You can use the ITA engine at http://matrix.itasoftware.com/cvg/dispatch and it is really quite good compared to most airline/agency websites. However, it won't actually sell you a ticket.
I have been amazed over the last few years that both the general public and security professionals think that email addresses and social security numbers can be made confidential, like passwords. Surely that is impossible to achieve. If spam is to be stopped, it will certainly be another way. If identity theft is to be stopped, it is certain to be another way.
I am not sure where the idea that PXE boot files are limited to 32KB comes from, but we are booting FreeBSD 8.0 with a 240KB boot file with PXE and tftp and have not had to do anything special. We also boot Linux (Fedora 11) with a 4MB initrd over tftp and that has not posed any difficulties either. Our FreeBSD experience is documented at http://www.nber.org/sys-admin/FreeBSD-diskless.html - it works quite well for us. I looked at gPXE and it doesn't really solve any problems we have had. Actually, we have had only one problem - sometimes the OS boot code doesn't support the motherboard ethernet, and we have to add a different ethernet card for post-boot LAN access.
Interestingly, we had support contracts for several SPARC machines until recently, but when the time for renewal came around SUN didn't send any notice, and we let it go. I think of this as "passive/aggressive" behavior on their part and seems typical of our experience with the administrative side of SUN, although past adventures (such as wrong addresses on shipments) have been worse. .
The patent makes no sense, because it includes no description of a mechanism for achieving the stated objective. You should be able to get a patent on a particular method of doing something, but since when can you patent all possible methods of doing something? Especially when there aren't any. We have been doing this at work for over a decade, using IP address information from whois servers. It isn't very accurate, but it works well enough for us.
I have worked with anonymized government data extensively, and birthdate and zipcode are always considered personally identifiable information. Sometimes birth year is available, and sometimes state or (rarely) county is available, but I have never even heard of a dataset with both. Datasets with month and day of birth are never considered to be anonymized, and are not released. The author of the paper is much overwrought.
There is no need to physically destroy a drive to prevent data from being read. The claims of Gutmann that it was possible to read overwritten sectors were never sustained by his sources. I investigated this years ago and reported in Can Intelligence Agencies Read Overwritten Data that he was very much overwrought. I see he has gone on to tilt at other windmills since he propagated that myth.
OK, suppose the tamper-evident seal is found to be broken at the end of the election day. What happens then? Are those votes not counted? I wouldn't expect that result. That would open a door to an intruder going to a district favoring the opponent and merely tampering with the seal. I'd expect the votes to be counted in spite of the broken seal. Is there actual experience anywhere on this point?
The next time Verion needs a favor from the sheriff they will regret their decision. They need the favors from the police a lot more often than vice versa, for example, protecting copper lines from theft.
If you work for an hour and earn $25, then give it to charity, you have no net increase in taxable income, since the additional income is offset by the additional deduction. Thus, you can work and give to charity the full value of your work, without losing any to income taxes.
If you volunteer an hour of labor directly to the charity, there is no tax paid either. Both situations - working in the market to support a charity and working directly in the charity are treated the same by the tax law.
I will stipulate that most readers of this will not understand it, but if you do, please consider graduate school in economics.
I use lots of government supplied data in my work, and one constant has always been that the more work the agency does to make the data easily available, the harder the data are to use. Spreadsheets get posted with labels and data mixed, because that looks better in print. Spreadsheets get posted as PDFs, because that looks better in print. Footnotes and other textual material is mixed into numeric fields, because that is the way the material will be published in hardcopy. etc etc etc.
Databases get posted to the web with "interfaces" that allow single rows to be downloaded, but require months of screen scraping to get the entire database. Databases get released with (windows-only, of course) software with the same effect. etc etc etc
The reason is mostly that agencies want to discourage outside analysis of the data - they would prefer to avoid inconsistent messages getting to OMB or congress.
No drive has ever been "recovered" with STM. The claims by Guttman and others that claim this is routine are simply overwrought. Data recovery firms can find overwritten files, since overwriting a file only removes the name and some links. They can't retrieve overwritten data sectors.
Does the contract in fact specify the roaming charges? When I had AT&T voice long distance service, the agreement said only that international rates were on file with the FCC in Washington. It specifically did not give any indication of what they were. Are cell phone agreements more specific? If so, can anyone here quote the exact agreement? Many of you must have agreements with AT&T.
Are we sure any of this is really true? I can imagine that MS might find itself to slow to respond, but other players could. My guess is that these are classic "work at home" scams, where the victim is the hopefull worker, who sends money for a "kit" to start work, and then never gets any work to do. The claims about size and workload are merely details meant to add verisimilitude to an otherwise implausible story.
