I've been meaning to start using IPSEC for my internal network as yet another layer of security: the routers would reject (and log) all non-IPSEC traffic, and make use of IPSEC's authentication to make certain that only properly-identified machines can talk to anybody else.
Before even considering adding any kind of internal wireless access point, I would make certain to implement IPSEC. At that point, somebody hijacking or eavsdropping on the wireless network wouldn't be able to understand anything (regardless of the wireless protocol) and wouldn't be able to talk to anybody (again, regardless of the wireless protocol). I suppose an attacker might be able to set up multiple wireless devices that talk to each other...but that doesn't give her much.
Considering all the historical security trouble with sealed boxes, I'm surprised that more people haven't taken this route from the beginning.
I had this debate with Bob Young once where he stated it was great that so many desktop options exist for the Linux user. I don't see it. Lots of choices of desktops in the academic community might be good for stimulating many different approaches but having too many choices in a commercial platform environment in the end, confuses developers and users.
This seems to be the pervailing attitude among those at Microsoft and elsewhere: users are stupid, so stupid that we must make all their decisions for them.
That's great if you're trying to consolidate your monopoly position, but it does absolutely no good whatsoever for the advancement of anything whatsoever.
The world is full of choices! There rarely is One Right Way. I feel sorry for those who are so confused and terrified of the world that they don't even want to be presented with choices.
Besides which, the problems with a monoculture are legion...I hardly think I need to go there.
Please, the world isn't that stupid. Don't insult the people who fund the very survival of your company.
If all you want is a router--why didn't you say so?
Send them the boot floppy for OpenBSD 2.8 and have them do a basic ftp install with the default packages. Get the root password via secure means.
Use ssh to get to the machine. Update/etc/rc.conf and/etc/rc.sysctl to your pleasure; they're self-documenting. All you'll really want to do is enable the bits about ipf and maybe ipnat (in the former) and IP forwarding (in the latter) and maybe alt-ctrl-del rebooting (in the latter).
Copy over your own/etc/ipf.rules and maybe/etc/ipnat.rules files which you've thoroughly tested aforehand. The IP Filter HOWTO (c.f.) tells you everything you need to know about how to create the files.
Reboot.
Have a beer in celebration!
FreeBSD would also work fine, but you have to spend more time turning off services, patching holes, etc. It's more work to get it to the point you want. Again, I love FreeBSD, but it's not as well suited to being a router as is OpenBSD. OpenBSD begs to be used as a router, or a secure Web server or....
In short, OpenBSD is already set up almost exactly the way you want your router set up. Just add firewall rules, and you're done.
Good luck!
b&
P.S. When you're done, buy a few official OpenBSD CDs to help support Theo and the gang. b&
Rdist is a program to maintain identical copies of files over multiple
hosts. It preserves the owner, group, mode, and mtime of files if possi-
ble and can update programs that are executing. Rdist reads commands
from distfile to direct the updating of files and/or directories.
If this is something you'll be doing regularly, just do the most simple install on each of the machines and let rdist do the rest.
If it's a one-off install (but what about updates, patches, etc.?), you could use your favorite backup method to back up the one computer and restore to the others and just edit the few machine-specific files, like/etc/rc.conf (or use/stand/sysinstall).
If you don't have a favorite backup method, get one. See `man 8 dump` for the most robust one you'll see, but you're probably already comfortable with tar which should work just fine for this.
But, really, how much have you customized it? One of the strengths of the BSDs is the ports system. On a well-run system, 99% of everything outside of/usr/local,/var,/home, and/tmp is identical from one machine to the other. If you've done your install right, you can just copy/usr/local and be done with it. Making/usr/local be a network mount wouldn't be a bad idea, either.
I have many complaints about RPMs; the biggest is that they do all their work to the main filesystem./usr/local is there for a purpose! It keeps software you've installed from the critical parts of the operating system and vice-versa. Make a backup of/usr/local, and you've saved yourself almost all the hassle of a re-install after a disaster. Nuke/usr/local, and you're left with a stable system.
There's a myth that an installer has to be something complex. See OpenBSD (my favorite OS, though I'm writing this from FreeBSD because I just can't kill the darn thing and thus have no excuse to re-install it!) for what's probably the easiest installer out there (but perhaps not the prettiest): first, you partition the drive (the worst part of the experience, but using the defaults in the docs works just fine); then, you type in your network information (IP, gateway, hostname, etc.); then you pick the packages to install; finally, you tell it what timezone your in and give it a root password. The packages are nothing more than compressed tarballs. If you didn't install one and want it later, all you have to do is untar it to the root directory and, presto! you've got that package.
Rest assured (and this means you, Hilary, and you too, Jack Valenti -- even though, yeah, you're getting up there in years) that if I do not release my version of your encryption schemes, they will be deleted from my hard and from my memory banks. But, as you know, for security reasons, there's no way I can delete them manually. Nor is there any way that you -- Hilary or Jack or you spooks at the NSA -- can compel me to delete them sooner.
Dear Mr. StoryMan,
You have expressed willingness to comply with our demands to remove your illegal anti-circumvention device, but are concerned that you lack the expertise necessary to do so. Rest assured that we do have the necessary expertise and would be delighted to assist you in your efforts to become fully compliant.
