C'mon - you obviously know nothing about electrical engineering or signal transmission.
Anyone who knows anything about computers could tell you that sending zeros down a wire doesn't use any power. All the power consumption comes from sending ones. Sending a zero is the same as doing nothing, so what does it matter if half of your bus just goes unused until you need it?
Incidently, this is also the reason why LZIP compression is never used for data transmission. By only eliminating the zeros, there is no effective savings w.r.t. power consumption.
I believe that the same principle also applies to hard drive storage as well (storing a zero bit is the same as storing nothing, and so should take up no physical space), but I can't seem to find any references to back me up.
I read this paragraph as implying that if you even compile some source code with a freely available tool, such as gcc, then you program becomes "Potentially Viral Software".
One of the conditions of the licence is your
(ii) not using Potentially Viral Software (e.g. tools) to develop Recipient software which includes the Software, in whole or in part.
They're implying that if you so much as compile a line of source with gcc, then your whole project, including the bits that you've compiled with their toolkit, and the toolkit itself, will immediately be covered by the GPL!
Someone needs to clue MS in that the GPL isn't an airborne virus. They can't get it from someone breathing near their software.
Actually I have been wondering... what are the home-server-friendly broadband options? Are you stuck going to "business" DSL if you want to run servers without violating the TOS?
I'm not sure about Seattle; in Vancouver there are a few options, depending on your provider. Internet Gateway (now Uniserve?) provides up to 2 static IPs for C$5/month each, while Telus offers a "High Speed Server Package" for C$80/month (about twice the price of 'basic' DSL). Other providers probably have similar offers; I haven't checked recently.
Business DSL still runs several hundred dollars a month... as far as I can tell, there's no difference in service, it's just that they won't install residential DSL in a commercial building.
Is that something that could be fixed with/etc/hosts.deny??? Or does it need to be firewall rule?
I believe that/etc/hosts.deny only protects those services which are running through tcp_wrappers.
If you can get your web server (or other service) to run under tcpd, then that should work. Of course, you will also have to know the domain names and/or IP addresses of all of the machines that @home uses for port scans. That list might be hard to come by.
I received an e-mail from the Rogers@Home security department informing me that they did a scan of port 25 on their networks and found that my mailer had mail relaying enabled.
That's interesting... I had always assumed that they would only be looking for servers on port 80 (to keep everyone using members.home.net?) The fact that they're scanning for open SMTP relays may mean that they're more concerned about a domain under.rogers.home.com becoming a spam gateway, and Rogers being blacklisted on ORBS and the like.
On a related note, it shouldn't be too hard to tell what services they _are_ scanning for... does anyone have any ipfilter or ipchains logs showing activity from @home?
There really isn't any one solution...my best guess for this is to have a domain set aside specifically for JUST trademarked corporate names (.tm) If you access a.tm domain, you know it's a valid trademark for a valid product...play first come, first serve with the rest of the domains, you lose it, you sucks.com
Well, first off, the people of Turkmenistan might not be too happy about having their ISO standard country code taken away from them just so that American consumers won't be so confused:)
And I assume you're intent is to reserve this domain just for American trademarks here, because they're by no means global.
I believe that this issue has been brought up before, and the consensus is usually that it's not that simple. Even within a single country, trademarks are very domain-specific. Hyundai has a trademark on "Excel" covering automotive applications; Microsoft has the same trademark for software applications; someone else has it for chewing gum... so who gets the www.excel.tm domain?
I'm happy with things the way they are... you pays your money, you gets your domain name. People shouldn't be confused by the existence of a www.sometrademark.com domain name; if you're looking for a specific product, there are other ways to find it than just making up a URL where you think it should be.
An Acme employee handed Turner a map with arrows pointing to the three areas where they claim AirIQ tracked him speeding. The employee showed him the contract and pointed to the warning.
"I was tracked across seven states," said Turner. "It felt creepy."
It looks like they're really tracking you. Or more accurately, they're tracking their own property.
<conspiracy> Of course, they could have this linked to their spy satellites so that they can follow you once you get out of their van... maybe that's what the $150 fines are funding... </conspiracy>
Well, I'm pretty sure that RMS would never accept your proposed "fix" to the GPL, but you of course are still perfectly free to release your own code under any licence you wish. You could even give it a clever name and start promoting it as an alternative to the GPL (although I doubt you could call it Open Source, as it seems to violate several terms of the Open Source Definition). In fact, I wish you the best of luck.
