This is one thing that really bugs me about the continual "augh, it's a GPL infection!" fear that some people have.
That worry (about copyright infringement due to code you've seen) is present with any source that's visible - I imagine that some companies are very certain to make sure you've never looked at any of Sun's source if you're working on a similar project. (The consequences would probably be royalties to Sun instead of disclosure of source code) Or, for example, Microsoft not letting its ie people look at any of Mozilla's NPL-covered code. Likewise, you can't copy VB code verbatim out of some PC magazine's sample utility. (There was a controversy about this back in the Windows 3.1 days, when a piece of commercial software appeared that was just a different GUI on top of a free utility some magazine had published. The magazine's publisher was not amused.)
Singling the GPL out as especially viral only makes sense if GPL code is especially attractive, tempting developers in ways no non-GPL code could. While I'm certain that RMS would love to hear that GPL'ing a piece of software instantly improves the source's appeal, we both know that isn't the case.
As for expensive litigation, I'd think most companies would find Netscape/AOL/TW's lawyers more fearsome than the FSF's.
I mean, the people from the honeynet project are going to post the complete entries of the top 20 anyway, and one of the criteria they're going to use is how well documented (i.e. "good for learning") the entry is. 'Tis better to learn that way than to stumble through hundreds of "I got this far and then quit" entries on some quickly pieced together slash site.
I for one hope that I'll actually get off my ass and enter this one; I've analyzed a few of their forensics "scan of the month" but have never gotten around to submitting a writeup. (Expository writing always seems so draining)
For these purposes, you don't need a complete stream of cryptographically secure random data, you just need to make certain that the various passes are sufficiently different from each other.
For that,/dev/urandom will do the trick, and you won't have to wait for your entropy pool to be rebuilt every few thousand bytes. Of course, it'll still take a long time (nothing can speed up that physical disk access), but you can also then let it run unattended on a machine that's disconnected from the rest of the world (and therefore isn't refilling its entropy pool through randomness)
Oh, and be certain that you do a "sync" between passes. That may not be an issue on a hard drive, but with smaller media (like, say, a zip disk), you want to make certain that the computer doesn't cache the writes.
One of the senior developers around here is always trying to push ideas similar to this with the phrase "It would be wonderful if we were losing $100 million a year to software piracy".
The implication is that in order to be in that situation, we'd have to be making money from non-piracy hand-over-fist. Perhaps it's different when selling to home users or individual developers, but our business is mostly to large companies who have people on staff whose job it is to audit software license requirements. With a market like that, it doesn't matter if the number of licensed users is simply a setting in a configuration file; compliance will still be close enough to allow us a nice profit.
At least, that's the idea - there are many in the organization who are stuck on our old licensing schemes and cannot accept the idea that somewhere a customer might use an extra copy of our software without us even knowing that they were "ripping us off".
Everyone in the entire university must take CS1 and most CS2, these are just intro programing classes to get people familure with coding and thinking on there own. That is their point, and to accomplish that, they must seperate the students out.
Ah, the "intro course as sieve" argument. That used to be what many places used calculus courses for. Fortunately many mathematics departments are starting to realize that that argument is at its core just ivory tower snobbery, and in the long run does no one any good. It's a shame to see that Georgia Tech hasn't yet figured out that their business is educating the students they do have, not grinding up those they find unworthy.
Actually, what would happen is that spambots would start pulling out of google's cache. That way, the bad addresses they return will be traceable only back to google's spider.
If you really go with traditional and don't accept the ridiculous illusion that the wedding industry has concocted. Our wedding was a total of about $4000 - plus another $1000-$1200 if you count the cost of the rings (the big cost being the engagement ring due to the standard DeBeers price fixing).
The big key is to not go absolutely nuts on the reception - we had it catered by the church women in the church meeting hall for a $1000 donation. I don't understand people who do crazy things like rent out a hotel ballroom for ten times as much. I really can't understand people who go into debt to pay for their wedding.
