Except that then you would be bitten by stuff like this that trojans the makefiles.
As far as trojaning individual.deb packages, apt-get will indeed abort if the download md5sum doesn't match the md5 recorded in the Packages file. However, there is damn near nothing to verify that the Packages file is what it ought to be. (And since.debs and Package files are pulled from the same place...)
Every time this comes up on debian-devel the end result is a classic example of "the best is the enemy of the good". The suggestions for minimal signing of anything (say, having the process that creates the Packages file sign it) are always rejected because they wouldn't address the whole problem. (What if master.debian.org were hacked?) Unfortunately, no one can ever come up with an acceptable consensus definition on what the whole problem actually is, so nothing ever comes close to being implemented.
That's one of the four (well, five if you count silence) options that nokia phones have for message recieved tones. (On the 5165, it's the tone called "special")
The others are "single beep" (easy to guess what that sounds like), "long & loud" (which spells out "connecting people" in morse code - Nokia's slogan) and "standard" (which sounds like "ooo" in morse - nine long beeps in groups of three).
I really don't understand the ACLU's strategy here. Aren't people already allowed to do this kind of research thanks to the librian of congress's decision on exemptions to the DMCA's anti-circumvention scheme?
If he's already allowed to do this type of research, what harm is the ACLU basing their decision on? Won't they just get thrown out of court for bringing an issue that isn't ripe for decision? (i.e. that has no consequences, because the librarian of congress has already crafted an exemption for this research)
So you're working on a program using the foobarlib library and calling its function baz(), which according to the documentation returns an integer from 1 to 10 that means something or other. Suddenly, you discover that your program is blowing up because baz() is apparently returning -17. What do you do?
The ultimate correct answer that this person was looking for is that you ask your colleagues for help. These days, of course, you also get credit for first searching the web and newsgroups relevant to the package. Surprisingly, many people give up after suggesting things ("Well, first I have my debugger trace everything very carefully to make sure that baz is really doing this, then I re-read the foobarlib documentation") and being told "Ok, you try that, and it doesn't work."
Some people have actually told the interviewer flat-out that "that would never happen; it's impossible". However, those people have usually already demonstrated their unsuitability in other ways.
Of course, the real way to do this is to build the triple redundancy into your memory unit, hardwire the logic (probably using one triple-input nand gate and three two-input nand gates for each bit) and not have the cpu deal with this at all.
Heh - I was just working on this exact same thing after finding someone's post on piclist looking to reverse-engineer the same program. And to think, you only beat me to the solution by a few hours...
Except that you didn't, completely. The trickiest part of this checksum is that it shows up TWICE in the packet format. As you state, the checksum is initialized after the ff attention byte, and then most of the packet is run through it. However, looking at the initial packet:
both of the indicated portions are checksums. The first checksum covers the string "35 35 00 0E" and the second covers the string "35 35 00 0E 01 00 00 08 00 19 02 54 45 53 54 1F". The checksum is not re-initialized after it's output. Incidentally, here's my perl version - it uses bit operations in preference to the %-heavy code that you use, but it's the same algorithm:
The problem is that you read the moderation system the wrong way. Think of a high score not as "this is something that is true" but "this is something worth discussing, if for no other reason than to refute it".
Of course, naming the moderation as "insightful", "interesting", etc. doesn't help things.
Composer is fine for a rough draft, but then you still need to go through and clean it up at the raw HTML level. (It has a habit of leaving little "br" tags all over the place, and the automatic nbsp when your fingers do the habitual two spaces after a period is also annoying)
Community colleges vary in quality wildly from location to location. I wouldn't trust Burlington County Community college (Burlington County, NJ, where I currently live) with anything more advanced than introductory single variable calculus. On the other hand, the Philadelphia Inquirer did a story a few years back where they had some students attending the University of Pennsylvania come out to Montgomery County CC for a few classes of freshman physics and calculus. The community college students were using the same text as the ivy leaguers, and were proceeding at the same pace. Also, the sudents found the quality of instruction higher at the CC.
