing an alternative to gcc. If there is none, I guess I'm done. My thought was more, if there are alternative tools to the GNU tools, what would it take to make a desktop OS environment devoid of GNU tools. That is an interesting thought experiment. First, having an alternative to gcc would be necessary because so many tools require it to compile (XFree86, KDE, etc.). But even if I could use alternatives to gcc and glibc like Comeau C/C++ and Dinkumware's libraries (not free), I could then get down to tweaking anything else to compile and have an environment that functions for me that is also devoid of GNU tools. Not that I want to do it that badly, I just find it an intriguing idea especially for the learning value.
Don't re-invent the wheel. Steal it.
I heartily disagree. I am a proponent of not re-inventing the wheel when working on practical for-production projects. But this is different. I mean, isn't re-inventing precisely what Linus Torvalds did when he decided to write his kernel, what Kurt Skauen did when he decided to develop AtheOS, what RMS did when he decided to make all the GNU tools?
Lots of things are re-invented by people who are eager to learn how things work and this is not a bad thing...just, as I have said, not the BEST use of my time.
Consider it a learning experiment. As long as I learn something, it's not a waste of time. There may be better USES of my time, but that doesn't make it as bad as watching NASCAR.
If RMS keeps this up, some anal types will start compiling alternates for all the GNU utils...
I am considering doing precisely this. I have started working on a DIY Linux distro a la linuxfromscratch.org only replacing all GNU tools with available alternatives (just to prove it can be done). I have only just begun and am a long way away from having anything remotely usable as I'm just not sure where to find the alternatives...starting with gcc. Anyone?
It seems that you are protected by the chicken and the egg principle. To wit, to know that I am using "undefeatable" crypto, you have to get a wiretap (or a search warrant [slashdot.org]). To get a wiretap you have to prove that I am breaking the law by using undefeatable crypto.
Actually, on September 13th the U.S. Senate unanimously passed H.R.2500 authorizing "any United States Attorney" to approve wiretaps and other electronic surveillance (like intercepting your e-mails and what web sites you visit). Rest assured, if it has not already been signed into law, it will.
They don't have to prove anything anymore, they just have to have a zealous prosecuting attorney...but, hey...no worries. I'm sure those are impossible to find.
Slashdot Mirror
Sorry to follow up on my own post...but I just learned something...
Let's say I'm trying to find some info on a guy named George A. Bush. I go to google, enter "George A Bush" and it gives me a bunch of results about President George W. Bush...telling me that "A" is a common word and was dropped from my search...I get the same result whether I enter it with or without quotes.
Now, I go to AltaVista and enter it with quotes, and while it does have some stupid crap about President George W. Bush before the listings, the listings are all specifically referring to somebody named George A. Bush...
NOW, I go BACK to google and enter "George +A Bush" and I get the results I'm after! Note that I have to use the quotes. When doing this, it forces the phrase and stops it from dropping the "A". Very nice.
Maybe there's no point in AltaVista after all...
Amen. This is the only reason I still use AltaVista as a backup search when Google is too assinine [mispelling intentional] to figure out that words in quotes are searches for exact phrases.
I somewhat agree. However, I think in this particular case the interest in using a free DB was not "faith" in the product, but rather simply because you can't beat the price...something for nothing...who isn't after that?
Ay any rate, more central to why I posted is this: why is Interbase/Firebird slighted so often? Every time there's a debate or discussion of Free/Open Source DBs, it's all "PostgreSQL this..." and "MySQL that..." like they're it.
Interbase started out a long time ago and gradually evolved into what it is today. It has been largely implemented in embedded space and has had all these nifty features people keep talking about adding to MySQL and PostgreSQL for years. Granted, it didn't exist as an open source product until recently...but it IS open source now, especially if you stick with Firebird. Other than the backdoor from hell that has been patched, why is it Interbase/Firebird gets no respect?
Anyone?
Umm, how about Interbase (or Firebird for that matter)? Definitely qualifies as "major" IMO, is being actively developed, and runs on Windows, Linux, Solaris, and others...