My wife found her wedding gown for only about $500 plus maybe $100 for alterations - and I have no idea how. I understand that some people pay a fortune for those too.
I suppose that some people could use a professional wedding planner, but that just seems like you're asking to get talked into spending more. Emily Post's guide was all we needed.
1) Have loads of photographic images (as opposed to icons or things which need lossless compression) 2) Have high bandwidth costs related directly to said images (I assume; the PBS series on porn didn't cover enough of the economics of porn sites) 3) Have a bunch of users who will download and install any fool thing in order to see the pictures. (Hence the number of "dialer" scams you see in this market)
Flash didn't offer porn sites anything - most Americans aren't conditioned to animation porn - neither did png. Jpeg2000, however, could be very attractive to those sites run on a very small budget where bandwidth costs mean the difference between breaking even and not.
Porn sites drive a much larger portion of internet traffic than anyone wants to admit.
There's a reason I ask: Individual Education Plans.
These IEPs are wonderful little inventions that many states have written into their education laws; basically, what they are is a way out for you and your school when/if you want to do something other than sit with a babysitter who happens to have teaching credentials.
It may be difficult to write an IEP until you get into high school, but you can begin researching some of the possibilities now. I remember finding The Gifted Kids' Survival Guide most helpful when I was about your age, though I didn't get off my ass and seriously pursue IEP stuff until 11th grade.
If you live in a state with sensible gifted education laws and in a school district which respects those laws (or have an intimidating attorney ready to go to bat for you), then it is possible to essentially write your own education plan. You may at most be able to get a few periods a week - there are still some courses you'll have to take, and doing poorly in them could scuttle everything else, so you'll just have to suffer through history of Western Civ. However, in the "spare" time you'll be able pursue anything you want; my personal suggestion would be to contact professors at some local college or university (there are probably some community college professors who would love to see anything approaching a talented and motivated student) and get them to sponsor some computing projects. This adds an air of academic legitimacy which your public school is going to need to feel good about letting you do something school administrators can't understand.
My IEP senior year specified AP Physics, since the offered physics course was a complete and total joke. I was lucky, and got five periods a week and an expanded book closet with desk. Occasionally they'd throw some old hardware at me, and halfway through the year the teacher who was nominally supervising me got promoted to an administrative position and I was left completely alone. It was a good year.
Re:Why did it take so many posts?
on
Abusing the GPL?
·
· Score: 1
I wasn't talking about the licenses on yacc or bison; I'm aware of the Bison licensing exception.
I was talking about this case:
Alice produces a.y file describing the rather complicated configuration language to her GPL'ed program. The.y file is itself GPL'ed.
Bob then comes along and wishes to use a similar configuration scheme in his program, so he "borrows" Alice's.y file, makes a few modifications, and releases his product under the GPL, but, and this is the kicker, doesn't release his version of the.y file, only the.c file produced by Bison or yacc.
I can't come up with a scheme of motivations that would cause Bob to do this, however, and that may be why there's no precedent of this form.
Why did it take so many posts?
on
Abusing the GPL?
·
· Score: 5, Informative
Why did it take so many posts for someone to point this out? Do people not read the GPL?
What a day to be without moderator points...
For those too lazy to read the whole thing, read section three, point #3 very carefully. Just because something compiles does NOT mean that it is source according to the GPL. That you would not do development on the obfuscated gobbledegook clearly shows that the obfuscated version is NOT the preferred form for modification. I would be highly suspicious that your lawyer is insufficiently anal when reading contracts if they missed this.
As for precedent, can anyone find a discussion of GPL'ed yacc/bison grammars? This would fit exactly the case above - the original source that must be distributed is the.y file, not the result of compiling the.y to a.c file. Unfortunately, I don't think that anyone has ever been tempted to rip off a GPL'ed grammar.
The only real newsworthy bit I saw in it is that apparently the people who bought the laptop and then decrypted the disk are not govenrment operatives, but "just" people working for the Wall Street Journal. If anything, this says that moderate cryptography knowledge has become routine in corporate America.