Suppose your upload speed is 150Kbps. A single bittorrent packet is 15,000 bits, so it takes a tenth of a second. If there is a bittorrent packet in the router when the VOIP packet arrives, the VOIP packet still has to wait for the bittorrent packet to finish, which means waiting up to a tenth of a second. Even though the VOIP packet always gets priority over other waiting packets, it will often arrive when the router is otherwise engaged, and therefore likely to endure a tenth of a second delay, which is probably noticable. I suppose reducing the MTU might be a help.
Disney may be able to seize disney.tld from any original registrant, but unless Disney continues to pay the annual registration fee, they can't stop others from registering disney.tld every time disney wins such an arbitration. The whole point of new tlds is to force Disney to pay for more registrations, so the goal is fully achieved even if no phishers actually obtain misleading domains long enough to use them. From the registrar's point of view, the idea is that big companies should be paying more for domain name service, and this is the way to force it.
You have to remember that the two main parties fighting over ICANN are trademark holders and domain registrars. The trademark holders want easy, automatic and cheap enforcement of their trademark rights, and the registrars want the trademark holders to pay a substantial fee for that service. Adding lots of tlds is a fairly straightforward way for the registrars to get large numbers of small fees from trademark holders.
Here is a link to the actual law: http://www.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00001030----000-.html
In addition to "intention" there seems also to be a requirement for damage or fraud, or revealing atomic secrets. I don't think it is obvious that using a wi-fi router based on a DHCP reply is improper under the law, although the syntax of the law is complex. Walking up the front walk of a home to ring the doorbell isn't necessarily trespassing, even without permission.
For donations of self-constructed assets MS only gets to deduct the basis - in this case it would be $10. The real problem here is the imposition by the government that citizens buy a particular brand of software to use what should be generally available services. If our government stopped emailing/posting.doc files that would be greater contribution to competition than anything the Anti-trust division could do.
We already have Javascript, Flash and Java - what do AIR and Silverlight offer that is better than those? Faster? Better languages? If the improvement is that they relax the restrictions on file I/O and access to the Internet, then do they have replacement restrictions that protect the user?
It hardly seems likely that CAs do any significant checking. Years ago Verisign sold us a cert based on a faxed letter, and just last week we bought a cert based on a telephone call to a number I supplied (not our listed number), on a Sunday in about 5 minutes. I paid with a personal VISA card, so that couldn't be the basis of any checking, and as for access to an email address, there was no indication on the site of any restrictions as to the email address. In any case, email authorization is an alternative to telephone authorization. The cert (from RapidSSL.com) seems to work fine with MSIE and other browsers. I can't say I know what security procedures are in place, but if they can implement them with so little inconvenience to customers as this, they can't be very strict.
No matter how much the USPO tries to make the attorney responsible for his work, it is very difficult to do so. At the IRS tax attorneys used to have such responsibilities, but in recent years they have devolved in practice to "zealous advocates" and no constraints are placed on their behavior. This isn't any change in the law, just a feeling among judges that zealous advocacy is an attorney's right, and the clients right, and that restrictions are morally wrong. There is also the example of the NRC, the FCC and many other agencies. In the end, the restrictions are undone regardless of the regulations.
There isn't really any motivation for the applicant to want fast action on a patent. The patent duration runs from the grant date, so that it is usually in the applicants interest to delay the issuance. There are a lot of rules to try to prevent that, to little effect. In some cases rivals may start selling infringing product before a patent is granted, but that isn't the usual case.
From the applicants point of view, this new procedure is valuable if there is prior art, and the applicant is afraid the examiner might locate it. Of course the applicant has to swear not to be aware of the prior art, but that is a subjective matter, and unlikely to be enforced rigorously. If the applicant is worried, he can have the patent attorney do the search, and not communicate specifics of the findings, only the recommendation.
I think you were probably expected to invoke the server via inetd and could read commands from the standard input and send pages to standard out. That "handles" threading for you also.
Pay per transaction is difficult when the sales cycle isn't instant. Suppose a customer clicks on an ad and doesn't buy for days or weeks, or doesn't buy online. How will the advertiser (much less Google) determine if a commission is owed? Even if the sales cycle is instant, Google doesn't want to audit the advertiser to get paid.
Slashdot Mirror
You can use the ITA engine at http://matrix.itasoftware.com/cvg/dispatch and it is really quite good compared to most airline/agency websites. However, it won't actually sell you a ticket.
