The attack is to change a
standard message to inject faked data (F). A simple case is this:
F + O + D + S
gpg now happily skips F for verification and does a proper signature
verification of D and if this succeeds, prints a positive result.
However when asked to output the actual signed data it will output the
concatenation of F + D and thus create the impression that both are
covered by the signature.
So this is a simple mistake made by GPG, in an effort to coexist well with email and the like.
In other words, GPG looks at an email message and sees headers and the like. Of course, the headers were not signed (just the message), so GPG skips them and when it encounters the signed message, it begins to verify the signature.
So, if you are an attacker, you insert something before or after the signed message, and when GPG goes to verify it, the signed message passes, but GPG nicely prints out the whole message for you, instead of just the signed part. Oops, not a big deal, encryption isn't broken, in fact this is just an application bug.
Ah, but if it is soon to be patented, then the spec should be public domain. Check the patent application. If you can't figure it out from the patent, then it isn't a valid patent.
you are reverse engineering a (presumably) patented product
If the product was patented, then the spec would be available via the patent office, therefore, no reverse engineering would be needed. If it was patented, it wouldnt matter if it was reverse engineered because the spec would still be under patent.
The issue here is more one of trade-secret. If the company has taken resonable measures to protect the spec, then they could claim that you stole a trade secret, which is a crime.
I don't think trade secret can apply here though, unless they used some sort of encryption or something to obfuscate things.
...bandwidth, server cost, electricity to run the servers, backup system,... They make, what? $0.10 per song or so I have heard.
I believe it is Apple that makes $.10 per sale. Various sources (Google it) say that the label gets between $0.65 and $.85 per song. That's obsence profit, at no additional cost to the label.
I've been curious why it costs more to buy an entire album via download, than it does to buy the cd
Since when can you buy a CD with more than 10 songs for less than $9.99? Because that's the most it will cost you on iTunes. If the album has fewer songs, it's $.99 * # songs.
There are exceptions, where they've priced 15 minute tracks higher than $.99, and there are multi-CD albums, but those are sensible exceptions, not the rule.
If you ask me though,.99 is still highway robbery. My download has no overhead other than iTunes bandwidth fee, which is pennies per sale.
If labels wernt so busy throwing money at studios and into advertising so they can get the band into debt, then they would only have to sell a few thousand tracks to break even. Most bands with any talent at all can sell that much in less than a year, and nationaly known band will make that back in the first day.
People using p2p networks simply do not want to pay.
I wouldn't say this is something you would recognize as p2p file sharing.
All the content is determined by a single source. You can't share your own files. This is just a distibution method.
The interface will be similar to the iTunes music store. You wont be primarily searching your peers, but instead the store's inventory. Once you buy, then you search for peers, but not before.
People will use it (for a while) because they don't pay any more to their ISP to let the software use their idle upstream bandwidth (but just wait, you'll hear about people getting kicked for using this)
They can pay you some token amount because their bandwidth bills will be much much lower. Of course, if you had to pay per MB, this would be a raw deal, but most users will be on unfettered cable modems.
So in short, to most people, it will seem like free money, some people will get hosed by their ISP, and it wont look anything like traditional p2p.
The idea is that for many many internet users (eg computer illiterate moms and dads keeping in touch with the kids and grandkids), the entire set of applications they use consist of a web browser, an email client, and solitaire....
For a few extra dollars a month, the isp would provide them with a thin client (either a complete hardware and software package or a cd that would boot on an existing pc)
Remember WebTV? It was supposed to be the internet for people too dumb/old/poor for a PC. I remember we got it for my grandmother. It sucked pretty bad, and the fact that it only did the basic things was still too much for her. The problem was that no one else knew how to use it either, since everyone else has a PC.
Now she has a PC that's riddled with spyware. What she should have is a machine with a smallish(5G), noexec hard drive + smaller (1G) HD for swap space, in a $100 box that runs BOOTP or something to her ISP. Every morning, she turns it on and it pulls down the OS image, in fact the same OS image that every client of the ISP gets. Tech support becomes "Reboot the box."
That's all 90% of home PCs need to be. But then those semi-tech literate kids at Best Buy wouldn't have anyone to lecture about spyware anymore. Very sad.