When the NSA can uncover my deepest secrets, that's one thing. When a potential employer can decrypt anything protected with twenty year old technology, I don't worry yet, but talk to me again in my mid-40s. I wonder when some of the early posts to alt.anonymous.* will become decipherable.
... or he's been listening only to the "we hate Katz" roar and not discovering where that roar comes from.
I'm going to go out on a limb and speak not just for myself, but for everyone who has the same visceral reaction against most of Katz's "social commentary" articles. I say "visceral" specifically because my first reaction is an uncomfortable feeling in my gut that is similar to the feeling I get when in the presence salesman who's overpromising.
In short, the stories of Katz's that irk me say nothing.
It's much more than that though that gets to me - certainly the "yet another Outlook-enabled virus found" story adds very little useful information - it's the style in which Katz says his nothing. It screams of the overpolished language of an excited journalist trying to "capture the feeling of the movement". This style ends up completely obscuring any other message, substance, or information that the article might have once contained. The end result is that I get the story of the intrepid reporter, out reporting his bold new story that the establishment doesn't understand. Lost is the underlying reality, lost (or never present) are serious sociological considerations. What I'm left with is a bunch of speculative drivel and the overriding story of the reporter.
And I get that story every damn time. Once was really much more than enough.
It's nice to see that Katz has backed off in his writing style. If he can return to social commentary without riding the intrepid reporter horse, it might go better for him. I'd hate to think that the slashdot editors would assume that the anto-Katz reaction reflects a fundamental unwillingness to discuss those issues among the slashdot audience. (Though I would also contend that the slashdot medium does not lend itself easily to considered discourse, but that discussion is for another post)
In short, when we rail against Katz, we're not shooting the messenger because he carries an unpopular message. We're shooting the messenger because he arrives empty-handed.
No, if gzipping a gzip'ed file doesn't make it any smaller, then the claim "gzip can compress any data" is a hoax.
And rightfully so - such a claim is ridiculous on its face. I suggest that those of you fascinated by the possibilities of compressing random data try:
There can be no algorithm that (losslessly) compresses all 1000 byte files to 999 byte files. (Hiding data in the filename or in other hidden files on the system -- don't laugh, there was a DOS-based "compression" program that did just this -- doesn't count). In fact, I'd be willing to bet that if a file were made by the process above, (reading out of/dev/random) then it is highly likely that the resulting file has the property that no program can be written that: 1) is smaller the data itself, and 2) produces that data as its output.
Hm. Now I'm actually interested in that problem - what do you suppose the probability is that a random 1000 byte file will be compressible by gzip? What is the maximum possible probability for any compression algorithm? (Obviously there's an upper bound of 50%, but I'm thinking it might be even less than that)
The main thing that prevents this is not having "." in the path, and having one's home directory or ~/bin directory last in the path, if they must be in there at all. "." in the path is almost never a good idea. "." in root's path is a definite bad idea; root's path should contain only directories which are writeable only by root. (and all of those directory's parent directories should be writeable only by root as well)
Of course, there's still nothing to prevent someone from changing your.login file to put your home directory first in the path, so you still end up being eaten by this eventually. However, there's no reason to needlessly lower the bar.
As many others have already pointed out, this ruling is on what is considered a disability under the ADA, which is an American law that provides the minimum which everyone (employers, shopkeepers, public transportation, etc.) must do to accomodate disability. For example, I believe that it's the ADA which forces businesses that wouldn't normally allow pets on the premises to nevertheless accept seeing-eye dogs.
This ruling has no bearing on whether or not carpal tunnel could be considered a disability under, say, a worker's compensation law. It merely states that in order to invoke the power of the ADA ones disability must extend to basic life tasks; merely making ones job impossible is insufficient.
However, if your friend was forced to get a specially equipped car, then her disability was much more severe than the disability in this case, and in all likelihood meets the standard the court set in this case for invoking the ADA.
