What absolute rubbish, computer geeks are some of the most political people I know. Take ESR or RMS for example every thing they do is political.
You've got that backwards. You should have said, "some of the most political people I know are computer geeks." Or at least found some more relevant evidence to back up what you did say.
Sorry, but I have to agree with the Anonymous Coward on this one. You come out with the phrase '4096-bit encryption' like you think it means something, and then you try to back it up with this:
Triple-DES or RSA possibly.
Triple-DES is a block cipher, with a key size of 112 bits. RSA is a public-key algorithm, which will work with 4096-bit keys.
I hear PGP supports Blowfish and IDEA as well.
Again you display your lack of basic knowledge of cryptographic algorithms. Blowfish and IDEA are both block ciphers, with key sizes of 32-448 bits and 128 bits, respectively. These have absolutely nothing to do with the '4096-bit encryption' you brought up.
We haven't even completely broken the crapply 56-bit (or was it 128-but, I can't remember) DES encryption used by ROM3 satellite cards, so why the heck do you think the gov't can break 4096-bit encryption alone?
First off, DES is 56 bits. Always has been, always will be. And a key space of that size can be brute-forced in a matter of hours (if not minutes, if you've got enough money to throw at it.)
There are valid reasons for believing that "The Government" can't break 4096-bit encryption. The idea that 56-bit DES hasn't been broken isn't one of them.
[I know, I probably HBT, so I'm going to quit now]
Thanks; that's the insightful comment I've been looking for. I was despairing of ever finding it, reading through this thread.
You're right; there should be no reason for the web server to have access to the credit card information once it has been accepted. The web server should absolutely not be the machine in charge of the recurring billing.
The point which has not been stressed enough here is that if the web server has any method of retrieving the credit card information, then it doesn't matter how many layers of encryption, how many layers of firewalls and semi-isolated machines connected through obscure cabling techniques you use, all of the information an intruder needs to access it is sitting right there on the web server.
If an intruder has root access to the web server, (a not-uncommon occurrance these days,) then it won't matter how complicated you've made the protocol for accessing the information; all he has to do is trick the server into getting it for him.
The only 'solution' to this problem is not to give the web server any access. Use write-only media, like public key encryption with no private key, a network connection to a machine which will not give the data back, or use a physical line printer and have someone re-key the data later.
Mind you, this reminds me of the ongoing fight I'm having with a coffee maker who sold me 2 12-cup coffee makers that make only 6 8-ounce cups. Nothing in the fine print, nothing in the packaging, nothing in the manual.
Every coffee maker I've ever seen uses a 5oz measure for a standard 'cup' of coffee. So a 12 coffee-cup coffee maker makes 60oz of coffee, or 7.5 American 'cups'.
I don't know if this is deceptive (if it is, it's all across the industry) or just a different use of the word 'cup' than you're used to. If they had advertised it as a 3L coffee maker, then you'd have a case.
I was worried that your only beef with Mr. Zuccarini at the time was that he held a domain name with someone else's trademark in it, and "you can't do that -- some nice company owns that word!" (not your words, obviously, just an argument I've heard here before, and one I was concerned you were making).
I agree completely that he was using the name in bad faith, and that's the point that needs to me made against him, not just that he was using the name at all.
I considered that, but I was replying to an AC who began by asking me to assume that "your product is making you lots of $$$" which I figured would be at least enough to offer Mr Zuccarini more than he would make from one measly domain name (considering that he only makes $800K - $1M annually from all his domains combined).
I was further asked to take the position of a 'capitalist person', and purchasing the domain name, at whatever cost necessary, seemed like the ideal capitalist solution. Interference from your wise people in the legislature certainly seems contrary to my (assumed) capitalist ideals:)
Well, first off, we'll have to assume that I not only created the product, but I have registered the trademark 'Cicadia' in the relevant domains.
Now, please correct me if necessary, but I thought that the only way to infringe on a trademark, even a registered one, was to use that name, or something confusingly similar, to compete against me in the same trade domain. Unless I am in the porn industry, and have registered my trademark in that domain, I don't think my trademark is being infinged.
Similarly, you could create a new line of network switches called 'Matrix', and Toyota (or AOL-TW) couldn't do anything about it. You could create a new clear softdrink and call it 'Windows', and Microsoft couldn't dispute it. You could even register those words as trademarks. No infringement.
Perhaps, being the capitalist person I am, I would consider my best course of action to be to offer Mr. Zuccarini enough money to sell me cicadia.com. My solid belief in capitalist economic principles suggests to me that there must be some amount I could offer which would be more than he would expect to gain by keeping the domain to himself, and he would sell it to me.
