What security tasks did you propose to the assistants in the shop? Was it a random store, or one of the apple stores? If it was the Apple Store, were you just talking to the sales reps, or did you get to talk to a "Mac Genius"?
One of the most basic tasks you could imagine - set file protections to make sure the kids could not view certain files. It sounds as if the ACL system should work fine, but actually it fails some pretty basic usability criteria regardless of platform.
Getting funding for the top 14 engineering challenges.
Well that is the point of the exercise here, NSF trying to get money from Congress. But its more of an aspirational list of goals and the real problem is that the feedback system is out of whack.
You might imagine that either industry or academia would care about stopping Internet Crime, but what Industry actually cares about is making the numbers at the end of the quarter and the best way to do that is to make your bank, business or other crime target a less attractive target than the business next door.
Academia is meant to do basic research, but the measurement of production is minimum publishable units, publish or perish. And to get a paper published it has to be novel rather than important or useful. So we know how to do secure email in principle but nobody uses it in practice - across the Internet at least. The academics never quite finished the job and the incentives are not quite right for industry to be bothered.
Often an academic will solve a problem long before it is understood to be a problem. By the time the problem is recognized and the time is right to finish the job and make it useful the field has moved on. Nobody is going to get the credit for pointing out that Fred proposed a solution for a problem twenty years ago.
Most academic papers in info security are describing solutions to boutique cryptographic puzzles. Real world constraints are irrelevant. So at FC this year there was a paper that started with the idea of stopping counterfeiting of currency by printing barcodes on the notes. Good, interesting. The scheme then involved people scanning them with their cell phone camera. WTF ???? Wrong problem, the challenge the fed is trying to solve is to spot the introduction of fake notes quickly, they can do that with scanners in banks. The banks can be persuaded to install scanners but no consumer is going to spend time scanning their change at the convenience store with a cell phone.
How is that an engineering feat? Seems more like a people feat.
Ever heard of social engineering?
Seriously, what is securing cyberspace if not a people problem? The machines don't cause the problems, people do.
Securing cyberspace is easy, building systems to secure cyberspace that users can actually use is the hard part. People have been telling me to get a Mac as the solution to all my usability problems for years. So today I bought one.
OK so the Mac is nicer in many respects, but mostly as far as I am concerned on the hardware package side than the software. But the security usability is no better. None of the assistants in the shop were able to solve the simple security tasks I proposed. Which is good for me I suppose since there would be no point in trying to solve an already solved problem.
Now securing the fifty year old banking IT system, now that is much harder than securing the Internet, and that is the system the criminals are attacking because that is where the money is.
You would have to be an idiot not to see this idea as the most obvious thing to anyone with even half a wit. This idea was inevitable and the idiot that got the patent didn't "invent" anything.
The FSTC electronic check project started way before I came to the US in 1995. I really don't understand how the patent could possibly be granted, the prior art was known to pretty much every specialist in banking security in the 90s. I attended a whole series of presentations where folk from the banks posted pictures of the planes flown by the Federal Reserve and said that the system was broken.
We should not be paying $1 billion as taxpayers for a patent invalidated by prior art that anyone in the field would have known about.
My House rep is Markey (or rather he would be if I had a vote). I will call his office in the morning and ask if they are going to have hearings. This is broken.
So they turned something which could be interpreted in different ways in to something which has no meaning at all!
The objections are irrelevant in this case. If a party writes a contract, covenant, deed or other legal document that could be reasonably misinterpreted the ambiguity goes against the party that wrote it. That is why lawyers try to get the other side to draft contracts, its less risky.
Since we are talking patents here the enforceability of the patent is an issue. Given the nature of the problem I somewhat doubt that if the patents are enforceable against OOXML implementations that they would not cover ODF as well.
Microsoft's general approach to patents has been to 1) assert that company A infringes its patents, 2) sign a cross licensing deal with company A in which each company gets access to the patents held by the other 3) write company A a large check being the balance owed.
Of course it is quite possible that Microsoft might start demanding royalties at some point in the future but at this point they seem to care a lot more about not being sued than actually raising net revenue.
Luckily Darl McBride took most of the spotlight for SCO's action. SCO still has a fare amount of "Good Will" (In accounting it is not how nice or moral the company is "Good Will" is name recognition)
Nope, not close.
