Ensuring the long-term survival of the species usually means some cost to the individual. I can understand why less evolved organisms appear to be working towards species survival: because they are just following their programming. However, humans are self-aware, and so as individuals we are not brainlessly forced into accepting this cost. We should simply do whatever suits us best as individuals. Our species may ultimately fail, but whose idea was it that it should go on forever?
I don't fault in the least, for example, innuit cultures that traditionally survived on sealing; what choice, exactly, do they have? But in this world, I have all of the choices under the sun. I can choose to eat whatever the heck I want. Having that choice, I eat a vegetarian diet. This is probably the strongest point for vegetarianism/veganism. I'm surprised I don't hear it very often. Yes, humans may have depended on animal protein to evolve to our present state. Yes, humans may have generally consumed some meat over the course of history. However, in the present day, it is argued that we can obtain most, if not all, of our necessary nutrients without exploiting animals. This is thanks to our endless abundance of vegan food, and a little bit of modern science. Never could you live so healthy on a vegan diet than you can in the modern era.
This raises an interesting philosophical question: does morality change with time? It was moral to eat meat in the past, but today it is not moral? Or is it more of a matter of chosing the least destructive choice, and avoiding excess? Perhaps we can morally eat meat even in the present day, provided it is the only option. However, most of us have plenty of access to alternatives.
Of course, "the only option" could use some further defining. If you're stuck on an island with only low-protein vegetables and animals, does it become okay to muck with the animals? After all, you could probably survive just fine on the low-protein vegetables only, but it may not be the most healthy approach to living. If you just want to be healthy, more muscular, taller... is it just decadence at that point to eat meat? Or maybe it only becomes immoral to exploit animals when complete alternatives exist. If the island has nuts, beans, and a modern suppliment laboratory, then the animals are off-limits?:)
Just food for thought (no pun intended).
Personally, I do eat meat, but certainly not as often as most people in America do. There are many days where I eat vegetarian. A vegetarian diet is simply easier to manage, foods can require less preparation (Carl's Jr ad featuring the guy nervously prodding a package of ground beef anyone?), and they are often less perishable. And as a guy who counts every gram of intake, I can say that yes I get everything I need. For me, my tendency towards vegetarian eating has nothing to do with morality and all to do with effort and numbers. Don't get me wrong though, meat does offer excellent nutrition, and I occasionally work it into my diet for variety's sake.
That said, most people don't know much about nutrition. Hell, a large percent of people can't even parse the FDA-required labels. I've known fat vegetarians and vegans. Living healthy on a restricted diet *is* possible but most people just don't know how to do it. More philosophy for you: Can people who don't understand nutrition morally eat meat because they don't know any better?
The features you see in XMPP are largely based on what client you use. It could be that Pidgin simply hasn't implemented all the features you want. In that case, file a report.:)
That said: - See and show other's and my own idle time: there is no protocol for this as far as I know. People on XMPP seem to be content with auto-away messages. - See other's and set my buddy profile: you can set a status message even when non-away, people often use this for sharing current information. Otherwise, there's the VCard information which can include a description (long-lived profile, exists even if you sign out). - See people's login time: this works, the client just needs to show it. - See people's account creation time: there is no protocol for this as far as I know. - See the capabilities of someone's client: clients often don't directly show you this information, but instead features are simply enabled or disabled in menus and things depending on if you can do it. This is more of a UI concern, capability information is indeed exchanged over XMPP.
"The "why go on?" issue is a classic atheist dilemma."
Ehhh... and how is that a dilemma?
I'd argue that the pain of living does not justify the joy of living. Or further, even if you had nothing but 100% joy in living, I'd argue that since you'll eventually die anyway, there isn't much of a point to the temporary joy. Once you're dead, you'll no longer care if you had joy or not, because you won't be alive to think about that. This is a dilemma, because if you logically deduce that there is no reason to live.... well you're stuck choosing between survival instinct and logic. As a result, there are writings in atheist philosophy that address suicide.
You're right though, just because we may imagine a higher purpose does not mean there is one. What I ended up proposing in my last message was a variant of Pascal's Wager. We continue to live, because there might be a higher purpose, even though there very well may not be. Well, that, and survival instincts are very strong. I certainly don't want to die, and suicide is the farthest thing from my mind. However, survival instincts are not necessarily logical.