As a basically uninformed guess, I'd assume that community colleges in tech. boom areas that do a lot of night-school business are better able to fund the more advanced courses (and hire the better teachers) than community colleges in areas that don't provide lots of night-class business.
Not necessarily. Meet people in person and: 1) get their keys from them. 2) sign their keys. 3) have them sign yours.
Build a big web of trust. Get interconnected. Of course, this does require interpersonal contact, but with practice I'm certain you'll find that face-to-face contact isn't that repulsive.
Large projects such as mozilla or apache could also hand out cards with their public gpg key fingerprint on them at developer convention. (It is assumed that the saving grace here is that the fingerprints, being small, can be repeated all over the place.) Something like apache could then have a key that is used to sign the keys of subprojects.
True, no system is perfect. It's still always possible that a long-trusted developer will suddenly decide to put a backdoor in their own program, and therefore any system that defends against attacks that are more difficult than convincing a trusted developer to do just this is overkill. However, the open source web of trust is not nearly as interconnected as it should be, and this lack of connections creates a serious chance for failure points.
Last I checked, squidguard seemed to be languishing (and not surprisingly; keeping up with net content requires a truly exhaustive organization). Is there something else out there?
DSL available in small towns? Maybe in the midwest.
I live in Burlington, NJ. It's technically a city, but really more of an overgrown town in the middle of the Philadelphia suburbs. We'll be getting DSL service about the same time hell freezes over.
I know that even when I was being paranoid about backups, I only backed up certain files daily and did a full ~ backup no more frequently than once a week.
Remember - part of the reason it hurts to lose ~ is because of the frequency of changes, not necessarily the size of the data. The importance of a data file is only extremely loosely related to its size.
It's your browser. It is erroneously interpretting spaces inside tags as though they were characters, or as though the text inside were wrapped inside a
RMS has said that it was acceptable to install a non-free program in order to study it a as necessary step in creating a free alternative. This is not exactly the same thing as what McVoy quoted, so he may indeed have gotten RMS and Linus confused.
But RMS bristles at even the association with a software product that is ever sold for money.
RMS has never, ever, objected to any activity on the grounds that it is "tainted" by monetary objectives. (Though others nearby have - the Gnuart people, for example)
What RMS objects to about BitKeeper (and about acrobat reader, and latex column modes, and Netscape 4) is, as he says so many times it almost makes you want to beat your head into the wall, that BitKeeper is not "free as in freedom".
RMS has no problems with BitKeeper being sold - his problem is that the market for BitKeeper (and most other non-free software) is propped up by the restrictions placed on the buyer. In fact, RMS agrees with debian that software which contains a "don't sell this for more than the cost of the media" clause is not free. Part of the problem with BitKeeper is not that McVoy is selling it, but that I (or anyone else) can't.
If every person who received a copy of BitKeeper from McVoy were able to use it however they wanted, examine all the source, modify it as desired, and then copy and sell the result, then BitKeeper would be free software. (I'm sure someone could weasel in a non-free restriction somewhere into that statement, but basically that's it) Contrary to popular opinion, RMS does not insist that every piece of free software be licensed under the GPL.
Painting RMS as hostile to the pursuit of money, as though he were
these guys
is inaccurate. RMS is not actively hostile to the software market; he just doesn't view its continued existence as a sufficient reason for non-free software. If the commercial software market cannot survive without the restrictions on redistribution currently placed on buyers, then it cannot survive.
People who paint RMS as hostile to making money fail to see the difference between "I hate that" and "I care about something else more than I care about that". (Those who would paint free speech activists as being against national security often commit a very similar structural confusion.)
The point of the comment is that - hold on here - I and L are different letters. Despite that, in a sans-serif font, a capital I and a lowercase L look nearly identical. (Exactly identical, depending on font) Note that most url bars on web browsers use a sans-serif font.