Good will appears on the balance sheet as an asset when a company buys another and pays more than the value of the fixed assets. So if company A buys company B for $100 million and company B has $10 mill worth of equipment (machines, desks, etc) the $10 mil is added to capital and the $90 is credited as goodwill.
It is a real asset as the goodwill can be used to offset profits for tax purposes.
In SCO's case I would have a really hard time believing that the goodwill should still be counted as an asset. SCO has no real ongoing business except litigation. Bankruptcy pretty much destroys any claim they could make for business continuity. So they should probably report the goodwill as a loss.
No, its Not. The Sgt At Arms is responsible for the safety and security of congress critters, senators, visiting dignitaries. That's all.
Unless they see a threat to lives of congress critters, they won't do a job of arresting anybody.
That is not the case. For the past century or so the Congress has not needed to use its inherent powers because the executive has performed these actions.
I bet it would be one helluva gunfight to watch DC cops battle it out with Secret Service.
Why would the Secret Service be providing protection to Miers and Bolten?
If the administraton attempted to block the arrests it would lead to impeachment proceedings during the election. Last thing that McCain wants is to have people reminded that he is a member of the Bush-Cheney party.
Its a House contempt proceeding so it would be Livingood's office. He does not have to do it himself, he has a staff. They are trained cops or secret service. They have guns and stuff.
The potential for this to all spiral out of control is quite significant. The Whitehouse is determined not to budge an inch. The House have every right to demand answers to their questions.
The Republican party can hardly want this particular fight to be taking center stage, reminding voters of the odious Mr Bush they hate while Mr McCain is trying to distance himself as far as possible from Mr 30%.
If there is a trial in the House the Democrats would be well advised to start the fall session early for it. Start the first day after Labor day.
No, but it proves that the Democrats are just on a partisan based witch-hunt. How can a Democrat sit there with a straight face and try to prosecute this President after they blindly supported the last president?
It proves nothing of the sort.
The Republicans made a series of complaints about the failure of the archive system that was meant to have archived mail from the Veeps office during the transition from One Per Desk to Exchange. To give you some perspective here, the OPD system was an X.500 OSI mail server gated to the Internet through another system. They had a system in place that was intended to archive all the emails but failed in a way that corrupted the data. They then spent 18 months recovering the data. No evidence of wrongdoing was uncovered as a result.
The question at issue in that instance was the question of whether the vice president was soliciting funds in a federal building if he was to make a fundraising phone call from the Vice President's official residence.
One question at issue here is whether the Attorney General, the President and his staff conspired to pervert the course of justice. Amongst other means by corruptly soliciting unsupported prosecutions of political opponents and by corruptly suppressing prosecutions of political allies by terminating the employment of the prosectors working on their cases. In every case the prosecutors who were fired had either brought a prosecution against a major Republican party figure (Cunningham, Ney), were about to bring a prosecution against a major Republican figure (Jerry Lewis) or had refused to bring trumped up prosecutions of Democrats on ballot rigging charges. All the GOP cases brought against Democrats on those particular charges were since dismissed. There is one outstanding case where a Democrat was convicted in a case where the judge appears to have been corrupt as well.
Another question at issue is how the country was got into a war that has cost $2 trillion, 4,000 US servicemen's lives on claims that have since been found to be utterly untrue.
It is not just the emails that have disappeared. The executive branch has invented a new doctrine whereby it is no longer accountable to Congress.
There are no criminal sanctions for breaking the Presidential Records Act but there are political sanctions and there are criminal sanctions for lying to Congress or refusing to testify to Congress. Today two members of the administration were held in contempt by Congress. If as it threatens to do, the Administration refuses to prosecute we might well see the first use of inherent contempt in living memory. Under the Constitution the House can order the Sargeant at Arms to arrest the contemnors and bring them to the House to testify.
Looks like that is a little more serious than anything that was ever claimed, let alone proven during the Clinton years.
It's not about forcing openoffice down anyone's throats...
It's about giving people the freedom to choose whatever program they want based on their individual benefits, rather than on compatibility with proprietary microsoft formats where other vendors will always be at a disadvantage.
Thats not true at all.