Accordingly, please swallow the enclosed pill. Shortly after you notice its pleasant bitter almond taste, you will no longer be in possession of either the illegal devices or the ability to create or store such devices in the future.
Lots of people have already pointed out how they'll just switch browser windows, etc., but what's to think that Junkbuster and its friends won't catch up?
First, I'll assume that this'll commonly be done with server-side processing to decide if you've waited the required amount of time. If it's done with JavaScript, Flash, or something else proprietary, we've already seen that that just won't fly.
I can envision a proxy that does a bit of read-ahead for you. If you go to a site that uses such an obnoxious kind of advertising, the proxy will follow the next few links and throw away those that are advertisements. By the time you're done reading the page you're on, the next page with real content has already been loaded, free of commercials. Truly obnoxious web sites that try to defeat such a scheme will break all the ISPs, companies, etc., that rely on Squid or other caching proxies.
Personally, I see many people getting increasingly turned off of advertising alltogether. People use VCRs and Tivo-like appliances to skip commercials. Everybody hates spam, telemarketing, billboards...you name it. I'm just waiting for the day when we all say, ``enough!''
Read the bill that the article links to. The bill doesn't just apply to $2000 machines, but to ``each personal computer sold.''
I've bought a number of $50 machine in my life; three of them (a couple P120s and a 486) are in critical positions in my home network, and have been for more months than I can count. Net Nanny retails for $39.95, not $2.
Why should the price for such computers double for me, an unmarried bachelor of legal age with no kids? Why should I pay for software which I personally not only would never use, but find odious (considering that it's my personal opinion that censorware is one of the worst ways to ``protect'' your children and, yes, you're welcome to have a differing opinion)?
Why should, say, Motorola, which has a very large presence in the Texas state capial, pay for censorware with every computer they buy when their corporate firewall already does such filtering? (I know this from teaching Internet classes for Motorola to Motorolans.)
But wait, there's more! ``Software provided in compliance with Subsection (a) must be compatible with any operating system that is provided by the seller to the purchaser of the personal computer at the time of purchase.'' I'm not aware of any censorware available for Linux, Solaris, BeOS, *BSD, AIX, IRIX, etc. A nice little byproduct of the bill will be to make illegal the sales of computers with those operating systems.
But wait, there's even still more! ``If an operating system is not provided by the seller of the personal computer, the software required under Subsection (a) must be compatible with at least one operating system that may be installed to operate on the computer.'' I can't even buy a Mac SE/30 without an operating system because I'll be installing NetBSD on it, unless there's censorware that'll run on MacOS 7.2
The bill has no provision for computers outside the mainstream. None whatsoever.
This is bad legislation. Frankly, Texas needs to be putting its resources into other areas (perhaps cleaning up after W's environmental mess) than keeping kids from seeing bad pictures.
Below is a note I just sent to webmaster@techrepublic.com:
You might be aware that Slashdot just linked to one of your articles--if
not, have a look at http://slashdot.org/ and your server logs.
Slashdot, if you don't know, is one of the most popular news/discussion
sites for ``nerds'' and others with an interest in the tech community
and industry. It's given rise to the verb, ``to slashdot,'' which refers
to something akin to a denail of service attack when thousands upon
thousands of Slashdot readers attempt to view a page that is mentioned
on Slashdot.
If your servers can handle it, being slashdotted is a wonderful thing:
you get an astounding boost in traffic from an extremely savvy,
knowledgeable, and often influential crowd of people. If your servers
can't handle it, it can be a bit of a nightmare, of course.
While it would seem that your servers can handle the load, your site
expressly can't. Your insistence on only allowing people using the
latest browsers from Microsoft and Netscape is all but guaranteed to
royally tick off a significant portion of Slashdot readers--not to
mention, potential readers in general. Slashdot readers, in particular,
are likely to use Linux, one of the BSDs, or some other Free operating
system. I, for example, attempted to use the Konqueror browser under
FreeBSD to view your site. I had had Konqueror running continuously,
without quitting or crashing, for about a week...until I tried to view
the article despite your warning. Congratulations, yours is the first
site I've viewed (amidst some very heavy viewing) which has ever managed
to crash the latest version of Konqueror.
By designing your site in such a way, you are satisfying your own ego
(by producing what's probably an attractive site) at the expense of your
potential audience and your advertisors. Is it really worth it to use
the latest gee-whiz doohickies and, in turn, post a giant "GO AWAY! WE
DON'T WANT YOUR MONEY! YOU ARE STUPID AND PRIMITIVE!"
sign to everybody who doesn't march in lock-step with your idea of
which browser/platform is best? You might think so, but I doubt
your boss or your advertisers do.
There are two sites which you, as a Web designer, must know inside and
out before you create another page: http://www.anybrowser.org/campaign/
and http://www.w3.org/. The first has information more information about
why it's not a good idea to insult and lock out your potential
audiences; the second is the repository of the official defintion of
HTML.
I could go on and on about how much better CE is than PalmOS but it will never convince anyone who wants a mini-organizer.
Hear, hear! The iPaqs sound like they're wonderful, amazing devices. Compaq truly deserves kudos for them.
But! They fail my most important test: they won't, no way, no how, fit in my back pocket.
