The public has the right to know about these security flaws, just as much as we have the right to know if the tires we buy pass safety standards.
HP trying to cover this up just proves its a problem. HP is using the DMCA to prevent people from discussing valid flaws in their OS'.
People have the right to know if the car they're driving -- or are going to buy -- is unsafe. Why? Because their lives depend on it, literally. For the same reason, people have the right to know if the OS they're using is secure. Why? Because their lives depend on it, or at least their carreers. Data important to one's carreer (i.e., scientific experimental data) is stored on one's computer. Private information -- i.e., credit card information -- is stored on a computer. Security holes can literally destroy one's life.
We have the right to know exactly what problems their are in our software.
Doesn't the RIAA have anything better to do
on
RIAA Smacked by DoS
·
· Score: 2
"Don't they have something better to do during the summer than hack our site?" asked the RIAA representative, who asked not to be identified. "Perhaps it at least took minutes away from stealing music."
The question is, doesn't the RIAA have anything better to do than disrupting our P2P networks?
This obviously proves the RIAA is a bunch of hypocritical idiots. They want to be able to DoS someone else, but they don't want anyone else to DoS them. Gee, go figure. Sorta like the kid who wants to hit other kids but doesn't want them to hit him back.
I think that CmdTaco should put a script in slashdot that directs all willing users to the RIAA & MPAA's web-pages (though doesn't display the web pages) when they visit slashdot. This way, every evening when millions of tech-savy people check out slashdot, the RIAA/MPAA will get/.ed.
Duh, they all support MP3. But few yet support MP3Pro. Even if they did support MP3Pro, that's also of limited use as we only have access to 64kbps compression w/ MP3Pro -- which sucks.
NONE support OGG that I can think of. OGG is the best format I've come accross -- and I'm speaking from listening experience here.
As for WMA8 -- so what? WMA8 sucks anyways. I'll be the first one to tell you I gave it a try, but after trying it out, I realize that for the most part its crap: like everything else produced by M$.
To thsoe of us who just want to listen to music on a PC, the newest greatest best algorithms are always good (mp3pro, oggs, wma8). But for many, the goal is to put that music on a MP3Player and listen to it anywhere. I'll summarize the support of these various codecs by MP3Players, as well as mention whether or not my MP3Player (RioVolt SP100) supports them.
MP3PRO -- little support on MP3Players. Not supported by RioVolt SP100.
Oggs -- little/no support on MP3players. Not supported by RioVolt SP100.
WMA8 -- little support on MP3players, though many support older WMA's. Not supported by RioVolt.
So, in summary, all of these new formats are completely useless to me on my MP3Player. The one option they present is if I want to encode something in two formats -- one for my computer, and another for the MP3Player.
Personally, I think more work should go into fractal endcoding, as most music has fractal patterns in it (especially Bach's music).
ICANN has -- as we all know -- hindered Mr. Aeurbach and others representing the public interest since elected. Now, they're finally forced to give him access to all documents -- though he should also be given an unequivicol right to copy them and make them publicly available.
It would be in character if ICANN went through before Friday and labelled all of their documents "confidential". These guys are crooks just like the people at Enron and Global Crossings.
ICANN obviously realized what a mistake they made in "allowing public elections", as critics were elected. They're revoking elections so they can retain their totalitarian control. Fucking nazi's.
Auerbach should have a permanent seat. No one on ICANN has done a better job than him. All the rest of them -- aside from that European elected fellow, allied with Auerbach -- are crooks.
Come on...controlling the weather? Bull-fucking-shit. We can't even predict the weather with the world's best supercomputers. What makes anyone think we could actually control it.
This is just propaganda by the pseudo-communist Chinese government.
Control the weather my ass. Anyone dumb enough to believe that needs to be put away.
ICANN should not be deciding who controls.ORG. They are greedy corporate fucks who just want to make as much money as possible and benefit their corporate buddies. Does anyone really think that there's a chance in hell that ICANN will "award".ORG to a non-profit organization? No. Its going to go to the corporate interests which can benefit ICANN the most.
