The other one is it is for your safety. They have metal detectors and x-ray machines at federal
buildings because of the Oklahoma bombing.
You're right there, they often restrict our rights or violate our privace "for our safety."
If they had metal detectors then, McVeigh would
have been prevented from driving a bomb up to the side of the building.
Um, you're wrong there. Metal detectors at the doors will not stop anyone from parking a van full of explosives next to the building, just like the "Star Wars" missle defense won't stop a bomb-carrying (or bioweapon-carrying, or MP3-carrying) boat from floating into New York harbor. But they're sure to tell us their ineffective yet highly offensive efforts are "for our own good" -- and call all who oppose their tactics "Pro-Terrorist".
Re:Proxies that filter web bugs
on
Web Bug Detector
·
· Score: 1
No, the webbuggers do not have your data, because they didn't get the cookie.
*sigh*
As as been said so many times in this discussion, web bugs and cookies have nothing to do with each other. The web bug would work (would get the info about the surfer) even if the server failed to return the 1 pixal gif! Get it?
How did that post get into the Web Bugs thread ?? Did IE have a nervous breakdown?
Nah, just a bug in the slashcode. It happens now and again. Now your original post will be modded down as "offtopic" and your follow-up (and this one of mine) will be modded down as "flamebait" and we will both lose karma.
Re:Proxies that filter web bugs
on
Web Bug Detector
·
· Score: 2
Webwasher does not use regular expressions to filter images: it filters them by size.
OK, so how does webwasher know how large the image is before it sends the http request? If it gets the image and then refuses to bother you with it if it's deemed a web bug, then webwasher is worthless. Indeed, it's less than worthless, since it luls you into a false sense of security. Once that http request is sent, the web buggers have your personal data (whatever info was sent in that http request) plus your IP address (so they can send you the image). After that, they don't give a rat's ass if you do or do not view the 1x1 gif.
The reason you have a password change policy is not to limit the amount of time an intruder can
use an account (that is, as you pointed out, stupid).
The real reason is so to set a time limit on theoretical brute force attacks against your passwd file.
I had not considered that! That is insightful, good modding. But then why do we only have to change passwords every 90 days? (typical policy at most companies I know, some are 60). How long does a brute-force attack take?
And if an intruder has a copy of your passwd file, doesn't that mean they got in? Doesn't everyone use shadow passwords? Don't you need common sense to get a job in computing security?
There's differing opinion on the issue. One arguement is that all systems should have strong passwords (at least one number, at least one letter, at least one punctuation, no fewer than eight characters, etc.) and those passwords should not be forced to change so users will remember them and not write them down.
The counter arguement (which prevails at most companies) is that frequent password changes increase security. I've never seen any imperical data to support this claim. The logic is that if someone gains access via a stolen/guessed password, then forcing users to change passwords will close the intruder's door. Yeah, after 90 days! Meanwhile, they've had full access and could have created countless new accounts for themselves.
I've never seen a situation where this policy was coupled with required strong passwords, for the simple reason that (as you said) people who must frequently change strong passwords tend to forget them or, worse, write them down. That doesn't mean some places don't do this, just that I haven't seen it. I'd hate to work at a place like that.
Passwords alone are not enough. Sure, strong passwords are better than letting Bob's father pick "Bobby" or "R0b3r7" as a password, but how secure is a system where an intruder can roam undetected until their stolen password is changed? If you argue that frequent password changes are necessary, then you're admiting that you can't detect an intruder.
If you're paranoid about security and willing to consider other options, you should look into a physical system, such as the iButton. There are others, but this is a link I can quickly find:-)
Thanks a bunch, Mr. Ravicher! This is one of the best things I've ever read on/. It makes me wish SlashCode had a "print" feature, so I could save the text alone, without all the html around it. Good job, and thanks again.
Rick
P.S. anyone know how to clone this guy? if i ever need a lawyer, i want someone like him:-)
The interesting thing happen when you want to *use* those bits.
That is when the copy protection should kick in.