I had a Newton MP100. Really neat device, but it was too much of a bother to carry around. (Years) later I got a Palm III. After a week, I sent it back and got a Palm V, which I've been using for about a year, now. I use it, many times daily, because it's the exact same size as the paper calendar I used to carry and does fit, quite nicely, in my back pocket.
Is the iPaq a better platform? Very likely. But the Palm is Good Enough®, whereas I'd never actually take the iPaq with me anywhere.
Frankly, no. Thanks to Junkbuster, ads are already turned off for me.
I could be interested in a subscription for other reasons, such as keeping the site running. But if the only reason for the subscription is to get something I already have, well....
I swear, I only submitted that once. The others I *know* I hit Preview because it took me back to the Post Comment screen, where I made edits.
I guess that's what you get for submitting something at the time that Slashdot goes on the blink for a few minutes. It would be nice to at least cancel your own posts, but....
I must admit, I'm a bit disappointed that Mr. Gray seems to see us as little more than a venue for selling advertisements. He makes the point that OSDN can't exist without money, and he's in charge of the ad system...but, still. We're people, readers, contributors to the site. We're not eyeballs.
That said, I offer some refutations of some of his points.
Mr. Gray claims that ad banners are the only thing that works; I challenge that assertion. The Wall Street Journal seems to be doing quite fine with their subscription model, and, last I heard, pr0n was the only non-ecommerce money-making 'Net industry. They're all subscription-based, no?
Mr. Gray dismissed all alternatives to banners out of hand. I have a challenge: run a few systems all at the same time; call it an experiment. Keep the banners (with your modifications if you're so enamoured of them), but add a tip jar and offer a subscription which eliminates all advertisements and the tip jar. See which one gets you the most money. Chances are, you'll get non-trivial funds from each.
One alternative not mentioned is the public broadcasting model. A couple times a year, have a fund drive. Saturate the site with pleas for money and threats that the service will be discontinued if enough of us don't open our wallets. You'll only get a small percentage of readers paying, but those will likely give you large figures. I bet there're at least a few dot.commies out there who'd give a kilobuck, and many who'd give twenty or thirty dollars. If there's a significant shortfall, get coporate underwriting and have Google-style non-obtrusive text links acknowledging those sponsors.
Most of the rest of Mr. Gray's points are asking us to, frankly, do his job for him. I have no interest in advertisers. I couldn't care if corporation X lives or dies as a result of a successful marketing campaign, and I'm certainly not going to help them do something I consider extremely distasteful.
What I am interested in is Slashdot. If the only way for me to give Slashdot financial support is through banner ads, then Slashdot won't get my financial support: Junkbuster has kept me from seeing a Slashdot ad for quite some time. If there was a tip jar, I'd throw some money at them from time to time. If there was a subscription and it wasn't too expensive, I'd even buy one. But I hate banner ads and will do nothing to contribute to those who belive in them. If an advertisement made it through Junkbuster and managed to crash my browser, I'd spend my time updating the Junkbuster rules or (if it got too bad) I'd leave Slashdot. I wouldn't help you debug something you were incapable of debugging yourself.
And, as for ad system karma...it looks like Mr. Gray spent waaaaay too much time trying to catch the monkey in the money tree. Why am I going to give you a critique on an ad just so I can turn other ads off for a day? Those who contribute will be those who actually want to see the ads. It's much easier to install Junkbuster than it is to critique a couple dozen ads...it just makes no sense.
In short, if you want my money, don't try to get it from banner ads. You can have my money, but not in exchange for anything related to banner ads.
I must admit, I'm a bit disappointed that Mr. Gray seems to see us as little more than a venue for selling advertisements. He makes the point that OSDN can't exist without money, and he's in charge of the ad system...but, still. We're people, readers, contributors to the site. We're not eyeballs.
That said, I offer some refutations of some of his points.
Mr. Gray claims that ad banners are the only thing that works; I challenge that assertion. The Wall Street Journal seems to be doing quite fine with their subscription model, and, last I heard, pr0n was the only non-ecommerce money-making 'Net industry. They're all subscription-based, no?
Mr. Gray dismissed all alternatives to banners out of hand. I have a challenge: run a few systems all at the same time; call it an experiment. Keep the banners (with your modifications if you're so enamoured of them), but add a tip jar and offer a subscription which eliminates all advertisements and the tip jar. See which one gets you the most money. Chances are, you'll get non-trivial funds from each.
One alternative not mentioned is the public broadcasting model. A couple times a year, have a fund drive. Saturate the site with pleas for money and threats that the service will be discontinued if enough of us don't open our wallets. You'll only get a small percentage of readers paying, but those will likely give you large figures. I bet there're at least a few dot.commies out there who'd give a kilobuck, and many who'd give twenty or thirty dollars. If there's a significant shortfall, get coporate underwriting and have Google-style non-obtrusive text links acknowledging those sponsors.
Most of the rest of Mr. Gray's points are asking us to, frankly, do his job for him. I have no interest in advertisers. I couldn't care if corporation X lives or dies as a result of a successful marketing campaign, and I'm certainly not going to help them do something I consider extremely distasteful.