What SHOULD happen is that all the current owners of a.org should vote on what organization they want to run the.ORG domains. This way, we have a better chance that whatever organization that controls it will serve the interests of the public, not some corporations interests.
Come on, people. This guy is making extra-ordinary claims and has no proof -- nor confirmation -- to back it up with.
His experiment was simple, yet his results are not reproducible. A sure sign that he's a bullshitter. What amazes me is that Boeing actually takes this crap seriously -- sort of like how the FBI turns to "psychics" to solve crimes. Idiots.
Extraordinary claims require extraordinary proof. This guy has none.
Do you really think that the avg. Palistinian terrorists -- who probably has a below average IQ -- is browing through the latest issue of Virulogoy to find lethal information?
Come on. That's nuts.
We should not allow scientists to with-hold data. The whole point of publishing is that the work be reproducible, verifiable.
I'm sorry, but if you publish something that is missing key details necessary for reproducibility -- due to national security or not -- that is crap. Its worthless. No one knows how you did it or how to get a similar result, so it can't be verified. Might as well not be published at all.
I have another suggestion for these journals. If some prissy scientist wants to "with-hold key information due to national security" then don't put them in your journal. Its a waste of space which could be devoted to reproducible work.
And remember the definition of security. Security means that even if you know exactly how something works, you can't penetrate it. If you know how it works and you can penetrate it, that means there is a weakness. For example, Zimmerman knows exactly how PGP works; but he cannot break it.
Once again, we have the RIAA/MPAA asking for special treatment. Wah.
Once again, we have idiots trying to treat cyberspace differently from real space when the situations are identical and can be treated the same way.
Basically, what the RIAA/MPAA wants is to be able to break into people's computers, and mess up their computers, because they think that those people have infringed upon their IP.
In the real world, if I *think* -- or even *know* -- that someone has stolen say my MP3-player and put it in their house, that does not give me the right to tresspass on their property, break into their house, rummage around looking for my player, and mess up their house.
In short, you have to go through LEGAL channels. That means the courts.
This measure is particularly troublesome because it further empowers the rich and powerful (RIAA/MPAA) against the impoverished and disenfranchized (us). Its little different than the mafia.
They're claims are worthless, due to the fact that: (1) they had nothing what-so-ever to do with JPEG; (2) There is prior art.
Aside from that, litigation takes a while. In 2004, these patents expire. Odds are, there's no way in hell they are going to be able to go after a significant number of entities in this 2-year period and win cases. Cases alone can take 2-years.
This is just a desperate money-grabbing attempt. Besides, what court is going to grant them a patent on JPEG? That'd mean that the entire US government -- including the judicial branch -- would have been infringing on this JPEG patents and would owe billions of dollars to this shitless company.
Its probably wisest set to have the features completely modularized. That way, you can include alot of features as optional -- not necessarily installed via standard install -- but not necessarily make your program bloated.
1. The country in which the material was physically produced. Itally.
2. The country in which the author resides. Itally.
3. The country in which the material was published. United States.
Note that 1 and 2 do not necessarily have to be the same, and may be complicated.
In order for a country to have complete jurisdiction, al three categories should take place within that country: the author should be there, it should be produced there, and it should be published there.
In cases where the material is produced in one country and published in another, the country where the material was published should have jurisdiction to regulate or not regulate that material: in the case of a web-site, to take it down or not, or to censor it or not. No other country than that of publication should have this power.
That's the easy question. The hard one is which country should have jurisdiction over the author -- i.e., punishing him or not, according to laws? It certainly should not necessarily be the country of publication. The question is, should it be the country where the author resides or the country where the material was produced. They can be different. I can, for example, log into a server in Taiwan and type up a document there. In that case, the author resides in the US, but the material was produced in Taiwan.
Though this seems like a difficult question, its actually very easy if you liken it to real-world scenaries. If I -- a US citizen -- leave the United States and go to another country (for vacation) which has different laws regulating, say, murder, I am accountable only to those laws, not US laws. The laws of one nation should stay within that nations borders; they should not follow that nations citizens around the world where-ever they may go. This would require that vacationing citizens would have to consider two different sets of laws to obey -- an unreasonable request. It may even require that citizens obey two contradictory laws -- an impossible request.
