Actually, I'm pretty much amazed. I expected all hell to break lose. In fact, not only my browser correctly displayed the Chinese characters in the post, but when I clicked on the link it opened a nice little window saying "www..com could not be found. Please check the name and try again." With the Chinese characters correctly displayed, even in the error message!
And it passes the Unicode test better than I thought it did: in fact, only the Sanskrit bit was incorrect (and only slightly so: the ligatures weren't made). This is because I have the GNU Unifont installed, but Mozilla definitely rocks.
Hey, how come is it they won't let you register domain names with arbitrary Unicode characters in them? Why can't you buy www..com? Yes, this is perfectly valid: the name is UTF8-encoded and then %-encoded as part of the URL (and the DNS specifications do allow binary data). If I didn't mess it up too much, (your browser should show this as two Chinese ideograms) means "China" in Chinese (disclaimer: I don't know Chinese).
Before such languages as Chinese and Hindi become truly usable on the Internet, support for the Unicode standard will have to make much progress. Click here to see how badly your browser supports Unicode.
Look, the Mona Lisa was painted, er, 480 years ago or something like that. I know Copyright lasts a long time, but by now I think it's in the Public Domain.:-)
I've always wondered how long it would be before some terrorists blow up a major city with an atom bomb. I mean, face it, there are some radioactive elements out there whose critical mass is measured in grams, and I'm sure there are lots of ex-communist countries' not-too-careful-about-ethics scientists who would be more than willing to sell such quantities to Joe R. Terrorist for a couple of M$.
Building an A bomb is easy, isn't it? Basically, you just hit together two blocs totalling more than the critical mass. In the case of Uranium, you have to separate the U235 from the U238 and such tedious details, but basically, it isn't hard.
So which will be the first city hit, and when? Honestly, I don't think it will happen in North America, Europe or Japan, because terrorists have generally more immediate targets. But still, it makes you shudder.
There are many interesting questions to be asked
on
Computer Historian?
·
· Score: 4
I think there's definitely a need for computer historians. They probably belong in Universities (I don't know whether it would be in the CS or the History department, though). It's not because computer science is such a young field that there aren't some interesting questions to be studied yet.
Possible areas of study include:
The genesis of the computer. Is it the brain-child of a few brilliant genii such as Babbage, Turing and von Neumann, or is it "an idea whose time was ripe"?
The development of programming languages. Is there some trend of evolution there? The fact that such an advanced language as Lisp is, actually, one of the oldest, is a delicate thing to explain.
The history of the Internet. And the puzzling question: why was TCP/IP such a success and OSI such a failure? I think Cerf, Postel &co deserve much the same popularity as Gutenberg, and they are far from it. Maybe the Internet Society should open a working group on the history of the Internet.
The history of operating systems. This is the strangest of all. It started in chaos; then wars raged; and now it is evolving toward uniformity.
Sanskrit is essentially a simplified form of proto-indo-european (the mother of all indo-european languages). Essentially, much of the tense structure was lost (my Sanskrit grammar is a bit rusty but I seem to remember that the optative and subjunctive hardly had any other tenses than the present), the syntax was slightly altered (for example, the genitive case has gobbled many of the uses of the other cases) and the morphology evolved (all vowels merged to 'a'; a new 'e' and 'o' were formed from vowel+sonant diphtongs, and consants multiplied by palatalization among other things).
Anyway, the point of my saying all this is not merely to brag about my knowledge of Sanskrit philology, but merely to point out that Sanskrit is a rather ordinary ancient indo-european language. Much of what you point out about it could be said of ancient Greek or even Latin. And, more importantly, being an indo-european language, it does not differ that much from English in its basic ideas. So I don't think it would bring you closer to "enlightenment" (in the sense of losing your linguistic prejudices) except perhaps in the spiritual sense of the word (Sanskrit is a "sacred" language:-).
I've written a little program that will use the Linux ethernet tap device to take ethernet frames, optionally encrypt them using blowfish, and encapsulate them in UDP datagrams that are sent to a certain list of peers (either fixed or dynamically updated). So, in effect, it performs the task of a VPN; the advantage, though is that the datagrams are standard UDP datagrams, which are not distinguished by their protocol number (only their port number, but that can be changed at run time), thus essentially impossible to filter from "legit" packets (there isn't even a recognizable application level header, because all is encrypted using blowfish and transmited "as is"; changing the blowfish key could produce just about any content in the datagram). This could be useful in getting around any kind of filtering mechanism of this sort (unless they decide to completely disallow UDP, but that would be a bit fascist even for most ISPs).
I use it, together with a UDP bouncer program, to get around a fascist firewall. I used to do it on TCP, but I had all sorts of nasty resonance problems between the two TCP windows, so I dropped that (the advantage of TCP, though, is that it never lost any frames as UDP does).
Program is GPL'd. Your mileage may vary. Use at your own risk. Standard disclaimers apply.
The Forum was one of the great advocates of the Unlambda programming language I invented. The Matrix's program, initially written in C++, had been entirely rewritten in Unlambda for efficiency and clarity. Now what will I do without this precious illustration of the power of that programming language?
