Before addressing the technical issues this appears to be a really whiny sort of complaint. I suspect that the real issue is that the poster wants to force the rest of the world to support his eccentric choice of DNS root. This strikes me as an invented difficulty rather than a real one.
Your problem is not one that HTTP or the proxy spec was designed to cover. When we developed HTTP the issue of ICANN did not exist. I certainly don't think it unreasonable for a proxy code writer to assume that users are using the Internet DNS system. If you want to do things different you should expect problems, that is the way of the world.
The host name header was introduced as a hack to alleviate the problem of IPv4 address exhaustion. There is actually a good reason for the proxy to dereference the DNS name itself since then it can do load balancing amongst http servers if the client does not.
The proxy might also be using a new enhanced http protocol and so it is pretty important that it be able to access the DNS NAPTR records for the service and do the appropriate mapping.
One way to address the problem would be to change the host header so that it has the alternic prefix to the dns name, if porn.xxx is an alternic name one would assume that there is a name something like porn.xxx.alternic.org that resolves in icann space. If you want to use non standard DNS configurations expect to have to patch applications.
Proxy caches were really important in the early days of the web and still are for certain congested links. In the main however the content providers use techniques that mean that caching is very much less useful than it once was. Most content is active these days so it is only the images that cache well.
I guess I have to live with this until the government one day realises that proxy servers cannot stop the people from viewing pr0n, and it's probably not worth maintaining the proxy servers to meet the demands of all the net users in Singapore, not to mention maintaining the list of sites to block.
The Singapore government is probably more concerned about stopping people accessing the numerous overseas sites run by the opposition movement. For those that don't follow Singapore politics it is one of those countries where the government brings specious lawsuits against opposition politians and elections are run in the manner of the old Soviet Union.
Of course since it is a capitalist pseudo-democracy this rarely gets comment in the western media. When it does the government has sued for libel under its mickey mouse libel laws in its kangeroo court system.
All phone calls made in Singapore are tapped and the government analyses the telephone call logs to see who is talking to whom. Its kinda the state that Ashcroft would like.
Have you ever configured IPSEC connections, particularly accross platforms? The most cross platform methods are x509 certificates and preshared keys. Neither method is viable to distribute among everyone.
I have, it is entirely practicable, with the right infrastructure support. However the probability that the destination supports IPSEC today is so small as to be negligible. And IPSEC would certainly not help someone who insisted on using an alternative root.
IPSEC wasn't ever meant to be used for oppurtunistic encryption applications (like https, ssh, etc), but to establish connections on a more long term basis that would be used for arbitrary protocols, not such common ones.
No, IPSEC was designed for exactly that case, it just happened to be deployed for VPN. IPSEC was started ten years ago, long before SSL was developed.
I have some sympathy with the article author, but not when it comes to the MIME issues. I have written plenty of IETF and other standards, I know the value of going through a standards process, however the IETF is not a place to do research, it is a place to standardise and improve existing protocols. The idea is that you start from code.
Breaking MIME is not something I would (do) lose sleep over. People in the MIME community screamed at us when we had the temerity to introduce the text/html content type, rather than use application/binary. They were completely obstructionist when it came to insisting on 8-bit clean transport for HTTP. In the end we treated them as damage and routed around them. HTTP uses several headers that the MIME people villified.
The functional issues raised are significant and it would be good to see them addressed. In particular using the subject line is pretty lame. Either you want the encoding format to be completely independent of MIME or you don't. I think that MIME independence would be the better route since then it would be easier to move to a more modern protocol such as BEEP. But using magic numbers and MD5 inside the encoding does not seem like a bad move.
The more interesting 'meta-point' however is that tweaking the encoding format is only scratching the surface when it comes to fixing UseNet. The main problem with USEnet is that it still has to route every single article to every single node whether it is going to be read or not. While the flood fill routing was a good scheme when NNTP was developed and the number of nodes was small it is needlessly wasteful now that we have hundreds of thousands of NNTP servers, it is just not necessary to have that level of redundancy to route arround censorship.
What killed VMS was not DEC, but Unix - mostly Sun. Their stuff was 10x as fast at 1/10 the price, so people bought Sun instead. DEC was never really able to adapt from the closed proprietary business model to the open commodity business model
The price performance was never quite that extreme, SPARC was about double to tripple the price performance of the equivalent VAX workstation when it first appeared.
The thing that killed VMS was not UNIX, it was RISC. People moved to Sun in spite of UNIX, and for that matter in spite of Sun's quality control. In those days, interms of reliability SunOS was to VMS what Windows 3.1 was to AIX.
Incidentally, DEC was a very early member of the UNIX club. The first virtual memory UNIX was developed on a VAX. It is a pity that Thomson et. al. were so determined to learn as little as possible from the design of VMS.
In the very early years Sun attempted to license VMS. DEC refused, claiming that it could not be ported because of the dependency of VMS on a couple of fairly specialized processor instructions, like remove from head interlocked and the security ring instructions.