So basically, you were just looking to get a DB you didn't have to pay for, didn't have to support, and didn't have to contribute anything back to. In other words: trying to get something for nothing...you're right, that is often the "truth in the industry."
I disagree. I use keyservers, I posted my public key to
I feel that I can manage my keys. I can control which channels I distribute them through. I can revoke old keys. When managed appropriately, distributing keys via multiple channels provides additional opportunity to validate them against each other and provides some degree of protection from MITM attacks.
I agree that a keyserver should be the primary distribution channel, I think having others is just a way to hedge against a corrupt keyserver...even if the other channel is just another keyserver under a different organization's control.
someone mod this up please...money talks...you know the rest. (See my sig line...)
I have on occassion written letters (and sent e-mails) to my local city council, my state government representatives, my governor, my federal representatives (both house and senate), the president, vice-president, secretary of state, secretary of defense, and to local, national, and international news media to voice my concerns.
I always make sure that when communicating with government officials that I only do so with the ones who represent ME. Writing a senator from some other state will get me nowhere (as it should be) as they do not represent me. They should not care what I think unless they represent me.
The only responses I have EVER gotten were from my local city council. All other responses I've received have been automated "thanks for your feedback" messages.
But that's really not the point. I don't care if they communicate back to me. The point of it is to let them know what their constituency thinks and feels on specific topics. They know (because I point out that I am a registered voter and that my vote directly effects them) that I will be watching. If they get the message, they'll do the right thing. Otherwise, I won't vote for them.
Well, I'm one who actually uses it. I sign messages all the time. I don't encrypt as often because not so many of my recipients also use PGP/GPG but some do so I can encrypt.
Additionally, my key is loaded onto keyservers and being on several security-related mailing lists, I often receive signed e-mails and I use keyservers to verify those signatures.
But I alone don't count for 0.5%
How many of us use this feature of slashdot?
Yes...I use Outlook...at work...
BUT, our backend mail server is HP OpenMail on Linux and I know how to configure Outlook properly. No one in our company has been touched by SirCam, etc. and all my e-mails are sent PLAIN TEXT (none of the HTML mail or BODY.RTF crap) and in this mode, using WinPT, Outlook integrates well with GPG. I type my message, then I press ALT+SHIFT+S to sign it or ALT+SHIFT+E to encrypt it and WinPT pops up a dialog for me to choose a key to sign/encrypt with (lets me have a default signing key) so I just type in my passphrase and the original message is cut out and the clear-signed message gets pasted in. Then I press CTRL+ENTER to send.
That is at least somewhat idiotproof. It may not be as pretty as PGP's integration, but then there's a bug with that that won't allow me to automatically sign on send, so I have to sign
Eef unly eet voud trunsleet eentu Bork! Bork! Bork!
I can see it now...
The Day of the Jitters...
try saying "as is it is perogative" and then try saying "as is its perogative" and you'll know what the problem is.
it's - indeed this is a contraction of "it is" but the phrase there obviously was possessive.
It (being Microsoft) has a perogative...therefore it is its perogative.
Of course, no hacker or terrorist would ever be able to infiltrate a TELCO!!! Unless the government runs its own fiber and hires its own staff to control all those lines and basically be its own GSP (GovNet Service Provider), they will always be subject to AT&T, WorldNet, Sprint, Qwest, et. al. hiring lowlifes to sniff^H^H^H^H^Hmonitor all those "private" WAN lines. Even if they impose strick regulations on the service providers requiring them to hire only people with security clearances, it just seems ridiculous to say that separate from the Internet = safe. (Which is a far cry from the truth...)
Nevermind the typo using the word "it" instead of "is" in that quote, I feel bad for that poor apostrophe.
Not being in the area, I watched the live webcast. There were definitely some excellent parts. I think the webcast left a lot to be desired, but what can I expect for free? I'm sure actually being there is 10 times better.
I use GPG for e-mails. I rely on physical security for the contents of my hard drive. I really don't have that much to protect and figure if the NSA or CIA really want to know, they'll just kidnap me and beat it out of me, so what's the friggin' point?