Not to mention how useful the Forum's advice was (though it must be said that The Cube was the most sensible and reasonable SOMAD, the rest being, well, a bit artificial in their manner of speech), and how cute Andrej looks - ahem, well, I'd better be going.
Those who attack McDonald's restaurants in France are the French farmers. Theirs is this barbaric custom of demolishing just about anything to show their discontent. They are in no way representative of the average Frenchman. For otherwise we could take another set of representatives, viz. the inhabitants of the ghettoes in the metropolitan suburbs and conclude that the United States are the average Frenchman's dream world. Which would be just as stupid a conclusion. So would it be to conclude something about the average American from a bunch of disoriented kids who brought a gun at school and shot all around them.
As for "refusing to sell transportation [...] to people whos command of the french language is not so great", well, imagine the symmetric situation and consider trying to buy a train ticket (provided there still is such a thing) in the States with a poor command of English. I know, for having helped tourists on both sides of the Atlantic that had a poor knowledge of the country's tongue, that it is never easy. But there is still a higher proportion of people in France who speak English than people in the States who speak any other language, so if I were to use such a simplistic reasoning to determine a country that "hates all things foreign", France would not be on the top of the list. Fortunately, I do not use such criteria; merely because I think the question is meaningless.
socialism is evidently not so good for the freedom of speech in France The key word is "insofar". Considering that France is far from having anything like the DMCA (in particular, reverse-engineering is quite legal), I could apply a similar reasoning to conclude that capitalism is not so good for the freedom of speech in the United States. But that would be nonsense.
There are three very different questions at stake here, and most posts I see seem to mix them all randomly.
First, there is the question of how appropriate this French law is, that forbids the sale of Nazi items. Personally, I think it's a very stupid law. However, please mind when discussing this question that it is unrelated to the Internet, and also that we're talking French law. So the question should be discussed in that context. In fact, I don't think Slashdot is a very appropriate place to discuss that question (yet most posts I see which make any sense refer specifically to that question).
Second, there is the question of the applicability of the law of a certain country to a web site that is not located in that country. Personally, I think it shouldn't apply. However, please note in discussing that question that the nature of the law (good or bad) should not be a factor. Nor should the name of the country. If we agree that the good laws of the United States should apply to non-US sites on the net, then the evil laws of Western Turumumbolia (some obscure country you've never heard of) should apply just the same.
Third, there is the purely technical question of whether Yahoo! can, in fact, filter out (nearly all) French users from their site. And the answer, I think, is yes, it is technically possible. A friend of mine has downloaded the list of all IP blocks for France from the RIPE database: there are a little over 20000, and it would be a fairly simple hashtable lookup to filter them. We're working on a proof of concept. (Even though I must repeat that I disapprove of the use of the filtering. But that is an entirely different question, in fact two entirely different questions as I've just explained.) This would not filter all French users, but with a reasonable approximation it would.
Also, I do wish we had a little less gratuitous France-bashing and gallophobia around. Certainly we have a case of an absurd law, here, but every country has absurd laws, this is not news (I did not see much americanophobia surface every time the DMCA was mentioned, for example). More importantly, the France-bashing in question is utterly offtopic (relevant to none of the three questions I mentioned) and irrelevant (not to mention, a troll and flamebait to some extent).
(Obvious rejoinder:) In America you don't seem to be taught much History. Hitler was not silenced and censored. He was put in prison, true, but that was for attempting to take power. He wrote Mein Kampf while in prison. The book was not censored until after the war; nor were his ideas or his party made illegal.
There is no law against "anti-semitism" in French. There is a law stating that it is illegal to deny the existence of a genocide. Now though I disagree with your arguments, I agree with the conclusion that such a law is utterly stupid, and, above all, very dangerous (it has given rise to a frightening witch hunt, and some genuine historians have been brought to justice because they had said certain things about the Armenian genocide, I think). There are also laws against discriminations in general, but nothing specific against anti-semitism; those laws I am rather in favor of.
As for "a country of people which hates all things not french", this is a gratuitous troll, and your post should have been moderated down for that if not for anything else.
Erlang (developped by the Swedish telecom company Ericsson) is an Open Source distributed operating system that runs on top of a host OS such as Unix or MS Windows. Erlang is based on high-level language paradigms, which makes it refreshingly different from all these C-based OSes. I think it deserves to be better known.
For a rather comprehensive list of operating systems, check out the OS review subproject of the Tunes project. Of course, since Tunes is The Ultimate OS, it is distributed also (its only disadvantage is that it (currently?) doesn't exist).
They affect you in one country in the world. Fortunately, there are still N-1 other countries.
The Web being what it is, no matter how hard the MPAA tries, there will always be places from which you can download DeCSS. And many legal mirrors of DeCSS, too (though your dowloading it may not be).
You know, strong crypto used to be illegal where I am (France). That didn't stop me from using it: I just downloaded the software from a place (e.g. Finland) where it was. I see the same happening with DeCSS.
