Yes, Sherman Hemsley in the episode "I of Newton", written by Joe Haldeman, teleplay by Alan Brennert, and directed by Kenneth Gilbert. He was working on an equation that by pure coincidence happened to summon the devil, played by Ron Glass (Detective Ron Harris from the TV series Barney Miller). Once the demon was there, he was told that his soul was already forfeit, but that he got one wish. He spent a long time figuring out what to wish for.
The shirt said things like "Hell is a city much like Newark". Having spent the better part of a year living in New Jersey, I suspect that Hell can't be much worse. (My apologies to anyone who actually *likes* New Jersey.)
I based myself on a GPL'ed program, so I will have to release the source eventually. I want to get it out of beta first.
Yet another person that doesn't understand that by releasing the source right away, not "eventually because the GPL forces me to", he'll get other people helping to add neat features and even fix bugs.
Well, if he's serious about releasing it when it gets out of beta, and if he has a reasonable criteria for that, it's OK. But "out of beta" could potentially mean anything, including "never".
It should also be noted that the GPL does NOT offer an exception for beta or pre-beta code. The GPL requires him to offer the source code for every binary release he does. From a legal point of view, it is not clear whether anyone other than the original author of the GPL'd code would have standing to force him to do it, though.
Of course, since I'm in the US I wouldn't be able to use it anyhow.
specifically part that reads that there exists a license which you implicilty agree to...: 'The minimum terms of such license shall grant the University the right to use the original work in its internally administered programs of teaching, research, and public service on a perpetual, royalty-free, non-exclusive basis.' Can I take this to mean: 'GPL compatible'?
No, it's not GPL-compatible. It grants a license to the University that is NOTHING like the GPL.
However, since it is non-exclusive, it does not prevent the student from ALSO releasing the code under the GPL, or any other license that doesn't restrict the University's license (e.g., by an exclusivity clause).
The "and public service" clause suggests that the University could itself publicly release the code under any license it sees fit.
By making the schools more and more like prisons,
I can't help but think that we're just going to
turn out model prisoners, NOT well-adjusted
members of society. I can't imagine why people
would consider this to be a good idea. Just
short-sighted, I guess.
Rather than learning to be accountable for their
actions, the students will just learn that Big Brother is Watching. How do you think they'll behave when they are in places where they're NOT under constant surveilance?
Unfortunately I've never been able to get that to work, under RH7.0 or RH7.1, using Mozilla 0.8, 0.81, or 0.9, installed from the Red Hat RPMs. On multiple occasions I've had it install the JRE from the.xpi file, and it claims to do so successfully, but then Java doesn't actually work, and Mozilla fails to start if I exit and try to reopen it.
Based on the info in Bugzilla and the newsgroup, I made sure that the right symlink was installed, and that the environment variables were set right, and a whole bunch of other magic that was supposed to help. But no matter what I try, Mozilla will not start up and even display a window if I have the java plugin (or a symlink to it) in the plugins directory. It just silently exits. When I remove the plugin, everything is fine.
This is my ONLY major complaint with Mozilla 0.9. It's plenty fast enough on my PII-450, and it doesn't crash as often or leak as much memory as NS 4.7x.
If nobody uses Netscape and everybody switches to Mozilla AOL is not making any money from those engineers efforts.
I don't understand. How does my use of Mozilla vs. NS have any effect whatsoever on AOL's bottom line? How would they even know that I'm using one or the other (or IE5, for that matter)?
When I was using Mozilla 0.8, that was the only site I still kept Netscape 4.7x around for. But now Mozilla 0.9 works with the online banking just fine. Hurray! No more Netscape 4.7x for me!
What students really need are hidden cameras in the schools. [...]
Is it an invasion of privacy? Yes, but so are metal detectors, drug tests and searching lockers. Why not have video cameras?
Oh yes, by all means, let's make our schools even MORE like prisons.
The more we make the schools like prisons, the more we'll make the students like prisoners. Are you sure you WANT the schools to turn out people with a prisoner mindset?