I even use GPG on Win32 systems with a nice front end called Windoze Privacy Tray that allows hotkeys to encrypt/sign the clipboard and such. And it works well with Outlook so long as you set it to PLAIN TEXT only e-mails (which of course, I do). I just press Alt+Shift+S and a password box pops up asking for my key's passphrase, I enter it and hit enter and the message gets signed.
Note that I sign a lot of e-mail, but I don't encrypt so much. Problem is most recipients don't use PGP/GPG so it does no good to encrypt. But the signing still helps those who can use the signature and it also gives me a chance for advocacy.
What's that signature stuff after your e-mail?
Well, that's a great question! Let me tell you about it...
That's not how it works. If you're using remailers appropriately, they mix things up. Like this:
That's just a start...you can really get carried away. But hey, just because you're paranoid, it doesn't mean they AREN'T out to get you...
A 128-bit key full of entropy is difficult to brute-force for a symmetric cypher like IDEA, 3DES, Blowfish, Twofish, CAST5, etc.
For cyphers utilizing key-pairs, 128 bits is not sufficient. This is why GPG/PGP will use 4096 bit RSA/DH/ElGamal keys to encrypt the 128-bit IDEA/CAST/Blowfish/3DES key used to encrypt the actual message.
Algorithms like RSA are inefficient for encrypting LARGE plaintexts. Symmetric cyphers typically are better at this.
As for key-management, that is a problem. I find bizcard CD-Rs work well for holding onto private keys. Public key rings can stay on the hard drive.
You know...to be more secure, I always apply ROT13 twice.
Compilers are not necessary for a general purpose computer. They are often necessary to Linux and *BSD users who can't always get what they want pre-compiled...but you can install many Linux distros without gcc/egcs and still have a highly functional general purpose computer...same can be said for all Windows platforms, OS/2, Mac OSes, etc. The compiler is an option, not a necessity.
Meant to write:
My thought was more: if there are alternative tools to the GNU tools, what would it take to make a desktop OS environment devoid of GNU tools...but still using the Linux kernel?
I wouldn't do it to spite RMS et. al., only as a learning experience.
I am not talking about writing an alternative to gcc. If there is none, I guess I'm done. My thought was more, if there are alternative tools to the GNU tools, what would it take to make a desktop OS environment devoid of GNU tools. That is an interesting thought experiment. First, having an alternative to gcc would be necessary because so many tools require it to compile (XFree86, KDE, etc.). But even if I could use alternatives to gcc and glibc like Comeau C/C++ and Dinkumware's libraries (not free), I could then get down to tweaking anything else to compile and have an environment that functions for me that is also devoid of GNU tools. Not that I want to do it that badly, I just find it an intriguing idea especially for the learning value.
I heartily disagree. I am a proponent of not re-inventing the wheel when working on practical for-production projects. But this is different. I mean, isn't re-inventing precisely what Linus Torvalds did when he decided to write his kernel, what Kurt Skauen did when he decided to develop AtheOS, what RMS did when he decided to make all the GNU tools?
Lots of things are re-invented by people who are eager to learn how things work and this is not a bad thing...just, as I have said, not the BEST use of my time.
Consider it a learning experiment. As long as I learn something, it's not a waste of time. There may be better USES of my time, but that doesn't make it as bad as watching NASCAR.
I am considering doing precisely this. I have started working on a DIY Linux distro a la linuxfromscratch.org only replacing all GNU tools with available alternatives (just to prove it can be done). I have only just begun and am a long way away from having anything remotely usable as I'm just not sure where to find the alternatives...starting with gcc. Anyone?
Actually, on September 13th the U.S. Senate unanimously passed H.R.2500 authorizing "any United States Attorney" to approve wiretaps and other electronic surveillance (like intercepting your e-mails and what web sites you visit). Rest assured, if it has not already been signed into law, it will.
They don't have to prove anything anymore, they just have to have a zealous prosecuting attorney...but, hey...no worries. I'm sure those are impossible to find.