Everyone seems to be a bit confused about this. Google (and I assume MSN and Yahoo!) are only censoring google.cn results. Google.com is unfiltered, assuming you can get to it from China, but Google has no part in filtering that out.
The google.cn servers are IN CHINA. So Google has two choices, filter, or have their servers promptly shutdown. This is about improving service to China, and to do that, they have to censor google.cn. There is no choice here, if there is going to be a local, accessible google, then it must be filtered.
If Chinese users can get to google.com, then they can see the unfiltered results. Google even tells them on google.cn that some results are filtered. They can't do more than that.
If it isn't legally sound and the GPL3 is invalid, then it reverts to normal copyright and you can sue them for infringement instead of breach of contract.
A lot of schools require that Engineering and/or Math majors take at least the introductory courses. If you're a major unfortunate enough to be taking Into 1 during the Spring semester, you'll more often than not be the only major in the class.
I used to tutor engineering students for $30/hour, but it gets to be a pain because they don't really want to learn it, and don't necessarily have the mindset for it.
My comment was directly less at the kid and more at the current economic disease of short sighted gains. This site is just a good case study. I'm happy for the kid, and wish I had thought of it first. But it wont last.
This is not something that anyone should care about; if not this kid then someone else would have made a similar cute site for a few businesses to throw money at and the media to use as filler for a few months.
A year from now, this site wont exist, but the kid is set for life. Why? He didn't demonstrate a knack for business or marketing or anything like that, much less a unique talent.
Job offers have been coming in from Internet companies impressed by a young man who managed to figure out an original way to make money online.
This is the trouble with business. This kid isn't a genius, after all:
...I've only just passed my driving test...
This is just a flash in the pan, he'll get some publicity, sell some ad space, and then what?
Yes, he made a significant amount of money in a short time, which seems to be the model the new economy is adopting, but it's not sustainable business. In 2 months, who is going to care about a site full of ads with no content?
The kid had a good idea, and got lucky, but that doesn't make him anything special, and given the nature of the money (i.e. accrued with very little effort on his part), I don't think he gained any experience that will make him an asset to any of these companies offering him a job. This is winning the lottery, not entrepreneurial success (not to say there isn't a lot of luck in entrepreneurship).
This is not news, it's barely human interest, and its not anything anyone will care about even next week (except the people seeing the dupe for the first time).
P2P is finding ways to de-centralize more and more every day.
True, but without data-link layer additions to IP, i.e. some form of ICMP for discovering peers, the best we will ever have is overlay networks. Overlays are fairly decentralized but require at least 1 centralized server to coordinate.
Given the politics holding back IP Multicast, I doubt that we will see any sort of IP level peering protocol anytime soon.
I mean, we have 7 million linux distros, depending on which packages you want configured out of the box. Why can't we have versions of FF that include various extensions by default? And maybe a different theme by default.
I can think of a few I'd like:
IE Transitional
Looks and feel mostly like IE, so you can install it on your grandmother's computer and she wont keep calling you asking why she has 7000 spy-ware infections.
Power User
Comes with Session Saver, Tab Browser Preferences, etc.
Developer
Web Developer, IE Tab, IE View, DOM Inspector & Javascript Console on by default, etc.
I'm sure there are a ton of others. I know I'm not the onlyone who wishes I didn't have to devote half an hour to every FF install to get it the way I like it. Seriously, why hasn't this happened already?
Financial Aid tends to dry up when you already have a degree (and aren't pursing a new one.) 46% of all college students receive federal aid, not to mention private scholarships, state equalization grants, and so on. Probably not affordable.
As for the poster, you still have 2 years and you want to take your time? Abandon the sinking ship that is your school; unless you like the idea of having a degree from an institution that no longer has a CS program. In the new tech world, your reputation can make or break your career. In a school without a CS program, the best you can hope for is that no one has ever heard of your school, because finding out that you were the last one shoveled out the door is not going to inspire confidence.
A constitutional amendment would not have any affect on Google. This seems to be a pretty common misconception; the constitution limits the power of the federal government, but has no influence over individuals, businesses or any other private entity.
So an amendment would keep the government a step away from your records but Google would remain free to sell, abuse, harvest and do whatever else they want with your "private information," within applicable laws regarding personal information of course.