Thus, the nation where the material was produced should have governing authority over the person who produced it, *provided* that person is in that nation at the time. I.e., this does not mean that the US can prosecute someone in Taiwan because he logged into a US system from remote to produce some material. However, it does mean that Taiwan cannot prosecute that person. It also means that should the person come to the US, he can be prosecuted in the US because he produced the offending material in the US, remotely from Taiwan.
Lets apply this to the Dmitry Skylarov case. This means that the US has the jurisdiction to regulate that content within the US, but not the jurisdiction to prosecute anyone who wrote that content, as the content was produced in Russia.
All this moralizing stuff is BS. Intellectual property is not a basic right like the rights laid out in the 10 amendments.
The simple fact is that everyone looks out for their own interests. The RIAA/MPAA tries to look out for their interests by being nazi's about file-sharing -- though they're certainly harming themselves (you don't make more money by pissing off customers). Similarly, so are file-sharers looking out for their own interests.
Excuse me if I don't feel sorry for multi-million dollar swindlers in the music industry, who are on par with Gary Wennig and Whaley of Global Crossings & Enron, respectively.
You've obviously been brainwashed by the RIAA/MPAA, or are affiliated with them.
Try thinking for yourself, for a change.
FACT: people download thousands of songs. FACT: even before Napster, no one bought thousands of songs. Thus, people may be downloading many songs, but they woudldn't have bought most of them anyways; its only a loss to the music industry if people download something they would have otherwise bought.
People's buying habits tend to stay the same, or become invigored. They rarely buy CD's b/c most stuff is crap -- i.e., one hit song, 10 filler songs. If anything, file sharing has been good for the music industry because its generated alot more interest in music.
It should be noted that every time the US has tried to regulate essentially free code -- DeCSS or encryption, for example -- it has failed miserably. Despite the US Courts stomping their feet and pouting constantly, DeCSS hasn't been stopped from being distributed. There are many countries with good internet servers which are not influenced by archane US laws. Also, note, that your technique completely fails when people post anonymously from public terminals.
Furthermore, any attempt to ban OSS / FS would surely be ruled unconstitutional; as would the government's bans on encryption had they gotten to the supreme court. The DMCA will also be ruled unconstitutional if a case gets to the supreme court.
I find it difficult to believe that anything can kill OSS / FS. This is b/c there is no fixed target in regulating OSS / FS software. Lets say you make a regulation on software -- i.e., all cryptology must have government backdoors. How do you enforce this against OSS / FS software? Who do you target? Who's to be punished if its not made so? As its not a business, financial means are not viable. Maybe you could target the developers in charge of the products themselves, but they could simply start posting updates anonymously from public terminals, or move off-shore, to a place where your government has no influence. Alternatively, they could include government backdoors, but provide clear instructions on which source code to remove to get rid of them, or provide a program to get rid of it. I do not see how you can effectively regulate/prevent OSS / FS from having whatever the developers and users want in it.
As for the internet, no one ever said everything was free. Certainly, bandwidth costs money. But the price for putting information on the net and having it broadly distributed is much cheaper than that via traditional means, and likely to go down in the future.
True, producing information -- or formatting already known information -- has a cost, in time, money, etc. However, there is a nice reciprocity feature of the internet, in that any one contributor to the internet invariably gets much much more back from the net than (s)he puts into it. I am posting this one post -- contributing my information, my logic -- to slashdot. However, I get much much more back than I could possibly give.
So the question is, why doesn't Linux & Apache have such features for passwords, and for data-input? Also, why not have a feature which only allows passwords to be entered as input from the keyboard, and not some program?
I'm not an expert security programmer, but I think I have an ideo on how to handle the data overflow bug in Apache and other systems.
Limit the amount of data that can be inputted from any particular source, depending on how fast the system can handle the requests. Has your system ever slowed down so much that you type something and it appears...five seconds later? Same idea. Why should the system allow gigabytes of data to be inputted when the given system can only handle -- say -- 100 MB at a time? It shouldn't. This is exactly what causes the problem -- the system gets information/data at a rate faster than it can handle it. So basically, my idea amounts to this: don't bite off more than you can chew.