What works in one context will not necessarily work in another. When TCP/IP was being developped, there was little outside commercial pressure on getting the network in place quickly. Vinton Cerf and associates had enough time on their hands to do the development and the standardization together. A more recent development is the standardization of IPv6: but here also there was little pressure because it was evident that nobody would start sending datagrams in their own proprietary format across the Internet (simply because such datagrams would not have gone beyond the first router they encountered).
But the Web is not as easily contained as the Internet. If you don't get your standards out fast enough, someone will come up with his own. So it's better, IMHO, to offer standards that perhaps will never be implemented in full, but will at least serve as guidelines for those implementations of a particular feature. Besides, to be fair to the W3C, you should at least recognize that they try to implement their stuff: see the Amaya web browser for example.
Also note that the "standards" in question are merely named "recommendations" and nothing else. Why, the RFC's also contain many "recommendations" ("informational" status RFC's) which will never formally be made into "Internet standards" (because they are not in the "Standards Track" for RFC's) but which nevertheless are regarded as de facto standards.
The W3C has no particular authority over the Web, but it has done a (IMHO) good job of coming up with precise specifications documenting reasonable standards. That is why people choose to recognize, to some extent at least, that it has authority. The same holds for the IETF or any other standards' organization (some extremists state that only the ISO has any authority for issuing standards and that all the Internet is based merely on de facto standards rather than the true (i.e. OSI/X.25) standard for networking; needless to say, I totally disagree with this position, and I see no reason why the ISO's authority should be higher than the IETF's or the W3C's). It is true, I would prefer the W3C to work under the aegis of the Internet Society; but if it won't, so be it.
Now, if you (or some "W4 Consortium" you might create) can come up with some reasonable (and freely redistributable) standards for the web (or for anything else) and, even better, if you can implement them at least partially, then I will consider that you have as much authority as the W3C and that your standards are equally valid. But if you can't, you must "put up or shut up".
The FSF need merely convince RedHat, SuSE, Debian &al to ship Linux, ahem, GNU/Linux distributions with named (BIND) enabled by default and the appropriate delegation entry in the/etc/named.conf file. After all, all the computers I administrate have the pointers to the AlterNIC's root servers for the domains they serve (such as.PORN).
Remember: the power lies not with they who operate the root servers but with they who call them root servers.
Because that's not the way it works. You don't take 16 quintillion computers and number them from 0 to 16 quintillion minus one.
Instead, you take the number of bits in your address and you hand out these. So you decide, say, that the top 3 bits will be equal to such a value (say, 001) for such an addressing scheme, under which the next 13 bits will be used for the top-level aggregators (top-level ISPs), and the next 8 will be reserved because we don't know in which direction things will grow, and then another 24 will be shared between the next level aggregators (lower-level ISPs), and then the next 16 to the site-level aggregators, and the last 64 bits will be equal to the interface ID. (This example is the aggregatable global unicast address format, which, IIRC, is the latest chosen addressing scheme.)
The whole point of having a large address space is fragmenting it in bits little rather than doing the very dubious reassembly of little fragments that we've been doing with IPv4.
Otherwise, 32 bits would be enough. We still don't have 4 billion computers in the world right now.
Speaking of secret sharing, I just wrote a little portable C program to do just that. You can find it at this place (all explanations on use are given within the source file itself). It's really cute.
Yes, but the most recently created pad is not necessarily the culprit. It can be a good strategy to create a provably innocent patch (I explained how this can be done in various ways), XOR it with the rest and delay it's publication until much after the others. If anyone tries to pull the "latest created patch is the culprit" argument on you, then you show he's a fool by expliciting the way it was created (you can really make someone look like a fool if he tries to condemn you for publishing a sequence of the decimals of pi or an encrypted version of a part of the Bible!).
Hi. I'm the author of the page in question, and victim unaware of the Slashdot effect (well, not truly unaware: Erik Moeller, who posted the story, was kind to notify me in time). I received many emails about it, which I've all read, as well as a good many posts in the current discussion. I can't possibly reply to them all, but I'll try to answer some of the most frequent or important comments here.
First note that the page was written in february (2000/02/19 to 2000/02/23 to be precise), so it is not new. However, I do not claim any kind of originality, nor paternity of the idea: it is a small variation on the protocol described in section 6.3 ("Anonymous Message Broadcast") of Bruce Schneier's book on cryptography. In any case, I think it is pretty obvious in the first place. I am merely suggesting a few practical ideas to make it workable. There is nothing great or revolutionary about anything, and I never made that claim.
One thing should be made clear from the start: the whole idea is not about obscuring what the data is (i.e. it is not strictly speaking cryptography) but about who is sending the data. And, even more specifically, it is about making legal conviction impossible so long as the presumption of innocence is maintained (whether the presumption of innocence still means anything in these dark days is another question:-/ ); thus, it is normal that the story appeared on Slashdot's "Your Rights Online" section.
Please also note that I am not making a political statement. This is not a libertarian manifesto. I am not stating that you should use this system to send out assassination messages against the President / the Prime Minister / the King / the Pope / <insert your favorite assassination victim here>; I am merely stating that you can, and that this is none of my business.