What I am interested in is Slashdot. If the only way for me to give Slashdot financial support is through banner ads, then Slashdot won't get my financial support: Junkbuster has kept me from seeing a Slashdot ad for quite some time. If there was a tip jar, I'd throw some money at them from time to time. If there was a subscription and it wasn't too expensive, I'd even buy one. But I hate banner ads and will do nothing to contribute to those who belive in them. If an advertisement made it through Junkbuster and managed to crash my browser, I'd spend my time updating the Junkbuster rules or (if it got too bad) I'd leave Slashdot. I wouldn't help you debug something you were incapable of debugging yourself.
And, as for ad system karma...it looks like Mr. Gray spent waaaaay too much time trying to catch the monkey in the money tree. Why am I going to give you a critique on an ad just so I can turn other ads off for a day? Those who contribute will be those who actually want to see the ads. It's much easier to install Junkbuster than it is to critique a couple dozen ads...it just makes no sense.
I'm sorry, but, try as I might, I just can't get a good signature out of this note. I saved it as is is, with the line breaks as they came in my browser. I saved the source. I stripped HTML from the source. I stripped all the HTML but the links.
Now, I'd probably wager, say, a cup of coffee that PRZ actually did sign this note and that it's Slashdot that mangled the signature...but, frankly, what's the point of posting a PGP-signed message--by the creator of PGP, no less--if that signature simply cannot be verified?
It would be appropriate for somebody to post the note in such a way that the signature can be verified. 'Til then, my faith is as a cup of coffee....
This might be the end of the matter as far as Slashdot is concerned--this is, after all, Rob's baby--but it's far from the end for the rest of the world.
Senator Lieberman has already announced that he and Vice President Gore will challenge Secretary of State Harris's certification of the election. Governer Bush still has a case pending with the United States Supreme Court. And a number of other court cases and other forms of legal challenges remain on both sides.
The only thing that can end this mess quickly is a concession speech, and neither candidate has given any indication of any sort of willingness or intention to do so.
At this point, I'm almost hoping for Senator Strom Thurmond to be the next president--and that's not as unlikely an outcome as it might sound!
Keep your safety belts fastened, people. This ride's only just begun.
b&
Re:Problems with the system
on
eLection '04
·
· Score: 1
1) Given a identifying password
Just means I can go to X computers, and type X different passwords, and vote. Guess
passwords would not be very hard; either they would be like a CD-Key/serial-number, and be
generated, or they would even be simpler to guess:
Er...you have no understanding of cryptography, do you? Only an idiot would give serial passwords like you have on any system. Instead, you'd use a real random source to generate the passwords. The passwords might look like:
Those passwords have 72 bits of entropy in them. You could expect to guess the password of one of those people after about 70 billion tries. Think that'll go unnoticed? Try one a second--a reasonable latency for a 'Net-based attacker--and you'll still be trying in the year 4100.
Of course, most people have trouble with twelve-character random strings, so instead they'd use some sort of mapping to words, like AOL's famous CD keys. (Imagine one of them: "VOTE FOR SHRUB.")
b&
U.S. voting is controlled locally
on
eLection '04
·
· Score: 1
Y'all are missing a big problem, and it's not technological or sociological: rather, it's legal and Constitutional.
The Constitution gives electoral control to the states. The states (I'm not aware of any exceptions) pass that control on to the counties, usually with restrictions.
Without a Constitutional amendemnt, there's no way we'll ever have a uniform national ballot, electronic or otherwise. And I just can't see the states giving up that much power to the federal government.
This is why some people in Florida had screwed-up punch cards; some of you pressed a button on an electronic device; and I, in Maricopa County, Arizona, drew lines on a piece of paper.
Nice dreamings, but it ain't gonna happen.
Having said that, the Arizona Democratic primary election that was held both traditionally and over the 'Net went rather well, for the most part.
If you want to see something like this for yourselves, you'll have to work for it locally.
...of what you're saying? Everything that ever has been or will be done is encoded in Pi. The same holds true for e, sqrt(2), etc. There is nothing new under the sun.
This sounds rather like the Mind of God(tm). Do we now need to worship Pi? Will prayer be reduced to chanting "three point one four one five nine two six five three five eight nine..."?
A lot of people are saying that, since @Home says that this information is private, we should respect that.
I'm sorry, but that's a bunch of hogwash. There is only one corporation whose concerns about privacy I must respect, and that's only because I've signed documents saying I'll do just that. With all other coroporations, I can say anything about them I darn well like.
I'm sure that Wesley signed no such NDA with @Home. Unless he himself obtained the documents illegally--and I see no reason to suspect that he broke into @Home networks or ofices; after all, why would he need tech support if he could do that--then the person who violated @Home's trade secrets (even assuming that they qualify as trade secrets) is the one guilty of something.
Remember, it's the corporation's responsibility to prevent proprietary information from leaking in the first place, not our responsibility to look the other way.
Look at it this way: If somebody's suspenders break while they're walking down the street, they could be found guilty of indecent exposure; you're not going to be found guilty of invasion of privacy if you look. Good manners dictate you look the other way...but I'll show good manners to corporations when they start behaving at least as mature as pre-teens.
The Motorola StarTAC 7867 series is towards the top of the list, with a SAR level of 1.38.
The Motorola StarTAC 7860 has the least radiation level of any phone on the chart, with a SAR level of 0.24.