You take the statement from the article "This does not affect the non-Windows versions, because the non-Windows versions currently do not yet support the feature that this vulnerability occurs in" and conclude "If other versions did support this feature, they would be subject to this vulnerability".
Let me spell it out in straightforward logic symbols:
let "a" mean "vulnerability affects non-Windows versions"
let "b" mean "non-windows versions implement this game feature"
You take "not a because not b" (That is, "not b imples not a") and conclude "b implies (would imply) a". You have confused the converse with the contrapositive (the contrapositive would be "version xyz is vulnerable to this, therefore I know that version xyz implements the gaming feature").
Now, on to the question as to whether or not this vulnerability is in the protocol itself; this gets into a silly semantic debate that could go on and on with people yelling about definitions. As the AIM protocol has no canonical published spec. to define what it is, we can only assume that the AIM protocol is whatever the official AIM clients do when operating correctly. (For example, we shouldn't expect that the behavior of the AOL client while it is running under a debugger that randomly flips a few bits in memory every few seconds is an example of the AIM protocol)
So - is a buffer overflow the correct behavior? As much as I am inclined to think ill of the AOL/TW behemoth, I doubt that they intended their users' machines to be wide open to script kiddies everywhere.
What little chance I had of sympathizing with the "no business use" restrictions of residential service vanished once I realized that residential service is ALL there is.
The places that talk about the restrictions on residential service seem to imply that just by paying more, one can sign up for a "business class" service that is essentially the same as residential service but without those restrictions.
Unfortunately, that's not the case. Business class service (except briefly for some of the areas served by Cox cable) over cable lines does not exist. It is a strawman that cable ISPs use to pretend that their restrictions on "business" use are somehow rational. This is a re-occuring thread in various @Home newgroups.
Hopefully having an article in ComputerWorld will produce more explicit explanation from cable ISPs about what exactly they mean by business use.
Consider that a common Comcast@Home commercial shows someone auditioning for an acting job halfway across the country through an @Home webcast. If that's not allowed, I smell a bait-and-switch lawsuit.
The point is that those signatures aren't available anywhere except by doing something like searching the debian-devel-changes archives. (The.changes files, which contain those signatures, aren't in the debian mirrors, though the signed.dsc file is; however, this is only sufficient to verify the integrity of the source code, not the binaries)
Once a binary package has been installed in the debian mirror system, there's *NOTHING* in the package file itself to guarantee that it hasn't been tampered with.
The "one in five" statistic comes from a study that used as the definition of rape what was legally on the books in the state where the study was conducted (Ohio).
If you say "Oh, that doesn't count", and decide to include only violent, forcible rape, the stats drop to something like 1 in 20.
That's right, not 1 in 200, not 1%, but 5%. It's still A HELL OF A LOT OF WOMEN. It's a shame that the 1 in 5 statistic is trumpeted around where it's open to attack, because this leads people to think that rape isn't that big a problem in the US.
And "Interesting" posts should know what they're saying, but one rarely gets everything one wants.
The point: the poster is implying that there's some mismatch between looking the password up in a mysql database and doing HTTP/1.0 Basic Authentication. There isn't - the phrase "HTTP/1.0 Basic Authentication" refers to how the password is sent over the wire. The server can look up the password by carrier pidgeon for all that that matters.
It's true that the standard Apache password mechanisms look things up in flat files and not a mysql database, but that's not what the poster said.
What do public libraries have to do with children?
Sure, public libraries are a place where there may be children present, but there may be children present in a courthouse, walking down the street, or in the corner convenience store. (Where, I'll note, the only thing between the kids and serious hard-core porn is the clear plastic wrapper on some of the magazines)
The idea that libraries are somehow fundamentally aimed at children, and specifically are more aimed at children than at adults is pernicious. It leads to a culture in which the adults become alliterate (that is, being able to read but not reading) and in which librarians are imagined to be glorified babysitters with books.
Slashdot Mirror
This is one thing that really bugs me about the continual "augh, it's a GPL infection!" fear that some people have.