The reason DEC was so far behind Sun in the first place was that their bean counters axed the PRISM project that was meant to built the successor to VAX and VMS. Dave Cutler left DEC for MSFT and vowed to force DEC to buy the O/S they could have had for free - whats more he did exactly that. When the Alpha chip appeared much later than SPARC it was named AXP or Almost Exactly Prism as insiders call it.
WNT is not VMS but it has most of the best features of VMS and is the type of thing you might build if you were designing a sucessor to VMS but did not need to have backwards compatibility.
There are a bunch of late VMS features that WNT is noticably lacking, in particular the transactional file system. Hopefully we may see some of that appear in OFS. What is disappointing about WNT is that many of the interesting O/S features are sumberged in low level APIs. It is possible to do VMS tricks like ASTs but you have to really know the layout of the O/S.
Unfortunately there is no guide that compares with the Digital VMS architecture manual.
Not to troll, but a lot of Microsoft's innovations are actually recycled ideas that've been around for years. No, really, not to troll - I'm glad they've taken certain ideas from Unix.
But none of the 'innovations' you cite came out of UNIX. The closest one would be Kerberos, but even that was conceived from day one as being independent of the O/S. MIT has developed enough O/S to know that there is more than one.
UNIX was not an O/S with lots of innovative features, the main innovation was the idea that most of the O/S could be written in a high level language. Most of the advances in UNIX consisted of removing unnecessary junk from Multics or ITS.
UNIX was not the first O/S with symbolic links, it was however the first where the feature was widely used. There is even a way to create symlinks in VMS, although you have to go through an API to do it.
Re:Government's job to spur Broadband interest???
on
More Details on the CBDTPA
·
· Score: 5, Insightful
Sen. Hollings says the reason broadband isn't as popular today as it should have been is because media giants are afraid to provide large quantities of digital content to the masses over it
Hollings knows that his bill is desperately unpopular and is looking for a disguise. I suspect that by now the US public knows that a bill labelled 'bill to do good things for old people' is most likely a bill to rob them of their social security, half their pensions and medicaid.
The key points to keep repeating are
The car industry gets ten years or more to introduce safety measures like seat belts and air bags. This gives the computer industry a year to introduce measures whose only purpose is saving the pockets of Holling's campaign contributors.
The measure would have serious negative consequences for the computer industry. There is no royal road for security technology, or a congressional one for that matter. It has taken ten years to develop specifications for IPSEC and DNSSEC and they are only just being deployed. PKIX/X.509 took ten years to see significant use and it has taken the US govt a further five to develop technology to deploy in the federal govt.
The SDMI scheme was proposed with a similar timetable and the unrealistic schedule was one of the (admittedly many) reasons it failled. The decision process rejected any technology that could not be on the shelves by Xmas. The inevitable result being that only snake oil technologies ended up being considered.
All content protection mechanisms are encumbered by patents. Most are encumbered by multiple patents. While most of the patents are bogus the proposed bill would put the computer industry at an unfair disadvantage to the patent trolls who would be unjustly enriched at the expense of industry and the public.
Existing content protection schemes such as the CSS scheme used in DVDs have been abused by the content owners, in particular to enable the price of DVDs to be artifically increased in certain markets.
The biggest argument against the Hollings Campaign Contributors Interests Protection Act (HCCIPA) is that it is largely addressing a problem that is being addressed successfully in the courts.
Napster's original business model based on promoting piracy was dismantled in short order by the courts. Morpheus and the other commercial piracy rings have been forced to bundling scumware with the product to make a buck. Morpheus' current business model appears to be based on redirecting referals to Amazon's affiliate program.
The RIAA and MPAA are overreaching here. Instead of asking for a rational extention of the DMCA to address piracy networks they are making a naked grab for their self interest.
Yea, I was surprised at Murdoch's decision too. Like you said, he, along with just about everyone on FoxNews, is conservative. They also don't get along with Disney.
Murdoch is very consistent in his politics, he is a selfservative. He serves his own interests to the absolute exclusion of all else.
Murdoch has supported left and right wing governments, for a price. The price being carte blanche to do whatever his self interest demands. He has consistently demanded that anti-trust laws be dismantled as far as they apply to him. He has been campaigning against the EU for years out of fear that it would not submit to his regulatory demands.
Murdoch is not against regulation of course, only those that don't serve his interests.
I don't know why people have such difficulty believing that conservatives who praise the persuit of self-interest believe in what they preach. Their self interest, not yours, their tax cut, their corporate welfare, their regulations.
I'd thought that SRP wasn't patented, and the whole purpose of its development was to get around the EKE/SPEKE patents. If it's encumbered by different patents instead, well, thanks a lot dude:-(.
One of the bastards that owns one of the other patents sent a patent troll letter to the IETF.
It's really isn't feasible to get rid of BASIC once BASIC is in a lot of browsers.
It wasn't when I wrote the spec, a week after they did BASIC. What happened was that they told me they were using RSA, then they found the patent issues were going to be too much of a problem and they did BASIC without actually mentioning the change of plan to me.
The problem was that the people writing the code knew enough about security to be dangerous, but not enough to be useful. They had heard the UNIX encrypted password file argument and were applying to an inappropriate context. It was cargo cult security, slogans not thought.