You were more on target when you said we need a federal law to protect our privacy, but an amendment would only limit the government's power, not Google Microsoft or even Gator/Claria.
IE 7 is one of the first browsers to implement some of the ideas discussed such as colour coding location bars
Um... hasn't Firefox pretty much ALWAYS made the address bar yellow for secure connections? I realize that TFA mentioned more colors but really, how does a yet-to-be-released IE7 get first place on that one? Just because they can make it red too?
And a 128MB flash drive... So I guess they're trying to reach the previously untapped "Likes the music/videos of Bare Naked Ladies and needs a smallish USB flash drive" market segment?
Or, in the/. cliche:
1. Release music on overpriced but potentialy useful media. 2. ????? 3. Profit!
As a Christian, I'd like to apologize for this new addition to the list of the many ways Christianity has wronged the world, including but not limited to:
The Crusades
Republicans
Focus on the Family
Galileo and many others (their persecution)
Seriously, I'm sorry. Please don't think that someone cannot follow Jesus and try to be at peace with the world. Don't mod me funny, I mean it. I'm sorry.
Matter pops into and out of existance all the time. When a matter particle pops into existance, its equivalent anti-matter particle pops into existance with it, and they obliterate each other almost immediately.
At the even horizon of a black hole, matter sometimes pops into existance, but with the antiparticle on one side of the even horizon, and the particle on the other, the antiparticle (or particle) gets sucked into the black hole, but its "other half" is able to escape.
Almost everyone on/. should agree that companies do not care about individuals, there's no money in knowing the path that John Smith took through cozypetmufflers.com.
If you fit a particular profile, they might use cookies to make custom recommendations or deliver targeted advertising, but not much else.
Oh no! Slightly more relevant ads! I might actually see an ad for something I want!
Someone will bring up the idea that they might match your personal info to browsing habits, to which I can only say: If you were dumb enough to give you real name to Doubleclick or some other pervasive advertiser, you're boned. Good luck.
For the rest of us, cookies allow reasonably secure login and saved preferences over an indefinite time period. If you're too worried that double click cares about how much pr0n youpersonally, not as part of a demographic, look at, then turn off cookies. Personally, I don't see how my erratic behavior on the few sites that I trust with personal information can lead to anything bad.
Excuse me, but the robust banking network is *NOT* important.
But it helps minimize the chaos in our lives resulting from terrorism. Not to say that the 50+ dead and 700+ wounded are insignificant, but if you put it in perspective, more people will die in auto accidents or from cancer in between now and the next terror attack. By having a stable infrastructure, you help minimize the lasting fear, because people see that things will be ok. That's why it's called terrorism. The threat to you individually is minute. The odds that you or a friend/family member will be killed by terrorists is minimal. But the fear that grips a nation when terror attacks disrupt everything is what the terrorists want.
Anyways all that has been said before. We want to minimize fear.
On the other side, why do yo think Al Qaeda only attack every now and then? They could manage hundreds of terrorist attacks a year if they wanted, but they don't. They are attacking to send a message. I don't know what that message is, but I imagine it is fairly clear to the world's leaders. Probably something along the lines of, "Stay out of the middle east."
Which brings us back to Iraq. I in no way support the US ever having gone there, but think about it from the terrorists perspective.
Among other things, they want the West out of the Middle East. Well 9/11 just did wonders for that didn't it? Like it or not, Iraq has to have a lot of them wondering if the best way to get rid of the West is to keep up the terror attacks.
Of course, maybe they'll decide to wipe us all out instead...
Slashdot Mirror
So this is a simple mistake made by GPG, in an effort to coexist well with email and the like.
In other words, GPG looks at an email message and sees headers and the like. Of course, the headers were not signed (just the message), so GPG skips them and when it encounters the signed message, it begins to verify the signature.
So, if you are an attacker, you insert something before or after the signed message, and when GPG goes to verify it, the signed message passes, but GPG nicely prints out the whole message for you, instead of just the signed part. Oops, not a big deal, encryption isn't broken, in fact this is just an application bug.
Ah, but if it is soon to be patented, then the spec should be public domain. Check the patent application. If you can't figure it out from the patent, then it isn't a valid patent.
The issue here is more one of trade-secret. If the company has taken resonable measures to protect the spec, then they could claim that you stole a trade secret, which is a crime.