Continuing to live without the hope of a higher purpose is harder to justify, in my opinion. Wanting to help mankind is a noble effort, but, again, once we die, it won't matter. It doesn't matter that other people are better off because of our efforts, or that we are respected after death, or that we are written in the history books, because we won't be alive to know about it. Once we die, we are not just gone from the world, but the world is gone from us. Even though we may care for people and our species right now, I'd argue that once we die, their meaning will be the same as the meaning of characters in a dream that we just woke up from. A fun experience, but inconsequential. Death is worse than waking from a dream though, because we won't even get to remember the fun experience. Crap, I think I'm becoming a nihilist.:)
I'd argue that to justify living, the higher purpose must be tightly coupled with an afterlife. If there is no afterlife, then having god(s) in the picture doesn't help anything. Sure, you could follow the rules of the gods to be a nice citizen, but that's not any better than having to follow the rules of nature and survival. If there is nothing to gain or lose by defying the rules, then just give the universe and the gods your middle finger. It's all the same.
True, those are a lot of ridiculous assumptions. On the other hand, the notion of things just happening without purpose is unsettling. My hope is that there is a purpose, and not just a purpose for the existence of the universe, but a purpose for humans as individuals. Without individual purpose, there isn't a compelling reason to live, in my opinion, other than perhaps to avoid facing the pain of death. The "why go on?" issue is a classic atheist dilemma.
Humans have become too smart for their own good (and this point was echoed by comments in a recent slashdot story, about chimps evolving faster than humans). We're at the point where we can make decisions that seem to defy survival (see mass murders, couples choosing to not have children.. no I'm not saying these are equally severe:)). Other life-forms operate like good little computer processes, doing what they have been instructed to do. Humans, with self-perception, are not forced to play this game. We can laugh at the universe, and do whatever we damn well please, even if it is detrimental to ourselves or our species.
I'd argue that if an individual willingly sticks it out, and does it not for fear of painful death, it is because of a hope or faith in something greater than the survival treadmill. With that in mind, your presented assumptions are quite inviting.
All the browser does is make sure the strong cryptographically signed and verified cert's DN matches the totally insecure DNS lookup result.
Incorrect. The browser checks the certificate domain against the intended domain. The result of a DNS lookup is not part of the trust equation. This is the great thing about end-to-end security, everything else in the path doesn't even matter.
I agree that the way domains and certificates are purchased is ridiculous. For God's sake why are we still proving email address and domain ownership via SMTP?!
Your subject is misleading. KDE is not proprietary. It can be expensive though, if you wish to develop proprietary software.
One important thing to consider is that Qt is so darn good. People complain about programming in Gtk. No one complains about programming in Qt. If your employer buys you Qt to develop with, then you're a lucky bastard. The only thing people complain about with Qt is the commercial license cost. In some ways, this reminds me of Apple: pricey, but there are people out there that will pay that price. This is why a lot more "high end" apps are written in Qt (like Pixar's tools, for example).
That said, this is further complicated by the fact that Qt is also free as in GPL. For open source developers, the choice between Gtk and Qt is simple, and this is why KDE thrives. Granted, Gtk is used by a lot of open source developers, but I'd say this is mostly due to preference of the C progamming language. It is the KDE crew that loves what they are doing, and they make faster progress.
You wrote: If you're a "Linux enthusiast", you're using a "free" desktop to prevent paying fees to the likes of Microsoft. But with Qt, you are encouraging people to pay Trolltech.
Maybe so, but you have to admit it is a very different situation. I like that Trolltech gets paid. They give us free stuff. Free as in GPL. That's like corporate suicide. Nobody gives their stuff away like that. Fortunately, here we have a business model that allows it to happen. In fact, it turns the whole system upside down. When you pay Microsoft, you encourage further closed source development. When you pay Trolltech, you are sponsoring open source development. Qt would not be as good as it is today without this funding.
It might be that Qt is "hurting Linux" in some way, as you say. But in my opinion I don't think we'd even be talking about Linux if it weren't for Qt (and you can take that any way you like... simply technical merit, or the fact that without Qt, Gtk wouldn't have been started).