One of the main design issues for DIGEST was to eliminate BASIC from the spec entirely. There is no place for a spec that sends passwords en-clair.
The problem is that most people, myself included share passwords across uses. I have something like 200 active authentication points, there is simply no way that I could remember 200 separate passwords if I tried. I have three passwords that I use for high medium and low security. But most people happily share their corposrate password with their WareZ site password.
Although passwords inevitably involve a certain degree of information sharing, DIGEST is dfesigned to ensure that this is minimized. If you give a password to a site and the site is compromised the information stored in their database does not compromise any other site.
The main problem with mechanisms such as SRP is that they are all aledgedly encumbered. The patents are also fairly new.
Digest authentication was a kludge on top of HTTP basic authentication (which sends the naked password in the clear) designed at a time when SSL was scary and complicated and there were no free SSL web servers.
SSL did not exist when I invented the Digest mechanism. The problem was the patent on RSA and Diffie Helleman.
Digest was invented for one reason and one reason alone which was to provide a replacement for BASIC and avoid sending password in the clear.
Microsoft implemented Digest first, but Netscape refused. This was before they hired a credible security person. They believed that sending passwords over the internet en-clair was a less important security issue than protecting the authentication information in the Web server storage.
Microsoft removed Digest from IE in IE4 as Netscape refused to implement. Then the IETF stated that HTTP could not become a standard if it sent passwords en-clair at which point people pulled the draft out again.
Removing Digest from IE was not a big issue for me since if only Microsoft was going to implement the standard they might as well use the NT password authentication scheme.
The dictionary attack issue is important, but it was not possible to address it given the state of the IPR at the time. If Diffie Helleman had been available I would have designed the protocol entirely differently. It would have been possible to address security of the auth data on the wire and in storage.
For passwords that need real security, use mod_ssl [modssl.org] instead, which is easily added to Apache 1.3 and comes with Apache 2.0 by default, and do basic auth over SSL so the whole HTTP stream is encrypted including the password. HTTP digest authentication's security is sort of halfway between HTTP basic auth and HTTPS basic auth.
Actually I would recomend Digest over HTTPS. The problem with BASIC is that you have to trust the end point, that is fine if the application is such that the application justifies buying a certificate or securely distributing the point of trust.
More generally however I would suggest people look at our more recent work in SAML (security services at www.oasis-open.org)
Hmm, that proposed levy on blank CDROM media seems to be having all sorts of unexpected results. Didn't think magnetic north was that much into Napster.
Seriously, there is a periodic flip of the magnetic poles and it is not impossible that we might see the North Pole head south sometime within our lifetimes.
Of course with GPS this will probably matter a whole lot less than it once did.
What else is peer-to-peer software silently borrowing?
There are a bunch of overlapping issues here. One is the politician problem. Many people want to vote for politicians who are going to serve their personal self-interest best. This raises the problem that the self-interest of the politician is rarely that of the voters, particularly if they are elected. So politicians who make a bid for public support on the basis of self interest alone are likely to believe what they preach and serve their personal self interest exclusively.
The problem of spyware appears to be almost unique to P2P software. This might be coincidence, P2P just happened to get hot at the same time that the Internet bubble burst and Internet business models turned Hobbsean. On the other hand it appears more likely that people who write software whose primary purpose is to help people steal music have no moral qualms about exploiting their users as well.
A second set of problems comes from the fact that P2P pretty much cuts itself off from most of the traditional Internet business models. Post Napster no P2P company can make money from any business model that requires them to maintain a central server or long term business relationships with other companies.
The thread contains many posts that attempt to dispute the claim that Morpheus is doing anything bad. The debate tactics used suggest that it is FUD from the Morpheus self justification dept. There are plenty of posts saying 'the poster hasn't read the article, Morpheus is not stealing referals', only that is precisely what the article accuses Morpheus of. This is not about collecting information about users.
On the legal side I don't imagine that this is a sustainable business model. There is no way that Amazon and the other companies are going to want to pay people for intercepting referals from other sources. Depending on the circumstances if an affiliate is collecting money by misrepresentation the actions may constitute fraud.
The other main issue is of application security. Here the only significant difference between Linux and Windows is that Windows being more popular makes it a more attractive target for scumware. Linux has to consider the problem since if Microsoft develops a defense the scumware folk will attack Linux next on the 'bear principle' - I don't have to outrun the bear, I just have to outrun you.
There is a hook in IE to disable all third party plug ins. The problem is that this is the big switch approach. What there should be is the ability to select which plug ins are enabled. Windows really should not have so many under the covers switches for installing software. I recently found that one of my machines had been infected by comet cursor, I have no idea when. Checking the Windows registry to find out if you have spyware reminds one of Arthur Dent's difficulty finding out about the plans to build a bypass through his house.
The problem with the big switch is that Adobe Acrobat is pretty useful. Macromedia flash is also useful in limited circumstances. I like the animations on Slate, but the new breed of annoyance ads have led me to disable it. There sholuld be a switch to allow plug ins to be enable on a site by site basis. Unfortch, the security zone mechanism does not do this as yet.