The Massachusetts dictat that all departments had to change to open office forthwith was not a matter of choice, it was an order from the IT dept that was widely praised on Slashdot and elsewhere.
I don't like central control by IT departments. They get it wrong far too often. They choose products according to features that they like which are typically irrelevant to the end users.
The reason that the Web took off at CERN was that CN division operated in classic MIS dept. fashion, dictating the use of an obsolete, IBM mainframe to aggrandize its own power. Tim only tells one half of the story, the CERN phonebook was available online before the Web came along - but only on CERNVM which ran a dreadful botch of a DIY operating system CN division cobbled together. The Web made it possible to bypass CERN-VM entirely.
This is about giving 'freedom' to an abstract set of people by forcing a particular office suite on actual people. Its a rather Trotskyite view of revolution as far as I am concerned.
Most option contracts now have expirations on them now. You have X-many years to make the film or they option expires. Since most studios will only by an option if they plan on making the film "soon", its a pretty inconsequential clause.
That depends on who is optioning the film. Producers will frequently option a film for a relatively small amount of money and then hawk it to various studios. The studios then option the producer's option. In some cases there is the right to extend the option.
I don't know what the Tolkein contract was but we might find out if the suit goes ahead. But I do beleive that there was an expiry date and that it is comming up relatively soon, that is one of the reasons the film finaly got made.
What is pretty certain is that the original contract included a royalty on the net profit. The sum paid for the rights was only 10,000 pounds which was peanuts for a bestseller even in 1969. The difference was that in 1969 the studios had not begun systematically cheating actors and authors on the net profits.
Part of the background to the case is the fact that certain rights to the Hobbit expire in 2009. That is why New Line have to start principal photography on the Hobbit soon. The rights to the Hobbit have been around so long that they are fractured, different companies own the production and distribution rights.
Good, I am glad that some of the details are being documented.
No you are not, you have not got the slightest interest in implementing this specification regardless of whether it is fully documented or not. This is simply a game that the Slashdot community is playing.
The real issue is that people think they can force government IT depts to stop using word by preventing OOXML being declared an ISO standard.
I oppose this because I don't like the idea of top down dictators deciding what tools people use. This is not about free choice for the user, its all about ramming Open Office down the government employees throats whether they want it or not.
That is not what standards are for. If a tool is good there is no problem getting people to use it. The Mozilla folk have no problem getting people to use their product voluntarily.
In itself a standards designation, particularly an ISO designation means absolutely nothing. OOXML has an ECMA designation, that is plenty. There is not a single IETF Internet standard that has an ISO designation although this is possible in theory. All an ISO designation means is that people have to pay for the standard in future. Thats the same whether its OOXML or ODF that gets an ISO designation, transfer of the copyright is a mandatory part of the process.
There is a distinct difference: ODF doesn't "specify" AutoFormatLikeStarOffice5.2 or WrapLinesLikeStarWriter1.0.
Perhaps not, but there are certainly gratuitous hacks like that in plenty of IETF specs. FTP has an enormous amount of crud devoted to ASCII/EBSDIC issues, to the point that the default mode for FTP MUST be character mode and image mode is an explicit switch. Its completely unnecessary and broken of course but it goes on all the time.
That is exactly the sort of thing I would WANT to see in a 1.0 version of a standard, and hopefully those exceptions would be deprecated and replaced over time.
Describing the current state of affairs is definitely a best practice for standards writing. If you have the constituency then its fair to ask for an accomodation.
Standards are not an exercise in abstract perfection.
Can we get some new anti-OOXML FUD, please? The same old, long refuted, FUD is getting boring.
Quite, and the idea that the objections of some anti-Microsoft zelot are objective proof that the standard is satanic evil is ridiculous.
The fact is that there are plenty of duplicate standards. I have written for both sides of several standards wars. If people are happy with one standard, fine. If people would like more than one thats also fine.
OOXML and ODF are both thin veneers on particular application products. There is nothing wrong with that. HTML is also a document standard.
Not true. jackson got paid according to his contract. However, his contract did not specify that he should get a percentage of the "tie in revenues" (games, toys etc.) He sued New Line to get a piece of that as well.
I must admit that I was suprised that the studio apparently gave no thought given to the Tolkein Estate interest in the tie-ins. The original contract was pre-Star Wars. They bought an option on the film rights, not the merchandising. Merchandising did not exist in 1969.