I hear you though. On some days I wish Qt were LGPL/BSD. Simple licenses make life so much easier... But it would be a tradeoff.
As I understand it, IRC is segregated into various networks (DALnet, EFnet, etc) that are basically clusters of friendly servers. This as opposed to just being openly interoperable to everyone such as email. Jabber is more akin to email, in that any domain can contact any other domain. For IRC to emerge as an IM contender, it would definitely have to ditch the notion of walled-off networks.
Is IRC capable of having all domains in the world interact with each other in a scalable fashion? In other words, a way that would not require a friendly server list nor persistant connections to every domain in existence?
in Los Angeles, we had a great grocery chain called Gelson's that was impeccably run, had no lines, and had beautiful stores
Yeah, because it costs an arm and a leg to shop there. At least at the bakery and deli, you can spend nearly double what you would at a typical supermarket (like $12 for a pound of turkey?!) Of course, the quality at Gelson's can't be beat, so I guess you get what you pay for. I only did full grocery shopping there once, during the supermarket strikes, and I will say I enjoyed my $10 pumpkin bread loaf.
I'm sure there are 101 reasons why this isn't possible
Well it shouldn't be impossible, just improbable.:) Considering the Linux kernel often breaks compatibility with its own drivers between minor versions, I don't think we have a prayer for cross-kernel driver compatibility.
My question is, what's to stop this sort of behaviour?
Nobody, unfortunately. When "Integrity Messenger" ripped off the Psi Jabber client, none of us could afford to pay for a lawyer. We tried to raise awareness by spreading news about the violation, but this only caused Integrity Messenger to threaten me with a lawsuit for slander (or something to that effect) and so we shut our mouths. I've been on a waiting list with the FSF since 2002 to get this case resolved, but nothing has happened. Christian Rishel, the evil behind Integrity Messenger, left last year and the company looks defunct now.
The worst of it is that it was entirely deliberate. Mr. Rishel tried to hire me for a relicensing deal and I declined, and so he told me I'd "get fucked someday". Considering I haven't seen an ounce of source code from these guys, or any compensation, I'd say he was right. Even if the FSF were to sue them today (and yes, I'm still in the queue), Mr. Rishel would probably not be affected. So I guess he got away with everything.
SSL and SSHv1 are both vulnerable to this type of attack. SSHv2 and IPSEC will resist it, and fail the connection, which is correct behaviour.
To be fair, this is an application issue, not a flaw in SSL/TLS. It's true, many SSL-based applications do allow the user to "continue" after receiving a bad certificate, but this is not something inherent in the protocol.
And SSH doesn't use X.509, so it's not fair to compare it to SSL. If anything this makes SSH even more prone to "stupid user" man-in-the-middle attacks.
Strange choice of example. It says that men are easily corrupted by offers of trivial sexual favours. It doesn't say anything negative about women at all.
The fact is that men are n00bs in the game of life and so women choose to play with a handicap in order to make it fair.
sha1 and md5 are generally considered so weak that they should only be used to combat error or accidents, not fraud.
Not true. SHA-1 is the hashing algorithm of practically all common security standards. It's found in SSL/TLS, X.509, PGP (the protocol, not the program, so that means GPG also!), S/MIME, etc. In other words... everything. Replacing this is going to suck.:(
The short: the grant was too small to cover the full development, and there were some Helix licensing issues still to resolve.
It wasn't meant to be vapor, we made some decent progress. With a few more months of funded development and some paperwork on the part of RealNetworks to fix their licensing problems, I'm sure it could have happened.
I think his point is that while Linux may be making a lot of money, the actual developers rarely see any of it. Yes, some open source is funded, but most of it is not. Imagine of some of these millions were to go to a project like KDE? Geezus, the whole thing would be done by now.
I don't know who is getting all of this "Linux money", but it certainly isn't affecting the projects I care about. I'm not saying that developers should be jealous of these companies that have taken their products and made money with them. After all, that's part of the freedom that has been given to them. But it is depressing that not much of this money goes back to the community. I don't say this because the developers should be rewarded or get rich, I say it because the money would speed up development.