That worry (about copyright infringement due to code you've seen) is present with any source that's visible - I imagine that some companies are very certain to make sure you've never looked at any of Sun's source if you're working on a similar project. (The consequences would probably be royalties to Sun instead of disclosure of source code) Or, for example, Microsoft not letting its ie people look at any of Mozilla's NPL-covered code. Likewise, you can't copy VB code verbatim out of some PC magazine's sample utility. (There was a controversy about this back in the Windows 3.1 days, when a piece of commercial software appeared that was just a different GUI on top of a free utility some magazine had published. The magazine's publisher was not amused.)
Singling the GPL out as especially viral only makes sense if GPL code is especially attractive, tempting developers in ways no non-GPL code could. While I'm certain that RMS would love to hear that GPL'ing a piece of software instantly improves the source's appeal, we both know that isn't the case.
As for expensive litigation, I'd think most companies would find Netscape/AOL/TW's lawyers more fearsome than the FSF's.
Why bother?
I mean, the people from the honeynet project are going to post the complete entries of the top 20 anyway, and one of the criteria they're going to use is how well documented (i.e. "good for learning") the entry is. 'Tis better to learn that way than to stumble through hundreds of "I got this far and then quit" entries on some quickly pieced together slash site.
I for one hope that I'll actually get off my ass and enter this one; I've analyzed a few of their forensics "scan of the month" but have never gotten around to submitting a writeup. (Expository writing always seems so draining)
For these purposes, you don't need a complete stream of cryptographically secure random data, you just need to make certain that the various passes are sufficiently different from each other.
/dev/urandom will do the trick, and you won't have to wait for your entropy pool to be rebuilt every few thousand bytes. Of course, it'll still take a long time (nothing can speed up that physical disk access), but you can also then let it run unattended on a machine that's disconnected from the rest of the world (and therefore isn't refilling its entropy pool through randomness)
For that,
Oh, and be certain that you do a "sync" between passes. That may not be an issue on a hard drive, but with smaller media (like, say, a zip disk), you want to make certain that the computer doesn't cache the writes.
One of the senior developers around here is always trying to push ideas similar to this with the phrase "It would be wonderful if we were losing $100 million a year to software piracy".
The implication is that in order to be in that situation, we'd have to be making money from non-piracy hand-over-fist. Perhaps it's different when selling to home users or individual developers, but our business is mostly to large companies who have people on staff whose job it is to audit software license requirements. With a market like that, it doesn't matter if the number of licensed users is simply a setting in a configuration file; compliance will still be close enough to allow us a nice profit.
At least, that's the idea - there are many in the organization who are stuck on our old licensing schemes and cannot accept the idea that somewhere a customer might use an extra copy of our software without us even knowing that they were "ripping us off".
Ah, the "intro course as sieve" argument. That used to be what many places used calculus courses for. Fortunately many mathematics departments are starting to realize that that argument is at its core just ivory tower snobbery, and in the long run does no one any good. It's a shame to see that Georgia Tech hasn't yet figured out that their business is educating the students they do have, not grinding up those they find unworthy.
Actually, what would happen is that spambots would start pulling out of google's cache. That way, the bad addresses they return will be traceable only back to google's spider.
If you really go with traditional and don't accept the ridiculous illusion that the wedding industry has concocted. Our wedding was a total of about $4000 - plus another $1000-$1200 if you count the cost of the rings (the big cost being the engagement ring due to the standard DeBeers price fixing).
The big key is to not go absolutely nuts on the reception - we had it catered by the church women in the church meeting hall for a $1000 donation. I don't understand people who do crazy things like rent out a hotel ballroom for ten times as much. I really can't understand people who go into debt to pay for their wedding.
My wife found her wedding gown for only about $500 plus maybe $100 for alterations - and I have no idea how. I understand that some people pay a fortune for those too.
I suppose that some people could use a professional wedding planner, but that just seems like you're asking to get talked into spending more. Emily Post's guide was all we needed.
