If there are 2 different signatures for the same source, this is a red flag that one of them has been altered. Thus the audit begins, and thus the backdoor is found.
Or people think: "oh, the author has generated a new key" and move along without considering the alternative. This isn't really strong enough.
Re:$5 to anyone who proves this statement wrong-
on
The Economics of Spam
·
· Score: 1
But then, the economy isn't actually prosperous now, is it....?:-)
....and replace the GPG signatures with keys that just have the same name and address. If there are two keys with the same name and address, which one would you trust?
Really, that's the only solution to this problem. Probably, this is something we are going to see more frequently, so frequently perhaps that it may undermine the free software community's credibility. Therefore, we must come together and meet, and exchange signatures, so that at least we can ensure that they software is signed by its maintainer.
Now, go and get registered at Biglumber, sign up to the keysignings list and start organizing keysigning parties. Also, make sure that you meet other hackers when you're out travelling.
Actually, there has been done a lot of research on this, google for cryobot. They performed some really cool (pun intended!:-) ) experiments at the Norwegian Svalbard archipelago, which is a well suited research center for anything that is cold and icy. As it happens, one of the main arguments is one cited in the caption of this page:
The Cryobot method of "drilling" is more effective than conventional augering because it uses less power than mechanical cutting.
So while you're right in that melting requires a lot of energy, so does drilling. Being a glacier mountaineer, I can tell you that screwing in an ice-bolt is often really heavy work.
Well, P3P has been on my radar since 1998, when I first read about it, I think this was the article. There are many things that you can blame M$ for, and I'm personally M$-free, but developers should be paying minimal attention.
Well, are they open enough? their policy allows for not disclosing vulnerabilities.
The main reasoning seems to be that vendors should be able to protect their customers.
But what happened with the privacy leak recently found in Mozilla? Granted, it was a minor glitch, but it is nevertheless useful in studying how policy affects security.
Did it help end users that it was marked sensitive? Well, Netscape knew about the glitch when they shipped their browser, yet, they shipped it. On the other hand, the leak was patched shortly after the story broke, so the answer should be a clear "No!"
This is an example that it is not sufficient to have the sources open, you have to get some light onto the problems too.
I asked Siemens the same question. Not that I care about the music, but I care about Ogg, and the answer was that this stuff is done in highly specialized chipsets, and therefore, the key to this is to make sure chipset manufacturers adopt Ogg.
Other than that, I'll buy Siemens ME45 the next time there is some money on my account. It should be able to take some rough treatment, and it has an internal calendar that uses vCalendar, so it should integrate pretty easily with KOrganizer.
Well, I foresee this scenario: There is this bad guy on your block who sets up a box catching up all the keystrokes everybody on the block types on their keyboards. After looking around, he determines who has quite a lot of money, and he determines what passwords they use. Then, he goes around "borrowing" the smartcards of those persons, and uses the smartcard and the passwords to make certain transactions. There are those willing to knock a neighbour over the head or even kill him to pay his drugs or gambling debt, those things are hard to investigate as they are, in this is not going to make it easier, but the risk for those who do that kind of stuff probably lower.
There are several companies here in Norway working on smart-card solutions for Joe Average, and I hope they're paying attention, because they should be scare shitless by this. If a few remote keystroke loggers are found in the wild, it will be sufficient to undermine the credibility of the digital signatures they are providing. But, I fear they are not paying attention, because they have been known to favour security through obscurity in the past.
The problem is the possible scale, and that only minor breaches will undermine the credibility of certain systems such as digital signatures for Joe Average. Another aspect is that it is so easy to compromise, as opposed to catching the RF (yeah, I know, it is huge), which is not something just anybody could do.
And given it should be really, really easy to install symmetric encryption on the keyboard sender and receiver, this shouldn't really be a topic.
Oh well, that battle is really lost. OK, I realize that. Language has evolved beyond reach and we can't possibly managed to do all the education to revert it.
But what should I call myself? Or rather, what should people call me when they want to pat my back for something cool I did on the computer? I mean, everybody likes that, and we all need that, don't we?
Computer professional? Nah, I can't even accurately describe a Turing machine. I have merely basic training in computer science, on a "tools" level.
Computer hobbyist? I can do a lot more than most people, I can learn things fast, and I'm trained enough to point out flaws in the things many computer professionals do, including really good ones. Besides, I'm getting paid for it, even though the job market isn't that good.
Geek or nerd? Well, yeah, I guess I am, in some respects, certainly, but it doesn't really describe what I do accurately.
Well, many people gets a real identity crisis from this...
I think it is as simple as there being many free software geeks at Opera, some like Linux, some like FreeBSD, and one of the FreeBSD geeks figured that Opera is easily portable, so it was just a matter for somebody to sit down and do a all-nighter to get it done. So, the answer to that question is probably: Just because we could.