Many have pointed out that my suggested way of naming pads is bad. That's true: using the MD5 (or SHA1 or any other kind of hash) signature would be a better idea. But it doesn't really matter all that much what the pads are named unless we want the system to be resistant to malicious tampering, which was not one of my avowed goals. Indeed, we can get this almost for free, so we might as well. Let's say we could have a symlink pointing from pad_md5_whatever.dat to the pad of the given md5 for each pad in each repository, and "combination recipes" could be given with these links so as to make them resistant to tampering.
Similarly for secret sharing: my idea was not to have a system which is hard to censor (there are other, far better, solutions for this), but to have one which is hard to track.
Another thing I should make quite clear is that the system in itself is not used to hide data: it is used to hide the origin of data. This is why all comments on the "OTP is secure as long as the pad is truly one-time" line, or all remarks to the effect that it is trivial to find all relevant data among the padset, are quite true but completely irrelevant. If you want to hide the data on top of hiding the origin, then you use a traditional cipher; for example, you encrypt your data using blowfish and you use that data (the ciphertext, which for all intents and purposes is random) as input to the pad system. So long as you don't release the key, nobody can tell that there's a blowfish-encrypted data hidden in the pad system. The two are completely orthogonal. (It is true that my remark about the difficulty of finding "recognizable data" in the pad system is very misleading and irrelevant. I should remove that: never mind that part.) As for my comment about the birthday effect, it is merely about accidental collisions, not at all about malicious action.
Somebody asks what is wrong with storing all pads in the same place since anyone can download them all. That is true, but that is beside the point. The point is that as long as a site does not have a complete set of pads yielding readable data, it is not, by iself, breaking any law, and all it is distributing is white noise; whereas if it stores one complete set of pads, then it is distributing the forbidden document in some form. Naturally, if someone wants to collect a complete set of pads, it is a good idea; but to distribute it is dangerous.
Finally, there is the central question of whether the legal argument (which is the crux of the matter) holds water. Presumably it doesn't, but that will at leas prove one thing: the argument shows that any kind of law restricting free speech contradicts the presumption of innocence. Some have pointed out that one could monitor the pad system, and the last pad published in a set of pads would always be the culprit: this is not true, because it might have been delayed, or it might be provably innocent (which implies the former, actually), and you can never quite be sure.
Imagine the following scenario: someone points out on some Usenet group that eight publically available pads, when XORed together, give something like DeCSS code. Judge summons the 'someone' in question, who claims that he just noticed that by randomly XORing pads together; not unconvincing, so judge lets the guy go. Then judge summons the pad owners. Starts with the most recently published pad: but the owner explains "look, my pad is just an encryption using the key 'foobar' of the first 128kb of (some standard transcription of) Shakespeare's Tempest; the idea had been floating around for some time, I just decided to publish it". Judge checks statement: it's true. So apparently the data was "published" earlier than was thought, it just took some time to come out; that makes things rather difficult to track. Second owner similarly points out that his pad is just a sequence of decimals of pi in binary. Third owner is in a country over which judge has no jurisdiction, so nothing to do there. Fourth and fifth owners seem to have created their pads at the very same time, and both state obstinately that they generated pure white noise (following, say, a story on Slashdot about pads being a great idea). Sixth owner says he generated his pad by XORing another dozen other pads with an innocent message (which he shows to judge). Seventh owner refuses to answer judge's question. Eighth owner posted his pad before DeCSS even appeared, so must be innocent (or really?). Now what does judge do? Convict some owners? All? None? Problem is, judge is impressed with first poster's proof, and can't run the risk of convicting someone who might afterward prove that his pad was innocent. Presumption of innocence. Even if judge merely issues an injunction that the pads be taken off the network, every owner appeals on the ground that the pads were reused in making some other messages (innocuous ones) and that removing them would be a serious breach of first amendment (or whatever you call this thing about free speech).
Anyhow, this is the summary: there's nothing new or revolutionary about the whole pad system; in fact, it's pretty trivial. But it does make one point: that information is fundamentally delocalized and that any attempt to pinpoint it or to find a culprit will fail. For the better or for the worse.
The thing is you have terribly low demands for what an OS should do (no offense intended, of course). If indeed you are going to ask for thirty-year-old Unix, then thirty-year-old Unix is what you are going to get, and that can very well be written in C (as has been proven several times over, now).
Hint 1: Delphi, VB++ and so on are not what I consider high-level languages. Think Scheme, OCaml, SML/NJ, Mercury, Erlang, Dylan, etc. These are true high-level languages.
Hint 2: If you see anything on your system that looks even remotely "binary", your system is 30-years old. Before theoretical computer scientists invented "semantics".
When you say "Copyright Law", you mean the Copyright Law of which country? Remember that there are many countries, and many different copyright laws, and if your arguments fail in a single one, you lose. Even if we limit ourselves to countries that signed the Berne convention and the Geneva convention (a reasonable international unification of copyright), we are still left with a great number of national variants: can you seriously claim that you know all these laws well enough so as to be sure of what you are saying? I doubt it. I even doubt anyone knows all these laws and the specifics of computer science well enough to make a good case.