Think about it - porn sites:
1) Have loads of photographic images (as opposed to icons or things which need lossless compression)
2) Have high bandwidth costs related directly to said images (I assume; the PBS series on porn didn't cover enough of the economics of porn sites)
3) Have a bunch of users who will download and install any fool thing in order to see the pictures. (Hence the number of "dialer" scams you see in this market)
Flash didn't offer porn sites anything - most Americans aren't conditioned to animation porn - neither did png. Jpeg2000, however, could be very attractive to those sites run on a very small budget where bandwidth costs mean the difference between breaking even and not.
Porn sites drive a much larger portion of internet traffic than anyone wants to admit.
There's a reason I ask: Individual Education Plans.
These IEPs are wonderful little inventions that many states have written into their education laws; basically, what they are is a way out for you and your school when/if you want to do something other than sit with a babysitter who happens to have teaching credentials.
It may be difficult to write an IEP until you get into high school, but you can begin researching some of the possibilities now. I remember finding The Gifted Kids' Survival Guide most helpful when I was about your age, though I didn't get off my ass and seriously pursue IEP stuff until 11th grade.
If you live in a state with sensible gifted education laws and in a school district which respects those laws (or have an intimidating attorney ready to go to bat for you), then it is possible to essentially write your own education plan. You may at most be able to get a few periods a week - there are still some courses you'll have to take, and doing poorly in them could scuttle everything else, so you'll just have to suffer through history of Western Civ. However, in the "spare" time you'll be able pursue anything you want; my personal suggestion would be to contact professors at some local college or university (there are probably some community college professors who would love to see anything approaching a talented and motivated student) and get them to sponsor some computing projects. This adds an air of academic legitimacy which your public school is going to need to feel good about letting you do something school administrators can't understand.
My IEP senior year specified AP Physics, since the offered physics course was a complete and total joke. I was lucky, and got five periods a week and an expanded book closet with desk. Occasionally they'd throw some old hardware at me, and halfway through the year the teacher who was nominally supervising me got promoted to an administrative position and I was left completely alone. It was a good year.
VNC
VNC
VNC
Let's say it again, VNC.
Oh, yeah. Here's a link.
You mean you want to build a linux-based kiosk?
I wasn't talking about the licenses on yacc or bison; I'm aware of the Bison licensing exception.
.y file describing the rather complicated configuration language to her GPL'ed program. The .y file is itself GPL'ed.
.y file, makes a few modifications, and releases his product under the GPL, but, and this is the kicker, doesn't release his version of the .y file, only the .c file produced by Bison or yacc.
I was talking about this case:
Alice produces a
Bob then comes along and wishes to use a similar configuration scheme in his program, so he "borrows" Alice's
I can't come up with a scheme of motivations that would cause Bob to do this, however, and that may be why there's no precedent of this form.
Why did it take so many posts for someone to point this out? Do people not read the GPL?
What a day to be without moderator points...
For those too lazy to read the whole thing, read section three, point #3 very carefully. Just because something compiles does NOT mean that it is source according to the GPL. That you would not do development on the obfuscated gobbledegook clearly shows that the obfuscated version is NOT the preferred form for modification. I would be highly suspicious that your lawyer is insufficiently anal when reading contracts if they missed this.
As for precedent, can anyone find a discussion of GPL'ed yacc/bison grammars? This would fit exactly the case above - the original source that must be distributed is the .y file, not the result of compiling the .y to a .c file. Unfortunately, I don't think that anyone has ever been tempted to rip off a GPL'ed grammar.
The only real newsworthy bit I saw in it is that apparently the people who bought the laptop and then decrypted the disk are not govenrment operatives, but "just" people working for the Wall Street Journal. If anything, this says that moderate cryptography knowledge has become routine in corporate America.
When the NSA can uncover my deepest secrets, that's one thing. When a potential employer can decrypt anything protected with twenty year old technology, I don't worry yet, but talk to me again in my mid-40s. I wonder when some of the early posts to alt.anonymous.* will become decipherable.