Yeah the big actors are all hurting bad aren't they...
Jackson himself only got paid after he sued New Line. And then New Line refused to hire him for the Hobbit in retaliation.
Its not just that the people are crooks, they are stupid crooks. They kill the goose that lays the golden egg.
Tolkein sold the rights to the film version of TLORT to pay a tax bill. At the time the film could not have been made, the technology didn't exist to do it well on a realistic budget.
What New Line seem to have forgotten is that the contract had a royalty clause. They probably forgot because its stated in terms of profit and everyone knows that the films never make profits after the Holywood accounting and the California courts are owned by the studios.
Only problem is that the contract was signed in the UK and UK law does not favor the studios on this.
Its storage encryption keys they are talking about and nCipher makes a key management product.
This is hardly a new issue, its been a significant concern for at least a decade. One of the problems with dealling with it was that for many years the mere mention of Key Escrow had people screaming about black helicopters.
Key escrow is neither necessary nor desirable for communications security. You use session keys, preferably with a round of Diffie Hellman to provide perfect forward secrecy and protect against kelptographic attacks. But for storage encryption it is all a matter of how you keep the keys safe.
It isn't that difficult to do, you simply make sure that keys are backed up in multiple places and are governed by separation of duties and multi-party control. The VeriSign Certification Practices Statement provides a complete primer in how to do this properly.
You cracked Marc's 128-bit encryption, but your Slashdot id is 263942. Doesn't add up.
Marc's 128 bit encryption used a random seed with 24 bits worth of ergodicity. So it was only 24 bit secure.
And SSL 1.0 had no integrity protections whatsoever, which would have been pretty bad even if he wasn't using a stream cipher. So even if he used a 256 bit cipher it would have been broken.
What makes you think this is my only Slashdot id?
Oh and in response to the AC in the other thread, no my job title is not CTO but I do report to the CTO. Nor am I aware of any occasion where I have ever discussed the results of deep inelastic scattering experiments at ZEUS on Slashdot or any other forum.
If flawed, predictable PRNG code is so 'irrelevant in the real world' why does even Microsoft seek to improve upon it?
Because they have like six Turing award winners working for them including Butler Lampson? Of the top fifty people in network security you will find about a quarter work for Microsoft, more than for any other company, including IBM, RSA and VeriSign. They have the cash and they use it to buy the best.
Microsoft's problem is that you can't buy your way out of a shitty legacy code base in a short space of time.
Microsoft changed the RNG code to take advantage of hardware that provides a true random number generator. This was pretty much a no-brainer. Support for the AES modes is probably there so that they get some FIPS certification or other.
Is the summary just supposed to be as shocking as possible? How about some details on why specifically they decided not to patch it?
It is entirely believable to me. Back in 1995 I told Marc Andressen at Netscape that he had a serious problem with the random number generator used to choose session keys for SSL. There was simply not enough randomness going in for there to be 128 bits going out.
Marc had every reason to listen to me, I had broken SSL 1.0 in ten minutes when he tried to demonstrate it at MIT. But it took several weeks to drill the problem into his thick skull.
So they eventually asked me for a description of how to do the thing right.
A year later the exact same bug was discovered independently. By this time they had hired some competent crypto people. I spoke to Taher about the problem later and his explanation was that they found the design note on the PRNG which was so comprehensive that they didn't think it necessary to check the actual code.
The Republican party is large and diverse, and not all Republicans are for small government. This includes the current President. Having come of political age in the early 1990's, most of the Republicans I know are for small government and are very much against domestic surveillance and entanglement in foreign wars.
Interestingly enough the ne-cons who have hijacked the party turn out to be 'ex'-trotskyites. Irving Kristol, Poheretz and co, the founders of the neo-con club were all Trotskyites back in the day. Kristol once published a rag called 'millitant'.
Understanding that one simple fact explains so much of the past seven years. People change their abstract political goals but only rarely their political outlook. Left wing utopians with grandiose ideas become right wing utopians with grandiose ideas. Like the Trotskyites the neo-cons are long on rhetoric and rather short on practical understanding of the world. The world bores them, it fails to fit into their ideological confections.