The real site is written as paypal.com, while the fake site was written as paypaI.com. Note that those are different - in all uppercase one is PAYPAL.COM while the other is PAYPAI.COM
With an explicit "safe area" (which the big corps like Disney and yahoo can be certain to enter, even if no one else does) that kids will find lame, it can become now directly obvious to the "save the children" people that it is the children who are struggling out of their network straight jacket.
This means that it is no longer a case of "these evil people are sending bad stuff to our kids" and instead becomes a matter of "our kids are actively hunting for this bad stuff". Maybe it won't cause a complete and total reexamination of attitudes on everyone's part, but it might make those parents stuck in "my sweet, innocent darling wouldn't try anything bad" mode move on to more realistic positions.
I also must wonder about the people who submit things like this - are they trying to make the editors look like idiots, or are they honestly this confused after hearing about the article? (Since if they read the article, someone else might submit it before them and get the credit)
I'll just note (not that these are anywhere near as common as they were 8 months ago) that many places around here had those little movable-letters signs up saying "GOD BLESS AMERICA".
A minute or so with an anagram generator will tell you that those letters can be rearranged into "SAD MOB SACRILEGE". As I said, not that it's anywhere near as useful now as a few months ago, but the phrase could always come back in vogue.
Slashdot Mirror
Except that then you would be bitten by stuff like this that trojans the makefiles.
.deb packages, apt-get will indeed abort if the download md5sum doesn't match the md5 recorded in the Packages file. However, there is damn near nothing to verify that the Packages file is what it ought to be. (And since .debs and Package files are pulled from the same place...)
As far as trojaning individual
Every time this comes up on debian-devel the end result is a classic example of "the best is the enemy of the good". The suggestions for minimal signing of anything (say, having the process that creates the Packages file sign it) are always rejected because they wouldn't address the whole problem. (What if master.debian.org were hacked?) Unfortunately, no one can ever come up with an acceptable consensus definition on what the whole problem actually is, so nothing ever comes close to being implemented.
That's one of the four (well, five if you count silence) options that nokia phones have for message recieved tones. (On the 5165, it's the tone called "special")
The others are "single beep" (easy to guess what that sounds like), "long & loud" (which spells out "connecting people" in morse code - Nokia's slogan) and "standard" (which sounds like "ooo" in morse - nine long beeps in groups of three).
I really don't understand the ACLU's strategy here. Aren't people already allowed to do this kind of research thanks to the librian of congress's decision on exemptions to the DMCA's anti-circumvention scheme?
If he's already allowed to do this type of research, what harm is the ACLU basing their decision on? Won't they just get thrown out of court for bringing an issue that isn't ripe for decision? (i.e. that has no consequences, because the librarian of congress has already crafted an exemption for this research)
Favorite technical interview question I've ever heard:
So you're working on a program using the foobarlib library and calling its function baz(), which according to the documentation returns an integer from 1 to 10 that means something or other. Suddenly, you discover that your program is blowing up because baz() is apparently returning -17. What do you do?
The ultimate correct answer that this person was looking for is that you ask your colleagues for help. These days, of course, you also get credit for first searching the web and newsgroups relevant to the package. Surprisingly, many people give up after suggesting things ("Well, first I have my debugger trace everything very carefully to make sure that baz is really doing this, then I re-read the foobarlib documentation") and being told "Ok, you try that, and it doesn't work."
Some people have actually told the interviewer flat-out that "that would never happen; it's impossible". However, those people have usually already demonstrated their unsuitability in other ways.
What do you do when all three numbers are zero?
Of course, the real way to do this is to build the triple redundancy into your memory unit, hardwire the logic (probably using one triple-input nand gate and three two-input nand gates for each bit) and not have the cpu deal with this at all.
ftp://ftp.cs.columbia.edu/pub/xmove/
has it.