To hell with high school! Get GED & go to college
on
Sean In The Middle
·
· Score: 2
Although I had to put up with some harrassment in school, I was fortunate that it wasn't anywhere near as bad as Sean's. But like Sean, I found most of my classes incredibly boring. I wanted to get a GED, skip the rest of high school, and start college. However, the teachers and counselors at the high school LIED to me, and told me that it was not possible to get a GED until I was 18 years old.
I dropped out anyhow, but because of their lies, I waited before getting my GED. I should have taken it immediately. In fact, in hindsight it is clear that I should have done it when I was in junior high!
It sounds to me like Sean should have absolutely NO trouble passing a GED (they're very easy). I'd advise taking that and the SAT or ACT, and applying to colleges and universities. That way he can actually get an education, instead of simply "doing time" in the public school system.
Some people have told me that a GED doesn't look good on one's record. My experience is that if you have good SAT scores, no one cares.
Eric
"Never let your schooling get in the way of your education" -- Mark Twain
Re:They're helping Linux because...
on
NSA Inside?
·
· Score: 2
All mathematical algorithms have a fundamental security hole. Anything that depends on computational difficulty to maintain security will be cracked with sufficient resources.
However, the difficulty of brute-force cracking goes up expnentially with the key length, not linearly. E.g., a 1025-bit key is twice as hard to crack as a 1024-bit key. Thus it is entirely possible to determine a suitable key length that on average would take many times longer than the age of the universe to crack, even if all the matter in the universe were turned into nanotech brute-force cracking machines.
So don't count on it always being possible to brute-force crack things.
On the other hand, with any of the public key systems, there is always the chance that someone may discover a was to compute the inverse function that is less computationally intensive than brute force. For instance, a breakthrough in factoring could render the RSA cryptosystem useless. There is no proof that such methods are impossible, though most mathematicians think it unlikely that any will be found.
What, and you think that Microsoft has been using these certificates for over five years, yet it never occurred to them to investigate how the revocation worked? The fact that the CDP wasn't in the certificate is entirely irrelevant. VeriSign is the best-known CA in the world, not some random CA that MS has never heard of. MS could and should have built the checking in to the browser in the first place, special casing VeriSign code-signing certs if need be.
Or MS could have noticed the problem when VeriSign first started issuing code-signing certs, complained to Verisign, and had them put the CDP into the certificates.
Either way, MS is much more at fault about this than VeriSign, since they made NO effort to check that their browser supported revocation of certificates for signed code.
As I said, VeriSign screwed up but corrected their mistake within two months. Microsoft has been so negligent that they CAN'T POSSIBLY correct their mistake for many years, because so few people will apply their patches.
The security needs to be built into the software at the outset, not patched on later.
When you download files with certificates, doesn't Windoze provide you with the option to allow acceptance of future files certified by the provider?
Yes, but as the advisory points out, that isn't determined by the common name in the certificate. So even if the user has said "always trust Microsoft", an attempt to use code signed by this fraudulent certificate will pop up a warning again because it appears to be a different Microsoft.
The danger is that the user will believe that the code really is from THE Microsoft.
Vulnerability identifier: None. This issue is not the result of a flaw in a Microsoft product; it results because of an error made by a third party.
Which is an out-and-out lie. This wouldn't have been an issue for more than two months if Microsoft had made their browsers properly deal with VeriSign CRLs (Certificate Revocation Lists). Instead, it will continue to be an issue for a long time: even after MS releases patches, it takes years before the majority of users apply them. Earlier in the very same advisory, they wrote:
VeriSign has revoked the certificates, and they are listed in VeriSign?s current Certificate Revocation List (CRL). However, because VeriSign?s code-signing certificates do not specify a CRL Distribution Point (CDP), it is not possible for any browser?s CRL-checking mechanism to download the VeriSign CRL and use it. Microsoft is developing an update that rectifies this problem.
However, Microsoft has known for years about the CDP problem. They knew that VeriSign would be issuing the vast majority of code-signing certificates, so they could have (and obviously should have) included a mechanism in the browser to explicitly use VeriSign's CDP.