The McCarthy years were good ones for former Trotskyites, they might have abandonded their leader after he died from ear-ache but they could still enjoy the shaudenfreude of watching their former Stalinist rivals being persecuted by McCarthy and Hoover.
The modern Republican party is a coalition of a kleptocratic tendency, a religious tendency and the neo-imperialist militant tendency. The kleptocratic tendency of Tom Delay, Abramoff, Ney, Lewis, Steven &ct. &ct. hates John McKeating Five as a hypocrite who climbed out of his own cess pool The neo-imperialist militant tendency is focused on starting a war with Iran. And the religious tendency has finaly realised that Lucy is always going to pull the ball away at the last minute.
Those newsletters were not written by him, he doesn't know who wrote them, and he does condemn them.
Untrue.
He was challenged on the newsletters when he stood for Congress the second time. At that time he did not deny ownership - he was not going for national office, racism is not a problem for a GOP candidate in Texas.
He only denied the newsletters this time round. And the denials have been less than complete. The only explanation is that he is a liar as well as a race baiter.
Ron Paul published the newsletters after being the Libertarian party presidential candidate. They were published for almost ten years. They were circulated to his supporters. The idea that he was unaware of their contents is an insult to our intelligence.
Slashdot Mirror
One of the most basic tasks you could imagine - set file protections to make sure the kids could not view certain files. It sounds as if the ACL system should work fine, but actually it fails some pretty basic usability criteria regardless of platform.
Well that is the point of the exercise here, NSF trying to get money from Congress. But its more of an aspirational list of goals and the real problem is that the feedback system is out of whack.
You might imagine that either industry or academia would care about stopping Internet Crime, but what Industry actually cares about is making the numbers at the end of the quarter and the best way to do that is to make your bank, business or other crime target a less attractive target than the business next door.
Academia is meant to do basic research, but the measurement of production is minimum publishable units, publish or perish. And to get a paper published it has to be novel rather than important or useful. So we know how to do secure email in principle but nobody uses it in practice - across the Internet at least. The academics never quite finished the job and the incentives are not quite right for industry to be bothered.
Often an academic will solve a problem long before it is understood to be a problem. By the time the problem is recognized and the time is right to finish the job and make it useful the field has moved on. Nobody is going to get the credit for pointing out that Fred proposed a solution for a problem twenty years ago.
Most academic papers in info security are describing solutions to boutique cryptographic puzzles. Real world constraints are irrelevant. So at FC this year there was a paper that started with the idea of stopping counterfeiting of currency by printing barcodes on the notes. Good, interesting. The scheme then involved people scanning them with their cell phone camera. WTF ???? Wrong problem, the challenge the fed is trying to solve is to spot the introduction of fake notes quickly, they can do that with scanners in banks. The banks can be persuaded to install scanners but no consumer is going to spend time scanning their change at the convenience store with a cell phone.
Ever heard of social engineering?
Seriously, what is securing cyberspace if not a people problem? The machines don't cause the problems, people do.
Securing cyberspace is easy, building systems to secure cyberspace that users can actually use is the hard part. People have been telling me to get a Mac as the solution to all my usability problems for years. So today I bought one.
OK so the Mac is nicer in many respects, but mostly as far as I am concerned on the hardware package side than the software. But the security usability is no better. None of the assistants in the shop were able to solve the simple security tasks I proposed. Which is good for me I suppose since there would be no point in trying to solve an already solved problem.
Now securing the fifty year old banking IT system, now that is much harder than securing the Internet, and that is the system the criminals are attacking because that is where the money is.
No, I mean by a person of ordinary skill in the art. It was public knowledge when the patent was filed.
The FSTC electronic check project started way before I came to the US in 1995. I really don't understand how the patent could possibly be granted, the prior art was known to pretty much every specialist in banking security in the 90s. I attended a whole series of presentations where folk from the banks posted pictures of the planes flown by the Federal Reserve and said that the system was broken.
We should not be paying $1 billion as taxpayers for a patent invalidated by prior art that anyone in the field would have known about.
My House rep is Markey (or rather he would be if I had a vote). I will call his office in the morning and ask if they are going to have hearings. This is broken.
The objections are irrelevant in this case. If a party writes a contract, covenant, deed or other legal document that could be reasonably misinterpreted the ambiguity goes against the party that wrote it. That is why lawyers try to get the other side to draft contracts, its less risky.