Heh - I was just working on this exact same thing after finding someone's post on piclist looking to reverse-engineer the same program. And to think, you only beat me to the solution by a few hours...
Except that you didn't, completely. The trickiest part of this checksum is that it shows up TWICE in the packet format. As you state, the checksum is initialized after the ff attention byte, and then most of the packet is run through it. However, looking at the initial packet:
FF 35 35 00 0E DA BC 01 00 00 08 00 19 02 54 45 53 54 1F 8C 52
^^^^^ ^^^^^
both of the indicated portions are checksums. The first checksum covers the string "35 35 00 0E" and the second covers the string "35 35 00 0E 01 00 00 08 00 19 02 54 45 53 54 1F". The checksum is not re-initialized after it's output. Incidentally, here's my perl version - it uses bit operations in preference to the %-heavy code that you use, but it's the same algorithm:
#!perl
$check = 0xa55a;
$sum=0;
@bytes = (@ARGV);
for $pos (0..$#bytes) {
$sum += (hex($bytes[$i]) ^ ($pos & 0xff));
$sum = $sum & 0xffff;
$check += $sum;
$check = (($check >> 1) & 0x7fff) | (($check & 1) << 15);
}
printf "%04x\n", $check;
__END__
The problem is that you read the moderation system the wrong way. Think of a high score not as "this is something that is true" but "this is something worth discussing, if for no other reason than to refute it".
Of course, naming the moderation as "insightful", "interesting", etc. doesn't help things.
> Proof positive that time travel is impossible - the grammar is WAY too complex.
No, time travelers just don't speak English.
We all kljeka fiuw coeit blot.
Composer is fine for a rough draft, but then you still need to go through and clean it up at the raw HTML level. (It has a habit of leaving little "br" tags all over the place, and the automatic nbsp when your fingers do the habitual two spaces after a period is also annoying)
Community colleges vary in quality wildly from location to location. I wouldn't trust Burlington County Community college (Burlington County, NJ, where I currently live) with anything more advanced than introductory single variable calculus. On the other hand, the Philadelphia Inquirer did a story a few years back where they had some students attending the University of Pennsylvania come out to Montgomery County CC for a few classes of freshman physics and calculus. The community college students were using the same text as the ivy leaguers, and were proceeding at the same pace. Also, the sudents found the quality of instruction higher at the CC.
As a basically uninformed guess, I'd assume that community colleges in tech. boom areas that do a lot of night-school business are better able to fund the more advanced courses (and hire the better teachers) than community colleges in areas that don't provide lots of night-class business.
Not necessarily. Meet people in person and:
1) get their keys from them.
2) sign their keys.
3) have them sign yours.
Build a big web of trust. Get interconnected. Of course, this does require interpersonal contact, but with practice I'm certain you'll find that face-to-face contact isn't that repulsive.
Large projects such as mozilla or apache could also hand out cards with their public gpg key fingerprint on them at developer convention. (It is assumed that the saving grace here is that the fingerprints, being small, can be repeated all over the place.) Something like apache could then have a key that is used to sign the keys of subprojects.
True, no system is perfect. It's still always possible that a long-trusted developer will suddenly decide to put a backdoor in their own program, and therefore any system that defends against attacks that are more difficult than convincing a trusted developer to do just this is overkill. However, the open source web of trust is not nearly as interconnected as it should be, and this lack of connections creates a serious chance for failure points.
What filtering system do you use? Squidguard?
Last I checked, squidguard seemed to be languishing (and not surprisingly; keeping up with net content requires a truly exhaustive organization). Is there something else out there?
DSL available in small towns? Maybe in the midwest.
I live in Burlington, NJ. It's technically a city, but really more of an overgrown town in the middle of the Philadelphia suburbs. We'll be getting DSL service about the same time hell freezes over.
I know that even when I was being paranoid about backups, I only backed up certain files daily and did a full ~ backup no more frequently than once a week.