That is when the DVD 'copy protection' kicks in. That's why we need deCSS -- to get around the CSS encryption so we can play the damn things, not to copy the disk. Anybody can copy a DVD, encryption and all, and you'll need deCSS to play the copy just like you need it to play the original. That's what the RIAA just does not get: stopping deCSS does not stop people from pirating DVDs, it just stops people like me from buying them legally because I can't play them. Oh, yes, it also stops me from buying pirated DVDs, because I can't play them either, so I suppose at that level the RIAA is right (as they shoot of their own nose to spite their face).
Re:The "Terms and Conditions" prohibit resale! Why
on
Agenda, Not Hidden
·
· Score: 1
From the page with the 3 consumer versions at http://buyagenda.com click on Store in the left
sidebar and you get the store's homepage with links to the Vr3's, accessories and developer units.
If I write a plugin for Photoshop, I'm using Adobe's API for writing Photoshop plugins. I can reverse-engineer that API if I must, but that does not violate Adobe's copyright. If I write an application that uses a GPL'd DLL, I must open that DLL (use it's header in my code) in order to use it, and that act is what violates the GPL.
Photoshop does not need to read or understand my plugin code in any way to use that plugin. Vidomi must understand VirtuaDub's code in order to use it. That's the difference between a plugin and a DLL, and it's the difference between honoring and violating the GPL.
Looks like (relevant parts of) the source code is available
right here. Could be a short case.
Actually, your statement (and theirs) would be true if the VirtuaDub code was released under the LGPL, but it's not, it's under the GPL, so removing it to a library (in this case a DLL) isn't good enough. You're right, it should be a short case. They violated the GPL, they should quickly lose.
Re:The "Terms and Conditions" prohibit resale! Why
on
Agenda, Not Hidden
·
· Score: 1
Go to
www.buyagenda.com. You may purchase either one of the three colors or the developer
model from this site.
I went there, and was redirected to a very wierd page that told me nothing. I went in through the front door and was taken here: http://buyagenda.com/cgi-sz/webcwrap/szw/st_main.h tml?catid=1&sid=0, where I saw the three commercial models (VR3) but no developer model (VR3d). It was my attempt to find the VR3d that led me to the Terms and Conditions page. While I found the terms and conditions, I did not find the developer's model. I doubt if it's still available.
Re:The "Terms and Conditions" prohibit resale! Why
on
Agenda, Not Hidden
·
· Score: 2
Duh. You're looking at the terms of sale for the DEVELOPER model. They offer the unit at a cheap price with an agreement to sign up for the developer group and generally give feedback.
At one time, perhaps, but I defy you to post a working link to a page that lets me actually buy one of these VR3d models. I was looking for just that page when I found the Terms and Conditions.
Also, IANAL but as I read this agreement, if I buy a developer's model then I am prohibited from ever re-selling any Agenda product, even those I buy at full retail. Read the agreement again. "Customer shall not resell any Agenda Computing Inc. products" sounds pretty all-encompasing. To me, "any" means any, not "only those you bought from this developer's site."
What you suggest makes sense, but that's not what their web page says.
Don't forget that in a hand-held the RAM is your total storage space. Hand-held RAM == desktop RAM + disk.
Yes, I know there's ROM, but the PIM software doesn't keep phone numbers in ROM. If you want to carry more apps, you need more RAM. If you have a lot of appointments, you need more RAM. If you have a lot of contacts, you need more RAM. Even in a Palm, 8 meg runs out fast if you try to read an e-book or two.
Desktop, laptop, or hand-held, you'll never have too much RAM!
The "Terms and Conditions" prohibit resale! Why?
on
Agenda, Not Hidden
·
· Score: 2
Please read the following carefully. The terms and conditions in this section constitute the entire agreement between Agenda Computing Inc. and you (the "Customer") for the sale of products by Agenda Computing Inc. to you. By accepting delivery of products, you agree to be bound by These Terms And Conditions of Sale.