Since we are talking patents here the enforceability of the patent is an issue. Given the nature of the problem I somewhat doubt that if the patents are enforceable against OOXML implementations that they would not cover ODF as well.
Microsoft's general approach to patents has been to 1) assert that company A infringes its patents, 2) sign a cross licensing deal with company A in which each company gets access to the patents held by the other 3) write company A a large check being the balance owed.
Of course it is quite possible that Microsoft might start demanding royalties at some point in the future but at this point they seem to care a lot more about not being sued than actually raising net revenue.
Nope, not close.
Good will appears on the balance sheet as an asset when a company buys another and pays more than the value of the fixed assets. So if company A buys company B for $100 million and company B has $10 mill worth of equipment (machines, desks, etc) the $10 mil is added to capital and the $90 is credited as goodwill.
It is a real asset as the goodwill can be used to offset profits for tax purposes.
In SCO's case I would have a really hard time believing that the goodwill should still be counted as an asset. SCO has no real ongoing business except litigation. Bankruptcy pretty much destroys any claim they could make for business continuity. So they should probably report the goodwill as a loss.
We are still waiting for the second down here on earth.
Yes the idea that the life on Mars is all off looking for the remote would be so much more believable if they had like found a TV or something.
That is not the case. For the past century or so the Congress has not needed to use its inherent powers because the executive has performed these actions.
I bet it would be one helluva gunfight to watch DC cops battle it out with Secret Service.
Why would the Secret Service be providing protection to Miers and Bolten?
If the administraton attempted to block the arrests it would lead to impeachment proceedings during the election. Last thing that McCain wants is to have people reminded that he is a member of the Bush-Cheney party.
Its a House contempt proceeding so it would be Livingood's office. He does not have to do it himself, he has a staff. They are trained cops or secret service. They have guns and stuff.
The potential for this to all spiral out of control is quite significant. The Whitehouse is determined not to budge an inch. The House have every right to demand answers to their questions.
The Republican party can hardly want this particular fight to be taking center stage, reminding voters of the odious Mr Bush they hate while Mr McCain is trying to distance himself as far as possible from Mr 30%.
If there is a trial in the House the Democrats would be well advised to start the fall session early for it. Start the first day after Labor day.
It proves nothing of the sort.
The Republicans made a series of complaints about the failure of the archive system that was meant to have archived mail from the Veeps office during the transition from One Per Desk to Exchange. To give you some perspective here, the OPD system was an X.500 OSI mail server gated to the Internet through another system. They had a system in place that was intended to archive all the emails but failed in a way that corrupted the data. They then spent 18 months recovering the data. No evidence of wrongdoing was uncovered as a result.
The question at issue in that instance was the question of whether the vice president was soliciting funds in a federal building if he was to make a fundraising phone call from the Vice President's official residence.
One question at issue here is whether the Attorney General, the President and his staff conspired to pervert the course of justice. Amongst other means by corruptly soliciting unsupported prosecutions of political opponents and by corruptly suppressing prosecutions of political allies by terminating the employment of the prosectors working on their cases. In every case the prosecutors who were fired had either brought a prosecution against a major Republican party figure (Cunningham, Ney), were about to bring a prosecution against a major Republican figure (Jerry Lewis) or had refused to bring trumped up prosecutions of Democrats on ballot rigging charges. All the GOP cases brought against Democrats on those particular charges were since dismissed. There is one outstanding case where a Democrat was convicted in a case where the judge appears to have been corrupt as well.
Another question at issue is how the country was got into a war that has cost $2 trillion, 4,000 US servicemen's lives on claims that have since been found to be utterly untrue.
It is not just the emails that have disappeared. The executive branch has invented a new doctrine whereby it is no longer accountable to Congress.
There are no criminal sanctions for breaking the Presidential Records Act but there are political sanctions and there are criminal sanctions for lying to Congress or refusing to testify to Congress. Today two members of the administration were held in contempt by Congress. If as it threatens to do, the Administration refuses to prosecute we might well see the first use of inherent contempt in living memory. Under the Constitution the House can order the Sargeant at Arms to arrest the contemnors and bring them to the House to testify.
