Probably won't work. That only worked for me in text mode. It makes the Windows setup and other GUI things just lock up if the BIOS warning pops up. And probably it's not perfect either, since Linux ignores the BIOS probably you could change the MBR from it with this option enabled.
When you download say, gimp as a binary you know pretty well what it does. It helps editing pictures. You can feel curious about how something is implemented and look at the source.
SETI is quite different. It gets data from some misterious source, does some unknown analysis of it (in theory), draws pretty pictures, and sends processed data back. It could as well work on cracking encryption, and I bet nobody would notice.
That's exactly why it's interesting to see what SETI is doing.
And IIRC, it was almost identical to Dvorak. So just learn Dvorak, that best layout probably wouldn't give a very big improvement. But I think it was done by processing text in English and source code, so it's probably not optimal for other languages.
You don't understand how the mail system works, and how spammers spam.
I'm not an expert, but IIRC the process is approximately this:
When I send an email it goes to my mail server. The server looks who I'm sending the mail too, and checks the MX host for those addresses. The server starts a connection to that server and transmits the email.
So it looks like this: localhost -> mailserver -> mx1.mail.yahoo.com
I can also involve a relay: localhost -> mailserver -> mail.myisp.com -> mx1.mail.yahoo.com
So what's the problem here? That I can send mail directly to Yahoo. It doesn't pass through my ISP. So who charges me money for those 900 messages? Yahoo? It doesn't have my bank account details. In fact, I don't even have a bank account at all. My ISP? They can't, I don't use their mail server when I send mail the first way. They could sniff packets, but I could connect to a SSL server.
When a spammer spams, s/he will normally contact a mail server in China or somewhere else. It won't use his/her ISP. So there's nobody who can charge him or her anything. And thanks to faked mail headers, a mail server can't be sure if a message is being sent by a computer or just forwarded by it.
And there *are* people who need to send thousands of messages a day. The Linux Kernel mailing list, universitities, maybe cybercafes...
Re:The cost of Solaris
on
The Faded Sun
·
· Score: 1
ATA RAID doesn't look very impressive. I'm thinking about trying RAID 0+1. Looked at websites, read benchmarks. The result was approximately that RAID 0 gives approximately 40% more performance, and if you combine it with RAID 1 it drops a bit. Why? Because most computers have only 2 ATA connectors. RAID 1 is supposed to improve read performance, but with ATA that doesn't seem to work.
Not true. I'm not a girl, and I've been addicted to Creatures for a long time. There's nothing that blows up there, although you can kill them (I don't)
Wouldn't it be cool to just have an ethernet connector on the computer? And connect everything, mouse, keyboard, webcam and ADSL into the same hub. Routing the packets it even could be possible to switch what computer the keypresses and mouse signals are going to without swapping cables.
It doesn't completely exclude a man in the middle attack. Here's an example: seerver.com (notice the second e) gets a Verisign cert. You mistakenly connect to it. Your client happily says "Trusted cert found, okay?". If you don't look very well and say "okay", then seerver.com can start a connection to server.com, and read all the data in between. This isn't hard to do, after all, what's the server? jabberserver.com? maybe.net or.org? It's quite possible to catch at least a few people this way. For an example of this, see whitehouse.org. Verisign would sign their cert just fine.
A second option is that you break into my jabber server, take the cert, and use that for your attack. This should work as long as the Common Name matches your domain name. Then, the program might be brain damaged and not check that at all.
A self-signed cert isn't completely vulnerable to man in the middle either. There's nothing that stops me from remembering what cert was used by the server. If you get in the middle, the cert will be different, signed or not, and I will be warned. This is how SSH works, for example, if I connect to a system whose key changed I will get warned. Knowing the fingerprint of the cert can be good enough as well to determine that you're connecting to the right server.
While I finally understood what you were saying, I still think that a signed cert doesn't offer an absolute guarantee everything is fine, and a self-signed cert isn't completely insecure either.
Hmm, I think I didn't explain very well. The self-signed cert on the Jabber server wasn't made by me. It was made by some random person somewhere. To explain why in this case a Verisign cert doesn't matter much, let's compare:
Unencrypted connection: Data transferred as clear text. It can be snooped easily.
Encrypted with self-signed cert: Data encrypted with SSL, but no signature from Verisign.
Encrypted with signed cert: Data encrypted with SSL, with a Verisign signature.