The 7868 is the same phone as the 7860, but has a built-in microbrowser. What gives?
Is there really that much of a difference between the two models (I've owned both, and the only differences I've seen--including reception, etc.--was with the feature set)? Or...are the tests perhaps screwed?
Slashdot Mirror
Anybody want to take bets on when 18610 Arthurdent will be demolished in order to make room for the Mars-Jupiter expressway?
b&
...you mean that you actually have to set aside time for your crises? And that they only last a week?
Need a Perl programmer?
b&
As I write this, rfc-editor can't find the document. There are other copies of the RFCs out there; here is the link from Ohio State:
http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc309 8. html
http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc3098. html
b&
Don't forget the browser! "The body cannot live without the mind, the high memory manager, the system tray, and IE."
Oh, there's also the media player. "The body cannot live without the mind, the high memory manager, the system tray, IE, and WMP. And Office and...."
b&
I've been meaning to start using IPSEC for my internal network as yet another layer of security: the routers would reject (and log) all non-IPSEC traffic, and make use of IPSEC's authentication to make certain that only properly-identified machines can talk to anybody else.
Before even considering adding any kind of internal wireless access point, I would make certain to implement IPSEC. At that point, somebody hijacking or eavsdropping on the wireless network wouldn't be able to understand anything (regardless of the wireless protocol) and wouldn't be able to talk to anybody (again, regardless of the wireless protocol). I suppose an attacker might be able to set up multiple wireless devices that talk to each other...but that doesn't give her much.
Considering all the historical security trouble with sealed boxes, I'm surprised that more people haven't taken this route from the beginning.
b&
This seems to be the pervailing attitude among those at Microsoft and elsewhere: users are stupid, so stupid that we must make all their decisions for them.
That's great if you're trying to consolidate your monopoly position, but it does absolutely no good whatsoever for the advancement of anything whatsoever.
The world is full of choices! There rarely is One Right Way. I feel sorry for those who are so confused and terrified of the world that they don't even want to be presented with choices.
Besides which, the problems with a monoculture are legion...I hardly think I need to go there.
Please, the world isn't that stupid. Don't insult the people who fund the very survival of your company.
b&
If all you want is a router--why didn't you say so?
Send them the boot floppy for OpenBSD 2.8 and have them do a basic ftp install with the default packages. Get the root password via secure means.
Use ssh to get to the machine. Update /etc/rc.conf and /etc/rc.sysctl to your pleasure; they're self-documenting. All you'll really want to do is enable the bits about ipf and maybe ipnat (in the former) and IP forwarding (in the latter) and maybe alt-ctrl-del rebooting (in the latter).
Copy over your own /etc/ipf.rules and maybe /etc/ipnat.rules files which you've thoroughly tested aforehand. The IP Filter HOWTO (c.f.) tells you everything you need to know about how to create the files.
Reboot.
Have a beer in celebration!
FreeBSD would also work fine, but you have to spend more time turning off services, patching holes, etc. It's more work to get it to the point you want. Again, I love FreeBSD, but it's not as well suited to being a router as is OpenBSD. OpenBSD begs to be used as a router, or a secure Web server or....
In short, OpenBSD is already set up almost exactly the way you want your router set up. Just add firewall rules, and you're done.
Good luck!
b&
P.S. When you're done, buy a few official OpenBSD CDs to help support Theo and the gang. b&
Try `man 1 rdist`:
If this is something you'll be doing regularly, just do the most simple install on each of the machines and let rdist do the rest.
If it's a one-off install (but what about updates, patches, etc.?), you could use your favorite backup method to back up the one computer and restore to the others and just edit the few machine-specific files, like /etc/rc.conf (or use /stand/sysinstall).
If you don't have a favorite backup method, get one. See `man 8 dump` for the most robust one you'll see, but you're probably already comfortable with tar which should work just fine for this.
But, really, how much have you customized it? One of the strengths of the BSDs is the ports system. On a well-run system, 99% of everything outside of /usr/local, /var, /home, and /tmp is identical from one machine to the other. If you've done your install right, you can just copy /usr/local and be done with it. Making /usr/local be a network mount wouldn't be a bad idea, either.
I have many complaints about RPMs; the biggest is that they do all their work to the main filesystem. /usr/local is there for a purpose! It keeps software you've installed from the critical parts of the operating system and vice-versa. Make a backup of /usr/local, and you've saved yourself almost all the hassle of a re-install after a disaster. Nuke /usr/local, and you're left with a stable system.
There's a myth that an installer has to be something complex. See OpenBSD (my favorite OS, though I'm writing this from FreeBSD because I just can't kill the darn thing and thus have no excuse to re-install it!) for what's probably the easiest installer out there (but perhaps not the prettiest): first, you partition the drive (the worst part of the experience, but using the defaults in the docs works just fine); then, you type in your network information (IP, gateway, hostname, etc.); then you pick the packages to install; finally, you tell it what timezone your in and give it a root password. The packages are nothing more than compressed tarballs. If you didn't install one and want it later, all you have to do is untar it to the root directory and, presto! you've got that package.
There's no reason you can't do the same thing.
b&
Dear Mr. StoryMan,
You have expressed willingness to comply with our demands to remove your illegal anti-circumvention device, but are concerned that you lack the expertise necessary to do so. Rest assured that we do have the necessary expertise and would be delighted to assist you in your efforts to become fully compliant.