Please remember that licenses such as the GPL are not simply supposed to work for the country in which the code was written, but for the entire world. Please remember that Debian should be legal in all these countries.
Slashdot Mirror
Actually, I'm pretty much amazed. I expected all hell to break lose. In fact, not only my browser correctly displayed the Chinese characters in the post, but when I clicked on the link it opened a nice little window saying "www..com could not be found. Please check the name and try again." With the Chinese characters correctly displayed, even in the error message!
And it passes the Unicode test better than I thought it did: in fact, only the Sanskrit bit was incorrect (and only slightly so: the ligatures weren't made). This is because I have the GNU Unifont installed, but Mozilla definitely rocks.
Hey, how come is it they won't let you register domain names with arbitrary Unicode characters in them? Why can't you buy www..com? Yes, this is perfectly valid: the name is UTF8-encoded and then %-encoded as part of the URL (and the DNS specifications do allow binary data). If I didn't mess it up too much, (your browser should show this as two Chinese ideograms) means "China" in Chinese (disclaimer: I don't know Chinese).
Before such languages as Chinese and Hindi become truly usable on the Internet, support for the Unicode standard will have to make much progress. Click here to see how badly your browser supports Unicode.
Look, the Mona Lisa was painted, er, 480 years ago or something like that. I know Copyright lasts a long time, but by now I think it's in the Public Domain. :-)
Wonder whether they'll remember to also check for %-encoded URL's...
I've always wondered how long it would be before some terrorists blow up a major city with an atom bomb. I mean, face it, there are some radioactive elements out there whose critical mass is measured in grams, and I'm sure there are lots of ex-communist countries' not-too-careful-about-ethics scientists who would be more than willing to sell such quantities to Joe R. Terrorist for a couple of M$.
Building an A bomb is easy, isn't it? Basically, you just hit together two blocs totalling more than the critical mass. In the case of Uranium, you have to separate the U235 from the U238 and such tedious details, but basically, it isn't hard.
So which will be the first city hit, and when? Honestly, I don't think it will happen in North America, Europe or Japan, because terrorists have generally more immediate targets. But still, it makes you shudder.
I think there's definitely a need for computer historians. They probably belong in Universities (I don't know whether it would be in the CS or the History department, though). It's not because computer science is such a young field that there aren't some interesting questions to be studied yet.
Possible areas of study include:
Why is it that every announcement on Slashdot made that is vaguely related to free software (or to something being GPL'd) is tagged with the GNU logo?
This story has no relation to GNU whatsoever. Can someone come up with a "free software" logo for this sort of news?
Want innovation? Have a look at the Tunes project.
Sanskrit is essentially a simplified form of proto-indo-european (the mother of all indo-european languages). Essentially, much of the tense structure was lost (my Sanskrit grammar is a bit rusty but I seem to remember that the optative and subjunctive hardly had any other tenses than the present), the syntax was slightly altered (for example, the genitive case has gobbled many of the uses of the other cases) and the morphology evolved (all vowels merged to 'a'; a new 'e' and 'o' were formed from vowel+sonant diphtongs, and consants multiplied by palatalization among other things).
Anyway, the point of my saying all this is not merely to brag about my knowledge of Sanskrit philology, but merely to point out that Sanskrit is a rather ordinary ancient indo-european language. Much of what you point out about it could be said of ancient Greek or even Latin. And, more importantly, being an indo-european language, it does not differ that much from English in its basic ideas. So I don't think it would bring you closer to "enlightenment" (in the sense of losing your linguistic prejudices) except perhaps in the spiritual sense of the word (Sanskrit is a "sacred" language :-).
I've written a little program that will use the Linux ethernet tap device to take ethernet frames, optionally encrypt them using blowfish, and encapsulate them in UDP datagrams that are sent to a certain list of peers (either fixed or dynamically updated). So, in effect, it performs the task of a VPN; the advantage, though is that the datagrams are standard UDP datagrams, which are not distinguished by their protocol number (only their port number, but that can be changed at run time), thus essentially impossible to filter from "legit" packets (there isn't even a recognizable application level header, because all is encrypted using blowfish and transmited "as is"; changing the blowfish key could produce just about any content in the datagram). This could be useful in getting around any kind of filtering mechanism of this sort (unless they decide to completely disallow UDP, but that would be a bit fascist even for most ISPs).
I use it, together with a UDP bouncer program, to get around a fascist firewall. I used to do it on TCP, but I had all sorts of nasty resonance problems between the two TCP windows, so I dropped that (the advantage of TCP, though, is that it never lost any frames as UDP does).
Program is GPL'd. Your mileage may vary. Use at your own risk. Standard disclaimers apply.
The Forum was one of the great advocates of the Unlambda programming language I invented. The Matrix's program, initially written in C++, had been entirely rewritten in Unlambda for efficiency and clarity. Now what will I do without this precious illustration of the power of that programming language?
Not to mention how useful the Forum's advice was (though it must be said that The Cube was the most sensible and reasonable SOMAD, the rest being, well, a bit artificial in their manner of speech), and how cute Andrej looks - ahem, well, I'd better be going.