Many of us probably can name many OSS projects we'd like to see completed. These Linux sales numbers won't impress me one bit until I see my favorite programs being sponsored.
These are implementation problems, not protocol problems. For example, the 'xmlns' should NOT be treated like an attribute, even though some implementations do, like jabberd (as well as Psi (*hangs head in shame*)). Can you point out anything that is wrong in the actual RFC 3920 specification?
This is a joint effort with Psi, and has a projected release for September (this month).
The actual protocol specifications are ready, and available on the Delta project page, as jep-rtsp and jep-media. I have not yet submitted them to the JSF to be accepted as formal JEPs, as I already have some other protocol specs in their queue that I want to resolve first (particularly a patch to JEP-0065 to incorporate UDP support).
On the software side of things, we'll likely be late. This is somewhat related to a misunderstanding regarding the Helix SDK's capability. While the toolkit is quite mature for most purposes, it has never been used in a peer-to-peer fashion, where content is served from an end-user desktop application. This will be a first, but is taking us a little longer to deal with. It might be October before we have a beta.
do any thumb-texting predictive text devices use predictive method more advanced than Markov chain? (essentially just looking at list of words that start with already typed prefix) That's how it seems to work on all the cell phones I tried. There's enough research out there to make a more advanced system. For instance, a word level Markov chain that offer words that are likely to follow first. Or an approach that would allow better generalization, such as decision tree predictor.
Hmm, I hadn't considered there might have been better algorithms. I could have used one back in the day.:)
A little story: In 1999, I had set up an email server so that I could send SMS messages to it (via my phone provider's email gateway) to perform computer commands. One of its features was the ability to sign onto ICQ and send messages. It worked well, despite the fact that typing on a phone was cumbersome. Later that month, I started hearing about T9 phones, but unfortunately there was no such phone available in the USA yet. I really wanted to have predictive text, and so I decided to implement a similar algorithm in my SMS processing program. What was funny and stupid is that by doing the dictionary parsing on the server, not only was I unable to actually see what I was typing on the phone, but I couldn't do any candidate selection!:) It worked by having me type in a series of numbers (I would put the phone in numeric mode), and then the server would convert that into words, putting multiple candidates in parenthesis. It was the only way I could think of doing it.
The result is that a message from my phone might look like this: "(hey, hex) (are, ape) you going to (class, clasp) today?"
Almost like mad libs! Ahh, the good old days...
Re:cool to see it get fixes
on
Enlightenment Lives
·
· Score: 2, Informative
As long as the X-Windows system is divided with no clear objective
The X-Window system has no objective whatsoever regarding desktop environments, let alone a clear one. It is only a display surface.
As far as desktop environments go, of course we're divided. There's Windows, Mac, KDE, GNOME, etc. Why aren't we up in arms that Apple created their own desktop instead of working with what existed? Each of these projects has a reason for being. And sure, their existence takes away from the others. For example, lots of software is Mac only, and so the rest of us miss out. This is inherent to having many desktop environments.
But hey, at least on a usual X11-based OS, you can run KDE and GNOME apps at the same time. Running a Windows app on a Mac is considered a feat and a feature, but for some reason having the GIMP under KDE means that Linux sucks. I'll just end this by saying that Linux isn't even a desktop.
>> 1) does SSL prevent this attack from working? > >If you do the packet injection before the SSL session is negotiated (and setup your own SSL session with your own self-signed certificate), no.
The whole purpose of certificates in SSL/TLS is to prevent against man-in-the-middle attacks such as this. A self-signed certificate is as good as no certificate at all, and this should not fool any decent SSL application.
Actually....my understanding is that subway is now the largest fast food chain.
On a side note, does Subway count as "fast food" ? Certainly they serve the food quickly, but you can hardly put them in the same category as McDonald's, Burger King, Taco Bell, etc. "Fast food" is less about speed and more about food preparation and other business practices. Wikipedia has more details. Personally, to avoid confusion, I tend to refer to Subway, Quizno's, Baja Fresh, etc as "quick food", for lack of a better term, instead of fast food. This indicates that the service is speedy without the implication that the food is crap.