Instead, they chose to ignore the possibility that the security might be flawed and allow revoked certificates to be used. They didn't give a damn whether someone got a fraudulent code-signing certificate for J. Random Software Company, and the browser couldn't tell that it had been revoked. They've only been prompted to take action when this unexpectedly happened using their own name.
VeriSign made an error and corrected it within two months. Microsoft made a bigger error and has taken five years (and counting) to fix it, then has the gall to blame it all on VeriSign.
I have looked at the web page, and I don't see anything that convinces me that it behaves as a "terminal server", as that term is normally defined. However, they seem to also commonly refer to it as a "School server", which seems to convey the idea quite well.
You've never actually used Linux, have you? These days (with Gnome and KDE), it has about as friendly of a GUI as Windows, and even better in some ways.
Of course you're not going to start 3rd grade students at a bash prompt, any more than you'd start them at a DOS prompt under Windows.
Which is not to say that there aren't plenty of 3rd grade students smart enough to figure out how to use a command prompt effectively in either OS.
I haven't used it, so I'm not 100% certain, but isn't the point of StarOffice that its files are compatible with MS Office? So you should be able to send an attachement from it to anyone that can read word docs.
I don't want anyone to think I'm disparaging this work, because I'm not. It sounds like a great thing. But a "terminal server" is something else entirely.
A terminal server is a box that connects serial "dumb terminals" to a network; they are also commonly used for "reverse terminal service" for a network-attached host to connect out to serial devices.
What the article describes is just a "server" or maybe a "boot server", supporting diskless clients.
I don't see anything wrong with inventing a new term for this, but please don't overload the existing term "terminal server". It will only cause confusion and keep your message from getting across.
I thought it was pretty good. I did something stupid and compromised my server secret keys. It was within the first week after the certs were issued, so as per their policy they gave me free replacements when I notified them and gave them new CSRs.
Not to mention how much I dislike doing business with a company built upon the scam of consumer reporting.
I'm not sure I'd go so far as to call it a scam, but I do find it distasteful as well. But in my personal ranking system, Verisign/Thawte does not score any higher, especially now that they've purchased Network Solutions.
Once I find a root CA that is trusted by most browsers, inexpensive, and is run by people I don't dislike so much, I'll certainly switch.
In the mean time, I'm reasonably happy with recommending Equifax to people who don't want to pay more money for Verisign/Thawte.
Sure, but then you have no way to be certain that your encryption isn't being compromised by a man-in-the-middle attack. Seem my other comments on this article.
Slashdot Mirror
Hmmm... it's certainly been a while since I've seen it. I must have confused that aspect of it with a short story along similar lines.
The shirt said things like "Hell is a city much like Newark". Having spent the better part of a year living in New Jersey, I suspect that Hell can't be much worse. (My apologies to anyone who actually *likes* New Jersey.)
Well, if he's serious about releasing it when it gets out of beta, and if he has a reasonable criteria for that, it's OK. But "out of beta" could potentially mean anything, including "never".
It should also be noted that the GPL does NOT offer an exception for beta or pre-beta code. The GPL requires him to offer the source code for every binary release he does. From a legal point of view, it is not clear whether anyone other than the original author of the GPL'd code would have standing to force him to do it, though.
Of course, since I'm in the US I wouldn't be able to use it anyhow.
However, since it is non-exclusive, it does not prevent the student from ALSO releasing the code under the GPL, or any other license that doesn't restrict the University's license (e.g., by an exclusivity clause).
The "and public service" clause suggests that the University could itself publicly release the code under any license it sees fit.
Where do you guys get this stuff?
Rather than learning to be accountable for their actions, the students will just learn that Big Brother is Watching. How do you think they'll behave when they are in places where they're NOT under constant surveilance?
Based on the info in Bugzilla and the newsgroup, I made sure that the right symlink was installed, and that the environment variables were set right, and a whole bunch of other magic that was supposed to help. But no matter what I try, Mozilla will not start up and even display a window if I have the java plugin (or a symlink to it) in the plugins directory. It just silently exits. When I remove the plugin, everything is fine.