I seriously doubt anyone is stupid enough to pull those kinda tricks when their mind is clear.
Actually it is the sort of defense that someone tries because they are too clever by half rather than because they are stoned.
The basic problem is that he thinks that the court is like a computer system and he can fool it by literalist interpretation of rules. That is how a lot of hackers work, they work out the rules and they attempt to manipulate them.
In fact the law at its best does not mindlessly enforce rules, it looks for the justice behind the rules. If you go to a judge and say 'my name is spelt wrong' the issue that the judge cares about is whether you are the person referred to in the document, not whether the spelling is correct. It is possible that in some circumstances the issue might be genuinely important, for example there really is a case of mistaken identity.
As far as hacker behavior goes it is not at all unusual for someone to think that they are the only smart person and everyone else is stupid. It is also not unusual for hackers to think that they have the right to protection by the courts while being imune to any action the court might find against them.
Tony Hoare said much the same thing about 15 years ago. I think it was his ACM lecture accepting the Turing award where he said that lines of code per day should probably count against the programmer. Come to that 'The Mythical Man Month' said much the same thing.
I don't think anyone has ever claimed lines of code per day is a useful or meaningful measure, except of course for pointy haired bosses.
I don't care what you think IBM 'told the world', it didn't happen. Just because PS/2 and OS/2 share 75% of their characters doesn't mean they're tied together.
The IBM VP in charge of the PC product line served notice that OS/2 would only support Microchannel in future releases, that IBM would 'eliminate' the clone manufacturers.
I am sorry, but calling people shills does not support your case. The fact is that when the industry decided to go down the Microsoft route it did so for tactical reasons. We knew we could not trust IBM, they had shafted the computing industry for thirty years. IBM only got out of the anti-trust case in the end for the same reason Microsoft got off - the case was dismissed by an incomming Republican president as a campaign pay off.
This is bullsh*t. Lotus and WordPerfect were doing everything they could to get their apps working but for SOME reason the API info they were given by Microsoft just didn't seem to be right!
Who told you that porky?
Mitch Kapor himself complained that the Lotus management failled to develop the GUI version of 123.
At the time Microsoft was aggressively courting Lotus and Wordperfect because support for those apps might be critical in deciding whether OS/2 or Windows won. Both refused to back either camp until there was a winner.
What they found out when they tried to catch up was that design of a GUI version of their apps turned out to be more of a drastic change than they expected. Microsoft meanwhile had been designing apps for the Mac for years and knew what was required.
The 'Microsoft keeps the API's secret' is the favorite excuse of bad engineers.
has found a click thru license that has been upheld in court. They can demand all kinds of things but what the courts let them get away with is entirely a different matter
Err not quite, there is one case although the precedent is fairly weak, the case was pretty narrow and was not appealled. The case involved a CDROM with telephone numbers on that would not be copyrightable as a mere aggregation of non copyright data. The court held that the shrinkwrap license established a contractual agreement not to copy the data, although the precedent is weak since there were other issues involved.
Also in the DeCSS case the existence of a shrinkwrap license was considered significant, although it was not decisive in that particular case.
That is beside the point in this case however since the clause would probably constitute an illegal restraint of trade if interpreted as in the article. Also the courts are much more willing to interpret clickwrap as establishing the type of copyright protections that they are used to in other media, than they are to allow the introduction of extraneous terms.
Windows 95 didn't kill OS/2, the apps did. The apps wouldn't run on OS/2, so people had to use Win95 even though it was less stable
Err, what apps? When Windows 3.1 came out all you got was a pretty GUI interface to start your character cell based program. Lotus, Wordperfect and co were both sitting on the fence waiting to see whose GUI O/S would win the battle.
Ten years ago IBM was considered the big monopolist threat in both hardware and software. When OS/2 launched IBM gleefully told the world that it intended to tie the O/S to its increasingly proprietary hardware systems.
Microsoft offered the hardware manufacturers a GUI O/S that was not controlled by a competitor. They also cut through the problem of waiting for the applications by writing their own GUI wordprocessor etc.
Microsoft presents something similiar on the CeBit. It's called Mira and is a hybrid between a PDA, a Webpad and a PC.
Yes, and to save folk reading the rest of the thread, most of the posts consist of 'Philips did't invent this, Microsoft had the idea first'. Then folk remember that its slashdot and Microsoft isn't meant to have any good ideas at all, not ever.
I have been wanting one of the tablet PCs for a couple of years, ever since they were first shown. This particular device looks like it is low end, or rather low power consumption.
I bought a Wacom graphics tablet last week to see how good the Office XP handwriting recognition is. It certainly appears to be better than it was a couple of years ago when I bought a crosspad. Although I did find the tablet somewhat disapointing, the driver didn't load on XP and there was no way to turn down the sensistivity of the tablet to something useful. What I really wanted was to be able to dedicate the tablet to handwritten input, what the driver insisted on doing was taking over the mouse functions.
Now if someone would make a tablet PC that was waterproof I could use it in the hot tub.