Those who attack McDonald's restaurants in France are the French farmers. Theirs is this barbaric custom of demolishing just about anything to show their discontent. They are in no way representative of the average Frenchman. For otherwise we could take another set of representatives, viz. the inhabitants of the ghettoes in the metropolitan suburbs and conclude that the United States are the average Frenchman's dream world. Which would be just as stupid a conclusion. So would it be to conclude something about the average American from a bunch of disoriented kids who brought a gun at school and shot all around them.
As for "refusing to sell transportation [...] to people whos command of the french language is not so great", well, imagine the symmetric situation and consider trying to buy a train ticket (provided there still is such a thing) in the States with a poor command of English. I know, for having helped tourists on both sides of the Atlantic that had a poor knowledge of the country's tongue, that it is never easy. But there is still a higher proportion of people in France who speak English than people in the States who speak any other language, so if I were to use such a simplistic reasoning to determine a country that "hates all things foreign", France would not be on the top of the list. Fortunately, I do not use such criteria; merely because I think the question is meaningless.
socialism is evidently not so good for the freedom of speech in France
The key word is "insofar". Considering that France is far from having anything like the DMCA (in particular, reverse-engineering is quite legal), I could apply a similar reasoning to conclude that capitalism is not so good for the freedom of speech in the United States. But that would be nonsense.
(Ha, ha, only serious.)
There are three very different questions at stake here, and most posts I see seem to mix them all randomly.
First, there is the question of how appropriate this French law is, that forbids the sale of Nazi items. Personally, I think it's a very stupid law. However, please mind when discussing this question that it is unrelated to the Internet, and also that we're talking French law. So the question should be discussed in that context. In fact, I don't think Slashdot is a very appropriate place to discuss that question (yet most posts I see which make any sense refer specifically to that question).
Second, there is the question of the applicability of the law of a certain country to a web site that is not located in that country. Personally, I think it shouldn't apply. However, please note in discussing that question that the nature of the law (good or bad) should not be a factor. Nor should the name of the country. If we agree that the good laws of the United States should apply to non-US sites on the net, then the evil laws of Western Turumumbolia (some obscure country you've never heard of) should apply just the same.
Third, there is the purely technical question of whether Yahoo! can, in fact, filter out (nearly all) French users from their site. And the answer, I think, is yes, it is technically possible. A friend of mine has downloaded the list of all IP blocks for France from the RIPE database: there are a little over 20000, and it would be a fairly simple hashtable lookup to filter them. We're working on a proof of concept. (Even though I must repeat that I disapprove of the use of the filtering. But that is an entirely different question, in fact two entirely different questions as I've just explained.) This would not filter all French users, but with a reasonable approximation it would.
Also, I do wish we had a little less gratuitous France-bashing and gallophobia around. Certainly we have a case of an absurd law, here, but every country has absurd laws, this is not news (I did not see much americanophobia surface every time the DMCA was mentioned, for example). More importantly, the France-bashing in question is utterly offtopic (relevant to none of the three questions I mentioned) and irrelevant (not to mention, a troll and flamebait to some extent).
(Obvious rejoinder:) In America you don't seem to be taught much History. Hitler was not silenced and censored. He was put in prison, true, but that was for attempting to take power. He wrote Mein Kampf while in prison. The book was not censored until after the war; nor were his ideas or his party made illegal.
There is no law against "anti-semitism" in French. There is a law stating that it is illegal to deny the existence of a genocide. Now though I disagree with your arguments, I agree with the conclusion that such a law is utterly stupid, and, above all, very dangerous (it has given rise to a frightening witch hunt, and some genuine historians have been brought to justice because they had said certain things about the Armenian genocide, I think). There are also laws against discriminations in general, but nothing specific against anti-semitism; those laws I am rather in favor of.
As for "a country of people which hates all things not french", this is a gratuitous troll, and your post should have been moderated down for that if not for anything else.
Erlang (developped by the Swedish telecom company Ericsson) is an Open Source distributed operating system that runs on top of a host OS such as Unix or MS Windows. Erlang is based on high-level language paradigms, which makes it refreshingly different from all these C-based OSes. I think it deserves to be better known.
For a rather comprehensive list of operating systems, check out the OS review subproject of the Tunes project. Of course, since Tunes is The Ultimate OS, it is distributed also (its only disadvantage is that it (currently?) doesn't exist).
They affect you in one country in the world. Fortunately, there are still N-1 other countries.
The Web being what it is, no matter how hard the MPAA tries, there will always be places from which you can download DeCSS. And many legal mirrors of DeCSS, too (though your dowloading it may not be).
You know, strong crypto used to be illegal where I am (France). That didn't stop me from using it: I just downloaded the software from a place (e.g. Finland) where it was. I see the same happening with DeCSS.
What works in one context will not necessarily work in another. When TCP/IP was being developped, there was little outside commercial pressure on getting the network in place quickly. Vinton Cerf and associates had enough time on their hands to do the development and the standardization together. A more recent development is the standardization of IPv6: but here also there was little pressure because it was evident that nobody would start sending datagrams in their own proprietary format across the Internet (simply because such datagrams would not have gone beyond the first router they encountered).