I remember back when the file sharing networks were being attacked by the RIAA, it was common for people to post here and say that the programs and networks are just tools that can be used for good or evil. Thus, the networks are innocent and the RIAA should really be going after the actual traders. Well, now they are. So what's all this fuss about?
Slashdot Mirror
Ensuring the long-term survival of the species usually means some cost to the individual. I can understand why less evolved organisms appear to be working towards species survival: because they are just following their programming. However, humans are self-aware, and so as individuals we are not brainlessly forced into accepting this cost. We should simply do whatever suits us best as individuals. Our species may ultimately fail, but whose idea was it that it should go on forever?
This raises an interesting philosophical question: does morality change with time? It was moral to eat meat in the past, but today it is not moral? Or is it more of a matter of chosing the least destructive choice, and avoiding excess? Perhaps we can morally eat meat even in the present day, provided it is the only option. However, most of us have plenty of access to alternatives.
Of course, "the only option" could use some further defining. If you're stuck on an island with only low-protein vegetables and animals, does it become okay to muck with the animals? After all, you could probably survive just fine on the low-protein vegetables only, but it may not be the most healthy approach to living. If you just want to be healthy, more muscular, taller... is it just decadence at that point to eat meat? Or maybe it only becomes immoral to exploit animals when complete alternatives exist. If the island has nuts, beans, and a modern suppliment laboratory, then the animals are off-limits?
Just food for thought (no pun intended).
Personally, I do eat meat, but certainly not as often as most people in America do. There are many days where I eat vegetarian. A vegetarian diet is simply easier to manage, foods can require less preparation (Carl's Jr ad featuring the guy nervously prodding a package of ground beef anyone?), and they are often less perishable. And as a guy who counts every gram of intake, I can say that yes I get everything I need. For me, my tendency towards vegetarian eating has nothing to do with morality and all to do with effort and numbers. Don't get me wrong though, meat does offer excellent nutrition, and I occasionally work it into my diet for variety's sake.
That said, most people don't know much about nutrition. Hell, a large percent of people can't even parse the FDA-required labels. I've known fat vegetarians and vegans. Living healthy on a restricted diet *is* possible but most people just don't know how to do it. More philosophy for you: Can people who don't understand nutrition morally eat meat because they don't know any better?
The features you see in XMPP are largely based on what client you use. It could be that Pidgin simply hasn't implemented all the features you want. In that case, file a report. :)
That said:
- See and show other's and my own idle time: there is no protocol for this as far as I know. People on XMPP seem to be content with auto-away messages.
- See other's and set my buddy profile: you can set a status message even when non-away, people often use this for sharing current information. Otherwise, there's the VCard information which can include a description (long-lived profile, exists even if you sign out).
- See people's login time: this works, the client just needs to show it.
- See people's account creation time: there is no protocol for this as far as I know.
- See the capabilities of someone's client: clients often don't directly show you this information, but instead features are simply enabled or disabled in menus and things depending on if you can do it. This is more of a UI concern, capability information is indeed exchanged over XMPP.
"The "why go on?" issue is a classic atheist dilemma."
:)
Ehhh... and how is that a dilemma?
I'd argue that the pain of living does not justify the joy of living. Or further, even if you had nothing but 100% joy in living, I'd argue that since you'll eventually die anyway, there isn't much of a point to the temporary joy. Once you're dead, you'll no longer care if you had joy or not, because you won't be alive to think about that. This is a dilemma, because if you logically deduce that there is no reason to live.... well you're stuck choosing between survival instinct and logic. As a result, there are writings in atheist philosophy that address suicide.
You're right though, just because we may imagine a higher purpose does not mean there is one. What I ended up proposing in my last message was a variant of Pascal's Wager. We continue to live, because there might be a higher purpose, even though there very well may not be. Well, that, and survival instincts are very strong. I certainly don't want to die, and suicide is the farthest thing from my mind. However, survival instincts are not necessarily logical.
Continuing to live without the hope of a higher purpose is harder to justify, in my opinion. Wanting to help mankind is a noble effort, but, again, once we die, it won't matter. It doesn't matter that other people are better off because of our efforts, or that we are respected after death, or that we are written in the history books, because we won't be alive to know about it. Once we die, we are not just gone from the world, but the world is gone from us. Even though we may care for people and our species right now, I'd argue that once we die, their meaning will be the same as the meaning of characters in a dream that we just woke up from. A fun experience, but inconsequential. Death is worse than waking from a dream though, because we won't even get to remember the fun experience. Crap, I think I'm becoming a nihilist.