I have been amazed over the last few years that both the general public and security professionals think that email addresses and social security numbers can be made confidential, like passwords. Surely that is impossible to achieve. If spam is to be stopped, it will certainly be another way. If identity theft is to be stopped, it is certain to be another way.
I am not sure where the idea that PXE boot files are limited to 32KB comes from, but we are booting FreeBSD 8.0 with a 240KB boot file with PXE and tftp and have not had to do anything special. We also boot Linux (Fedora 11) with a 4MB initrd over tftp and that has not posed any difficulties either. Our FreeBSD experience is documented at http://www.nber.org/sys-admin/FreeBSD-diskless.html - it works quite well for us. I looked at gPXE and it doesn't really solve any problems we have had. Actually, we have had only one problem - sometimes the OS boot code doesn't support the motherboard ethernet, and we have to add a different ethernet card for post-boot LAN access.
Yes, in fact there is no evidence that any password has ever been brute-forced, except in a demonstration. (Dictionary attack is not brute-force).
Interestingly, we had support contracts for several SPARC machines until recently, but when the time
for renewal came around SUN didn't send any notice, and we let it go. I think of this as
"passive/aggressive" behavior on their part and seems typical of our experience with the administrative
side of SUN, although past adventures (such as wrong addresses on shipments) have been worse. .
The patent makes no sense, because it includes no description of a mechanism for achieving the stated objective. You should be able to get a patent on a particular method of doing something, but since when can you patent all possible methods of doing something? Especially when there aren't any. We have been doing this at work for over a decade, using IP address information from whois servers. It isn't very accurate, but it works well enough for us.
Daniel Feenberg
I have worked with anonymized government data extensively, and birthdate and zipcode are always considered personally identifiable information. Sometimes birth year is available, and sometimes state or (rarely) county is available, but I have never even heard of a dataset with both. Datasets with month and day of birth are never considered to be anonymized, and are not released. The author of the paper is much overwrought.
There is no need to physically destroy a drive to prevent data from being read. The claims of Gutmann that it was possible to read overwritten sectors were never sustained by his sources. I investigated this years ago and reported in Can Intelligence Agencies Read Overwritten Data that he was very much overwrought. I see he has gone on to tilt at other windmills since he propagated that myth.
OK, suppose the tamper-evident seal is found to be broken at the end of the election day. What happens then? Are those votes not counted? I wouldn't expect that result. That would open a door to an intruder going to a district favoring the opponent and merely tampering with the seal. I'd expect the votes to be counted in spite of the broken seal. Is there actual experience anywhere on this point?
The next time Verion needs a favor from the sheriff they will regret their decision. They need the favors from the police a lot more often than vice versa, for example, protecting copper lines from theft.
If you work for an hour and earn $25, then give it to charity, you have no net increase in taxable income, since the additional income is offset by the additional deduction. Thus, you can work and give to charity the full value of your work, without losing any to income taxes.
If you volunteer an hour of labor directly to the charity, there is no tax paid either. Both situations - working in the market to support a charity and working directly in the charity are treated the same by the tax law.
I will stipulate that most readers of this will not understand it, but if you do, please consider graduate school in economics.
I use lots of government supplied data in my work, and one constant has always been that the more work the agency does to make the data easily available, the harder the data are to use. Spreadsheets get posted with labels and data mixed, because that looks better in print. Spreadsheets get posted as PDFs, because that looks better in print. Footnotes and other textual material is mixed into numeric fields, because that is the way the material will be published in hardcopy. etc etc etc.
Databases get posted to the web with "interfaces" that allow single rows to be downloaded, but require months of screen scraping to get the entire database. Databases get released with (windows-only, of course) software with the same effect. etc etc etc
The reason is mostly that agencies want to discourage outside analysis of the data - they would prefer to avoid inconsistent messages getting to OMB or congress.
No drive has ever been "recovered" with STM. The claims by Guttman and others that claim this is routine are simply overwrought. Data recovery firms can find overwritten files, since overwriting a file only removes the name and some links. They can't retrieve overwritten data sectors.
I have posted some background at nber.org
Does the contract in fact specify the roaming charges? When I had AT&T voice long distance service, the agreement said only that international rates were on file with the FCC in Washington. It specifically did not give any indication of what they were. Are cell phone agreements more specific? If so, can anyone here quote the exact agreement? Many of you must have agreements with AT&T.