A similar concept might work well to protect against password-cracker programs. Why allow user/password entries as fast as the sytem can handle it? Why not set a limit so that the program only accepts one attempt every 10 seconds, and then after 3 such times closes?
Another suggestion, on Palladium and like technologies/ideas. Basically, the criticism is that it will kill OSS / FS, either because they won't get the seal of approval from MS or because even if they do, or that will be impossible (how do you give such to source code), or that even if its given it will be broken if the user excercises his OSS / FS rights and changes the code. The solution to this problem is for whoever to create a digital approval system such that the user decides which things he approves of. For every chip sold, they will have the "universal" approval stamp on them, and one which is specific to that user: namely, that means that every piece of hardware made would have one common approval stamp (which would be delegated out by some organization) and one private unique one, which the user would control and give the "stamp" to the programs of his choice. Comments?
They're Pinky and the Brain Pinky and the Brain: One is a genuis, The other's insane; They'll overthrow the earth, They'll rule with all their worth; They're Pinky, They're Pinky and the Brain Brain Brain Brain Brain Dun dun.
LOL. Ok, but seriously, this is interesting. More interesting than seeing if mice can play chess or learn to read, is if this same technique can be applied on humans pre-birth, and if genetic engineering via virus-vectors could be used to apply it to the already-living (not just the unborn).
Slashdot Mirror
For a funny, but true (except for the optimisitc predictions) anti-ICANN movies, see The Official ICANN Movie.
The public has the right to know about these security flaws, just as much as we have the right to know if the tires we buy pass safety standards.
HP trying to cover this up just proves its a problem. HP is using the DMCA to prevent people from discussing valid flaws in their OS'.
People have the right to know if the car they're driving -- or are going to buy -- is unsafe. Why? Because their lives depend on it, literally. For the same reason, people have the right to know if the OS they're using is secure. Why? Because their lives depend on it, or at least their carreers. Data important to one's carreer (i.e., scientific experimental data) is stored on one's computer. Private information -- i.e., credit card information -- is stored on a computer. Security holes can literally destroy one's life.
We have the right to know exactly what problems their are in our software.
"Don't they have something better to do during the summer than hack our site?" asked the RIAA representative, who asked not to be identified. "Perhaps it at least took minutes away from stealing music."
/.ed.
The question is, doesn't the RIAA have anything better to do than disrupting our P2P networks?
This obviously proves the RIAA is a bunch of hypocritical idiots. They want to be able to DoS someone else, but they don't want anyone else to DoS them. Gee, go figure. Sorta like the kid who wants to hit other kids but doesn't want them to hit him back.
I think that CmdTaco should put a script in slashdot that directs all willing users to the RIAA & MPAA's web-pages (though doesn't display the web pages) when they visit slashdot. This way, every evening when millions of tech-savy people check out slashdot, the RIAA/MPAA will get
Duh, they all support MP3. But few yet support MP3Pro. Even if they did support MP3Pro, that's also of limited use as we only have access to 64kbps compression w/ MP3Pro -- which sucks.
NONE support OGG that I can think of. OGG is the best format I've come accross -- and I'm speaking from listening experience here.
As for WMA8 -- so what? WMA8 sucks anyways. I'll be the first one to tell you I gave it a try, but after trying it out, I realize that for the most part its crap: like everything else produced by M$.
To thsoe of us who just want to listen to music on a PC, the newest greatest best algorithms are always good (mp3pro, oggs, wma8). But for many, the goal is to put that music on a MP3Player and listen to it anywhere. I'll summarize the support of these various codecs by MP3Players, as well as mention whether or not my MP3Player (RioVolt SP100) supports them.
MP3PRO -- little support on MP3Players. Not supported by RioVolt SP100.
Oggs -- little/no support on MP3players. Not supported by RioVolt SP100.
WMA8 -- little support on MP3players, though many support older WMA's. Not supported by RioVolt.
So, in summary, all of these new formats are completely useless to me on my MP3Player. The one option they present is if I want to encode something in two formats -- one for my computer, and another for the MP3Player.