Orders; Payment; No Resale
Orders are subject to acceptance by Agenda Computing Inc. Payment must be received prior to Agenda Computing Inc.'s acceptance of an order and must be made by credit card or other prearranged payment method. Customer shall pay interest on all past-due sums at the highest rate allowed by law. Customer shall not resell any Agenda Computing Inc. products.
Gosh, that last line is sure in the spirit of the GPL and the Linux community, eh? Guess I shouldn't bother to look for these on eBay.
MS Hypocrites demand others souce code!
on
Shared Source?
·
· Score: 2
Microsoft demands the source code for every piece of software supplied by outside companies for use in its own
operations, said James Van Dyke, formerly an executive at one such company.
Van Dyke, now a senior analyst for Jupiter Research, said two years ago he was employed as director of product
management for Harbinger Corp., a company producing encryption software and selling it to Microsoft, among other
companies.
"They demanded a copy of our source code if they were to continue to use it," Van Dyke said. "If you're a vendor to
Microsoft, you have to give them your source code. There's no question this policy was in place. If someone says it
never was, I can tell you firsthand that's not true."
My point was that the original post was backwards -- jark said "Seems that they wanted to completely dodge all the bullets that
were shot their way rather than address the real issues at hand
(such as why they think they can claim OUR inputs are THEIR
intellectual propery, among others)." While I certanly don't agree with Gracenote's response to that issue, they did give one, and I quoted it to prove my point, not to agree with Gracenote.
Seems that they wanted to completely dodge all the bullets that
were shot their way rather than address the real issues at hand
(such as why they think they can claim OUR inputs are THEIR
intellectual propery, among others).
Uh, actually it's the other way around. Rather than address why they think Roxio has violated their intellectual property by using a Gracenote competitor, they address why they think "our" contributions to CDDB somehow became "their" I.P.:
What you get is more than what you give
The CDDB service is built on user submissions, and the size of our
network ensures that users have access to more information than
even the most industrious submitters enter. Additionally, Gracenote
has developed filtering methods to compare, combine and correct the
information submitted, and we have instituted several levels of
editorial oversight to ensure that the information returned to users is
as accurate and complete as possible. We license third-party data like
album covers, reviews, and artist biographies to further enhance the
dataset we deliver to our licensed applications. We included Unicode
support in the latest release to improve our non-Roman character
submissions, and we are developing functionality to provide even
better multi-language support in the future. Not to mention the fact
that we input a lot of data ourselves - we're CDDB users too.
It's not about data, it's about intellectual property
Steve Scherf and Ti Kan created CDDB in 1995 and wrote every line of
code. Steve Scherf is, and has always been, the chief architect and a
founder of CDDB Inc, now doing business as Gracenote. Although the
raw data is user submitted, the storage, retrieval, categorization, and
organization of the database, the access interface, and the matching
and filtering methods are absolutely proprietary, and we will do what is
necessary to defend this intellectual property.
Next time, please read the damn article before posting. Oh, this is/. Nevermind!
the practical result was an ``unstable, weak thumb,'' Drs. Vincent R. Hentz and James
Chang of Stanford University in California write in an accompanying editorial.
``Tissue engineering,'' they continue, ``will truly be successful only when the body incorporates the
entire tissue, and normal structure and function are restored.''
As I said earlier (but apparantly the link's expired; you can read it here), they've already sold some airwaves. What they should do is lease them, not sell them, but at least it's better to sell them than give them away.
Between letting the broadcasters use digital TV to not deliver HDTV and letting the cable companies not carry the analog signal once a station broadcasts in digital, coupled with the requirement that all analog broadcasts cease in 2006, the FCC has lost it's collective mind.
Maybe they think they're doing Industry a favor, but by excluding the public from this decision, they're destroying the very market they wish to exploit. They won't sell any of them to me, that's for sure. I'll miss television, but with my growing DVD collection and more content available over the internet, I doubt if I'll miss it much. Hell, between the PS2, GameCube, and X-Box I won't have time for television!