Accordingly, please swallow the enclosed pill. Shortly after you notice its pleasant bitter almond taste, you will no longer be in possession of either the illegal devices or the ability to create or store such devices in the future.
Sincerely,
Hilary Rosen and Jack Valenti
Lots of people have already pointed out how they'll just switch browser windows, etc., but what's to think that Junkbuster and its friends won't catch up?
First, I'll assume that this'll commonly be done with server-side processing to decide if you've waited the required amount of time. If it's done with JavaScript, Flash, or something else proprietary, we've already seen that that just won't fly.
I can envision a proxy that does a bit of read-ahead for you. If you go to a site that uses such an obnoxious kind of advertising, the proxy will follow the next few links and throw away those that are advertisements. By the time you're done reading the page you're on, the next page with real content has already been loaded, free of commercials. Truly obnoxious web sites that try to defeat such a scheme will break all the ISPs, companies, etc., that rely on Squid or other caching proxies.
Personally, I see many people getting increasingly turned off of advertising alltogether. People use VCRs and Tivo-like appliances to skip commercials. Everybody hates spam, telemarketing, billboards...you name it. I'm just waiting for the day when we all say, ``enough!''
b&
Read the bill that the article links to. The bill doesn't just apply to $2000 machines, but to ``each personal computer sold.''
I've bought a number of $50 machine in my life; three of them (a couple P120s and a 486) are in critical positions in my home network, and have been for more months than I can count. Net Nanny retails for $39.95, not $2.
Why should the price for such computers double for me, an unmarried bachelor of legal age with no kids? Why should I pay for software which I personally not only would never use, but find odious (considering that it's my personal opinion that censorware is one of the worst ways to ``protect'' your children and, yes, you're welcome to have a differing opinion)?
Why should, say, Motorola, which has a very large presence in the Texas state capial, pay for censorware with every computer they buy when their corporate firewall already does such filtering? (I know this from teaching Internet classes for Motorola to Motorolans.)
But wait, there's more! ``Software provided in compliance with Subsection (a) must be compatible with any operating system that is provided by the seller to the purchaser of the personal computer at the time of purchase.'' I'm not aware of any censorware available for Linux, Solaris, BeOS, *BSD, AIX, IRIX, etc. A nice little byproduct of the bill will be to make illegal the sales of computers with those operating systems.
But wait, there's even still more! ``If an operating system is not provided by the seller of the personal computer, the software required under Subsection (a) must be compatible with at least one operating system that may be installed to operate on the computer.'' I can't even buy a Mac SE/30 without an operating system because I'll be installing NetBSD on it, unless there's censorware that'll run on MacOS 7.2
The bill has no provision for computers outside the mainstream. None whatsoever.
This is bad legislation. Frankly, Texas needs to be putting its resources into other areas (perhaps cleaning up after W's environmental mess) than keeping kids from seeing bad pictures.
b&
Below is a note I just sent to webmaster@techrepublic.com:
You might be aware that Slashdot just linked to one of your articles--if
not, have a look at http://slashdot.org/ and your server logs.
Slashdot, if you don't know, is one of the most popular news/discussion
sites for ``nerds'' and others with an interest in the tech community
and industry. It's given rise to the verb, ``to slashdot,'' which refers
to something akin to a denail of service attack when thousands upon
thousands of Slashdot readers attempt to view a page that is mentioned
on Slashdot.
If your servers can handle it, being slashdotted is a wonderful thing:
you get an astounding boost in traffic from an extremely savvy,
knowledgeable, and often influential crowd of people. If your servers
can't handle it, it can be a bit of a nightmare, of course.
While it would seem that your servers can handle the load, your site
expressly can't. Your insistence on only allowing people using the
latest browsers from Microsoft and Netscape is all but guaranteed to
royally tick off a significant portion of Slashdot readers--not to
mention, potential readers in general. Slashdot readers, in particular,
are likely to use Linux, one of the BSDs, or some other Free operating
system. I, for example, attempted to use the Konqueror browser under
FreeBSD to view your site. I had had Konqueror running continuously,
without quitting or crashing, for about a week...until I tried to view
the article despite your warning. Congratulations, yours is the first
site I've viewed (amidst some very heavy viewing) which has ever managed
to crash the latest version of Konqueror.
By designing your site in such a way, you are satisfying your own ego
(by producing what's probably an attractive site) at the expense of your
potential audience and your advertisors. Is it really worth it to use
the latest gee-whiz doohickies and, in turn, post a giant "GO AWAY! WE
DON'T WANT YOUR MONEY! YOU ARE STUPID AND PRIMITIVE!"
sign to everybody who doesn't march in lock-step with your idea of
which browser/platform is best? You might think so, but I doubt
your boss or your advertisers do.
There are two sites which you, as a Web designer, must know inside and
out before you create another page: http://www.anybrowser.org/campaign/
and http://www.w3.org/. The first has information more information about
why it's not a good idea to insult and lock out your potential
audiences; the second is the repository of the official defintion of
HTML.
Sincerely,
b&
spullara said:
Hear, hear! The iPaqs sound like they're wonderful, amazing devices. Compaq truly deserves kudos for them.