I don't think that the clauses as you wrote them would have the effect you're looking for, though. If anyone can modify a piece of software, and by doing so, become the new primary distributor, then a trivial change (say to a version number, or a comment) would allow anyone downloading the software to redistribute it. This could even be automated so that everyone could freely share the software, just as if it had been GPLed.
It doesn't even have to be automated. If you are charging for your software under this scheme, and someone wants it to be free, it only takes one person to set up a mirror site with some trivial modification, and you have had all of your revenue cut off, through perfectly legal means.
You seem to believe that hundreds of programmers are making a terrible mistake licensing their software under the GPL, since it hinders their ability to become stinking rich directly from the sale of that software. I prefer to think that all of these developers have chosen to place their software under the GPL because they understand it, and they truly wish for their software to be as free as the GPL makes it.
This isn't exactly right (about what ZK proofs are)
No, but it's a fair example. ZK proofs do exist to prove that a number is higher than another (or a factor of another, or a logarithm of another) without leaking any information on what that first number is. I believe that there are also proofs that allow two parties to compare their (secret) numbers, with neither of them learning anything about the other's, except for their relative size.
Regardless, if this proof protocol did exist, it would be a ZK proof.
To verify a password you only need to provide a hashed value of the password and it can be compared to the correct hash
This, unfortunately, is not an example of a ZK proof, since I am still giving you some information (the hashed password) which is directly related to my secret.
For example, if I give you an md5 hash of 5f4dcc3b5aa765d61d8327deb882cf99, you can easily mount an offline attack against this information, and determine that my password is password.
A zero-knowledge protocol would only show to you that I know what my password is, without giving you a single bit of information that you could use to find it out. You wouldn't even be able to use what I gave you to convince a third party that I knew my password. (unlike a hash).
As you say, ZK proofs generally involve being confident (to an arbitrary degree) that the other party isn't cheating. They typically use lots of random numbers and decisions over multiple protocol runs. They aren't as cryptographically straightforward as providing a hash of a secret value.
Since you are on a phone, you can't be guranteed to maintain an IP because you are drifting through networks.
Why not? I am guaranteed to maintain my phone number, regardless of how far I wander.
It's the same routing problem with IP, and the cellular companies have been handling it just fine for quite a while.
When you roam with a wireless device, you're generally not wandering through different providers; Only if I manage to completely leave my provider's service area during a call does the signal fade out to nothing, forcing me to reconnect to a local roaming service.
I just don't see how this is much different than routing IP addresses. A cellular provider should be able to dynamically route any IP address it owns to any point in its network, and follow me around while I'm using it. TCP should work fine unless I'm transferring large files while moving across service boundaries (ignoring of course the packet loss, latency, and multi-path issues).
BTW, I agree that TCP isn't a great protocol for wireless roaming devices, for a whole host of reasons, but don't think that having a constantly-changing IP address is one of them.
Perhaps they include the hash within the ISO... but that would make it less useful for security purposes... or they could only make it available within the pay-for-download ftp site... but they can't exactly copyright a 128-bit value (can they?)
I think that anything they do to let you verify that you have an uncorrupted legal copy will necessarily let you determine if you have an uncorrupted illegal copy.
As an aside, I just discovered that they in my area code (just a couple of bridges away) so maybe I should go over there and find out how they're handling that...
If I'm going to be charged $15 (and probably a couple hours of my time) for a download, I hope that they will provide the MD5 hash right on their site, or at least in their FTP directory.
Obviously, this can't prove that it's trojan-free, but it can at least assure me that I didn't lose any packets, or that Netscape didn't 'forget' to save the last byte of the file.
It's a statistical technique, which is never guaranteed to find a solution (I believe) but takes advantage of the huge number of molecules available to speed up the brute-force search. Unfortunately, I have no idea what it's time complexity is, nor how it compares to this technique (not paying for a subscription today:)
if the security services here in the UK want to read my email, they will use the RIP bill to get the private key and passphrase from me
I wonder, what grounds could any government, especially one which wants digital signatures to be binding, possibly have to ask for your private key and passphrase?
I could understand the utility of a bill like that if it allowed the government access to a session key for a particular message. Without giving them your private key, they would be able to decrypt that message only, and they could get the information they were after. Hell, if they wanted to, they could even ask for the key to each and every encrypted document on your computer, and there's no reason why your crypto software couldn't provide it to them.
If you have to give up your private key, though, they have automatic access to every document which has ever been encrypted to you, or will be in the future (cancelling a compromised keypair is still one of the messiest areas of cryptography, and it gets worse with every person who gets your public key). Not only that, but the government could then use that key to impersonate you, forging any document they want and digitally signing it.