I'd argue that to justify living, the higher purpose must be tightly coupled with an afterlife. If there is no afterlife, then having god(s) in the picture doesn't help anything. Sure, you could follow the rules of the gods to be a nice citizen, but that's not any better than having to follow the rules of nature and survival. If there is nothing to gain or lose by defying the rules, then just give the universe and the gods your middle finger. It's all the same.
True, those are a lot of ridiculous assumptions. On the other hand, the notion of things just happening without purpose is unsettling. My hope is that there is a purpose, and not just a purpose for the existence of the universe, but a purpose for humans as individuals. Without individual purpose, there isn't a compelling reason to live, in my opinion, other than perhaps to avoid facing the pain of death. The "why go on?" issue is a classic atheist dilemma.
:)). Other life-forms operate like good little computer processes, doing what they have been instructed to do. Humans, with self-perception, are not forced to play this game. We can laugh at the universe, and do whatever we damn well please, even if it is detrimental to ourselves or our species.
Humans have become too smart for their own good (and this point was echoed by comments in a recent slashdot story, about chimps evolving faster than humans). We're at the point where we can make decisions that seem to defy survival (see mass murders, couples choosing to not have children.. no I'm not saying these are equally severe
I'd argue that if an individual willingly sticks it out, and does it not for fear of painful death, it is because of a hope or faith in something greater than the survival treadmill. With that in mind, your presented assumptions are quite inviting.
All the browser does is make sure the strong cryptographically signed and verified cert's DN matches the totally insecure DNS lookup result.
Incorrect. The browser checks the certificate domain against the intended domain. The result of a DNS lookup is not part of the trust equation. This is the great thing about end-to-end security, everything else in the path doesn't even matter.
I agree that the way domains and certificates are purchased is ridiculous. For God's sake why are we still proving email address and domain ownership via SMTP?!
KDE == Proprietary and expensive
Your subject is misleading. KDE is not proprietary. It can be expensive though, if you wish to develop proprietary software.
One important thing to consider is that Qt is so darn good. People complain about programming in Gtk. No one complains about programming in Qt. If your employer buys you Qt to develop with, then you're a lucky bastard. The only thing people complain about with Qt is the commercial license cost. In some ways, this reminds me of Apple: pricey, but there are people out there that will pay that price. This is why a lot more "high end" apps are written in Qt (like Pixar's tools, for example).
That said, this is further complicated by the fact that Qt is also free as in GPL. For open source developers, the choice between Gtk and Qt is simple, and this is why KDE thrives. Granted, Gtk is used by a lot of open source developers, but I'd say this is mostly due to preference of the C progamming language. It is the KDE crew that loves what they are doing, and they make faster progress.
You wrote: If you're a "Linux enthusiast", you're using a "free" desktop to prevent paying fees to the likes of Microsoft. But with Qt, you are encouraging people to pay Trolltech.
Maybe so, but you have to admit it is a very different situation. I like that Trolltech gets paid. They give us free stuff. Free as in GPL. That's like corporate suicide. Nobody gives their stuff away like that. Fortunately, here we have a business model that allows it to happen. In fact, it turns the whole system upside down. When you pay Microsoft, you encourage further closed source development. When you pay Trolltech, you are sponsoring open source development. Qt would not be as good as it is today without this funding.
It might be that Qt is "hurting Linux" in some way, as you say. But in my opinion I don't think we'd even be talking about Linux if it weren't for Qt (and you can take that any way you like... simply technical merit, or the fact that without Qt, Gtk wouldn't have been started).
I hear you though. On some days I wish Qt were LGPL/BSD. Simple licenses make life so much easier... But it would be a tradeoff.
As I understand it, IRC is segregated into various networks (DALnet, EFnet, etc) that are basically clusters of friendly servers. This as opposed to just being openly interoperable to everyone such as email. Jabber is more akin to email, in that any domain can contact any other domain. For IRC to emerge as an IM contender, it would definitely have to ditch the notion of walled-off networks.