Looks like that is a little more serious than anything that was ever claimed, let alone proven during the Clinton years.
Thats not true at all.
The Massachusetts dictat that all departments had to change to open office forthwith was not a matter of choice, it was an order from the IT dept that was widely praised on Slashdot and elsewhere.
I don't like central control by IT departments. They get it wrong far too often. They choose products according to features that they like which are typically irrelevant to the end users.
The reason that the Web took off at CERN was that CN division operated in classic MIS dept. fashion, dictating the use of an obsolete, IBM mainframe to aggrandize its own power. Tim only tells one half of the story, the CERN phonebook was available online before the Web came along - but only on CERNVM which ran a dreadful botch of a DIY operating system CN division cobbled together. The Web made it possible to bypass CERN-VM entirely.
This is about giving 'freedom' to an abstract set of people by forcing a particular office suite on actual people. Its a rather Trotskyite view of revolution as far as I am concerned.
That depends on who is optioning the film. Producers will frequently option a film for a relatively small amount of money and then hawk it to various studios. The studios then option the producer's option. In some cases there is the right to extend the option.
I don't know what the Tolkein contract was but we might find out if the suit goes ahead. But I do beleive that there was an expiry date and that it is comming up relatively soon, that is one of the reasons the film finaly got made.
What is pretty certain is that the original contract included a royalty on the net profit. The sum paid for the rights was only 10,000 pounds which was peanuts for a bestseller even in 1969. The difference was that in 1969 the studios had not begun systematically cheating actors and authors on the net profits.
Part of the background to the case is the fact that certain rights to the Hobbit expire in 2009. That is why New Line have to start principal photography on the Hobbit soon. The rights to the Hobbit have been around so long that they are fractured, different companies own the production and distribution rights.
No you are not, you have not got the slightest interest in implementing this specification regardless of whether it is fully documented or not. This is simply a game that the Slashdot community is playing.
The real issue is that people think they can force government IT depts to stop using word by preventing OOXML being declared an ISO standard.
I oppose this because I don't like the idea of top down dictators deciding what tools people use. This is not about free choice for the user, its all about ramming Open Office down the government employees throats whether they want it or not.
That is not what standards are for. If a tool is good there is no problem getting people to use it. The Mozilla folk have no problem getting people to use their product voluntarily.
In itself a standards designation, particularly an ISO designation means absolutely nothing. OOXML has an ECMA designation, that is plenty. There is not a single IETF Internet standard that has an ISO designation although this is possible in theory. All an ISO designation means is that people have to pay for the standard in future. Thats the same whether its OOXML or ODF that gets an ISO designation, transfer of the copyright is a mandatory part of the process.
Perhaps not, but there are certainly gratuitous hacks like that in plenty of IETF specs. FTP has an enormous amount of crud devoted to ASCII/EBSDIC issues, to the point that the default mode for FTP MUST be character mode and image mode is an explicit switch. Its completely unnecessary and broken of course but it goes on all the time.
That is exactly the sort of thing I would WANT to see in a 1.0 version of a standard, and hopefully those exceptions would be deprecated and replaced over time.
Describing the current state of affairs is definitely a best practice for standards writing. If you have the constituency then its fair to ask for an accomodation.
Standards are not an exercise in abstract perfection.
Quite, and the idea that the objections of some anti-Microsoft zelot are objective proof that the standard is satanic evil is ridiculous.
The fact is that there are plenty of duplicate standards. I have written for both sides of several standards wars. If people are happy with one standard, fine. If people would like more than one thats also fine.
OOXML and ODF are both thin veneers on particular application products. There is nothing wrong with that. HTML is also a document standard.
I must admit that I was suprised that the studio apparently gave no thought given to the Tolkein Estate interest in the tie-ins. The original contract was pre-Star Wars. They bought an option on the film rights, not the merchandising. Merchandising did not exist in 1969.
Jackson himself only got paid after he sued New Line. And then New Line refused to hire him for the Hobbit in retaliation.
Its not just that the people are crooks, they are stupid crooks. They kill the goose that lays the golden egg.
Tolkein sold the rights to the film version of TLORT to pay a tax bill. At the time the film could not have been made, the technology didn't exist to do it well on a realistic budget.