As every good capitalist knows, massive failures prove the resiliancy of our system. "
But Enron and such are not failures of the capitalist system, they are failures of the Texas crony capitalism system. Want to bilk your employees and shareholders with phony accounts,? well no problem, for a modest campaign contribution we can give you an exception to the burdensome regulations that require you to publish honest accounts.
Sirius is trying the same thing that Enron did. They did a shoddy job on the technology side and now they want to fix it by having the government regulate them out of trouble.
Not only is the article slashdotted but it is cut into 10 pieces and finding it in the google cache is a real pain.
If slashdot are having difficulty with their ad revenues why don't they offer to send their readers off to sites in return for a cut of the ad revenue?
Iridiums first line of failure was that they had no infrastructure capable of actually selling the phones!
A couple of years ago I tried to buy CDPD service off ATT. I could not find the product on their Web site. None of their sales reps knew it existed. I tried asking the VP who launched the product, he could not even connect me to a salesperson.
It is pretty amazing that there are so many companies out there who have the mentality of not releasing their price list except under NDA when they are essentially selling to consumers. Problem with that approach it you start the customer relationship by telling them 'I am going to take you for every penny I can'. Not good, and for that matter not really useful because the only rational purpose behind concealing your prices is in practice if you know you will be giving deep discounts and don't want your customers telling each other what they got.
This is the reason that Priceline is a niche player rather than the future of airlines. We had the priceline principle for retail sales for centuries, it was called haggling. Priceline simply substituted a different method of extracting maximum value from the consumer for an otherwised damaged commodity, the dutch auction.
It is Professor Steve Mann (http://eyetap.org/mann/), one of the first inventors of a *real* wearable, and a downright cool guy. I didn't know he had any implants- does anyone have any more information?
Reading the article Mann sounds to me like he was being a complete jerk. In the first place the prices he puts on his equipment sound rather inflated. Just because you spend $500,000 developing a prototype does not mean that the prototype is worth that amount.
Second, the ability to pass through airport security unmolested would appear to be a necessary boundary constraint his technology has to meet if it is going to be viable. The claim that his wearable computer is sensitive to X-ray sounds to be more of an ego thing than a reality thing.
I travel with quite a bit of expensive gear, but it all goes through the standard security.
Mann was having trouble in Canada, not exactly a country where cops have a reputation for habitually arrogant behavior.
Slashdot Mirror
Your problem is not one that HTTP or the proxy spec was designed to cover. When we developed HTTP the issue of ICANN did not exist. I certainly don't think it unreasonable for a proxy code writer to assume that users are using the Internet DNS system. If you want to do things different you should expect problems, that is the way of the world.
The host name header was introduced as a hack to alleviate the problem of IPv4 address exhaustion. There is actually a good reason for the proxy to dereference the DNS name itself since then it can do load balancing amongst http servers if the client does not.
The proxy might also be using a new enhanced http protocol and so it is pretty important that it be able to access the DNS NAPTR records for the service and do the appropriate mapping.
One way to address the problem would be to change the host header so that it has the alternic prefix to the dns name, if porn.xxx is an alternic name one would assume that there is a name something like porn.xxx.alternic.org that resolves in icann space. If you want to use non standard DNS configurations expect to have to patch applications.
Proxy caches were really important in the early days of the web and still are for certain congested links. In the main however the content providers use techniques that mean that caching is very much less useful than it once was. Most content is active these days so it is only the images that cache well.
The Singapore government is probably more concerned about stopping people accessing the numerous overseas sites run by the opposition movement. For those that don't follow Singapore politics it is one of those countries where the government brings specious lawsuits against opposition politians and elections are run in the manner of the old Soviet Union.
Of course since it is a capitalist pseudo-democracy this rarely gets comment in the western media. When it does the government has sued for libel under its mickey mouse libel laws in its kangeroo court system.
All phone calls made in Singapore are tapped and the government analyses the telephone call logs to see who is talking to whom. Its kinda the state that Ashcroft would like.
I have, it is entirely practicable, with the right infrastructure support. However the probability that the destination supports IPSEC today is so small as to be negligible. And IPSEC would certainly not help someone who insisted on using an alternative root.
IPSEC wasn't ever meant to be used for oppurtunistic encryption applications (like https, ssh, etc), but to establish connections on a more long term basis that would be used for arbitrary protocols, not such common ones.
No, IPSEC was designed for exactly that case, it just happened to be deployed for VPN. IPSEC was started ten years ago, long before SSL was developed.
Breaking MIME is not something I would (do) lose sleep over. People in the MIME community screamed at us when we had the temerity to introduce the text/html content type, rather than use application/binary. They were completely obstructionist when it came to insisting on 8-bit clean transport for HTTP. In the end we treated them as damage and routed around them. HTTP uses several headers that the MIME people villified.
The functional issues raised are significant and it would be good to see them addressed. In particular using the subject line is pretty lame. Either you want the encoding format to be completely independent of MIME or you don't. I think that MIME independence would be the better route since then it would be easier to move to a more modern protocol such as BEEP. But using magic numbers and MD5 inside the encoding does not seem like a bad move.