None of those options represents a valid MIME type, though. You may get a 406 Not Acceptable response from the web server, or you may get whatever content the server decides is best.
Try: GET / HTTP/1.0
Accept: text/html, text/plain
For.zip files, try curl or wget, unless you want to cut and paste all of that 8-bit binary from your terminal window.
...I typed in a URL in the form of "www.{product name}.com". I informed him that the URL contained a registered trademark.
And what, exactly, is wrong with that? (Please tell me you're not one of those people who believe that such domain names should automatically go to the owner of the trademark?)
Sure; the radiation leakage from your television set is easily strong enough to be picked up by a van across the street and reconstructed to show the actual picture you are seeing.
Since they are the cable company (and presumably a monopoly), they have access to all of the cable video streams which you could be watching. If your signal matches one which you aren't paying for, then know you're stealing cable.
Do they actually do this?
Who knows; it's pretty sneaky, akin to looking in everybody's windows to see what they're up to. I've no idea whether that sort of evidence would stand up in court.
As long as all of your password-authenticated services are controlled by the same authority (i.e., the same company), there is no problem with having a single password for all of them. It may even be more secure to have a single properly administered password database than to have each application managing its own database.
The reason security experts always tell you not to use the same password for everything is that most people have passwords for services from many different organisations, each with its own password database. If any of these databases is compromised, then someone may have access to all of your accounts.
As long as you have one identity in a single security domain, there is (usually) no reason to have multiple passwords.
I wish it did. Unfortunately, copying for personal use is not considered the same as copying for distribution. I've also heard opinions that you (as the receiver) have to be the one doing the copying (whatever that means, on the Internet). So it would be legal for you to borrow a CD and copy it, but not for the owner of the CD to give you a copy. Go figure.
You might be able to use services like this legally, if you can claim that you were only copying for your own use (and not for the purpose of sharing).
The current levy is $0.21CAD per CD-R or CD-RW, $0.77CAD per CD-R-Audio, and $0.29CAD per audio cassette. See the CPCC FAQ list for details.
As regards piracy, if you do live in Canada, it's quite likely that you haven't actually been pirating music. Canadian copyright law states that copying recorded works for personal use is not an infringement of copyright. It's not even frowned upon. It's totally legal to copy your friend's CDs and make MP3s out of them. It's probably legal to buy a CD, copy it, and return it, as long as the copying is done for personal use.
(d) 0.8 for each megabyte of memory in each removable electronic memory card, each removable flash memory storage medium of any type, or each removable micro-hard drive;
The levy is being raised on commodity components - all CD-R, CD-RW, DVD-R and smartmedia/compactflash items. They don't have to base anything on potential storage capacity; if you buy a player with no storage, like a discman or minidisc player, then you are taxed on the media you buy.
Slashdot Mirror
I wouldn't be too sure about your wallet, either. I hear the new $10 bill will be made of Jello :)
Why don't you ask the Internet Oracle?
You've got that backwards. You should have said, "some of the most political people I know are computer geeks." Or at least found some more relevant evidence to back up what you did say.
Triple-DES or RSA possibly.
Triple-DES is a block cipher, with a key size of 112 bits. RSA is a public-key algorithm, which will work with 4096-bit keys.
I hear PGP supports Blowfish and IDEA as well.
Again you display your lack of basic knowledge of cryptographic algorithms. Blowfish and IDEA are both block ciphers, with key sizes of 32-448 bits and 128 bits, respectively. These have absolutely nothing to do with the '4096-bit encryption' you brought up.
We haven't even completely broken the crapply 56-bit (or was it 128-but, I can't remember) DES encryption used by ROM3 satellite cards, so why the heck do you think the gov't can break 4096-bit encryption alone?
First off, DES is 56 bits. Always has been, always will be. And a key space of that size can be brute-forced in a matter of hours (if not minutes, if you've got enough money to throw at it.)
There are valid reasons for believing that "The Government" can't break 4096-bit encryption. The idea that 56-bit DES hasn't been broken isn't one of them.
[I know, I probably HBT, so I'm going to quit now]
You're right; there should be no reason for the web server to have access to the credit card information once it has been accepted. The web server should absolutely not be the machine in charge of the recurring billing.
The point which has not been stressed enough here is that if the web server has any method of retrieving the credit card information, then it doesn't matter how many layers of encryption, how many layers of firewalls and semi-isolated machines connected through obscure cabling techniques you use, all of the information an intruder needs to access it is sitting right there on the web server.
If an intruder has root access to the web server, (a not-uncommon occurrance these days,) then it won't matter how complicated you've made the protocol for accessing the information; all he has to do is trick the server into getting it for him.