But the Web is not as easily contained as the Internet. If you don't get your standards out fast enough, someone will come up with his own. So it's better, IMHO, to offer standards that perhaps will never be implemented in full, but will at least serve as guidelines for those implementations of a particular feature. Besides, to be fair to the W3C, you should at least recognize that they try to implement their stuff: see the Amaya web browser for example.
Also note that the "standards" in question are merely named "recommendations" and nothing else. Why, the RFC's also contain many "recommendations" ("informational" status RFC's) which will never formally be made into "Internet standards" (because they are not in the "Standards Track" for RFC's) but which nevertheless are regarded as de facto standards.
The W3C has no particular authority over the Web, but it has done a (IMHO) good job of coming up with precise specifications documenting reasonable standards. That is why people choose to recognize, to some extent at least, that it has authority. The same holds for the IETF or any other standards' organization (some extremists state that only the ISO has any authority for issuing standards and that all the Internet is based merely on de facto standards rather than the true (i.e. OSI/X.25) standard for networking; needless to say, I totally disagree with this position, and I see no reason why the ISO's authority should be higher than the IETF's or the W3C's). It is true, I would prefer the W3C to work under the aegis of the Internet Society; but if it won't, so be it.
Now, if you (or some "W4 Consortium" you might create) can come up with some reasonable (and freely redistributable) standards for the web (or for anything else) and, even better, if you can implement them at least partially, then I will consider that you have as much authority as the W3C and that your standards are equally valid. But if you can't, you must "put up or shut up".
The FSF need merely convince RedHat, SuSE, Debian &al to ship Linux, ahem, GNU/Linux distributions with named (BIND) enabled by default and the appropriate delegation entry in the /etc/named.conf file. After all, all the computers I administrate have the pointers to the AlterNIC's root servers for the domains they serve (such as .PORN).
Remember: the power lies not with they who operate the root servers but with they who call them root servers.
Ha, ha, only serious.
Because that's not the way it works. You don't take 16 quintillion computers and number them from 0 to 16 quintillion minus one.
Instead, you take the number of bits in your address and you hand out these. So you decide, say, that the top 3 bits will be equal to such a value (say, 001) for such an addressing scheme, under which the next 13 bits will be used for the top-level aggregators (top-level ISPs), and the next 8 will be reserved because we don't know in which direction things will grow, and then another 24 will be shared between the next level aggregators (lower-level ISPs), and then the next 16 to the site-level aggregators, and the last 64 bits will be equal to the interface ID. (This example is the aggregatable global unicast address format, which, IIRC, is the latest chosen addressing scheme.)
The whole point of having a large address space is fragmenting it in bits little rather than doing the very dubious reassembly of little fragments that we've been doing with IPv4.
Otherwise, 32 bits would be enough. We still don't have 4 billion computers in the world right now.
Speaking of secret sharing, I just wrote a little portable C program to do just that. You can find it at this place (all explanations on use are given within the source file itself). It's really cute.
Yes, but the most recently created pad is not necessarily the culprit. It can be a good strategy to create a provably innocent patch (I explained how this can be done in various ways), XOR it with the rest and delay it's publication until much after the others. If anyone tries to pull the "latest created patch is the culprit" argument on you, then you show he's a fool by expliciting the way it was created (you can really make someone look like a fool if he tries to condemn you for publishing a sequence of the decimals of pi or an encrypted version of a part of the Bible!).
Hi. I'm the author of the page in question, and victim unaware of the Slashdot effect (well, not truly unaware: Erik Moeller, who posted the story, was kind to notify me in time). I received many emails about it, which I've all read, as well as a good many posts in the current discussion. I can't possibly reply to them all, but I'll try to answer some of the most frequent or important comments here.
First note that the page was written in february (2000/02/19 to 2000/02/23 to be precise), so it is not new. However, I do not claim any kind of originality, nor paternity of the idea: it is a small variation on the protocol described in section 6.3 ("Anonymous Message Broadcast") of Bruce Schneier's book on cryptography. In any case, I think it is pretty obvious in the first place. I am merely suggesting a few practical ideas to make it workable. There is nothing great or revolutionary about anything, and I never made that claim.
One thing should be made clear from the start: the whole idea is not about obscuring what the data is (i.e. it is not strictly speaking cryptography) but about who is sending the data. And, even more specifically, it is about making legal conviction impossible so long as the presumption of innocence is maintained (whether the presumption of innocence still means anything in these dark days is another question:-/ ); thus, it is normal that the story appeared on Slashdot's "Your Rights Online" section.
Please also note that I am not making a political statement. This is not a libertarian manifesto. I am not stating that you should use this system to send out assassination messages against the President / the Prime Minister / the King / the Pope / <insert your favorite assassination victim here>; I am merely stating that you can, and that this is none of my business.
