robots.txt does more than limit bandwidth, it actually *helps* the crawlers by letting them know which parts of a site it may be a bad idea to crawl. Once, some "internet archive" bozo making a "full snapshot" of the web got into our scheduling calendar, which of course is an infinite virtual space, and had downloaded pages going up to about 2030 before I noticed it and shut him down. They said on their website that they were specifically ignoring robots.txt so their snapshot would be more complete. If I hadn't stopped him, he'd still be archiving calendar pages, probably be thousands of years in the future by now.
I hate those stupid autogenerated search sites that do nothing more than come up with ads for your keywords, they get put up all over the place. I hope this kills them.
Nobody asked me if I watched (well, recorded) it. I doubt the accuracy of their statistics and demographics. Even if they had an accurate model once, how up-to-date is it? Saying it only reached X million people is misleading.
Just because they have obtained legal permission to extort money doesn't make them any less slimy.
Anyway, isn't it the case that since they haven't defended this patent for years they have effectively given up their rights? Don't you have to show the court that you have been harmed economically?
The court may also consider that they didn't try, for example, suing Amazon first.
Kterm is xterm with double byte support. It's been available since before unicode, but you shouldn't have any trouble hacking it to use a unicode font. http://packages.debian.org/stable/x11/kterm.html
The password is dead. Long live the passphrase.
Tell people to chose a "word", and they'll pick
their Mom's name. Tell people to pick a short phrase, and they'll very easily pick something that's orders of magnitude harder to guess.
Phrases can have lots of entropy, and still be easier to remember than the equivalent entropy in 8 chars.
Enforcing policies that make people choose random passwords just leads to people writing them down on postits stuck to their monitor. Just make sure it has a couples spaces in it and has a decent length, like more than 10 chars. If your system is still enforcing an 8 char limit, trash it, it sucks.
Sometimes you can use tools that help write docs based on specially formatted comments, but for most comments, all you want are:
Paragraphs,
written with complete sentences,
using vanilla formatting.
It is not widely recognized, but maintainability arguments apply to comments as well as code. When the code changes, the comments have to change too, and they should be easy to modify. That means no fancy boxes or other bizarre formatting. I don't care if your editor can handle automatic double column star boxes, not everybody's can, and to be portable (yes, comments have to be portable), you should use the absolute minimum formatting. For example:
/* This is a block comment. It describes the
block of code below. Notice that it uses no
special formatting, and when I change the
comment, I can hit the "reflow" button in the
editor and it'll get reformatted like any
other block of text. */
Use inline comments sparingly. Write complete,
descriptive sentences at the block level. It's also good to put blank lines before and after comment blocks.
Huh? My comments are set to "Highest Scores First". Why don't you change yours?
Some new time delays would be good, though. Like, don't allow modding things UP until 1 hour or 30 minutes after the story's been posted. You have to allow modding down (or maybe just let the editors do that, as usual).
Ask your lawyer. If the spam originated in Japan you could sue under current law, and if not, well, at least it sets a valuable legal precedent. You could site that in your case.
Yeah, when the announcement first came out they rejected it because it was evidence that MS is delivering on the promises they made. Now, two days later, late at night, it slipped in accidentally as an MS bashing article. Duh.
They should be applauding MS for biting the bullet and announcing these flaws. MS could have kept them secret, you know. This sort of press will only hurt the chances of more companies being more open with their security issues.
You idiots, these bugs were found BY the Trustworth Computing campaign. MS just spent two months doing a code review and this is the RESULT.
This is either just self-serving MS bashing on the part of the editors, or is just another stupid cock-up.
Similarly, the rumor is that Hailstorm was put on the chopping block partly because of unresolvable security issues (though that's not the public story).
All of this is evidence that they are finally getting their house in order.
Actually I don't run KaZaA. I never ran any music downloading stuff, ever. My desktop computer (an Alpha) doesn't even have speakers. I never download anything that isn't posted on the web.
In particular, I don't have any shareware, copyrighted material, or anything like that. When you say "we all do it" I guess you mean that you do it. But not me.
And I pay for local phone calls, too (I live in Japan) so bandwidth == money. I'd never use a product that forced me to spend arbitrary amounts of money (which, if you agree to their EULA, is just what they do).
As near as I can tell, this thing just contains a number which can be read by any scanner you pass. So it's useless as a secure ID because anyone can get your code by scanning you and then using a programmable chip that sends out that code.
They don't say how large the number is. Presumably it's a cryptographically strong random number chosen at manuf. time, but don't bet that the number isn't chosen via rand() % 10000000, either.
It might be useful as a toy to open doors and stuff for you, but a face recognition system will do that without invasive surgery.