Won't AT&T Broadband be suprised when I tell them "Thanks for bringing me @Home, now you can cancel my cable TV subscription."
Re:Maybe we're hitting on the wrong people?
on
RFC for Spammers
·
· Score: 1
Maybe, instead of trying to get rid of spammers, we
should get rid of people who reply to spam
By Jove, I think you're on to something! Could ISPs trap spam and, rather than discard it, capture the "Reply to:" field and block all email going to that address?
There are social scientists out there that try to make use of this data.
All you do by spoiling your census is to make life difficult for scientists
that re trying to understand behaviour so that they can inform policy and eventually make your life
better.
I don't understand how the government knowing my religious beliefs is going to make my life better. I don't understand why social scientists such as yourself need the government to do your research for you, especially in this area. If you can use some data the government is going to collect anyway, go right ahead. But if the government is going to ask everyone what their religion is just for you, then why shouldn't they ask everyone what their detergent is for Proctor and Gamble? Why shouldn't they ask everyone what car they drive for Ford? Why shouldn't they ask everyone what snacks they prefer for Nestle? I have yet to hear a legitimate reason why any government needs this information, even if social scientists like you gain from having them collect it. Your benefits are an additional bonus from the census, not the reason for it.
How many people really would fill in Jedi as their religion if their religion meant anything to them?
Well, my religion means something to me (I'm Council President at my church), but my government's curiosity means little to me, and their need to know my religious beliefs means nothing to me. To the contrary, any government's request to know my religious beliefs offends me, and I would gladly enter "Jedi" or just leave the form blank.
No shit. Did you notice that if you right-click in the story frame and select "Open Frame in New Window" that the whole page opens in the new window? Have to turn JavaScript off first to just get that frame.
Slashdot Mirror
You're right there, they often restrict our rights or violate our privace "for our safety."
Um, you're wrong there. Metal detectors at the doors will not stop anyone from parking a van full of explosives next to the building, just like the "Star Wars" missle defense won't stop a bomb-carrying (or bioweapon-carrying, or MP3-carrying) boat from floating into New York harbor. But they're sure to tell us their ineffective yet highly offensive efforts are "for our own good" -- and call all who oppose their tactics "Pro-Terrorist".
*sigh*
As as been said so many times in this discussion, web bugs and cookies have nothing to do with each other. The web bug would work (would get the info about the surfer) even if the server failed to return the 1 pixal gif! Get it?
*sigh*
I guess not.
Nah, just a bug in the slashcode. It happens now and again. Now your original post will be modded down as "offtopic" and your follow-up (and this one of mine) will be modded down as "flamebait" and we will both lose karma.
OK, so how does webwasher know how large the image is before it sends the http request? If it gets the image and then refuses to bother you with it if it's deemed a web bug, then webwasher is worthless. Indeed, it's less than worthless, since it luls you into a false sense of security. Once that http request is sent, the web buggers have your personal data (whatever info was sent in that http request) plus your IP address (so they can send you the image). After that, they don't give a rat's ass if you do or do not view the 1x1 gif.
I had not considered that! That is insightful, good modding. But then why do we only have to change passwords every 90 days? (typical policy at most companies I know, some are 60). How long does a brute-force attack take?
And if an intruder has a copy of your passwd file, doesn't that mean they got in? Doesn't everyone use shadow passwords? Don't you need common sense to get a job in computing security?
The counter arguement (which prevails at most companies) is that frequent password changes increase security. I've never seen any imperical data to support this claim. The logic is that if someone gains access via a stolen/guessed password, then forcing users to change passwords will close the intruder's door. Yeah, after 90 days! Meanwhile, they've had full access and could have created countless new accounts for themselves.
I've never seen a situation where this policy was coupled with required strong passwords, for the simple reason that (as you said) people who must frequently change strong passwords tend to forget them or, worse, write them down. That doesn't mean some places don't do this, just that I haven't seen it. I'd hate to work at a place like that.