Here in Norway we have some quite nice anti-spam laws, and Norwegian spam is very rare. The majority of the spam is from sources in the US. Obviously, our legislation doesn't help on that.
Block lists can excert some pressure on parties to fix their spam problem. RBL tried to excert pressure on ISPs, it worked for a while before they got toothless. SPEWS has fallen down on the opposite side, blocking too much is degrading the value of the block list.
However, I wouldn't mind blocking some obscure Caribbean country at my mailserver entirely, and if enough people did, they would have to enact good legislation, or find themselves isolated from the world. I think that pressure would work.
However, this can't be effective right now, because most of the spam is coming from the US, and it is harder to block the US back to the stone age.... Therefore, I think some clueful US legislation is the key to the spam problem. Unfortunately, leading legal scholars doesn't seem to have much confidence in that the US will enact anything clueful right now...:-(
Yeah, I'd like to do that, but DNS is something I have postponed reading up on. I get my DNS elsewhere, and it works for now.
If I could do apt-get install opennic
and that's it, then I would do it, definately.:-) Are there any Debian hackers here who know if that approach would even be viable?
My bank Nordea is one of the biggest banks in the Nordic countries , and their web bank is quite good. They only say what standards your browser has to comply with, and really, that's how it should be. Then they keep download links for IE, Opera and Netscape. I called them up once with a Konqi problem and the person said "sorry, I don't have Konqi here, because where only running Linux on an old Pentium box for testing, and it's too slow for that, but I'll check when I get home." The server itself is written in Java, it wasn't clear to me if it is running on Tomcat, but I think so.
Well, GNU-AirTrafficControl would have to be subject to a formal review different from the typical SF project, so I wouldn't worry about that, exactly. However, diversity seems to be a Good Thing when it comes to widely deployed critical systems, so perhaps this was a bad example.
What I have been thinking about, is the possibility of freeing systems like hydroelectric plant control software and gas and oil software. Here in Norway, we have tons of both. I've been in the control room of a major hydroelectric plant, and they did certainly run UNIX. Probably, it would be quite easy to port this software to a completely free (as in speech) platform.
Well, Peru has some hydroelectric plants (seen them with my own eyes...), and Venezuela has oil, just freeing the software rich Norway have may help these countries, I figure.
This goes more to the crux of the issue too, as how government should license code. In this case, GPL would be appropriate, as the intention was to share it most widely, not create the basis for MS HydroElectricController XP... There are good arguments for BSD or Public Domain, but GPL is a good choice. I think it is actually something that should be decided on a political level.
Well, about the sterilization, it was brought before the Human Rights Court in Hague, Norway lost, and the recommendations from Hague has been adopted in domestic jurisprudence. So, I'd say, that problem has been corrected. It is a very hard problem to deal with, though.
I think the Norwegian press is very free, but it is also free to suck, which it does, but that's all because of money...
Actually, it was a Norwegian company called Bellboy that patented e-commerce. They started to file lawsuits too, but got spanked so badly by Norwegian courts that they will probably not stand on their feet again.
What I really like to see is a PSU with an builtin Uninteruptable Power Supply!
It's really scary to get downtime just because somebody steps on the chord or something. Shit happens when you do important work, that's a corollary to Murphy's law.
It doesn't need to last very long, just so that you get the time to put the chord in again, and take the box down gracefully.
I know it has been done, but I couldn't find the link right now, but AFAIR, it didn't have the output you need nowadays.
I bet that the reason why it hasn't taken off is that most people use an OS that crashes so much, some downtime due to powerfailure isn't much of a deal...:-)
No, because what SearchKing is doing is spamming. They're spamming Google, and they admit to it. What google then does is make sure that spammers don't influence the score. If they alter the code to achieve this, they are doing us, the users of the index, a favor.
Well, Searchking's business model consists of making people pay them to spam google for them, by making non-paid documents coming up lower. What Searchking doesn't get is that I'm not interested in being spammed by their customers, I'm interested in good search results. It is comforting to see that Google penalizes sites that tries such tactics, because it means that I get better search results. Go Google!
I think it was a very severe mistake by the W3C WAI to say that accessibility is an issue only for those with disabilities. Gigadollars really doesn't matter a lot if they're not among your target audience anyway.
However, what does matter, is that if I want to use a TV to read your web page, then the web designer is stupid if he does not allow me to. If I want to use a cell phone, he should allow me to do that too. If I want to sit back comfortably and use an 18 pt font, he should allow me to do that as well (I happen to do exactly that, and you can't imagine how many sites doesn't like me to do that).
The problem is that many, if not most, web designers think that they know better than I, what I find appealing. Accessibility is a lot about leaving to me to decide what I find appealing. That might be a concern for the big masses of web users, if they ever had the choice. Most don't even know what they're missing.
I'd like that choice.