Many have pointed out that my suggested way of naming pads is bad. That's true: using the MD5 (or SHA1 or any other kind of hash) signature would be a better idea. But it doesn't really matter all that much what the pads are named unless we want the system to be resistant to malicious tampering, which was not one of my avowed goals. Indeed, we can get this almost for free, so we might as well. Let's say we could have a symlink pointing from pad_md5_whatever.dat to the pad of the given md5 for each pad in each repository, and "combination recipes" could be given with these links so as to make them resistant to tampering.
Similarly for secret sharing: my idea was not to have a system which is hard to censor (there are other, far better, solutions for this), but to have one which is hard to track.
Another thing I should make quite clear is that the system in itself is not used to hide data: it is used to hide the origin of data. This is why all comments on the "OTP is secure as long as the pad is truly one-time" line, or all remarks to the effect that it is trivial to find all relevant data among the padset, are quite true but completely irrelevant. If you want to hide the data on top of hiding the origin, then you use a traditional cipher; for example, you encrypt your data using blowfish and you use that data (the ciphertext, which for all intents and purposes is random) as input to the pad system. So long as you don't release the key, nobody can tell that there's a blowfish-encrypted data hidden in the pad system. The two are completely orthogonal. (It is true that my remark about the difficulty of finding "recognizable data" in the pad system is very misleading and irrelevant. I should remove that: never mind that part.) As for my comment about the birthday effect, it is merely about accidental collisions, not at all about malicious action.
Somebody asks what is wrong with storing all pads in the same place since anyone can download them all. That is true, but that is beside the point. The point is that as long as a site does not have a complete set of pads yielding readable data, it is not, by iself, breaking any law, and all it is distributing is white noise; whereas if it stores one complete set of pads, then it is distributing the forbidden document in some form. Naturally, if someone wants to collect a complete set of pads, it is a good idea; but to distribute it is dangerous.
Finally, there is the central question of whether the legal argument (which is the crux of the matter) holds water. Presumably it doesn't, but that will at leas prove one thing: the argument shows that any kind of law restricting free speech contradicts the presumption of innocence. Some have pointed out that one could monitor the pad system, and the last pad published in a set of pads would always be the culprit: this is not true, because it might have been delayed, or it might be provably innocent (which implies the former, actually), and you can never quite be sure.
Imagine the following scenario: someone points out on some Usenet group that eight publically available pads, when XORed together, give something like DeCSS code. Judge summons the 'someone' in question, who claims that he just noticed that by randomly XORing pads together; not unconvincing, so judge lets the guy go. Then judge summons the pad owners. Starts with the most recently published pad: but the owner explains "look, my pad is just an encryption using the key 'foobar' of the first 128kb of (some standard transcription of) Shakespeare's Tempest; the idea had been floating around for some time, I just decided to publish it". Judge checks statement: it's true. So apparently the data was "published" earlier than was thought, it just took some time to come out; that makes things rather difficult to track. Second owner similarly points out that his pad is just a sequence of decimals of pi in binary. Third owner is in a country over which judge has no jurisdiction, so nothing to do there. Fourth and fifth owners seem to have created their pads at the very same time, and both state obstinately that they generated pure white noise (following, say, a story on Slashdot about pads being a great idea). Sixth owner says he generated his pad by XORing another dozen other pads with an innocent message (which he shows to judge). Seventh owner refuses to answer judge's question. Eighth owner posted his pad before DeCSS even appeared, so must be innocent (or really?). Now what does judge do? Convict some owners? All? None? Problem is, judge is impressed with first poster's proof, and can't run the risk of convicting someone who might afterward prove that his pad was innocent. Presumption of innocence. Even if judge merely issues an injunction that the pads be taken off the network, every owner appeals on the ground that the pads were reused in making some other messages (innocuous ones) and that removing them would be a serious breach of first amendment (or whatever you call this thing about free speech).
Anyhow, this is the summary: there's nothing new or revolutionary about the whole pad system; in fact, it's pretty trivial. But it does make one point: that information is fundamentally delocalized and that any attempt to pinpoint it or to find a culprit will fail. For the better or for the worse.
The thing is you have terribly low demands for what an OS should do (no offense intended, of course). If indeed you are going to ask for thirty-year-old Unix, then thirty-year-old Unix is what you are going to get, and that can very well be written in C (as has been proven several times over, now).
Hint 1: Delphi, VB++ and so on are not what I consider high-level languages. Think Scheme, OCaml, SML/NJ, Mercury, Erlang, Dylan, etc. These are true high-level languages.
Hint 2: If you see anything on your system that looks even remotely "binary", your system is 30-years old. Before theoretical computer scientists invented "semantics".
When you say "Copyright Law", you mean the Copyright Law of which country? Remember that there are many countries, and many different copyright laws, and if your arguments fail in a single one, you lose. Even if we limit ourselves to countries that signed the Berne convention and the Geneva convention (a reasonable international unification of copyright), we are still left with a great number of national variants: can you seriously claim that you know all these laws well enough so as to be sure of what you are saying? I doubt it. I even doubt anyone knows all these laws and the specifics of computer science well enough to make a good case.
Please remember that licenses such as the GPL are not simply supposed to work for the country in which the code was written, but for the entire world. Please remember that Debian should be legal in all these countries.