Remember - part of the reason it hurts to lose ~ is because of the frequency of changes, not necessarily the size of the data. The importance of a data file is only extremely loosely related to its size.
You know, I didn't find your sig nearly so annoying until I turned off signatures; every real signature vanished, but yours remained.
If you're going to stick that at the bottom of every post, be honest and make it your real sig. rather than appending it on manually.
Could you point me to something where the OO.org spellchecker does a significantly worse job than a commercial spellchecker?
As far as I know, OO.org's spellchecker is based on ispell, which was supposed to be comparable in quality to commercial versions.
RMS has said that it was acceptable to install a non-free program in order to study it a as necessary step in creating a free alternative. This is not exactly the same thing as what McVoy quoted, so he may indeed have gotten RMS and Linus confused.
RMS has never, ever, objected to any activity on the grounds that it is "tainted" by monetary objectives. (Though others nearby have - the Gnuart people, for example)
What RMS objects to about BitKeeper (and about acrobat reader, and latex column modes, and Netscape 4) is, as he says so many times it almost makes you want to beat your head into the wall, that BitKeeper is not "free as in freedom".
RMS has no problems with BitKeeper being sold - his problem is that the market for BitKeeper (and most other non-free software) is propped up by the restrictions placed on the buyer. In fact, RMS agrees with debian that software which contains a "don't sell this for more than the cost of the media" clause is not free. Part of the problem with BitKeeper is not that McVoy is selling it, but that I (or anyone else) can't.
If every person who received a copy of BitKeeper from McVoy were able to use it however they wanted, examine all the source, modify it as desired, and then copy and sell the result, then BitKeeper would be free software. (I'm sure someone could weasel in a non-free restriction somewhere into that statement, but basically that's it) Contrary to popular opinion, RMS does not insist that every piece of free software be licensed under the GPL.
Painting RMS as hostile to the pursuit of money, as though he were these guys is inaccurate. RMS is not actively hostile to the software market; he just doesn't view its continued existence as a sufficient reason for non-free software. If the commercial software market cannot survive without the restrictions on redistribution currently placed on buyers, then it cannot survive.
People who paint RMS as hostile to making money fail to see the difference between "I hate that" and "I care about something else more than I care about that". (Those who would paint free speech activists as being against national security often commit a very similar structural confusion.)
The point of the comment is that - hold on here - I and L are different letters. Despite that, in a sans-serif font, a capital I and a lowercase L look nearly identical. (Exactly identical, depending on font) Note that most url bars on web browsers use a sans-serif font.
The real site is written as paypal.com, while the fake site was written as paypaI.com. Note that those are different - in all uppercase one is PAYPAL.COM while the other is PAYPAI.COM
With an explicit "safe area" (which the big corps like Disney and yahoo can be certain to enter, even if no one else does) that kids will find lame, it can become now directly obvious to the "save the children" people that it is the children who are struggling out of their network straight jacket.
This means that it is no longer a case of "these evil people are sending bad stuff to our kids" and instead becomes a matter of "our kids are actively hunting for this bad stuff". Maybe it won't cause a complete and total reexamination of attitudes on everyone's part, but it might make those parents stuck in "my sweet, innocent darling wouldn't try anything bad" mode move on to more realistic positions.
I also must wonder about the people who submit things like this - are they trying to make the editors look like idiots, or are they honestly this confused after hearing about the article? (Since if they read the article, someone else might submit it before them and get the credit)
I must say that I find your Sodom and Gomorrah reference truly bizarre.
I'll just note (not that these are anywhere near as common as they were 8 months ago) that many places around here had those little movable-letters signs up saying "GOD BLESS AMERICA".
A minute or so with an anagram generator will tell you that those letters can be rearranged into "SAD MOB SACRILEGE". As I said, not that it's anywhere near as useful now as a few months ago, but the phrase could always come back in vogue.