What's the difference between those two? That Verisign claims to know who that guy is. Does it do me any good? Not much, probably. I could trust Verisign to check that the certificate includes the real name and location of the server's owner, so that I could say, try to sue him if he decides to log all my messages and put them on his site. Or maybe they could revoke his cert, which they most certainly won't do. After all, how do I prove that the embarrassing log published on foo.com is mine? There's no sure way for me to prove it.
This probably won't do me much good, however. Suing somebody in another country, whose server I used without any kind of agreement (even clickthrough one) could be complicated. And I could do that without Verisign anyway, I'd just have to hope that the whois info for the domain name lists the right name and address.
I think you're a bit confused about what a 'signed by Verisign' cert means. It means that Versign says it knows the cert's owner. It's the same thing as if your friend Fred comes to your friend Joe with a piece of paper signed by you, to prove that he's somebody you trust. This has absolutely nothing to do with the effectiveness of the encryption itself.
Trusting a random CA has the same effect as Fred deciding to trust Joe when he gives him a letter signed by some random person he never heard about. But again, this doesn't have any influence on Fred's and Joe's ability to have a private talk.
For people to be able to read your IM stream, one of these things should happen: The encryption is broken, the encryption is brute forced, the server's private key is compromised. That last option is the most likely, and is archieved by breaking into the server, or the owner giving his private key to somebody else. Verisign's signature doesn't matter at all for this.
All a trusted cert certifies is the identity of the owner. That's all. You want it to buy stuff online, because of course you want to have some guarantee of that you're giving your credit card number to the right person. All a certificate signed by Verisign gives you is their confirmation: "This guy paid us for the certificate, and presented us documentation that identified him as John Doe"
For other things, trusting a cert doesn't matter so much. The connection is encrypted regardless of trust, so you can be sure that there's nobody in the middle sniffing the data. That's actually as good as it gets. Verisign will give a cert to anybody with money and a proof of their identity. It won't save you from an evil sysadmin who suddenly decides to make your mail public, for example.
I use a SSL connection to a Jabber server that uses a self-signed cert. What does that give me? All data between my server and me is encrypted. That means that my ISP can't know what I say to people, or what people say to me. Trust isn't really an issue here. Pretty much everybody else uses an unencrypted connection to ther IM server.
First, trust isn't vital in all circumstances. You *need* to trust the cert if you're doing something like buying stuff online. That's logical, you need to be sure that the site is owned by the company you expect, and not a script kiddie.
For other things, like a mail server, this makes little sense. If you log into your SSL IMAP server, it accepts your password, and that's actually not your server and somebody managed to set up an alternate server with a copy of all your mail in it, then trust isn't going to help.
But why would they want to steal it? I'm pretty sure that chemical analysis has advanced enough so that they can just buy a few capacitors and find what they're made from.
Could anybody explain what's the advantage of stealing a formula instead of reverse-engineering it?
Why is it necessarily shooting yourself in the foot? You might help your competitors a bit, but you get the benefit of getting it done cheaper. And if you release it under something like the APL cometitors will have to give you the changes to the source code, so they'll practically be writing the code for you.
I suppose it depends of course. Writing your accounting system in PerlQt and using Postgres as a database might save you some quite noticeable cash in licenses, perhaps enough to offset the possible improvement of a competitor. And your competitor that decided to adopt your system might not even be in the same country. Then of course, it might not.
I just don't think that closed source is the only solution that will work in this case. Sometimes it might be the best solution, but perhaps sometimes it isn't.
Yeah, I've also heard that when 9600 bps modems came out some people said that they were too fast because you could download text faster than you could read it. Now I've got a 256/128K ADSL, and wouldn't mind having something faster.
I see it this way: Some companies write their own accounting stuff because have some specific need, and not a desire of reinventing the wheel. Probably writing their own is a cheaper and safer option than expecting some vendor to add features or license you the source code, which also might be written in a language nobody in the company knows well.
So this company writes the program. Now that it's done, what? They're not going to sell it, it's not their business, and they don't have resources to support it. Perhaps the original programmer left after finishing the job. In these cases, I see two options, either leave it that way, or make it free.
If you make it free somebody else might find it useful, and even contribute a bug fix or two. Also if your priority is getting things done fast and cheap, the GPL is not a bad idea, since you'll be able to use some really nice tools and libraries like Qt.