Having a Lowjack or something like that might be cool if I thought I could be stolen, but I doubt you can fit a GPS + cell phone unit into a grain of rice. Though if I were going to implant something large it'd be a programmable telephone. Even so I think a StarTrek communicator would be better, and more fashionable. Really, who's gonna get "chipped" because they "think it's cool"
to be treated like a herd animal? A tattoo is way cooler.
Of course they need your permission to do this; in fact they should pay you when they use your cycles, bandwidth (that you already pay for), disk space, etc. My computers are all at 100%, thank you, I don't have any spare cycles to give away for free. Nor do I have disk space to store some l0ser's pr0n or crappy bootlegs. And don't even ask me about bandwidth.
At the very least, they should let you have a large discount on downloads when you opt-in. For example make them free. Plus a credit based on the bandwidth they steal *cough* use.
Kermit has an easy interface, good resume and other nice features, it can do telnet as well as FTP; it also has the latest security stuff built in, including SSH and SRP.
Yeah. This section (2d) is one difference between this and the GPL. They just tacked this on, and seem not to have given it much thought. Forcing the use of HTTP is just dumb.
But it's not the only difference. You are also allowed to relicense under the GPLv3, if that license doesn't conflict with this one. If GPLv3 doesn't conflict, why mention it? So just use the GPLv3.
More than that, though, if a program is GPL, the user can always get the source code. It seems the intent of this clause is that if the program is self-downloading you have to retain that functionality in any future derived works. This could probably almost always be done by simply giving the user a link to click on. It doesn't say that the downloaded source has to be functional, either, which probably conflicts with the intended use (e.g., Javascripts).
You don't want to duplicate secrets. If possible, you don't want to transmit them all over the place either, though that's not so bad if done correctly. One way is to use a public key system, so that the secrets are stored on the client machines. Every server knows all the public keys, because they can be stored centrally on a keyserver or duplicated around the network; republishing them if they change is no big deal 'cause they're public. You could do this with OpenSSH.
If you perhaps do not trust the client machines, though, which you might not if they are Windows boxes, you would not want to use just public key crypto. You would also want to use a passphrase
based system, and then you are back to having to have secrets on the servers, which need to be very carefully republished when they change. And you might not trust some of the servers. OpenSSH (and especially OpenSSH with the SRP patch) can do this, and it'll authenticate both the client *and* the server, so that both parties know they are connected with the entity they think they are connected to.
You might also want to look at
SFS (a secure distributed filesystem based on NFS but with SRP authentication). Note that there are several projects all called SFS -- I'm thinking of the self-certifiying one. Then you can have central administration of server-side secrets. Probably some of the other projects called SFS would be good too, but I'm less familiar with them.
Something that people seem to be missing is that this survey has more to do with "what can NASA cut?" than what it wants to do. They are not asking for your expert opinion on how to do space science. NASA has a better idea of what constitutes a useful/good mission than you do. NASA knows that its funding is limited, though. Notice that there aren't questions for things like "Should we build the ISS?" or "Should we go to Mars?" -- projects that NASA does not want to change (except to get more funding). The questions are about things like the Pluto mission ("will anybody miss this if we dump it?"). They know they'll have to cut things under the current administration, and they need to know what will cause the biggest public outcry if they try to cut it, and what things nobody cares about.
Slashdot Mirror
robots.txt does more than limit bandwidth, it actually *helps* the crawlers by letting them know which parts of a site it may be a bad idea to crawl. Once, some "internet archive" bozo making a "full snapshot" of the web got into our scheduling calendar, which of course is an infinite virtual space, and had downloaded pages going up to about 2030 before I noticed it and shut him down. They said on their website that they were specifically ignoring robots.txt so their snapshot would be more complete. If I hadn't stopped him, he'd still be archiving calendar pages, probably be thousands of years in the future by now.
I hate those stupid autogenerated search sites that do nothing more than come up with ads for your keywords, they get put up all over the place. I hope this kills them.
I already gave my DNA to the National Geographic Genographic project. http://www.nationalgeographic.com/genographic
Nobody asked me if I watched (well, recorded) it. I doubt the accuracy of their statistics and demographics. Even if they had an accurate model once, how up-to-date is it? Saying it only reached X million people is misleading.
Anyway, isn't it the case that since they haven't defended this patent for years they have effectively given up their rights? Don't you have to show the court that you have been harmed economically?
The court may also consider that they didn't try, for example, suing Amazon first.
Kterm is xterm with double byte support. It's been available since before unicode, but you shouldn't have any trouble hacking it to use a unicode font. http://packages.debian.org/stable/x11/kterm.html
Search for PCA analysis and "eigenfaces". Here are some "average" faces and some morphs.s ychology/Staff/pjbh1/facepcai1.htm
http://www.stir.ac.uk/Departments/HumanSciences/P
Yeah. Remember when CMOS meant "complimentary metal oxide semiconductor," and not "the static RAM on your motherboard used to hold config options"?