The only 'solution' to this problem is not to give the web server any access. Use write-only media, like public key encryption with no private key, a network connection to a machine which will not give the data back, or use a physical line printer and have someone re-key the data later.
Every coffee maker I've ever seen uses a 5oz measure for a standard 'cup' of coffee. So a 12 coffee-cup coffee maker makes 60oz of coffee, or 7.5 American 'cups'.
I don't know if this is deceptive (if it is, it's all across the industry) or just a different use of the word 'cup' than you're used to. If they had advertised it as a 3L coffee maker, then you'd have a case.
I agree completely that he was using the name in bad faith, and that's the point that needs to me made against him, not just that he was using the name at all.
I considered that, but I was replying to an AC who began by asking me to assume that "your product is making you lots of $$$" which I figured would be at least enough to offer Mr Zuccarini more than he would make from one measly domain name (considering that he only makes $800K - $1M annually from all his domains combined).
I was further asked to take the position of a 'capitalist person', and purchasing the domain name, at whatever cost necessary, seemed like the ideal capitalist solution. Interference from your wise people in the legislature certainly seems contrary to my (assumed) capitalist ideals :)
Now, please correct me if necessary, but I thought that the only way to infringe on a trademark, even a registered one, was to use that name, or something confusingly similar, to compete against me in the same trade domain. Unless I am in the porn industry, and have registered my trademark in that domain, I don't think my trademark is being infinged.
Similarly, you could create a new line of network switches called 'Matrix', and Toyota (or AOL-TW) couldn't do anything about it. You could create a new clear softdrink and call it 'Windows', and Microsoft couldn't dispute it. You could even register those words as trademarks. No infringement.
Perhaps, being the capitalist person I am, I would consider my best course of action to be to offer Mr. Zuccarini enough money to sell me cicadia.com. My solid belief in capitalist economic principles suggests to me that there must be some amount I could offer which would be more than he would expect to gain by keeping the domain to himself, and he would sell it to me.
Try:
GET / HTTP/1.0
Accept: text/html, text/plain
For .zip files, try curl or wget, unless you want to cut and paste all of that 8-bit binary from your terminal window.
And what, exactly, is wrong with that? (Please tell me you're not one of those people who believe that such domain names should automatically go to the owner of the trademark?)
So use /sbin/fdisk then
Or maybe you should be unplugging your webcam when you visit pr0n sites with flash applets :)
Yep - check out the reflection of the original message on the side of the truck.
It would, assuming that you could show it had sort of relevance to the field of psychology.
You'd better not -- I patented the logic behind those mistakes; if you even think about making the same mistakes, I'll see you in court!
Sure; the radiation leakage from your television set is easily strong enough to be picked up by a van across the street and reconstructed to show the actual picture you are seeing.
Since they are the cable company (and presumably a monopoly), they have access to all of the cable video streams which you could be watching. If your signal matches one which you aren't paying for, then know you're stealing cable.
Do they actually do this?
Who knows; it's pretty sneaky, akin to looking in everybody's windows to see what they're up to. I've no idea whether that sort of evidence would stand up in court.
As long as all of your password-authenticated services are controlled by the same authority (i.e., the same company), there is no problem with having a single password for all of them. It may even be more secure to have a single properly administered password database than to have each application managing its own database.
The reason security experts always tell you not to use the same password for everything is that most people have passwords for services from many different organisations, each with its own password database. If any of these databases is compromised, then someone may have access to all of your accounts.
As long as you have one identity in a single security domain, there is (usually) no reason to have multiple passwords.
Are you Canadian? Great. It's legal. You can legally make copies of recorded music for your own personal use. You won't be called a criminal for that.
Sure -- I always surf the web with telnet; doesn't everyone?
Well, 5/3 is still a fraction :)
You might be able to use services like this legally, if you can claim that you were only copying for your own use (and not for the purpose of sharing).
The relevant section of the Copyright Act can be found here.
Check out www.raging.com. Altavista search; nothing but text.
As regards piracy, if you do live in Canada, it's quite likely that you haven't actually been pirating music. Canadian copyright law states that copying recorded works for personal use is not an infringement of copyright. It's not even frowned upon. It's totally legal to copy your friend's CDs and make MP3s out of them. It's probably legal to buy a CD, copy it, and return it, as long as the copying is done for personal use.
(d) 0.8 for each megabyte of memory in each removable electronic memory card, each removable flash memory storage medium of any type, or each removable micro-hard drive;
The levy is being raised on commodity components - all CD-R, CD-RW, DVD-R and smartmedia/compactflash items. They don't have to base anything on potential storage capacity; if you buy a player with no storage, like a discman or minidisc player, then you are taxed on the media you buy.