I don't think trade secret can apply here though, unless they used some sort of encryption or something to obfuscate things.
Since when can you buy a CD with more than 10 songs for less than $9.99? Because that's the most it will cost you on iTunes. If the album has fewer songs, it's $.99 * # songs.
There are exceptions, where they've priced 15 minute tracks higher than $.99, and there are multi-CD albums, but those are sensible exceptions, not the rule.
If you ask me though, .99 is still highway robbery. My download has no overhead other than iTunes bandwidth fee, which is pennies per sale.
If labels wernt so busy throwing money at studios and into advertising so they can get the band into debt, then they would only have to sell a few thousand tracks to break even. Most bands with any talent at all can sell that much in less than a year, and nationaly known band will make that back in the first day.
- All the content is determined by a single source. You can't share your own files. This is just a distibution method.
- The interface will be similar to the iTunes music store. You wont be primarily searching your peers, but instead the store's inventory. Once you buy, then you search for peers, but not before.
- People will use it (for a while) because they don't pay any more to their ISP to let the software use their idle upstream bandwidth (but just wait, you'll hear about people getting kicked for using this)
- They can pay you some token amount because their bandwidth bills will be much much lower. Of course, if you had to pay per MB, this would be a raw deal, but most users will be on unfettered cable modems.
So in short, to most people, it will seem like free money, some people will get hosed by their ISP, and it wont look anything like traditional p2p.Remember WebTV? It was supposed to be the internet for people too dumb/old/poor for a PC. I remember we got it for my grandmother. It sucked pretty bad, and the fact that it only did the basic things was still too much for her. The problem was that no one else knew how to use it either, since everyone else has a PC.
Now she has a PC that's riddled with spyware. What she should have is a machine with a smallish(5G), noexec hard drive + smaller (1G) HD for swap space, in a $100 box that runs BOOTP or something to her ISP. Every morning, she turns it on and it pulls down the OS image, in fact the same OS image that every client of the ISP gets. Tech support becomes "Reboot the box."
That's all 90% of home PCs need to be. But then those semi-tech literate kids at Best Buy wouldn't have anyone to lecture about spyware anymore. Very sad.
Everyone seems to be a bit confused about this. Google (and I assume MSN and Yahoo!) are only censoring google.cn results. Google.com is unfiltered, assuming you can get to it from China, but Google has no part in filtering that out. The google.cn servers are IN CHINA. So Google has two choices, filter, or have their servers promptly shutdown. This is about improving service to China, and to do that, they have to censor google.cn. There is no choice here, if there is going to be a local, accessible google, then it must be filtered. If Chinese users can get to google.com, then they can see the unfiltered results. Google even tells them on google.cn that some results are filtered. They can't do more than that.
If it isn't legally sound and the GPL3 is invalid, then it reverts to normal copyright and you can sue them for infringement instead of breach of contract.
A lot of schools require that Engineering and/or Math majors take at least the introductory courses. If you're a major unfortunate enough to be taking Into 1 during the Spring semester, you'll more often than not be the only major in the class.
I used to tutor engineering students for $30/hour, but it gets to be a pain because they don't really want to learn it, and don't necessarily have the mindset for it.
This is not something that anyone should care about; if not this kid then someone else would have made a similar cute site for a few businesses to throw money at and the media to use as filler for a few months.
A year from now, this site wont exist, but the kid is set for life. Why? He didn't demonstrate a knack for business or marketing or anything like that, much less a unique talent.
Yes, he made a significant amount of money in a short time, which seems to be the model the new economy is adopting, but it's not sustainable business. In 2 months, who is going to care about a site full of ads with no content?
The kid had a good idea, and got lucky, but that doesn't make him anything special, and given the nature of the money (i.e. accrued with very little effort on his part), I don't think he gained any experience that will make him an asset to any of these companies offering him a job. This is winning the lottery, not entrepreneurial success (not to say there isn't a lot of luck in entrepreneurship).
This is not news, it's barely human interest, and its not anything anyone will care about even next week (except the people seeing the dupe for the first time).
Nothing to see here, please move along.
Given the politics holding back IP Multicast, I doubt that we will see any sort of IP level peering protocol anytime soon.
Why don't we have Firefox distros?