The more interesting 'meta-point' however is that tweaking the encoding format is only scratching the surface when it comes to fixing UseNet. The main problem with USEnet is that it still has to route every single article to every single node whether it is going to be read or not. While the flood fill routing was a good scheme when NNTP was developed and the number of nodes was small it is needlessly wasteful now that we have hundreds of thousands of NNTP servers, it is just not necessary to have that level of redundancy to route arround censorship.
The price performance was never quite that extreme, SPARC was about double to tripple the price performance of the equivalent VAX workstation when it first appeared.
The thing that killed VMS was not UNIX, it was RISC. People moved to Sun in spite of UNIX, and for that matter in spite of Sun's quality control. In those days, interms of reliability SunOS was to VMS what Windows 3.1 was to AIX.
Incidentally, DEC was a very early member of the UNIX club. The first virtual memory UNIX was developed on a VAX. It is a pity that Thomson et. al. were so determined to learn as little as possible from the design of VMS.
In the very early years Sun attempted to license VMS. DEC refused, claiming that it could not be ported because of the dependency of VMS on a couple of fairly specialized processor instructions, like remove from head interlocked and the security ring instructions.
The reason DEC was so far behind Sun in the first place was that their bean counters axed the PRISM project that was meant to built the successor to VAX and VMS. Dave Cutler left DEC for MSFT and vowed to force DEC to buy the O/S they could have had for free - whats more he did exactly that. When the Alpha chip appeared much later than SPARC it was named AXP or Almost Exactly Prism as insiders call it.
WNT is not VMS but it has most of the best features of VMS and is the type of thing you might build if you were designing a sucessor to VMS but did not need to have backwards compatibility.
There are a bunch of late VMS features that WNT is noticably lacking, in particular the transactional file system. Hopefully we may see some of that appear in OFS. What is disappointing about WNT is that many of the interesting O/S features are sumberged in low level APIs. It is possible to do VMS tricks like ASTs but you have to really know the layout of the O/S.
Unfortunately there is no guide that compares with the Digital VMS architecture manual.
I would be suprised if he hadn't. Melinda is a LISP weenie.
Ever wonder who was in charge of Microsoft 'Bob' ?
But none of the 'innovations' you cite came out of UNIX. The closest one would be Kerberos, but even that was conceived from day one as being independent of the O/S. MIT has developed enough O/S to know that there is more than one.
UNIX was not an O/S with lots of innovative features, the main innovation was the idea that most of the O/S could be written in a high level language. Most of the advances in UNIX consisted of removing unnecessary junk from Multics or ITS.
UNIX was not the first O/S with symbolic links, it was however the first where the feature was widely used. There is even a way to create symlinks in VMS, although you have to go through an API to do it.
Hollings knows that his bill is desperately unpopular and is looking for a disguise. I suspect that by now the US public knows that a bill labelled 'bill to do good things for old people' is most likely a bill to rob them of their social security, half their pensions and medicaid.
The key points to keep repeating are
The biggest argument against the Hollings Campaign Contributors Interests Protection Act (HCCIPA) is that it is largely addressing a problem that is being addressed successfully in the courts.
Napster's original business model based on promoting piracy was dismantled in short order by the courts. Morpheus and the other commercial piracy rings have been forced to bundling scumware with the product to make a buck. Morpheus' current business model appears to be based on redirecting referals to Amazon's affiliate program.
The RIAA and MPAA are overreaching here. Instead of asking for a rational extention of the DMCA to address piracy networks they are making a naked grab for their self interest.
Murdoch is very consistent in his politics, he is a selfservative. He serves his own interests to the absolute exclusion of all else.
Murdoch has supported left and right wing governments, for a price. The price being carte blanche to do whatever his self interest demands. He has consistently demanded that anti-trust laws be dismantled as far as they apply to him. He has been campaigning against the EU for years out of fear that it would not submit to his regulatory demands.
Murdoch is not against regulation of course, only those that don't serve his interests.
I don't know why people have such difficulty believing that conservatives who praise the persuit of self-interest believe in what they preach. Their self interest, not yours, their tax cut, their corporate welfare, their regulations.
One of the bastards that owns one of the other patents sent a patent troll letter to the IETF.
It's really isn't feasible to get rid of BASIC once BASIC is in a lot of browsers.
It wasn't when I wrote the spec, a week after they did BASIC. What happened was that they told me they were using RSA, then they found the patent issues were going to be too much of a problem and they did BASIC without actually mentioning the change of plan to me.
The problem was that the people writing the code knew enough about security to be dangerous, but not enough to be useful. They had heard the UNIX encrypted password file argument and were applying to an inappropriate context. It was cargo cult security, slogans not thought.
The problem is that most people, myself included share passwords across uses. I have something like 200 active authentication points, there is simply no way that I could remember 200 separate passwords if I tried. I have three passwords that I use for high medium and low security. But most people happily share their corposrate password with their WareZ site password.
Although passwords inevitably involve a certain degree of information sharing, DIGEST is dfesigned to ensure that this is minimized. If you give a password to a site and the site is compromised the information stored in their database does not compromise any other site.