Third was firewalking. He reasoned that his sweat would protect him from the coals...It worked until he was too comfortable with the idea to produce enough sweat.
He was wrong, the sweat has nothing to do with it. OK, it can have a minor effect, but it also makes things stick a little easier. I have also done firewalking with both dry and wet feet. Actually, I'm writing a paper about that, but it is going to take a long time to finish...
BTW, when you're demonstrating the Leidenfrost effect by drops on a hot plate, touch the plate! The Leidenfrost effect also protects your hand. It demonstrate the counter-intuitive things that I like so much: Your intuition screams "don't do that!", yet it is quite cool for as long as it says "fssssst".
I'm not saying this is risk free but if you compare the damages and the risk by e.g. driving to work every day, well, I think you would find your life very boring if you never took risks higher than this. I've had hundreds of people firewalking, including kids down to the age of five. It is very, very rare to get blisters that are not gone the following day. It has happened once on all my walks. What he did wrong was pretty obvious, he stepped in some mud before walking, and got coals sticking. Unfortunately, he was also a journalist, and his article wasn't very favorable...:-)
Slashdot Mirror
Or people think: "oh, the author has generated a new key" and move along without considering the alternative. This isn't really strong enough.
But then, the economy isn't actually prosperous now, is it....? :-)
We need to come together and paaaaaarty! :-)
Really, that's the only solution to this problem. Probably, this is something we are going to see more frequently, so frequently perhaps that it may undermine the free software community's credibility. Therefore, we must come together and meet, and exchange signatures, so that at least we can ensure that they software is signed by its maintainer.
Now, go and get registered at Biglumber, sign up to the keysignings list and start organizing keysigning parties. Also, make sure that you meet other hackers when you're out travelling.
So while you're right in that melting requires a lot of energy, so does drilling. Being a glacier mountaineer, I can tell you that screwing in an ice-bolt is often really heavy work.
Well, P3P has been on my radar since 1998, when I first read about it, I think this was the article. There are many things that you can blame M$ for, and I'm personally M$-free, but developers should be paying minimal attention.
The main reasoning seems to be that vendors should be able to protect their customers.
But what happened with the privacy leak recently found in Mozilla? Granted, it was a minor glitch, but it is nevertheless useful in studying how policy affects security.
Did it help end users that it was marked sensitive? Well, Netscape knew about the glitch when they shipped their browser, yet, they shipped it. On the other hand, the leak was patched shortly after the story broke, so the answer should be a clear "No!"
This is an example that it is not sufficient to have the sources open, you have to get some light onto the problems too.
Other than that, I'll buy Siemens ME45 the next time there is some money on my account. It should be able to take some rough treatment, and it has an internal calendar that uses vCalendar, so it should integrate pretty easily with KOrganizer.
Perhaps, if a lot of people click "I don't accept", they might get the message...
There are several companies here in Norway working on smart-card solutions for Joe Average, and I hope they're paying attention, because they should be scare shitless by this. If a few remote keystroke loggers are found in the wild, it will be sufficient to undermine the credibility of the digital signatures they are providing. But, I fear they are not paying attention, because they have been known to favour security through obscurity in the past.
The problem is the possible scale, and that only minor breaches will undermine the credibility of certain systems such as digital signatures for Joe Average. Another aspect is that it is so easy to compromise, as opposed to catching the RF (yeah, I know, it is huge), which is not something just anybody could do.
And given it should be really, really easy to install symmetric encryption on the keyboard sender and receiver, this shouldn't really be a topic.
Oh well, that battle is really lost. OK, I realize that. Language has evolved beyond reach and we can't possibly managed to do all the education to revert it.
But what should I call myself? Or rather, what should people call me when they want to pat my back for something cool I did on the computer? I mean, everybody likes that, and we all need that, don't we?
Computer professional? Nah, I can't even accurately describe a Turing machine. I have merely basic training in computer science, on a "tools" level.
Computer hobbyist? I can do a lot more than most people, I can learn things fast, and I'm trained enough to point out flaws in the things many computer professionals do, including really good ones. Besides, I'm getting paid for it, even though the job market isn't that good.
Geek or nerd? Well, yeah, I guess I am, in some respects, certainly, but it doesn't really describe what I do accurately.
Well, many people gets a real identity crisis from this...
I think it is as simple as there being many free software geeks at Opera, some like Linux, some like FreeBSD, and one of the FreeBSD geeks figured that Opera is easily portable, so it was just a matter for somebody to sit down and do a all-nighter to get it done. So, the answer to that question is probably: Just because we could.
Block lists can excert some pressure on parties to fix their spam problem. RBL tried to excert pressure on ISPs, it worked for a while before they got toothless. SPEWS has fallen down on the opposite side, blocking too much is degrading the value of the block list.
However, I wouldn't mind blocking some obscure Caribbean country at my mailserver entirely, and if enough people did, they would have to enact good legislation, or find themselves isolated from the world. I think that pressure would work.