Passwords alone are not enough. Sure, strong passwords are better than letting Bob's father pick "Bobby" or "R0b3r7" as a password, but how secure is a system where an intruder can roam undetected until their stolen password is changed? If you argue that frequent password changes are necessary, then you're admiting that you can't detect an intruder.
If you're paranoid about security and willing to consider other options, you should look into a physical system, such as the iButton. There are others, but this is a link I can quickly find :-)
Rick
P.S. anyone know how to clone this guy? if i ever need a lawyer, i want someone like him :-)
That is when the DVD 'copy protection' kicks in. That's why we need deCSS -- to get around the CSS encryption so we can play the damn things, not to copy the disk. Anybody can copy a DVD, encryption and all, and you'll need deCSS to play the copy just like you need it to play the original. That's what the RIAA just does not get: stopping deCSS does not stop people from pirating DVDs, it just stops people like me from buying them legally because I can't play them. Oh, yes, it also stops me from buying pirated DVDs, because I can't play them either, so I suppose at that level the RIAA is right (as they shoot of their own nose to spite their face).
Cool! Thanks bunches!
Photoshop does not need to read or understand my plugin code in any way to use that plugin. Vidomi must understand VirtuaDub's code in order to use it. That's the difference between a plugin and a DLL, and it's the difference between honoring and violating the GPL.
Actually, your statement (and theirs) would be true if the VirtuaDub code was released under the LGPL, but it's not, it's under the GPL, so removing it to a library (in this case a DLL) isn't good enough. You're right, it should be a short case. They violated the GPL, they should quickly lose.
I went there, and was redirected to a very wierd page that told me nothing. I went in through the front door and was taken here: http://buyagenda.com/cgi-sz/webcwrap/szw/st_main.h tml?catid=1&sid=0, where I saw the three commercial models (VR3) but no developer model (VR3d). It was my attempt to find the VR3d that led me to the Terms and Conditions page. While I found the terms and conditions, I did not find the developer's model. I doubt if it's still available.
Also, IANAL but as I read this agreement, if I buy a developer's model then I am prohibited from ever re-selling any Agenda product, even those I buy at full retail. Read the agreement again. "Customer shall not resell any Agenda Computing Inc. products" sounds pretty all-encompasing. To me, "any" means any, not "only those you bought from this developer's site."
What you suggest makes sense, but that's not what their web page says.
Hand-held RAM == desktop RAM + disk.
Yes, I know there's ROM, but the PIM software doesn't keep phone numbers in ROM. If you want to carry more apps, you need more RAM. If you have a lot of appointments, you need more RAM. If you have a lot of contacts, you need more RAM. Even in a Palm, 8 meg runs out fast if you try to read an e-book or two.
Desktop, laptop, or hand-held, you'll never have too much RAM!
Gosh, that last line is sure in the spirit of the GPL and the Linux community, eh? Guess I shouldn't bother to look for these on eBay.
Uh, actually it's the other way around. Rather than address why they think Roxio has violated their intellectual property by using a Gracenote competitor, they address why they think "our" contributions to CDDB somehow became "their" I.P.:
Next time, please read the damn article before posting. Oh, this is /. Nevermind!
Maybe they think they're doing Industry a favor, but by excluding the public from this decision, they're destroying the very market they wish to exploit. They won't sell any of them to me, that's for sure. I'll miss television, but with my growing DVD collection and more content available over the internet, I doubt if I'll miss it much. Hell, between the PS2, GameCube, and X-Box I won't have time for television!
Won't AT&T Broadband be suprised when I tell them "Thanks for bringing me @Home, now you can cancel my cable TV subscription."
By Jove, I think you're on to something! Could ISPs trap spam and, rather than discard it, capture the "Reply to:" field and block all email going to that address?
Or perhaps DDOS that address? ;-)
Well, my religion means something to me (I'm Council President at my church), but my government's curiosity means little to me, and their need to know my religious beliefs means nothing to me. To the contrary, any government's request to know my religious beliefs offends me, and I would gladly enter "Jedi" or just leave the form blank.