Is IRC capable of having all domains in the world interact with each other in a scalable fashion? In other words, a way that would not require a friendly server list nor persistant connections to every domain in existence?
in Los Angeles, we had a great grocery chain called Gelson's that was impeccably run, had no lines, and had beautiful stores
Yeah, because it costs an arm and a leg to shop there. At least at the bakery and deli, you can spend nearly double what you would at a typical supermarket (like $12 for a pound of turkey?!) Of course, the quality at Gelson's can't be beat, so I guess you get what you pay for. I only did full grocery shopping there once, during the supermarket strikes, and I will say I enjoyed my $10 pumpkin bread loaf.
I'm sure there are 101 reasons why this isn't possible
:) Considering the Linux kernel often breaks compatibility with its own drivers between minor versions, I don't think we have a prayer for cross-kernel driver compatibility.
Well it shouldn't be impossible, just improbable.
My question is, what's to stop this sort of behaviour?
Nobody, unfortunately. When "Integrity Messenger" ripped off the Psi Jabber client, none of us could afford to pay for a lawyer. We tried to raise awareness by spreading news about the violation, but this only caused Integrity Messenger to threaten me with a lawsuit for slander (or something to that effect) and so we shut our mouths. I've been on a waiting list with the FSF since 2002 to get this case resolved, but nothing has happened. Christian Rishel, the evil behind Integrity Messenger, left last year and the company looks defunct now.
The worst of it is that it was entirely deliberate. Mr. Rishel tried to hire me for a relicensing deal and I declined, and so he told me I'd "get fucked someday". Considering I haven't seen an ounce of source code from these guys, or any compensation, I'd say he was right. Even if the FSF were to sue them today (and yes, I'm still in the queue), Mr. Rishel would probably not be affected. So I guess he got away with everything.
SSL and SSHv1 are both vulnerable to this type of attack. SSHv2 and IPSEC will resist it, and fail the connection, which is correct behaviour.
To be fair, this is an application issue, not a flaw in SSL/TLS. It's true, many SSL-based applications do allow the user to "continue" after receiving a bad certificate, but this is not something inherent in the protocol.
And SSH doesn't use X.509, so it's not fair to compare it to SSL. If anything this makes SSH even more prone to "stupid user" man-in-the-middle attacks.
Strange choice of example. It says that men are easily corrupted by offers of trivial sexual favours. It doesn't say anything negative about women at all.
The fact is that men are n00bs in the game of life and so women choose to play with a handicap in order to make it fair.
sha1 and md5 are generally considered so weak that they should only be used to combat error or accidents, not fraud.
:(
Not true. SHA-1 is the hashing algorithm of practically all common security standards. It's found in SSL/TLS, X.509, PGP (the protocol, not the program, so that means GPG also!), S/MIME, etc. In other words... everything. Replacing this is going to suck.
The short: the grant was too small to cover the full development, and there were some Helix licensing issues still to resolve.
It wasn't meant to be vapor, we made some decent progress. With a few more months of funded development and some paperwork on the part of RealNetworks to fix their licensing problems, I'm sure it could have happened.
I think his point is that while Linux may be making a lot of money, the actual developers rarely see any of it. Yes, some open source is funded, but most of it is not. Imagine of some of these millions were to go to a project like KDE? Geezus, the whole thing would be done by now.
I don't know who is getting all of this "Linux money", but it certainly isn't affecting the projects I care about. I'm not saying that developers should be jealous of these companies that have taken their products and made money with them. After all, that's part of the freedom that has been given to them. But it is depressing that not much of this money goes back to the community. I don't say this because the developers should be rewarded or get rich, I say it because the money would speed up development.
Many of us probably can name many OSS projects we'd like to see completed. These Linux sales numbers won't impress me one bit until I see my favorite programs being sponsored.
We need to fund U.S. research of a Disenchant before they can acquire a Counterspell!!!
Who needs a Disenchant when there's this? I swear, MTG is broken. Let's all go back to Revised Edition.
email/smtp had some design flaws when it comes to identifying senders. Does Jabber "solve" this.
Yes. A client cannot fake the username part of an address, and the server cannot fake the domain part.