However, this can't be effective right now, because most of the spam is coming from the US, and it is harder to block the US back to the stone age.... Therefore, I think some clueful US legislation is the key to the spam problem. Unfortunately, leading legal scholars doesn't seem to have much confidence in that the US will enact anything clueful right now... :-(
If I could do :-) Are there any Debian hackers here who know if that approach would even be viable?
apt-get install opennic
and that's it, then I would do it, definately.
My bank Nordea is one of the biggest banks in the Nordic countries , and their web bank is quite good. They only say what standards your browser has to comply with, and really, that's how it should be. Then they keep download links for IE, Opera and Netscape. I called them up once with a Konqi problem and the person said "sorry, I don't have Konqi here, because where only running Linux on an old Pentium box for testing, and it's too slow for that, but I'll check when I get home." The server itself is written in Java, it wasn't clear to me if it is running on Tomcat, but I think so.
What I have been thinking about, is the possibility of freeing systems like hydroelectric plant control software and gas and oil software. Here in Norway, we have tons of both. I've been in the control room of a major hydroelectric plant, and they did certainly run UNIX. Probably, it would be quite easy to port this software to a completely free (as in speech) platform.
Well, Peru has some hydroelectric plants (seen them with my own eyes...), and Venezuela has oil, just freeing the software rich Norway have may help these countries, I figure.
This goes more to the crux of the issue too, as how government should license code. In this case, GPL would be appropriate, as the intention was to share it most widely, not create the basis for MS HydroElectricController XP... There are good arguments for BSD or Public Domain, but GPL is a good choice. I think it is actually something that should be decided on a political level.
I think the Norwegian press is very free, but it is also free to suck, which it does, but that's all because of money...
Actually, it was a Norwegian company called Bellboy that patented e-commerce. They started to file lawsuits too, but got spanked so badly by Norwegian courts that they will probably not stand on their feet again.
here
Won't keep it there for long.
Huh? RMS has stated many times that the ultimate goal is to have all software in the public domain, copyleft is just means to that end.
It's really scary to get downtime just because somebody steps on the chord or something. Shit happens when you do important work, that's a corollary to Murphy's law.
It doesn't need to last very long, just so that you get the time to put the chord in again, and take the box down gracefully.
I know it has been done, but I couldn't find the link right now, but AFAIR, it didn't have the output you need nowadays.
I bet that the reason why it hasn't taken off is that most people use an OS that crashes so much, some downtime due to powerfailure isn't much of a deal... :-)
No, because what SearchKing is doing is spamming. They're spamming Google, and they admit to it. What google then does is make sure that spammers don't influence the score. If they alter the code to achieve this, they are doing us, the users of the index, a favor.
Well, Searchking's business model consists of making people pay them to spam google for them, by making non-paid documents coming up lower. What Searchking doesn't get is that I'm not interested in being spammed by their customers, I'm interested in good search results. It is comforting to see that Google penalizes sites that tries such tactics, because it means that I get better search results. Go Google!
I think it was a very severe mistake by the W3C WAI to say that accessibility is an issue only for those with disabilities. Gigadollars really doesn't matter a lot if they're not among your target audience anyway.
However, what does matter, is that if I want to use a TV to read your web page, then the web designer is stupid if he does not allow me to. If I want to use a cell phone, he should allow me to do that too. If I want to sit back comfortably and use an 18 pt font, he should allow me to do that as well (I happen to do exactly that, and you can't imagine how many sites doesn't like me to do that).
The problem is that many, if not most, web designers think that they know better than I, what I find appealing. Accessibility is a lot about leaving to me to decide what I find appealing. That might be a concern for the big masses of web users, if they ever had the choice. Most don't even know what they're missing. I'd like that choice.
On a related note, see my User Empowering Browser idea on ShouldExist.
Right!
He was wrong, the sweat has nothing to do with it. OK, it can have a minor effect, but it also makes things stick a little easier. I have also done firewalking with both dry and wet feet. Actually, I'm writing a paper about that, but it is going to take a long time to finish...
BTW, when you're demonstrating the Leidenfrost effect by drops on a hot plate, touch the plate! The Leidenfrost effect also protects your hand. It demonstrate the counter-intuitive things that I like so much: Your intuition screams "don't do that!", yet it is quite cool for as long as it says "fssssst".
I'm not saying this is risk free but if you compare the damages and the risk by e.g. driving to work every day, well, I think you would find your life very boring if you never took risks higher than this. I've had hundreds of people firewalking, including kids down to the age of five. It is very, very rare to get blisters that are not gone the following day. It has happened once on all my walks. What he did wrong was pretty obvious, he stepped in some mud before walking, and got coals sticking. Unfortunately, he was also a journalist, and his article wasn't very favorable... :-)