Personally, I think more work should go into fractal endcoding, as most music has fractal patterns in it (especially Bach's music).
ICANN has -- as we all know -- hindered Mr. Aeurbach and others representing the public interest since elected. Now, they're finally forced to give him access to all documents -- though he should also be given an unequivicol right to copy them and make them publicly available.
It would be in character if ICANN went through before Friday and labelled all of their documents "confidential". These guys are crooks just like the people at Enron and Global Crossings.
ICANN obviously realized what a mistake they made in "allowing public elections", as critics were elected. They're revoking elections so they can retain their totalitarian control. Fucking nazi's.
Auerbach should have a permanent seat. No one on ICANN has done a better job than him. All the rest of them -- aside from that European elected fellow, allied with Auerbach -- are crooks.
Come on...controlling the weather? Bull-fucking-shit. We can't even predict the weather with the world's best supercomputers. What makes anyone think we could actually control it.
This is just propaganda by the pseudo-communist Chinese government.
Control the weather my ass. Anyone dumb enough to believe that needs to be put away.
ICANN should not be deciding who controls .ORG. They are greedy corporate fucks who just want to make as much money as possible and benefit their corporate buddies. Does anyone really think that there's a chance in hell that ICANN will "award" .ORG to a non-profit organization? No. Its going to go to the corporate interests which can benefit ICANN the most.
.org should vote on what organization they want to run the .ORG domains. This way, we have a better chance that whatever organization that controls it will serve the interests of the public, not some corporations interests.
What SHOULD happen is that all the current owners of a
Come on, people. This guy is making extra-ordinary claims and has no proof -- nor confirmation -- to back it up with.
His experiment was simple, yet his results are not reproducible. A sure sign that he's a bullshitter. What amazes me is that Boeing actually takes this crap seriously -- sort of like how the FBI turns to "psychics" to solve crimes. Idiots.
Extraordinary claims require extraordinary proof. This guy has none.
This is the dumbest thing I've heard.
Do you really think that the avg. Palistinian terrorists -- who probably has a below average IQ -- is browing through the latest issue of Virulogoy to find lethal information?
Come on. That's nuts.
We should not allow scientists to with-hold data. The whole point of publishing is that the work be reproducible, verifiable.
I'm sorry, but if you publish something that is missing key details necessary for reproducibility -- due to national security or not -- that is crap. Its worthless. No one knows how you did it or how to get a similar result, so it can't be verified. Might as well not be published at all.
I have another suggestion for these journals. If some prissy scientist wants to "with-hold key information due to national security" then don't put them in your journal. Its a waste of space which could be devoted to reproducible work.
And remember the definition of security. Security means that even if you know exactly how something works, you can't penetrate it. If you know how it works and you can penetrate it, that means there is a weakness. For example, Zimmerman knows exactly how PGP works; but he cannot break it.
How can you possibly expect any company to openly endorse a law-breaking event?"
Gee, because its already happened and is happening. Companies that openly endorse breaking the law:
Microsoft (monopoly, unfair competition)
Nike (child-labor in 3rd world countries)
Enron (corporate fraud, embezzlement, cooked books, insider trading)
Global Crossings (corporate fraud, embezzlement, cooked books, insider trading)
Martha Stewart's company (corporate fraud, embezzlement, cooked books, insider trading)
I can go on.
Once again, we have the RIAA/MPAA asking for special treatment. Wah.
Once again, we have idiots trying to treat cyberspace differently from real space when the situations are identical and can be treated the same way.
Basically, what the RIAA/MPAA wants is to be able to break into people's computers, and mess up their computers, because they think that those people have infringed upon their IP.
In the real world, if I *think* -- or even *know* -- that someone has stolen say my MP3-player and put it in their house, that does not give me the right to tresspass on their property, break into their house, rummage around looking for my player, and mess up their house.
In short, you have to go through LEGAL channels. That means the courts.
This measure is particularly troublesome because it further empowers the rich and powerful (RIAA/MPAA) against the impoverished and disenfranchized (us). Its little different than the mafia.
Just fuck em.
They're claims are worthless, due to the fact that: (1) they had nothing what-so-ever to do with JPEG; (2) There is prior art.