These are implementation problems, not protocol problems. For example, the 'xmlns' should NOT be treated like an attribute, even though some implementations do, like jabberd (as well as Psi (*hangs head in shame*)). Can you point out anything that is wrong in the actual RFC 3920 specification?
This is a joint effort with Psi, and has a projected release for September (this month).
The actual protocol specifications are ready, and available on the Delta project page, as jep-rtsp and jep-media. I have not yet submitted them to the JSF to be accepted as formal JEPs, as I already have some other protocol specs in their queue that I want to resolve first (particularly a patch to JEP-0065 to incorporate UDP support).
On the software side of things, we'll likely be late. This is somewhat related to a misunderstanding regarding the Helix SDK's capability. While the toolkit is quite mature for most purposes, it has never been used in a peer-to-peer fashion, where content is served from an end-user desktop application. This will be a first, but is taking us a little longer to deal with. It might be October before we have a beta.
do any thumb-texting predictive text devices use predictive method more advanced than Markov chain? (essentially just looking at list of words that start with already typed prefix) That's how it seems to work on all the cell phones I tried. There's enough research out there to make a more advanced system. For instance, a word level Markov chain that offer words that are likely to follow first. Or an approach that would allow better generalization, such as decision tree predictor.
:)
:) It worked by having me type in a series of numbers (I would put the phone in numeric mode), and then the server would convert that into words, putting multiple candidates in parenthesis. It was the only way I could think of doing it.
Hmm, I hadn't considered there might have been better algorithms. I could have used one back in the day.
A little story: In 1999, I had set up an email server so that I could send SMS messages to it (via my phone provider's email gateway) to perform computer commands. One of its features was the ability to sign onto ICQ and send messages. It worked well, despite the fact that typing on a phone was cumbersome. Later that month, I started hearing about T9 phones, but unfortunately there was no such phone available in the USA yet. I really wanted to have predictive text, and so I decided to implement a similar algorithm in my SMS processing program. What was funny and stupid is that by doing the dictionary parsing on the server, not only was I unable to actually see what I was typing on the phone, but I couldn't do any candidate selection!
The result is that a message from my phone might look like this:
"(hey, hex) (are, ape) you going to (class, clasp) today?"
Almost like mad libs! Ahh, the good old days...
As long as the X-Windows system is divided with no clear objective
The X-Window system has no objective whatsoever regarding desktop environments, let alone a clear one. It is only a display surface.
As far as desktop environments go, of course we're divided. There's Windows, Mac, KDE, GNOME, etc. Why aren't we up in arms that Apple created their own desktop instead of working with what existed? Each of these projects has a reason for being. And sure, their existence takes away from the others. For example, lots of software is Mac only, and so the rest of us miss out. This is inherent to having many desktop environments.
But hey, at least on a usual X11-based OS, you can run KDE and GNOME apps at the same time. Running a Windows app on a Mac is considered a feat and a feature, but for some reason having the GIMP under KDE means that Linux sucks. I'll just end this by saying that Linux isn't even a desktop.
>> 1) does SSL prevent this attack from working?
>
>If you do the packet injection before the SSL session is negotiated (and setup your own SSL session with your own self-signed certificate), no.
The whole purpose of certificates in SSL/TLS is to prevent against man-in-the-middle attacks such as this. A self-signed certificate is as good as no certificate at all, and this should not fool any decent SSL application.
Actually.. ..my understanding is that subway is now the largest fast food chain.
On a side note, does Subway count as "fast food" ? Certainly they serve the food quickly, but you can hardly put them in the same category as McDonald's, Burger King, Taco Bell, etc. "Fast food" is less about speed and more about food preparation and other business practices. Wikipedia has more details. Personally, to avoid confusion, I tend to refer to Subway, Quizno's, Baja Fresh, etc as "quick food", for lack of a better term, instead of fast food. This indicates that the service is speedy without the implication that the food is crap.
I remember back when the file sharing networks were being attacked by the RIAA, it was common for people to post here and say that the programs and networks are just tools that can be used for good or evil. Thus, the networks are innocent and the RIAA should really be going after the actual traders. Well, now they are. So what's all this fuss about?