Are we sure any of this is really true? I can imagine that MS might find itself to slow to respond, but other players could. My guess is that these are classic "work at home" scams, where the victim is the hopefull worker, who sends money for a "kit" to start work, and then never gets any work to do. The claims about size and workload are merely details meant to add verisimilitude to an otherwise implausible story.
Suppose your upload speed is 150Kbps. A single bittorrent packet is 15,000 bits, so it takes a tenth of a second. If there is a bittorrent packet in the router when the VOIP packet arrives, the VOIP packet still has to wait for the bittorrent packet to finish, which means waiting up to a tenth of a second. Even though the VOIP packet always gets priority over other waiting packets, it will often arrive when the router is otherwise engaged, and therefore likely to endure a tenth of a second delay, which is probably noticable. I suppose reducing the MTU might be a help.
Disney may be able to seize disney.tld from any original registrant, but unless Disney continues to pay the annual registration fee, they can't stop others from registering disney.tld every time disney wins such an arbitration. The whole point of new tlds is to force Disney to pay for more registrations, so the goal is fully achieved even if no phishers actually obtain misleading domains long enough to use them. From the registrar's point of view, the idea is that big companies should be paying more for domain name service, and this is the way to force it.
You have to remember that the two main parties fighting over ICANN are trademark holders and domain registrars. The trademark holders want easy, automatic and cheap enforcement of their trademark rights, and the registrars want the trademark holders to pay a substantial fee for that service. Adding lots of tlds is a fairly straightforward way for the registrars to get large numbers of small fees from trademark holders.
Here is a link to the actual law:
http://www.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00001030----000-.html
In addition to "intention" there seems also to be a requirement for damage or fraud, or revealing atomic secrets. I don't think it is obvious that using a wi-fi router based on a DHCP reply is improper under the law, although the syntax of the law is complex. Walking up the front walk of a home to ring the doorbell isn't necessarily trespassing, even without permission.
For donations of self-constructed assets MS only gets to deduct the basis - in this case it would be $10. The real problem here is the imposition by the government that citizens buy a particular brand of software to use what should be generally available services. If our government stopped emailing/posting .doc files that would be greater contribution to competition than anything the Anti-trust division could do.
We already have Javascript, Flash and Java - what do AIR and Silverlight offer that is better than those? Faster? Better languages? If the improvement is that they relax the restrictions on file I/O and access to the Internet, then do they have replacement restrictions that protect the user?
It hardly seems likely that CAs do any significant checking. Years ago Verisign sold us a cert based on a faxed letter, and just last week we bought a cert based on a telephone call to a number I supplied (not our listed number), on a Sunday in about 5 minutes. I paid with a personal VISA card, so that couldn't be the basis of any checking, and as for access to an email address, there was no indication on the site of any restrictions as to the email address. In any case, email authorization is an alternative to telephone authorization. The cert (from RapidSSL.com) seems to work fine with MSIE and other browsers. I can't say I know what security procedures are in place, but if they can implement them with so little inconvenience to customers as this, they can't be very strict.
No matter how much the USPO tries to make the attorney responsible for his work, it is very difficult to do so. At the IRS tax attorneys used to have such responsibilities, but in recent years they have devolved in practice to "zealous advocates" and no constraints are placed on their behavior. This isn't any change in the law, just a feeling among judges that zealous advocacy is an attorney's right, and the clients right, and that restrictions are morally wrong. There is also the example of the NRC, the FCC and many other agencies. In the end, the restrictions are undone regardless of the regulations.
There isn't really any motivation for the applicant to want fast action on a patent. The patent duration runs from the grant date, so that it is usually in the applicants interest to delay the issuance. There are a lot of rules to try to prevent that, to little effect. In some cases rivals may start selling infringing product before a patent is granted, but that isn't the usual case.
From the applicants point of view, this new procedure is valuable if there is prior art, and the applicant is afraid the examiner might locate it. Of course the applicant has to swear not to be aware of the prior art, but that is a subjective matter, and unlikely to be enforced rigorously. If the applicant is worried, he can have the patent attorney do the search, and not communicate specifics of the findings, only the recommendation.
I think you were probably expected to invoke the server via inetd and could read commands from the standard input and send pages to standard out. That "handles" threading for you also.
Daniel Feenberg
Pay per transaction is difficult when the sales cycle isn't instant. Suppose a customer clicks on an ad and doesn't buy for days or weeks, or doesn't buy online. How will the advertiser (much less Google) determine if a commission is owed? Even if the sales cycle is instant, Google doesn't want to audit the advertiser to get paid.
Daniel Feenberg