Phrases can have lots of entropy, and still be easier to remember than the equivalent entropy in 8 chars.
Enforcing policies that make people choose random passwords just leads to people writing them down on postits stuck to their monitor. Just make sure it has a couples spaces in it and has a decent length, like more than 10 chars. If your system is still enforcing an 8 char limit, trash it, it sucks.
Use inline comments sparingly. Write complete, descriptive sentences at the block level. It's also good to put blank lines before and after comment blocks.
i++; /* increment i */
/* save the value of b */
a = b;
/* this function calculates theta. */
float theta(char **p, int d, float *(*fn)(int))
{
...
}
Some new time delays would be good, though. Like, don't allow modding things UP until 1 hour or 30 minutes after the story's been posted. You have to allow modding down (or maybe just let the editors do that, as usual).
Not any more! (Well, if you count slashdot readers as part of the "general" public.)
Note also that Larry Niven has a book in the Baen library.
Damn, I meant "cite," obviously.
Ask your lawyer. If the spam originated in Japan you could sue under current law, and if not, well, at least it sets a valuable legal precedent. You could site that in your case.
MS admitted it first. I think they should be praised for that. Note that I do not use any MS products.
They should be applauding MS for biting the bullet and announcing these flaws. MS could have kept them secret, you know. This sort of press will only hurt the chances of more companies being more open with their security issues.
Shame, shame..
This is either just self-serving MS bashing on the part of the editors, or is just another stupid cock-up.
Similarly, the rumor is that Hailstorm was put on the chopping block partly because of unresolvable security issues (though that's not the public story).
All of this is evidence that they are finally getting their house in order.
And I pay for local phone calls, too (I live in Japan) so bandwidth == money. I'd never use a product that forced me to spend arbitrary amounts of money (which, if you agree to their EULA, is just what they do).
It was stolen anyway.
As near as I can tell, this thing just contains a number which can be read by any scanner you pass. So it's useless as a secure ID because anyone can get your code by scanning you and then using a programmable chip that sends out that code.
They don't say how large the number is. Presumably it's a cryptographically strong random number chosen at manuf. time, but don't bet that the number isn't chosen via rand() % 10000000, either.
It might be useful as a toy to open doors and stuff for you, but a face recognition system will do that without invasive surgery.
Having a Lowjack or something like that might be cool if I thought I could be stolen, but I doubt you can fit a GPS + cell phone unit into a grain of rice. Though if I were going to implant something large it'd be a programmable telephone. Even so I think a StarTrek communicator would be better, and more fashionable. Really, who's gonna get "chipped" because they "think it's cool" to be treated like a herd animal? A tattoo is way cooler.
At the very least, they should let you have a large discount on downloads when you opt-in. For example make them free. Plus a credit based on the bandwidth they steal *cough* use.
Kermit has an easy interface, good resume and other nice features, it can do telnet as well as FTP; it also has the latest security stuff built in, including SSH and SRP.
But it's not the only difference. You are also allowed to relicense under the GPLv3, if that license doesn't conflict with this one. If GPLv3 doesn't conflict, why mention it? So just use the GPLv3.
More than that, though, if a program is GPL, the user can always get the source code. It seems the intent of this clause is that if the program is self-downloading you have to retain that functionality in any future derived works. This could probably almost always be done by simply giving the user a link to click on. It doesn't say that the downloaded source has to be functional, either, which probably conflicts with the intended use (e.g., Javascripts).
If you perhaps do not trust the client machines, though, which you might not if they are Windows boxes, you would not want to use just public key crypto. You would also want to use a passphrase based system, and then you are back to having to have secrets on the servers, which need to be very carefully republished when they change. And you might not trust some of the servers. OpenSSH (and especially OpenSSH with the SRP patch) can do this, and it'll authenticate both the client *and* the server, so that both parties know they are connected with the entity they think they are connected to.
You might also want to look at SFS (a secure distributed filesystem based on NFS but with SRP authentication). Note that there are several projects all called SFS -- I'm thinking of the self-certifiying one. Then you can have central administration of server-side secrets. Probably some of the other projects called SFS would be good too, but I'm less familiar with them.
Something that people seem to be missing is that this survey has more to do with "what can NASA cut?" than what it wants to do. They are not asking for your expert opinion on how to do space science. NASA has a better idea of what constitutes a useful/good mission than you do. NASA knows that its funding is limited, though. Notice that there aren't questions for things like "Should we build the ISS?" or "Should we go to Mars?" -- projects that NASA does not want to change (except to get more funding). The questions are about things like the Pluto mission ("will anybody miss this if we dump it?"). They know they'll have to cut things under the current administration, and they need to know what will cause the biggest public outcry if they try to cut it, and what things nobody cares about.