Aside from that, litigation takes a while. In 2004, these patents expire. Odds are, there's no way in hell they are going to be able to go after a significant number of entities in this 2-year period and win cases. Cases alone can take 2-years.
This is just a desperate money-grabbing attempt. Besides, what court is going to grant them a patent on JPEG? That'd mean that the entire US government -- including the judicial branch -- would have been infringing on this JPEG patents and would owe billions of dollars to this shitless company.
Sure, they can cooperate with eachother to screw us all over -- but that's only local cooperation, and overall is defection.
But if they're the only players, and they can't team up and screw anyone over, do you seriously think they could cooperate with eachother?
Try doing the same study with lawyers, executives, and politicians. Lets see, put
Bill Gates
Steve Jobs
Hillary Rosen
Jack Valentini
Fritz Hollings
Whaley (from Enron)
Johny Cochraine
Gary Wennig (from Global Crossings)
in a room together. See if they all manage to cooperate.
Its probably wisest set to have the features completely modularized. That way, you can include alot of features as optional -- not necessarily installed via standard install -- but not necessarily make your program bloated.
This is, obviously, a jurisdictional question.
There are three factors at work here:
1. The country in which the material was physically produced. Itally.
2. The country in which the author resides. Itally.
3. The country in which the material was published. United States.
Note that 1 and 2 do not necessarily have to be the same, and may be complicated.
In order for a country to have complete jurisdiction, al three categories should take place within that country: the author should be there, it should be produced there, and it should be published there.
In cases where the material is produced in one country and published in another, the country where the material was published should have jurisdiction to regulate or not regulate that material: in the case of a web-site, to take it down or not, or to censor it or not. No other country than that of publication should have this power.
That's the easy question. The hard one is which country should have jurisdiction over the author -- i.e., punishing him or not, according to laws? It certainly should not necessarily be the country of publication. The question is, should it be the country where the author resides or the country where the material was produced. They can be different. I can, for example, log into a server in Taiwan and type up a document there. In that case, the author resides in the US, but the material was produced in Taiwan.
Though this seems like a difficult question, its actually very easy if you liken it to real-world scenaries. If I -- a US citizen -- leave the United States and go to another country (for vacation) which has different laws regulating, say, murder, I am accountable only to those laws, not US laws. The laws of one nation should stay within that nations borders; they should not follow that nations citizens around the world where-ever they may go. This would require that vacationing citizens would have to consider two different sets of laws to obey -- an unreasonable request. It may even require that citizens obey two contradictory laws -- an impossible request.
Thus, the nation where the material was produced should have governing authority over the person who produced it, *provided* that person is in that nation at the time. I.e., this does not mean that the US can prosecute someone in Taiwan because he logged into a US system from remote to produce some material. However, it does mean that Taiwan cannot prosecute that person. It also means that should the person come to the US, he can be prosecuted in the US because he produced the offending material in the US, remotely from Taiwan.
Lets apply this to the Dmitry Skylarov case. This means that the US has the jurisdiction to regulate that content within the US, but not the jurisdiction to prosecute anyone who wrote that content, as the content was produced in Russia.
All this moralizing stuff is BS. Intellectual property is not a basic right like the rights laid out in the 10 amendments.
The simple fact is that everyone looks out for their own interests. The RIAA/MPAA tries to look out for their interests by being nazi's about file-sharing -- though they're certainly harming themselves (you don't make more money by pissing off customers). Similarly, so are file-sharers looking out for their own interests.
Excuse me if I don't feel sorry for multi-million dollar swindlers in the music industry, who are on par with Gary Wennig and Whaley of Global Crossings & Enron, respectively.
You've obviously been brainwashed by the RIAA/MPAA, or are affiliated with them.
Try thinking for yourself, for a change.
FACT: people download thousands of songs. FACT: even before Napster, no one bought thousands of songs. Thus, people may be downloading many songs, but they woudldn't have bought most of them anyways; its only a loss to the music industry if people download something they would have otherwise bought.