The main problem with mechanisms such as SRP is that they are all aledgedly encumbered. The patents are also fairly new.
SSL did not exist when I invented the Digest mechanism. The problem was the patent on RSA and Diffie Helleman.
Digest was invented for one reason and one reason alone which was to provide a replacement for BASIC and avoid sending password in the clear.
Microsoft implemented Digest first, but Netscape refused. This was before they hired a credible security person. They believed that sending passwords over the internet en-clair was a less important security issue than protecting the authentication information in the Web server storage.
Microsoft removed Digest from IE in IE4 as Netscape refused to implement. Then the IETF stated that HTTP could not become a standard if it sent passwords en-clair at which point people pulled the draft out again.
Removing Digest from IE was not a big issue for me since if only Microsoft was going to implement the standard they might as well use the NT password authentication scheme.
The dictionary attack issue is important, but it was not possible to address it given the state of the IPR at the time. If Diffie Helleman had been available I would have designed the protocol entirely differently. It would have been possible to address security of the auth data on the wire and in storage.
For passwords that need real security, use mod_ssl [modssl.org] instead, which is easily added to Apache 1.3 and comes with Apache 2.0 by default, and do basic auth over SSL so the whole HTTP stream is encrypted including the password. HTTP digest authentication's security is sort of halfway between HTTP basic auth and HTTPS basic auth.
Actually I would recomend Digest over HTTPS. The problem with BASIC is that you have to trust the end point, that is fine if the application is such that the application justifies buying a certificate or securely distributing the point of trust.
More generally however I would suggest people look at our more recent work in SAML (security services at www.oasis-open.org)
Seriously, there is a periodic flip of the magnetic poles and it is not impossible that we might see the North Pole head south sometime within our lifetimes.
Of course with GPS this will probably matter a whole lot less than it once did.
There are a bunch of overlapping issues here. One is the politician problem. Many people want to vote for politicians who are going to serve their personal self-interest best. This raises the problem that the self-interest of the politician is rarely that of the voters, particularly if they are elected. So politicians who make a bid for public support on the basis of self interest alone are likely to believe what they preach and serve their personal self interest exclusively.
The problem of spyware appears to be almost unique to P2P software. This might be coincidence, P2P just happened to get hot at the same time that the Internet bubble burst and Internet business models turned Hobbsean. On the other hand it appears more likely that people who write software whose primary purpose is to help people steal music have no moral qualms about exploiting their users as well.
A second set of problems comes from the fact that P2P pretty much cuts itself off from most of the traditional Internet business models. Post Napster no P2P company can make money from any business model that requires them to maintain a central server or long term business relationships with other companies.
The thread contains many posts that attempt to dispute the claim that Morpheus is doing anything bad. The debate tactics used suggest that it is FUD from the Morpheus self justification dept. There are plenty of posts saying 'the poster hasn't read the article, Morpheus is not stealing referals', only that is precisely what the article accuses Morpheus of. This is not about collecting information about users.
On the legal side I don't imagine that this is a sustainable business model. There is no way that Amazon and the other companies are going to want to pay people for intercepting referals from other sources. Depending on the circumstances if an affiliate is collecting money by misrepresentation the actions may constitute fraud.
The other main issue is of application security. Here the only significant difference between Linux and Windows is that Windows being more popular makes it a more attractive target for scumware. Linux has to consider the problem since if Microsoft develops a defense the scumware folk will attack Linux next on the 'bear principle' - I don't have to outrun the bear, I just have to outrun you.
There is a hook in IE to disable all third party plug ins. The problem is that this is the big switch approach. What there should be is the ability to select which plug ins are enabled. Windows really should not have so many under the covers switches for installing software. I recently found that one of my machines had been infected by comet cursor, I have no idea when. Checking the Windows registry to find out if you have spyware reminds one of Arthur Dent's difficulty finding out about the plans to build a bypass through his house.
The problem with the big switch is that Adobe Acrobat is pretty useful. Macromedia flash is also useful in limited circumstances. I like the animations on Slate, but the new breed of annoyance ads have led me to disable it. There sholuld be a switch to allow plug ins to be enable on a site by site basis. Unfortch, the security zone mechanism does not do this as yet.
Actually it is the sort of defense that someone tries because they are too clever by half rather than because they are stoned.
The basic problem is that he thinks that the court is like a computer system and he can fool it by literalist interpretation of rules. That is how a lot of hackers work, they work out the rules and they attempt to manipulate them.
In fact the law at its best does not mindlessly enforce rules, it looks for the justice behind the rules. If you go to a judge and say 'my name is spelt wrong' the issue that the judge cares about is whether you are the person referred to in the document, not whether the spelling is correct. It is possible that in some circumstances the issue might be genuinely important, for example there really is a case of mistaken identity.
As far as hacker behavior goes it is not at all unusual for someone to think that they are the only smart person and everyone else is stupid. It is also not unusual for hackers to think that they have the right to protection by the courts while being imune to any action the court might find against them.
I don't think anyone has ever claimed lines of code per day is a useful or meaningful measure, except of course for pointy haired bosses.