I don't see anything wrong with RMS' utopia. I write code, and you can be sure that I won't stop getting paid even if it suddenly goes Open Source. Why? Because I work on an accounting program used only by our company.
Thinking that software only gets written to be sold is very short-sighted. There are other things to do as well, like maintaining old programs, writing code for websites and to help companies work. Besides, GPL'd software can be sold. If you need an example of a successful business, look at ReiserFS.
If commercial software suddenly dies as a business I'm pretty sure I will be able to adapt. If you're saying you feel capable only of writing programs sold for money, then sorry, but you'll just either will have to learn to apply your skills somewhere else, or find a different kind of job.
I prefer the buffered variant. You still have to unmount it in any case, and when you do things like customizing floppy distributions being able to add/delete files, some of which might not fit, without a delay can be very nice.
In IRC channels have operators. If you join an inexistent channel you'll become an operator in it automatically. If all the people exit from it the channel will disappear.
So to gain control of a channel you can sit in it until everybody leaves, exit, enter again, and use your op privileges to ban everybody you don't like from the channel. Perhaps you will bring a bot to sit there and make sure nobody will be able to do the same to you.
Bots can have other functions too, like notifying people of events, recording quotes, organizing games and gathering statistics.
A graphical login screen where you have to choose pictures in the right order sounds like a good idea, and I think I've just though of an improvement. Make them selectable with the mouse wheel without giving any feedback.
The reason is simple, the buttons make an obvious sound, but the wheel should not. It could give some extra security.
I wasn't talking about the seller. IIRC, it was offered at $10 as the initial price. I was talking about that some person has that amount of money to spend on a coin.
They type it just fine, because a Russian keyboard (like mine) has Russian letters written under the latin ones. The english layout is the main one, because AFAIK nobody made an OS that lets you give commands in Russian to it yet.
Removing the latin letters would be completely impossible. How would people deal with english command line programs? What would be 'explorer.exe' called in Windows? How would you type an english domain name?
Probably won't work. That only worked for me in text mode. It makes the Windows setup and other GUI things just lock up if the BIOS warning pops up. And probably it's not perfect either, since Linux ignores the BIOS probably you could change the MBR from it with this option enabled.
I think you're very mistaken.
When you download say, gimp as a binary you know pretty well what it does. It helps editing pictures. You can feel curious about how something is implemented and look at the source.
SETI is quite different. It gets data from some misterious source, does some unknown analysis of it (in theory), draws pretty pictures, and sends processed data back. It could as well work on cracking encryption, and I bet nobody would notice.
That's exactly why it's interesting to see what SETI is doing.
And IIRC, it was almost identical to Dvorak. So just learn Dvorak, that best layout probably wouldn't give a very big improvement. But I think it was done by processing text in English and source code, so it's probably not optimal for other languages.
Anybody got a link?
You don't understand how the mail system works, and how spammers spam.
I'm not an expert, but IIRC the process is approximately this:
When I send an email it goes to my mail server.
The server looks who I'm sending the mail too, and checks the MX host for those addresses.
The server starts a connection to that server and transmits the email.
So it looks like this:
localhost -> mailserver -> mx1.mail.yahoo.com
I can also involve a relay:
localhost -> mailserver -> mail.myisp.com -> mx1.mail.yahoo.com
So what's the problem here? That I can send mail directly to Yahoo. It doesn't pass through my ISP. So who charges me money for those 900 messages? Yahoo? It doesn't have my bank account details. In fact, I don't even have a bank account at all. My ISP? They can't, I don't use their mail server when I send mail the first way. They could sniff packets, but I could connect to a SSL server.
When a spammer spams, s/he will normally contact a mail server in China or somewhere else. It won't use his/her ISP. So there's nobody who can charge him or her anything. And thanks to faked mail headers, a mail server can't be sure if a message is being sent by a computer or just forwarded by it.
And there *are* people who need to send thousands of messages a day. The Linux Kernel mailing list, universitities, maybe cybercafes...
ATA RAID doesn't look very impressive. I'm thinking about trying RAID 0+1. Looked at websites, read benchmarks. The result was approximately that RAID 0 gives approximately 40% more performance, and if you combine it with RAID 1 it drops a bit. Why? Because most computers have only 2 ATA connectors. RAID 1 is supposed to improve read performance, but with ATA that doesn't seem to work.
I think I'll wait for serial ATA.