This is my ONLY major complaint with Mozilla 0.9. It's plenty fast enough on my PII-450, and it doesn't crash as often or leak as much memory as NS 4.7x.
When I was using Mozilla 0.8, that was the only site I still kept Netscape 4.7x around for. But now Mozilla 0.9 works with the online banking just fine. Hurray! No more Netscape 4.7x for me!
Haven't actually *tried* Mozilla 0.9, have you? I'm running it on a PII-450, and it seems plenty fast enough.
The more we make the schools like prisons, the more we'll make the students like prisoners. Are you sure you WANT the schools to turn out people with a prisoner mindset?
I dropped out anyhow, but because of their lies, I waited before getting my GED. I should have taken it immediately. In fact, in hindsight it is clear that I should have done it when I was in junior high!
It sounds to me like Sean should have absolutely NO trouble passing a GED (they're very easy). I'd advise taking that and the SAT or ACT, and applying to colleges and universities. That way he can actually get an education, instead of simply "doing time" in the public school system.
Some people have told me that a GED doesn't look good on one's record. My experience is that if you have good SAT scores, no one cares.
Eric
"Never let your schooling get in the way of your education" -- Mark Twain
So don't count on it always being possible to brute-force crack things.
On the other hand, with any of the public key systems, there is always the chance that someone may discover a was to compute the inverse function that is less computationally intensive than brute force. For instance, a breakthrough in factoring could render the RSA cryptosystem useless. There is no proof that such methods are impossible, though most mathematicians think it unlikely that any will be found.
Or MS could have noticed the problem when VeriSign first started issuing code-signing certs, complained to Verisign, and had them put the CDP into the certificates.
Either way, MS is much more at fault about this than VeriSign, since they made NO effort to check that their browser supported revocation of certificates for signed code.
As I said, VeriSign screwed up but corrected their mistake within two months. Microsoft has been so negligent that they CAN'T POSSIBLY correct their mistake for many years, because so few people will apply their patches.
The security needs to be built into the software at the outset, not patched on later.
The danger is that the user will believe that the code really is from THE Microsoft.
There is no way ANYONE, even Microsoft, can prove that it has not happened. But it will only take one counterexample to prove that it has.
And the current appparent lack of a counterexample does not prove anything.
Instead, they chose to ignore the possibility that the security might be flawed and allow revoked certificates to be used. They didn't give a damn whether someone got a fraudulent code-signing certificate for J. Random Software Company, and the browser couldn't tell that it had been revoked. They've only been prompted to take action when this unexpectedly happened using their own name.
VeriSign made an error and corrected it within two months. Microsoft made a bigger error and has taken five years (and counting) to fix it, then has the gall to blame it all on VeriSign.
I have looked at the web page, and I don't see anything that convinces me that it behaves as a "terminal server", as that term is normally defined. However, they seem to also commonly refer to it as a "School server", which seems to convey the idea quite well.
Of course you're not going to start 3rd grade students at a bash prompt, any more than you'd start them at a DOS prompt under Windows.
Which is not to say that there aren't plenty of 3rd grade students smart enough to figure out how to use a command prompt effectively in either OS.
Personally, I prefer plain text, or TeX.
A terminal server is a box that connects serial "dumb terminals" to a network; they are also commonly used for "reverse terminal service" for a network-attached host to connect out to serial devices.
What the article describes is just a "server" or maybe a "boot server", supporting diskless clients.
I don't see anything wrong with inventing a new term for this, but please don't overload the existing term "terminal server". It will only cause confusion and keep your message from getting across.
Once I find a root CA that is trusted by most browsers, inexpensive, and is run by people I don't dislike so much, I'll certainly switch.
In the mean time, I'm reasonably happy with recommending Equifax to people who don't want to pay more money for Verisign/Thawte.
Sure, but then you have no way to be certain that your encryption isn't being compromised by a man-in-the-middle attack. Seem my other comments on this article.