The IBM VP in charge of the PC product line served notice that OS/2 would only support Microchannel in future releases, that IBM would 'eliminate' the clone manufacturers.
I am sorry, but calling people shills does not support your case. The fact is that when the industry decided to go down the Microsoft route it did so for tactical reasons. We knew we could not trust IBM, they had shafted the computing industry for thirty years. IBM only got out of the anti-trust case in the end for the same reason Microsoft got off - the case was dismissed by an incomming Republican president as a campaign pay off.
Who told you that porky?
Mitch Kapor himself complained that the Lotus management failled to develop the GUI version of 123.
At the time Microsoft was aggressively courting Lotus and Wordperfect because support for those apps might be critical in deciding whether OS/2 or Windows won. Both refused to back either camp until there was a winner.
What they found out when they tried to catch up was that design of a GUI version of their apps turned out to be more of a drastic change than they expected. Microsoft meanwhile had been designing apps for the Mac for years and knew what was required.
The 'Microsoft keeps the API's secret' is the favorite excuse of bad engineers.
Err not quite, there is one case although the precedent is fairly weak, the case was pretty narrow and was not appealled. The case involved a CDROM with telephone numbers on that would not be copyrightable as a mere aggregation of non copyright data. The court held that the shrinkwrap license established a contractual agreement not to copy the data, although the precedent is weak since there were other issues involved.
Also in the DeCSS case the existence of a shrinkwrap license was considered significant, although it was not decisive in that particular case.
That is beside the point in this case however since the clause would probably constitute an illegal restraint of trade if interpreted as in the article. Also the courts are much more willing to interpret clickwrap as establishing the type of copyright protections that they are used to in other media, than they are to allow the introduction of extraneous terms.
Err, what apps? When Windows 3.1 came out all you got was a pretty GUI interface to start your character cell based program. Lotus, Wordperfect and co were both sitting on the fence waiting to see whose GUI O/S would win the battle.
Ten years ago IBM was considered the big monopolist threat in both hardware and software. When OS/2 launched IBM gleefully told the world that it intended to tie the O/S to its increasingly proprietary hardware systems.
Microsoft offered the hardware manufacturers a GUI O/S that was not controlled by a competitor. They also cut through the problem of waiting for the applications by writing their own GUI wordprocessor etc.
Yes, and to save folk reading the rest of the thread, most of the posts consist of 'Philips did't invent this, Microsoft had the idea first'. Then folk remember that its slashdot and Microsoft isn't meant to have any good ideas at all, not ever.
I have been wanting one of the tablet PCs for a couple of years, ever since they were first shown. This particular device looks like it is low end, or rather low power consumption.
I bought a Wacom graphics tablet last week to see how good the Office XP handwriting recognition is. It certainly appears to be better than it was a couple of years ago when I bought a crosspad. Although I did find the tablet somewhat disapointing, the driver didn't load on XP and there was no way to turn down the sensistivity of the tablet to something useful. What I really wanted was to be able to dedicate the tablet to handwritten input, what the driver insisted on doing was taking over the mouse functions.
Now if someone would make a tablet PC that was waterproof I could use it in the hot tub.
But Enron and such are not failures of the capitalist system, they are failures of the Texas crony capitalism system. Want to bilk your employees and shareholders with phony accounts,? well no problem, for a modest campaign contribution we can give you an exception to the burdensome regulations that require you to publish honest accounts.
Sirius is trying the same thing that Enron did. They did a shoddy job on the technology side and now they want to fix it by having the government regulate them out of trouble.
If slashdot are having difficulty with their ad revenues why don't they offer to send their readers off to sites in return for a cut of the ad revenue?
A couple of years ago I tried to buy CDPD service off ATT. I could not find the product on their Web site. None of their sales reps knew it existed. I tried asking the VP who launched the product, he could not even connect me to a salesperson.
It is pretty amazing that there are so many companies out there who have the mentality of not releasing their price list except under NDA when they are essentially selling to consumers. Problem with that approach it you start the customer relationship by telling them 'I am going to take you for every penny I can'. Not good, and for that matter not really useful because the only rational purpose behind concealing your prices is in practice if you know you will be giving deep discounts and don't want your customers telling each other what they got.
This is the reason that Priceline is a niche player rather than the future of airlines. We had the priceline principle for retail sales for centuries, it was called haggling. Priceline simply substituted a different method of extracting maximum value from the consumer for an otherwised damaged commodity, the dutch auction.
Reading the article Mann sounds to me like he was being a complete jerk. In the first place the prices he puts on his equipment sound rather inflated. Just because you spend $500,000 developing a prototype does not mean that the prototype is worth that amount.
Second, the ability to pass through airport security unmolested would appear to be a necessary boundary constraint his technology has to meet if it is going to be viable. The claim that his wearable computer is sensitive to X-ray sounds to be more of an ego thing than a reality thing.
I travel with quite a bit of expensive gear, but it all goes through the standard security.
Mann was having trouble in Canada, not exactly a country where cops have a reputation for habitually arrogant behavior.