I mean, we have 7 million linux distros, depending on which packages you want configured out of the box. Why can't we have versions of FF that include various extensions by default? And maybe a different theme by default. I can think of a few I'd like:
IE Transitional Looks and feel mostly like IE, so you can install it on your grandmother's computer and she wont keep calling you asking why she has 7000 spy-ware infections. Power User Comes with Session Saver, Tab Browser Preferences, etc. Developer Web Developer, IE Tab, IE View, DOM Inspector & Javascript Console on by default, etc.I'm sure there are a ton of others. I know I'm not the onlyone who wishes I didn't have to devote half an hour to every FF install to get it the way I like it. Seriously, why hasn't this happened already?
Oops, I mean, KAAAAAAAAAAAAAAAAHHHHHHHHHNNNNN!!!!!!!!!
Financial Aid tends to dry up when you already have a degree (and aren't pursing a new one.) 46% of all college students receive federal aid, not to mention private scholarships, state equalization grants, and so on. Probably not affordable.
As for the poster, you still have 2 years and you want to take your time?
Abandon the sinking ship that is your school; unless you like the idea of having a degree from an institution that no longer has a CS program. In the new tech world, your reputation can make or break your career. In a school without a CS program, the best you can hope for is that no one has ever heard of your school, because finding out that you were the last one shoveled out the door is not going to inspire confidence.
A constitutional amendment would not have any affect on Google.
This seems to be a pretty common misconception; the constitution limits the power of the federal government, but has no influence over individuals, businesses or any other private entity.
So an amendment would keep the government a step away from your records but Google would remain free to sell, abuse, harvest and do whatever else they want with your "private information," within applicable laws regarding personal information of course.
You were more on target when you said we need a federal law to protect our privacy, but an amendment would only limit the government's power, not Google Microsoft or even Gator/Claria.
And a 128MB flash drive...
/. cliche:
So I guess they're trying to reach the previously untapped "Likes the music/videos of Bare Naked Ladies and needs a smallish USB flash drive" market segment?
Or, in the
1. Release music on overpriced but potentialy useful media.
2. ?????
3. Profit!
- The Crusades
- Republicans
- Focus on the Family
- Galileo and many others (their persecution)
Seriously, I'm sorry. Please don't think that someone cannot follow Jesus and try to be at peace with the world. Don't mod me funny, I mean it. I'm sorry.Matter pops into and out of existance all the time. When a matter particle pops into existance, its equivalent anti-matter particle pops into existance with it, and they obliterate each other almost immediately.
At the even horizon of a black hole, matter sometimes pops into existance, but with the antiparticle on one side of the even horizon, and the particle on the other, the antiparticle (or particle) gets sucked into the black hole, but its "other half" is able to escape.
This is believed to be Hawking Radiation
If you fit a particular profile, they might use cookies to make custom recommendations or deliver targeted advertising, but not much else.
Oh no! Slightly more relevant ads! I might actually see an ad for something I want!
Someone will bring up the idea that they might match your personal info to browsing habits, to which I can only say: If you were dumb enough to give you real name to Doubleclick or some other pervasive advertiser, you're boned. Good luck.
For the rest of us, cookies allow reasonably secure login and saved preferences over an indefinite time period. If you're too worried that double click cares about how much pr0n you personally, not as part of a demographic, look at, then turn off cookies. Personally, I don't see how my erratic behavior on the few sites that I trust with personal information can lead to anything bad.
Huh? Well? what about Dvorak? gvoogle.com, gorovla.com? The possibilities are endless (and sometimes hilarious)
Anyways all that has been said before. We want to minimize fear.
On the other side, why do yo think Al Qaeda only attack every now and then? They could manage hundreds of terrorist attacks a year if they wanted, but they don't. They are attacking to send a message. I don't know what that message is, but I imagine it is fairly clear to the world's leaders. Probably something along the lines of, "Stay out of the middle east."
Which brings us back to Iraq. I in no way support the US ever having gone there, but think about it from the terrorists perspective.
Among other things, they want the West out of the Middle East. Well 9/11 just did wonders for that didn't it? Like it or not, Iraq has to have a lot of them wondering if the best way to get rid of the West is to keep up the terror attacks.
Of course, maybe they'll decide to wipe us all out instead...
You can also find the oldest network protocol here: sneaker.net.