But! They fail my most important test: they won't, no way, no how, fit in my back pocket.
I had a Newton MP100. Really neat device, but it was too much of a bother to carry around. (Years) later I got a Palm III. After a week, I sent it back and got a Palm V, which I've been using for about a year, now. I use it, many times daily, because it's the exact same size as the paper calendar I used to carry and does fit, quite nicely, in my back pocket.
Is the iPaq a better platform? Very likely. But the Palm is Good Enough®, whereas I'd never actually take the iPaq with me anywhere.
Now, an iPaq in a Palm V form factor....
b&
I could be interested in a subscription for other reasons, such as keeping the site running. But if the only reason for the subscription is to get something I already have, well....
b&
I guess that's what you get for submitting something at the time that Slashdot goes on the blink for a few minutes. It would be nice to at least cancel your own posts, but....
*Sigh*
b&
That said, I offer some refutations of some of his points.
Mr. Gray claims that ad banners are the only thing that works; I challenge that assertion. The Wall Street Journal seems to be doing quite fine with their subscription model, and, last I heard, pr0n was the only non-ecommerce money-making 'Net industry. They're all subscription-based, no?
Mr. Gray dismissed all alternatives to banners out of hand. I have a challenge: run a few systems all at the same time; call it an experiment. Keep the banners (with your modifications if you're so enamoured of them), but add a tip jar and offer a subscription which eliminates all advertisements and the tip jar. See which one gets you the most money. Chances are, you'll get non-trivial funds from each.
One alternative not mentioned is the public broadcasting model. A couple times a year, have a fund drive. Saturate the site with pleas for money and threats that the service will be discontinued if enough of us don't open our wallets. You'll only get a small percentage of readers paying, but those will likely give you large figures. I bet there're at least a few dot.commies out there who'd give a kilobuck, and many who'd give twenty or thirty dollars. If there's a significant shortfall, get coporate underwriting and have Google-style non-obtrusive text links acknowledging those sponsors.
Most of the rest of Mr. Gray's points are asking us to, frankly, do his job for him. I have no interest in advertisers. I couldn't care if corporation X lives or dies as a result of a successful marketing campaign, and I'm certainly not going to help them do something I consider extremely distasteful.
What I am interested in is Slashdot. If the only way for me to give Slashdot financial support is through banner ads, then Slashdot won't get my financial support: Junkbuster has kept me from seeing a Slashdot ad for quite some time. If there was a tip jar, I'd throw some money at them from time to time. If there was a subscription and it wasn't too expensive, I'd even buy one. But I hate banner ads and will do nothing to contribute to those who belive in them. If an advertisement made it through Junkbuster and managed to crash my browser, I'd spend my time updating the Junkbuster rules or (if it got too bad) I'd leave Slashdot. I wouldn't help you debug something you were incapable of debugging yourself.
And, as for ad system karma...it looks like Mr. Gray spent waaaaay too much time trying to catch the monkey in the money tree. Why am I going to give you a critique on an ad just so I can turn other ads off for a day? Those who contribute will be those who actually want to see the ads. It's much easier to install Junkbuster than it is to critique a couple dozen ads...it just makes no sense.
In short, if you want my money, don't try to get it from banner ads. You can have my money, but not in exchange for anything related to banner ads.
b&
That said, I offer some refutations of some of his points.
Mr. Gray claims that ad banners are the only thing that works; I challenge that assertion. The Wall Street Journal seems to be doing quite fine with their subscription model, and, last I heard, pr0n was the only non-ecommerce money-making 'Net industry. They're all subscription-based, no?
Mr. Gray dismissed all alternatives to banners out of hand. I have a challenge: run a few systems all at the same time; call it an experiment. Keep the banners (with your modifications if you're so enamoured of them), but add a tip jar and offer a subscription which eliminates all advertisements and the tip jar. See which one gets you the most money. Chances are, you'll get non-trivial funds from each.
One alternative not mentioned is the public broadcasting model. A couple times a year, have a fund drive. Saturate the site with pleas for money and threats that the service will be discontinued if enough of us don't open our wallets. You'll only get a small percentage of readers paying, but those will likely give you large figures. I bet there're at least a few dot.commies out there who'd give a kilobuck, and many who'd give twenty or thirty dollars. If there's a significant shortfall, get coporate underwriting and have Google-style non-obtrusive text links acknowledging those sponsors.
Most of the rest of Mr. Gray's points are asking us to, frankly, do his job for him. I have no interest in advertisers. I couldn't care if corporation X lives or dies as a result of a successful marketing campaign, and I'm certainly not going to help them do something I consider extremely distasteful.
What I am interested in is Slashdot. If the only way for me to give Slashdot financial support is through banner ads, then Slashdot won't get my financial support: Junkbuster has kept me from seeing a Slashdot ad for quite some time. If there was a tip jar, I'd throw some money at them from time to time. If there was a subscription and it wasn't too expensive, I'd even buy one. But I hate banner ads and will do nothing to contribute to those who belive in them. If an advertisement made it through Junkbuster and managed to crash my browser, I'd spend my time updating the Junkbuster rules or (if it got too bad) I'd leave Slashdot. I wouldn't help you debug something you were incapable of debugging yourself.