... or he's been listening only to the "we hate Katz" roar and not discovering where that roar comes from.
I'm going to go out on a limb and speak not just for myself, but for everyone who has the same visceral reaction against most of Katz's "social commentary" articles. I say "visceral" specifically because my first reaction is an uncomfortable feeling in my gut that is similar to the feeling I get when in the presence salesman who's overpromising.
In short, the stories of Katz's that irk me say nothing.
It's much more than that though that gets to me - certainly the "yet another Outlook-enabled virus found" story adds very little useful information - it's the style in which Katz says his nothing. It screams of the overpolished language of an excited journalist trying to "capture the feeling of the movement". This style ends up completely obscuring any other message, substance, or information that the article might have once contained. The end result is that I get the story of the intrepid reporter, out reporting his bold new story that the establishment doesn't understand. Lost is the underlying reality, lost (or never present) are serious sociological considerations. What I'm left with is a bunch of speculative drivel and the overriding story of the reporter.
And I get that story every damn time. Once was really much more than enough.
It's nice to see that Katz has backed off in his writing style. If he can return to social commentary without riding the intrepid reporter horse, it might go better for him. I'd hate to think that the slashdot editors would assume that the anto-Katz reaction reflects a fundamental unwillingness to discuss those issues among the slashdot audience. (Though I would also contend that the slashdot medium does not lend itself easily to considered discourse, but that discussion is for another post)
In short, when we rail against Katz, we're not shooting the messenger because he carries an unpopular message. We're shooting the messenger because he arrives empty-handed.
No, if gzipping a gzip'ed file doesn't make it any smaller, then the claim "gzip can compress any data" is a hoax.
And rightfully so - such a claim is ridiculous on its face. I suggest that those of you fascinated by the possibilities of compressing random data try:
bash:~$ cdbash:/tmp$ head --bytes=1000 <
bash:/tmp$ ls -l randfile
bash:/tmp$ gzip -c -1 < randfile > randfile.1.gz
bash:/tmp$ gzip -c -9 < randfile > randfile.9.gz
bash:/tmp$ ls -l rand*
There can be no algorithm that (losslessly) compresses all 1000 byte files to 999 byte files. (Hiding data in the filename or in other hidden files on the system -- don't laugh, there was a DOS-based "compression" program that did just this -- doesn't count). In fact, I'd be willing to bet that if a file were made by the process above, (reading out of /dev/random) then it is highly likely that the resulting file has the property that no program can be written that: 1) is smaller the data itself, and 2) produces that data as its output.
Hm. Now I'm actually interested in that problem - what do you suppose the probability is that a random 1000 byte file will be compressible by gzip? What is the maximum possible probability for any compression algorithm? (Obviously there's an upper bound of 50%, but I'm thinking it might be even less than that)
The main thing that prevents this is not having "." in the path, and having one's home directory or ~/bin directory last in the path, if they must be in there at all. "." in the path is almost never a good idea. "." in root's path is a definite bad idea; root's path should contain only directories which are writeable only by root. (and all of those directory's parent directories should be writeable only by root as well)
.login file to put your home directory first in the path, so you still end up being eaten by this eventually. However, there's no reason to needlessly lower the bar.
Of course, there's still nothing to prevent someone from changing your
As many others have already pointed out, this ruling is on what is considered a disability under the ADA, which is an American law that provides the minimum which everyone (employers, shopkeepers, public transportation, etc.) must do to accomodate disability. For example, I believe that it's the ADA which forces businesses that wouldn't normally allow pets on the premises to nevertheless accept seeing-eye dogs.
This ruling has no bearing on whether or not carpal tunnel could be considered a disability under, say, a worker's compensation law. It merely states that in order to invoke the power of the ADA ones disability must extend to basic life tasks; merely making ones job impossible is insufficient.
However, if your friend was forced to get a specially equipped car, then her disability was much more severe than the disability in this case, and in all likelihood meets the standard the court set in this case for invoking the ADA.