I don't know of any crypto software right now which would give you access to just the session key for a particular message... or whether lawmakers would consider restricting their power in this way... are there any UK privacy advocates out there with more insights on this law? How far does it go? Could we use something like this to get a bit of privacy back?
an email from the IT department went around asking people NOT to use encryption, as 'it is causing an undue load on the mail server'
That's absolutely ridiculous... encryption and decryption have to be performed on your workstations (or else there's not much point to it) and so there can't be any extra load on the server. In fact, there should be less load, since PGP always compresses the plaintext before encrypting it.
Lower storage costs, less network traffic... we should campaign for mandatory encryption just on those grounds:)
I'm not sure about the majority of the Slashdot crowd, but I need more than my own two hands to count the number of times an annoying cellphone user has interrupted or disturbed others.
I'm not too sure about the majority of the Slashdot crowd most days, either:)
But if I'm using binary, I can count to 1023 on both hands ... of course, that still may not be enough
I want to build a mobile one and attach it to my motorcycle
Of course this probably won't have the effect you're looking for...
... as drivers whose phones mysteriously start cutting out on them decide to glance down at their phones to check the signal strength, look around for overhead power lines, or generally just get irate at the lost connection as they hang up and redial (dialing on a cell phone being one of the most dangerous things you can legally do while driving) all the while not watching you on your motorcycle.
Driving a bike is hazardous enough with all the idiots on the road - I certainly wouldn't want to be on one with an interference device attached to it:)
That reminds me of the age-old philosophical problem: Can Root create a file such that even He can't delete it?:)
As far as I understand it, that "until after a reboot" thing applies to individual processes - that once a particular process has relinquished a capability, it can never regain it. That doesn't mean that all root processes have lost that capability though; otherwise, the first time you ran ping, root would lose all privileges except to open a network port.
Of course, after a reboot, there are no processes left from before, so everything is starting fresh anyway. As far as I can tell, the whole phrase was just used to emphasise the fact that the process can't get the capability back.
Slashdot Mirror
C'mon - you obviously know nothing about electrical engineering or signal transmission.
Anyone who knows anything about computers could tell you that sending zeros down a wire doesn't use any power. All the power consumption comes from sending ones. Sending a zero is the same as doing nothing, so what does it matter if half of your bus just goes unused until you need it?
Incidently, this is also the reason why LZIP compression is never used for data transmission. By only eliminating the zeros, there is no effective savings w.r.t. power consumption.
I believe that the same principle also applies to hard drive storage as well (storing a zero bit is the same as storing nothing, and so should take up no physical space), but I can't seem to find any references to back me up.
Try cat /proc/cpuinfo
No penguins... but you do get to see the stepping number of your CPU!
I read this paragraph as implying that if you even compile some source code with a freely available tool, such as gcc, then you program becomes "Potentially Viral Software".
One of the conditions of the licence is your
They're implying that if you so much as compile a line of source with gcc, then your whole project, including the bits that you've compiled with their toolkit, and the toolkit itself, will immediately be covered by the GPL!
Someone needs to clue MS in that the GPL isn't an airborne virus. They can't get it from someone breathing near their software.
Probably could use something like 24.0.0.0/24 to cut them off....
I just read this as 24.0.0.0/8 and thought you were suggesting cutting off the entire @Home network :)
It's obviously time for me to get some sleep...
Actually I have been wondering... what are the home-server-friendly broadband options? Are you stuck going to "business" DSL if you want to run servers without violating the TOS?
I'm not sure about Seattle; in Vancouver there are a few options, depending on your provider. Internet Gateway (now Uniserve?) provides up to 2 static IPs for C$5/month each, while Telus offers a "High Speed Server Package" for C$80/month (about twice the price of 'basic' DSL). Other providers probably have similar offers; I haven't checked recently.
Business DSL still runs several hundred dollars a month... as far as I can tell, there's no difference in service, it's just that they won't install residential DSL in a commercial building.
(Today's exchange rate: C$1 = US$0.6533)
Is that something that could be fixed with /etc/hosts.deny??? Or does it need to be firewall rule?
I believe that /etc/hosts.deny only protects those services which are running through tcp_wrappers.
If you can get your web server (or other service) to run under tcpd, then that should work. Of course, you will also have to know the domain names and/or IP addresses of all of the machines that @home uses for port scans. That list might be hard to come by.