And, as for ad system karma...it looks like Mr. Gray spent waaaaay too much time trying to catch the monkey in the money tree. Why am I going to give you a critique on an ad just so I can turn other ads off for a day? Those who contribute will be those who actually want to see the ads. It's much easier to install Junkbuster than it is to critique a couple dozen ads...it just makes no sense.
All I can say is...good luck.
b&
I'm sorry, but, try as I might, I just can't get a good signature out of this note. I saved it as is is, with the line breaks as they came in my browser. I saved the source. I stripped HTML from the source. I stripped all the HTML but the links.
Now, I'd probably wager, say, a cup of coffee that PRZ actually did sign this note and that it's Slashdot that mangled the signature...but, frankly, what's the point of posting a PGP-signed message--by the creator of PGP, no less--if that signature simply cannot be verified?
It would be appropriate for somebody to post the note in such a way that the signature can be verified. 'Til then, my faith is as a cup of coffee....
b&
Just out of curiousity...what's to prevent using an encrypted filesystem on one of these (yet-to-be-created) drives?
I mean, if all the drive ever sees is a stream of 3DES bits, how's it supposed to know that there's anything contraband going on to it?
Or would this make encryption an illegal DCMA-circumvention device?
I don't think we need to worry, just yet.
b&
This might be the end of the matter as far as Slashdot is concerned--this is, after all, Rob's baby--but it's far from the end for the rest of the world.
Senator Lieberman has already announced that he and Vice President Gore will challenge Secretary of State Harris's certification of the election. Governer Bush still has a case pending with the United States Supreme Court. And a number of other court cases and other forms of legal challenges remain on both sides.
The only thing that can end this mess quickly is a concession speech, and neither candidate has given any indication of any sort of willingness or intention to do so.
At this point, I'm almost hoping for Senator Strom Thurmond to be the next president--and that's not as unlikely an outcome as it might sound!
Keep your safety belts fastened, people. This ride's only just begun.
b&
Er...you have no understanding of cryptography, do you? Only an idiot would give serial passwords like you have on any system. Instead, you'd use a real random source to generate the passwords. The passwords might look like:
Adams, Doug: mbB1wW32JfDS
Adams, Dougie: Mphi7pcR0CMb
Adams, Douglas: 8aTrXKTtjia6
Those passwords have 72 bits of entropy in them. You could expect to guess the password of one of those people after about 70 billion tries. Think that'll go unnoticed? Try one a second--a reasonable latency for a 'Net-based attacker--and you'll still be trying in the year 4100.
Of course, most people have trouble with twelve-character random strings, so instead they'd use some sort of mapping to words, like AOL's famous CD keys. (Imagine one of them: "VOTE FOR SHRUB.")
b&Y'all are missing a big problem, and it's not technological or sociological: rather, it's legal and Constitutional.
The Constitution gives electoral control to the states. The states (I'm not aware of any exceptions) pass that control on to the counties, usually with restrictions.
Without a Constitutional amendemnt, there's no way we'll ever have a uniform national ballot, electronic or otherwise. And I just can't see the states giving up that much power to the federal government.
This is why some people in Florida had screwed-up punch cards; some of you pressed a button on an electronic device; and I, in Maricopa County, Arizona, drew lines on a piece of paper.
Nice dreamings, but it ain't gonna happen.
Having said that, the Arizona Democratic primary election that was held both traditionally and over the 'Net went rather well, for the most part.
If you want to see something like this for yourselves, you'll have to work for it locally.
b&
...of what you're saying? Everything that ever has been or will be done is encoded in Pi. The same holds true for e, sqrt(2), etc. There is nothing new under the sun.
This sounds rather like the Mind of God(tm). Do we now need to worship Pi? Will prayer be reduced to chanting "three point one four one five nine two six five three five eight nine..."?
b&
A lot of people are saying that, since @Home says that this information is private, we should respect that.
I'm sorry, but that's a bunch of hogwash. There is only one corporation whose concerns about privacy I must respect, and that's only because I've signed documents saying I'll do just that. With all other coroporations, I can say anything about them I darn well like.
I'm sure that Wesley signed no such NDA with @Home. Unless he himself obtained the documents illegally--and I see no reason to suspect that he broke into @Home networks or ofices; after all, why would he need tech support if he could do that--then the person who violated @Home's trade secrets (even assuming that they qualify as trade secrets) is the one guilty of something.
Remember, it's the corporation's responsibility to prevent proprietary information from leaking in the first place, not our responsibility to look the other way.
Look at it this way: If somebody's suspenders break while they're walking down the street, they could be found guilty of indecent exposure; you're not going to be found guilty of invasion of privacy if you look. Good manners dictate you look the other way...but I'll show good manners to corporations when they start behaving at least as mature as pre-teens.
b&
The Motorola StarTAC 7867 series is towards the top of the list, with a SAR level of 1.38.
The Motorola StarTAC 7860 has the least radiation level of any phone on the chart, with a SAR level of 0.24.
The 7868 is the same phone as the 7860, but has a built-in microbrowser. What gives?
Is there really that much of a difference between the two models (I've owned both, and the only differences I've seen--including reception, etc.--was with the feature set)? Or...are the tests perhaps screwed?
b&