People's buying habits tend to stay the same, or become invigored. They rarely buy CD's b/c most stuff is crap -- i.e., one hit song, 10 filler songs. If anything, file sharing has been good for the music industry because its generated alot more interest in music.
Music is better off today than its ever been.
It should be noted that every time the US has tried to regulate essentially free code -- DeCSS or encryption, for example -- it has failed miserably. Despite the US Courts stomping their feet and pouting constantly, DeCSS hasn't been stopped from being distributed. There are many countries with good internet servers which are not influenced by archane US laws. Also, note, that your technique completely fails when people post anonymously from public terminals.
Furthermore, any attempt to ban OSS / FS would surely be ruled unconstitutional; as would the government's bans on encryption had they gotten to the supreme court. The DMCA will also be ruled unconstitutional if a case gets to the supreme court.
I find it difficult to believe that anything can kill OSS / FS. This is b/c there is no fixed target in regulating OSS / FS software. Lets say you make a regulation on software -- i.e., all cryptology must have government backdoors. How do you enforce this against OSS / FS software? Who do you target? Who's to be punished if its not made so? As its not a business, financial means are not viable. Maybe you could target the developers in charge of the products themselves, but they could simply start posting updates anonymously from public terminals, or move off-shore, to a place where your government has no influence. Alternatively, they could include government backdoors, but provide clear instructions on which source code to remove to get rid of them, or provide a program to get rid of it. I do not see how you can effectively regulate/prevent OSS / FS from having whatever the developers and users want in it.
As for the internet, no one ever said everything was free. Certainly, bandwidth costs money. But the price for putting information on the net and having it broadly distributed is much cheaper than that via traditional means, and likely to go down in the future.
True, producing information -- or formatting already known information -- has a cost, in time, money, etc. However, there is a nice reciprocity feature of the internet, in that any one contributor to the internet invariably gets much much more back from the net than (s)he puts into it. I am posting this one post -- contributing my information, my logic -- to slashdot. However, I get much much more back than I could possibly give.
So the question is, why doesn't Linux & Apache have such features for passwords, and for data-input? Also, why not have a feature which only allows passwords to be entered as input from the keyboard, and not some program?
I'm not an expert security programmer, but I think I have an ideo on how to handle the data overflow bug in Apache and other systems.
Limit the amount of data that can be inputted from any particular source, depending on how fast the system can handle the requests. Has your system ever slowed down so much that you type something and it appears...five seconds later? Same idea. Why should the system allow gigabytes of data to be inputted when the given system can only handle -- say -- 100 MB at a time? It shouldn't. This is exactly what causes the problem -- the system gets information/data at a rate faster than it can handle it. So basically, my idea amounts to this: don't bite off more than you can chew.
A similar concept might work well to protect against password-cracker programs. Why allow user/password entries as fast as the sytem can handle it? Why not set a limit so that the program only accepts one attempt every 10 seconds, and then after 3 such times closes?
Another suggestion, on Palladium and like technologies/ideas. Basically, the criticism is that it will kill OSS / FS, either because they won't get the seal of approval from MS or because even if they do, or that will be impossible (how do you give such to source code), or that even if its given it will be broken if the user excercises his OSS / FS rights and changes the code. The solution to this problem is for whoever to create a digital approval system such that the user decides which things he approves of. For every chip sold, they will have the "universal" approval stamp on them, and one which is specific to that user: namely, that means that every piece of hardware made would have one common approval stamp (which would be delegated out by some organization) and one private unique one, which the user would control and give the "stamp" to the programs of his choice. Comments?
They're Pinky and the Brain
Pinky and the Brain:
One is a genuis,
The other's insane;
They'll overthrow the earth,
They'll rule with all their worth;
They're Pinky,
They're Pinky and the Brain
Brain Brain Brain Brain
Dun dun.
LOL. Ok, but seriously, this is interesting. More interesting than seeing if mice can play chess or learn to read, is if this same technique can be applied on humans pre-birth, and if genetic engineering via virus-vectors could be used to apply it to the already-living (not just the unborn).
A safe car runs Windows 98? Bwuhahahahaha. That's funny.
Expect this car to be listed as the one that crashes the most. Some bug in the software will probably tell the user to turn left on red.