Not true. I'm not a girl, and I've been addicted to Creatures for a long time. There's nothing that blows up there, although you can kill them (I don't)
Wouldn't it be cool to just have an ethernet connector on the computer? And connect everything, mouse, keyboard, webcam and ADSL into the same hub. Routing the packets it even could be possible to switch what computer the keypresses and mouse signals are going to without swapping cables.
It doesn't completely exclude a man in the middle attack. Here's an example: .net or .org? It's quite possible to catch at least a few people this way. For an example of this, see whitehouse.org. Verisign would sign their cert just fine.
seerver.com (notice the second e) gets a Verisign cert. You mistakenly connect to it. Your client happily says "Trusted cert found, okay?". If you don't look very well and say "okay", then seerver.com can start a connection to server.com, and read all the data in between. This isn't hard to do, after all, what's the server? jabberserver.com? maybe
A second option is that you break into my jabber server, take the cert, and use that for your attack. This should work as long as the Common Name matches your domain name. Then, the program might be brain damaged and not check that at all.
A self-signed cert isn't completely vulnerable to man in the middle either. There's nothing that stops me from remembering what cert was used by the server. If you get in the middle, the cert will be different, signed or not, and I will be warned. This is how SSH works, for example, if I connect to a system whose key changed I will get warned. Knowing the fingerprint of the cert can be good enough as well to determine that you're connecting to the right server.
While I finally understood what you were saying, I still think that a signed cert doesn't offer an absolute guarantee everything is fine, and a self-signed cert isn't completely insecure either.
Hmm, I think I didn't explain very well. The self-signed cert on the Jabber server wasn't made by me. It was made by some random person somewhere. To explain why in this case a Verisign cert doesn't matter much, let's compare:
Unencrypted connection:
Data transferred as clear text. It can be snooped easily.
Encrypted with self-signed cert:
Data encrypted with SSL, but no signature from Verisign.
Encrypted with signed cert:
Data encrypted with SSL, with a Verisign signature.
What's the difference between those two? That Verisign claims to know who that guy is. Does it do me any good? Not much, probably. I could trust Verisign to check that the certificate includes the real name and location of the server's owner, so that I could say, try to sue him if he decides to log all my messages and put them on his site. Or maybe they could revoke his cert, which they most certainly won't do. After all, how do I prove that the embarrassing log published on foo.com is mine? There's no sure way for me to prove it.
This probably won't do me much good, however. Suing somebody in another country, whose server I used without any kind of agreement (even clickthrough one) could be complicated. And I could do that without Verisign anyway, I'd just have to hope that the whois info for the domain name lists the right name and address.
I think you're a bit confused about what a 'signed by Verisign' cert means. It means that Versign says it knows the cert's owner. It's the same thing as if your friend Fred comes to your friend Joe with a piece of paper signed by you, to prove that he's somebody you trust. This has absolutely nothing to do with the effectiveness of the encryption itself.
Trusting a random CA has the same effect as Fred deciding to trust Joe when he gives him a letter signed by some random person he never heard about. But again, this doesn't have any influence on Fred's and Joe's ability to have a private talk.
For people to be able to read your IM stream, one of these things should happen: The encryption is broken, the encryption is brute forced, the server's private key is compromised. That last option is the most likely, and is archieved by breaking into the server, or the owner giving his private key to somebody else. Verisign's signature doesn't matter at all for this.
Okay, let me explain.
All a trusted cert certifies is the identity of the owner. That's all. You want it to buy stuff online, because of course you want to have some guarantee of that you're giving your credit card number to the right person. All a certificate signed by Verisign gives you is their confirmation: "This guy paid us for the certificate, and presented us documentation that identified him as John Doe"
For other things, trusting a cert doesn't matter so much. The connection is encrypted regardless of trust, so you can be sure that there's nobody in the middle sniffing the data. That's actually as good as it gets. Verisign will give a cert to anybody with money and a proof of their identity. It won't save you from an evil sysadmin who suddenly decides to make your mail public, for example.
I use a SSL connection to a Jabber server that uses a self-signed cert. What does that give me? All data between my server and me is encrypted. That means that my ISP can't know what I say to people, or what people say to me. Trust isn't really an issue here. Pretty much everybody else uses an unencrypted connection to ther IM server.
Care to explain that?