I received an e-mail from the Rogers@Home security department informing me that they did a scan of port 25 on their networks and found that my mailer had mail relaying enabled.
That's interesting... I had always assumed that they would only be looking for servers on port 80 (to keep everyone using members.home.net?) The fact that they're scanning for open SMTP relays may mean that they're more concerned about a domain under .rogers.home.com becoming a spam gateway, and Rogers being blacklisted on ORBS and the like.
On a related note, it shouldn't be too hard to tell what services they _are_ scanning for... does anyone have any ipfilter or ipchains logs showing activity from @home?
And if Ford wants and can buy "explorer-sucks.com", that's well and good.
And then they'll be sued by Microsoft for the rights to the name :)
> And I assume you're intent
yeah yeah... should have been your... should have hit preview a couple more times...
There really isn't any one solution...my best guess for this is to have a domain set aside specifically for JUST trademarked corporate names (.tm) If you access a .tm domain, you know it's a valid trademark for a valid product...play first come, first serve with the rest of the domains, you lose it, you sucks.com
Well, first off, the people of Turkmenistan might not be too happy about having their ISO standard country code taken away from them just so that American consumers won't be so confused :)
And I assume you're intent is to reserve this domain just for American trademarks here, because they're by no means global.
I believe that this issue has been brought up before, and the consensus is usually that it's not that simple. Even within a single country, trademarks are very domain-specific. Hyundai has a trademark on "Excel" covering automotive applications; Microsoft has the same trademark for software applications; someone else has it for chewing gum... so who gets the www.excel.tm domain?
I'm happy with things the way they are... you pays your money, you gets your domain name. People shouldn't be confused by the existence of a www.sometrademark.com domain name; if you're looking for a specific product, there are other ways to find it than just making up a URL where you think it should be.
From the article:
It looks like they're really tracking you. Or more accurately, they're tracking their own property.
<conspiracy>
Of course, they could have this linked to their spy satellites so that they can follow you once you get out of their van... maybe that's what the $150 fines are funding...
</conspiracy>
Actually, there was an article on slashdot back in January about it.
Well, I'm pretty sure that RMS would never accept your proposed "fix" to the GPL, but you of course are still perfectly free to release your own code under any licence you wish. You could even give it a clever name and start promoting it as an alternative to the GPL (although I doubt you could call it Open Source, as it seems to violate several terms of the Open Source Definition). In fact, I wish you the best of luck.
I don't think that the clauses as you wrote them would have the effect you're looking for, though. If anyone can modify a piece of software, and by doing so, become the new primary distributor, then a trivial change (say to a version number, or a comment) would allow anyone downloading the software to redistribute it. This could even be automated so that everyone could freely share the software, just as if it had been GPLed.
It doesn't even have to be automated. If you are charging for your software under this scheme, and someone wants it to be free, it only takes one person to set up a mirror site with some trivial modification, and you have had all of your revenue cut off, through perfectly legal means.
You seem to believe that hundreds of programmers are making a terrible mistake licensing their software under the GPL, since it hinders their ability to become stinking rich directly from the sale of that software. I prefer to think that all of these developers have chosen to place their software under the GPL because they understand it, and they truly wish for their software to be as free as the GPL makes it.
That's enough ranting for now... :)
This isn't exactly right (about what ZK proofs are)
No, but it's a fair example. ZK proofs do exist to prove that a number is higher than another (or a factor of another, or a logarithm of another) without leaking any information on what that first number is. I believe that there are also proofs that allow two parties to compare their (secret) numbers, with neither of them learning anything about the other's, except for their relative size.
Regardless, if this proof protocol did exist, it would be a ZK proof.
To verify a password you only need to provide a hashed value of the password and it can be compared to the correct hash
This, unfortunately, is not an example of a ZK proof, since I am still giving you some information (the hashed password) which is directly related to my secret.
For example, if I give you an md5 hash of 5f4dcc3b5aa765d61d8327deb882cf99, you can easily mount an offline attack against this information, and determine that my password is password.
A zero-knowledge protocol would only show to you that I know what my password is, without giving you a single bit of information that you could use to find it out. You wouldn't even be able to use what I gave you to convince a third party that I knew my password. (unlike a hash).
As you say, ZK proofs generally involve being confident (to an arbitrary degree) that the other party isn't cheating. They typically use lots of random numbers and decisions over multiple protocol runs. They aren't as cryptographically straightforward as providing a hash of a secret value.
Since you are on a phone, you can't be guranteed to maintain an IP because you are drifting through networks.