You take the statement from the article "This does not affect the non-Windows versions, because the non-Windows versions currently do not yet support the feature that this vulnerability occurs in" and conclude "If other versions did support this feature, they would be subject to this vulnerability".
Let me spell it out in straightforward logic symbols:
let "a" mean "vulnerability affects non-Windows versions"
let "b" mean "non-windows versions implement this game feature"
You take "not a because not b" (That is, "not b imples not a") and conclude "b implies (would imply) a". You have confused the converse with the contrapositive (the contrapositive would be "version xyz is vulnerable to this, therefore I know that version xyz implements the gaming feature").
Now, on to the question as to whether or not this vulnerability is in the protocol itself; this gets into a silly semantic debate that could go on and on with people yelling about definitions. As the AIM protocol has no canonical published spec. to define what it is, we can only assume that the AIM protocol is whatever the official AIM clients do when operating correctly. (For example, we shouldn't expect that the behavior of the AOL client while it is running under a debugger that randomly flips a few bits in memory every few seconds is an example of the AIM protocol)
So - is a buffer overflow the correct behavior? As much as I am inclined to think ill of the AOL/TW behemoth, I doubt that they intended their users' machines to be wide open to script kiddies everywhere.
Business class cable internet service does not exist. It is a myth concocted by the lawyers who wrote the Terms of Service.
What little chance I had of sympathizing with the "no business use" restrictions of residential service vanished once I realized that residential service is ALL there is.
The places that talk about the restrictions on residential service seem to imply that just by paying more, one can sign up for a "business class" service that is essentially the same as residential service but without those restrictions.
Unfortunately, that's not the case. Business class service (except briefly for some of the areas served by Cox cable) over cable lines does not exist. It is a strawman that cable ISPs use to pretend that their restrictions on "business" use are somehow rational. This is a re-occuring thread in various @Home newgroups.
Hopefully having an article in ComputerWorld will produce more explicit explanation from cable ISPs about what exactly they mean by business use.
Consider that a common Comcast@Home commercial shows someone auditioning for an acting job halfway across the country through an @Home webcast. If that's not allowed, I smell a bait-and-switch lawsuit.
The point is that those signatures aren't available anywhere except by doing something like searching the debian-devel-changes archives. (The .changes files, which contain those signatures, aren't in the debian mirrors, though the signed .dsc file is; however, this is only sufficient to verify the integrity of the source code, not the binaries)
Once a binary package has been installed in the debian mirror system, there's *NOTHING* in the package file itself to guarantee that it hasn't been tampered with.
The "one in five" statistic comes from a study that used as the definition of rape what was legally on the books in the state where the study was conducted (Ohio).
If you say "Oh, that doesn't count", and decide to include only violent, forcible rape, the stats drop to something like 1 in 20.
That's right, not 1 in 200, not 1%, but 5%. It's still A HELL OF A LOT OF WOMEN. It's a shame that the 1 in 5 statistic is trumpeted around where it's open to attack, because this leads people to think that rape isn't that big a problem in the US.
And "Interesting" posts should know what they're saying, but one rarely gets everything one wants.
The point: the poster is implying that there's some mismatch between looking the password up in a mysql database and doing HTTP/1.0 Basic Authentication. There isn't - the phrase "HTTP/1.0 Basic Authentication" refers to how the password is sent over the wire. The server can look up the password by carrier pidgeon for all that that matters.
It's true that the standard Apache password mechanisms look things up in flat files and not a mysql database, but that's not what the poster said.
What do public libraries have to do with children?
Sure, public libraries are a place where there may be children present, but there may be children present in a courthouse, walking down the street, or in the corner convenience store. (Where, I'll note, the only thing between the kids and serious hard-core porn is the clear plastic wrapper on some of the magazines)
The idea that libraries are somehow fundamentally aimed at children, and specifically are more aimed at children than at adults is pernicious. It leads to a culture in which the adults become alliterate (that is, being able to read but not reading) and in which librarians are imagined to be glorified babysitters with books.