First, trust isn't vital in all circumstances. You *need* to trust the cert if you're doing something like buying stuff online. That's logical, you need to be sure that the site is owned by the company you expect, and not a script kiddie.
For other things, like a mail server, this makes little sense. If you log into your SSL IMAP server, it accepts your password, and that's actually not your server and somebody managed to set up an alternate server with a copy of all your mail in it, then trust isn't going to help.
But why would they want to steal it? I'm pretty sure that chemical analysis has advanced enough so that they can just buy a few capacitors and find what they're made from.
Could anybody explain what's the advantage of stealing a formula instead of reverse-engineering it?
This has been on the front page for a while and I see no posts.
Just wondering if this is going to get through.
Why is it necessarily shooting yourself in the foot? You might help your competitors a bit, but you get the benefit of getting it done cheaper. And if you release it under something like the APL cometitors will have to give you the changes to the source code, so they'll practically be writing the code for you.
I suppose it depends of course. Writing your accounting system in PerlQt and using Postgres as a database might save you some quite noticeable cash in licenses, perhaps enough to offset the possible improvement of a competitor. And your competitor that decided to adopt your system might not even be in the same country. Then of course, it might not.
I just don't think that closed source is the only solution that will work in this case. Sometimes it might be the best solution, but perhaps sometimes it isn't.
Yeah, I've also heard that when 9600 bps modems came out some people said that they were too fast because you could download text faster than you could read it. Now I've got a 256/128K ADSL, and wouldn't mind having something faster.
Why couldn't be that be GPL'd?
I see it this way: Some companies write their own accounting stuff because have some specific need, and not a desire of reinventing the wheel. Probably writing their own is a cheaper and safer option than expecting some vendor to add features or license you the source code, which also might be written in a language nobody in the company knows well.
So this company writes the program. Now that it's done, what? They're not going to sell it, it's not their business, and they don't have resources to support it. Perhaps the original programmer left after finishing the job. In these cases, I see two options, either leave it that way, or make it free.
If you make it free somebody else might find it useful, and even contribute a bug fix or two. Also if your priority is getting things done fast and cheap, the GPL is not a bad idea, since you'll be able to use some really nice tools and libraries like Qt.
And what industry is that if I may ask?
I don't see anything wrong with RMS' utopia. I write code, and you can be sure that I won't stop getting paid even if it suddenly goes Open Source. Why? Because I work on an accounting program used only by our company.
Thinking that software only gets written to be sold is very short-sighted. There are other things to do as well, like maintaining old programs, writing code for websites and to help companies work. Besides, GPL'd software can be sold. If you need an example of a successful business, look at ReiserFS.
If commercial software suddenly dies as a business I'm pretty sure I will be able to adapt. If you're saying you feel capable only of writing programs sold for money, then sorry, but you'll just either will have to learn to apply your skills somewhere else, or find a different kind of job.
There's packet writing, you can make a CD-R, or better, a CD-RW work as a floppy. It requires installing extra software though.
Like in DOS/Windows:Buffered:I prefer the buffered variant. You still have to unmount it in any case, and when you do things like customizing floppy distributions being able to add/delete files, some of which might not fit, without a delay can be very nice.
In IRC channels have operators. If you join an inexistent channel you'll become an operator in it automatically. If all the people exit from it the channel will disappear.
So to gain control of a channel you can sit in it until everybody leaves, exit, enter again, and use your op privileges to ban everybody you don't like from the channel. Perhaps you will bring a bot to sit there and make sure nobody will be able to do the same to you.
Bots can have other functions too, like notifying people of events, recording quotes, organizing games and gathering statistics.
Maybe try to read your parent comment? I quote:
killustrator, sodipodi and similar apps just aren't ready for prime time
A graphical login screen where you have to choose pictures in the right order sounds like a good idea, and I think I've just though of an improvement. Make them selectable with the mouse wheel without giving any feedback.
The reason is simple, the buttons make an obvious sound, but the wheel should not. It could give some extra security.
I wasn't talking about the seller. IIRC, it was offered at $10 as the initial price. I was talking about that some person has that amount of money to spend on a coin.
They type it just fine, because a Russian keyboard (like mine) has Russian letters written under the latin ones. The english layout is the main one, because AFAIK nobody made an OS that lets you give commands in Russian to it yet.
Removing the latin letters would be completely impossible. How would people deal with english command line programs? What would be 'explorer.exe' called in Windows? How would you type an english domain name?