What New Line seem to have forgotten is that the contract had a royalty clause. They probably forgot because its stated in terms of profit and everyone knows that the films never make profits after the Holywood accounting and the California courts are owned by the studios.
Only problem is that the contract was signed in the UK and UK law does not favor the studios on this.
This is hardly a new issue, its been a significant concern for at least a decade. One of the problems with dealling with it was that for many years the mere mention of Key Escrow had people screaming about black helicopters.
Key escrow is neither necessary nor desirable for communications security. You use session keys, preferably with a round of Diffie Hellman to provide perfect forward secrecy and protect against kelptographic attacks. But for storage encryption it is all a matter of how you keep the keys safe.
It isn't that difficult to do, you simply make sure that keys are backed up in multiple places and are governed by separation of duties and multi-party control. The VeriSign Certification Practices Statement provides a complete primer in how to do this properly.
Marc's 128 bit encryption used a random seed with 24 bits worth of ergodicity. So it was only 24 bit secure.
And SSL 1.0 had no integrity protections whatsoever, which would have been pretty bad even if he wasn't using a stream cipher. So even if he used a 256 bit cipher it would have been broken.
What makes you think this is my only Slashdot id?
Oh and in response to the AC in the other thread, no my job title is not CTO but I do report to the CTO. Nor am I aware of any occasion where I have ever discussed the results of deep inelastic scattering experiments at ZEUS on Slashdot or any other forum.
Because they have like six Turing award winners working for them including Butler Lampson? Of the top fifty people in network security you will find about a quarter work for Microsoft, more than for any other company, including IBM, RSA and VeriSign. They have the cash and they use it to buy the best.
Microsoft's problem is that you can't buy your way out of a shitty legacy code base in a short space of time.
Microsoft changed the RNG code to take advantage of hardware that provides a true random number generator. This was pretty much a no-brainer. Support for the AES modes is probably there so that they get some FIPS certification or other.
It is entirely believable to me. Back in 1995 I told Marc Andressen at Netscape that he had a serious problem with the random number generator used to choose session keys for SSL. There was simply not enough randomness going in for there to be 128 bits going out.
Marc had every reason to listen to me, I had broken SSL 1.0 in ten minutes when he tried to demonstrate it at MIT. But it took several weeks to drill the problem into his thick skull.
So they eventually asked me for a description of how to do the thing right.
A year later the exact same bug was discovered independently. By this time they had hired some competent crypto people. I spoke to Taher about the problem later and his explanation was that they found the design note on the PRNG which was so comprehensive that they didn't think it necessary to check the actual code.
Interestingly enough the ne-cons who have hijacked the party turn out to be 'ex'-trotskyites. Irving Kristol, Poheretz and co, the founders of the neo-con club were all Trotskyites back in the day. Kristol once published a rag called 'millitant'.
Understanding that one simple fact explains so much of the past seven years. People change their abstract political goals but only rarely their political outlook. Left wing utopians with grandiose ideas become right wing utopians with grandiose ideas. Like the Trotskyites the neo-cons are long on rhetoric and rather short on practical understanding of the world. The world bores them, it fails to fit into their ideological confections.
The McCarthy years were good ones for former Trotskyites, they might have abandonded their leader after he died from ear-ache but they could still enjoy the shaudenfreude of watching their former Stalinist rivals being persecuted by McCarthy and Hoover.
The modern Republican party is a coalition of a kleptocratic tendency, a religious tendency and the neo-imperialist militant tendency. The kleptocratic tendency of Tom Delay, Abramoff, Ney, Lewis, Steven &ct. &ct. hates John McKeating Five as a hypocrite who climbed out of his own cess pool The neo-imperialist militant tendency is focused on starting a war with Iran. And the religious tendency has finaly realised that Lucy is always going to pull the ball away at the last minute.
Untrue.
He was challenged on the newsletters when he stood for Congress the second time. At that time he did not deny ownership - he was not going for national office, racism is not a problem for a GOP candidate in Texas.
He only denied the newsletters this time round. And the denials have been less than complete. The only explanation is that he is a liar as well as a race baiter.
Ron Paul published the newsletters after being the Libertarian party presidential candidate. They were published for almost ten years. They were circulated to his supporters. The idea that he was unaware of their contents is an insult to our intelligence.