Why not? I am guaranteed to maintain my phone number, regardless of how far I wander.
It's the same routing problem with IP, and the cellular companies have been handling it just fine for quite a while.
When you roam with a wireless device, you're generally not wandering through different providers; Only if I manage to completely leave my provider's service area during a call does the signal fade out to nothing, forcing me to reconnect to a local roaming service.
I just don't see how this is much different than routing IP addresses. A cellular provider should be able to dynamically route any IP address it owns to any point in its network, and follow me around while I'm using it. TCP should work fine unless I'm transferring large files while moving across service boundaries (ignoring of course the packet loss, latency, and multi-path issues).
BTW, I agree that TCP isn't a great protocol for wireless roaming devices, for a whole host of reasons, but don't think that having a constantly-changing IP address is one of them.
Dude, you need to talk to this guy for a while...
Yeah, but it's a pain in the ass to do by hand on my Nokia, especially while I'm driving :)
Perhaps they include the hash within the ISO... but that would make it less useful for security purposes... or they could only make it available within the pay-for-download ftp site... but they can't exactly copyright a 128-bit value (can they?)
I think that anything they do to let you verify that you have an uncorrupted legal copy will necessarily let you determine if you have an uncorrupted illegal copy.
As an aside, I just discovered that they in my area code (just a couple of bridges away) so maybe I should go over there and find out how they're handling that...
If I'm going to be charged $15 (and probably a couple hours of my time) for a download, I hope that they will provide the MD5 hash right on their site, or at least in their FTP directory.
Obviously, this can't prove that it's trojan-free, but it can at least assure me that I didn't lose any packets, or that Netscape didn't 'forget' to save the last byte of the file.
I believe that 'dude' was Leonard Adleman ('A' of RSA infamy)
Check out the papers at the USC Laboratory for Molecular Science
It's a statistical technique, which is never guaranteed to find a solution (I believe) but takes advantage of the huge number of molecules available to speed up the brute-force search. Unfortunately, I have no idea what it's time complexity is, nor how it compares to this technique (not paying for a subscription today :)
I wonder, what grounds could any government, especially one which wants digital signatures to be binding, possibly have to ask for your private key and passphrase?
I could understand the utility of a bill like that if it allowed the government access to a session key for a particular message. Without giving them your private key, they would be able to decrypt that message only, and they could get the information they were after. Hell, if they wanted to, they could even ask for the key to each and every encrypted document on your computer, and there's no reason why your crypto software couldn't provide it to them.
If you have to give up your private key, though, they have automatic access to every document which has ever been encrypted to you, or will be in the future (cancelling a compromised keypair is still one of the messiest areas of cryptography, and it gets worse with every person who gets your public key). Not only that, but the government could then use that key to impersonate you, forging any document they want and digitally signing it.
I don't know of any crypto software right now which would give you access to just the session key for a particular message... or whether lawmakers would consider restricting their power in this way... are there any UK privacy advocates out there with more insights on this law? How far does it go? Could we use something like this to get a bit of privacy back?
That's absolutely ridiculous... encryption and decryption have to be performed on your workstations (or else there's not much point to it) and so there can't be any extra load on the server. In fact, there should be less load, since PGP always compresses the plaintext before encrypting it.
Lower storage costs, less network traffic... we should campaign for mandatory encryption just on those grounds :)
I'm not too sure about the majority of the Slashdot crowd most days, either :)
But if I'm using binary, I can count to 1023 on both hands
... of course, that still may not be enough
Of course this probably won't have the effect you're looking for...
... as drivers whose phones mysteriously start cutting out on them decide to glance down at their phones to check the signal strength, look around for overhead power lines, or generally just get irate at the lost connection as they hang up and redial (dialing on a cell phone being one of the most dangerous things you can legally do while driving) all the while not watching you on your motorcycle.
Driving a bike is hazardous enough with all the idiots on the road - I certainly wouldn't want to be on one with an interference device attached to it :)
That reminds me of the age-old philosophical problem: Can Root create a file such that even He can't delete it? :)
As far as I understand it, that "until after a reboot" thing applies to individual processes - that once a particular process has relinquished a capability, it can never regain it. That doesn't mean that all root processes have lost that capability though; otherwise, the first time you ran ping, root would lose all privileges except to open a network port.
Of course, after a reboot, there are no processes left from before, so everything is starting fresh anyway. As far as I can tell, the whole phrase was just used to emphasise the fact that the process can't get the capability back.