How can you possibly think that getting a certificate from Verisign introduces a back door? You clearly have no conception of how certificates work.
You do not at any time in the registration process (or afterward) give your site's private server key to Verisign. You only send them your public key, and that is what they sign.
This is not a back door, because ANYONE connecting to your SSL'd server gets that very same public key.
If the NSA can break the public key crypto and use your public key to compute your private key, they certainly don't need (or want) Verisign involved in the process.
Set up a proxy that aggregates the contents from all of your servers. Then only this proxy needs a publicly registered certificate.
It's also possible to buy "wildcard certificates", e.g., for "*.mydomain.com", but these are very expensive and not all browsers (or other SSL software) know about them.
The thing is, 99% of the people who want to use SSL could care less about establishing their identity or the location of their server.
But without the trust relationship, you can't tell whether there's a man-in-the-middle attack compromising your encryption. See my
other comment (#219) on this subject.
If CDDB merged with FreeDB and offered a free service, how would they make money? For better or worse (mostly worse), CDDB is a for-profit operation.
The point of having two is that we can choose to use the free one, instead of supporting people who took publicly contributed data and made it proprietary.
No, because they'll also build copy protection into the media and players, and under the DMCA it will be illegal to circumvent that. Thus you will not be able (legally) to make a perfect digital copy.
A microscope can be used to extract the raw bits from a DVD, without regard to the copy protection. Are microscopes now banned by the DMCA?
Intel is already trying to move the decryption of digital media into the speakers and monitor. If they are successful with this, there is NO question in my mind that once it becomes technologically feasible (probably MANY years from now), they will try to push the decryption into the human.
I used to think that such suggestions were paranoid to the extreme, but now I realize that with all the billions of dollars that the RIAA and MPAA *claim* to lose every year, they will be delighted to fund research into the necessary technology.
The problem with the introduction of a new copy protection system now ISN'T whether it is hard to crack. The problem is that in the past, they could do this sort of thing, but the consumer could lawfully circumvent the protection (provided that he or she didn't violate the copyright). This allowed for fair use.
But now, thanks to the DMCA, it is illegal to circumvent any new copy protection system they come up with, no matter how cheesy it is. The DMCA only requires that the copy protection be "effective", and in the one major test of the legislation to date, the judge decided that the lame copy protection of DVDs was "effective" because the DMCA made it illegal to bypass it. (What a wonderful example of circular reasoning!)
The DMCA also states that it does not limit fair use. However, the same judge decided that fair use was not a defense against DMCA actions.
There have already been commercially successful asynchronous computers. For instance, in the DEC PDP-10 family, the KA10 (1968) and KI10 (1972) processors were asynchronous, as was their predecessor, the 166 processor of the PDP-6 (1964). The PDP-10 family was commonly found in
universities until the late 1980s.
The Delta Clipper program was much more practical than the X-33 and X-34 programs. The DC-X scale prototype had already been successfully demonstrated, and used proven technology. I don't know why NASA didn't choose it for the X-33 program, but I suspect it is their standard mentality of always wanting to try some grandiose new bleeding-edge technology instead of using what we know we can build.
There's nothing wrong with researching bleeding-edge technology, by all means we should do it. But when we're trying to build a "production use" vehicle, it should use proven technology.
The X-33 concept relied on many unproven concepts. They've found that they can't even manufacture fuel tanks for it that will meet the extreme requirements!
all I want is more stability and more speed. Good
luck guys!
I've been using 0.8 heavily since the day after release. I've only had one crash (vs. NS 4.75 crashing on me about a dozen times daily, and when it didn't crash it would leak memory until it was thrashing VM to death). The performance seems perfectly adequate on my Celeron 366 laptop.
My only complaint isn't about Mozilla, it's about dumbasses that design their web site so that you can't view the content unless you're using a browser they "support". For instance, I went to one site that told me I had to upgrade to a browser that supported frames. This is moronic,
they should have sent the content, and put the upgrade message in the "noframes" section.
I guess I'll have to run a proxy to tell the servers that I'm running NS 4.something. Blech!
if you aren't a non-profit corporation, you won't be permitted to register or keep a.org domain
I hope they mean that if you are a for-profit corporation (or business), you won't be permitted to register or keep it.
There are a lot of unincorporated organizations that do not have 501c3 status, but serve legitimate non-commercial interests. They should not yank the.org domains from such organizations.
Perhaps a better solution is to create a new TLD for government-recognized non-profit corporations (.npc perhaps), and leave.org as it is.
Since laws for non-profit corporations vary from country to country, it might be even better to make it.npc.us, and let other countries worry about their own. ICANN wouldn't even need to be involved in that.
Speaking of which, when was the.int TLD created? I just started seeing it recently, and don't recall any public announcement or discussion.
Even registered works don't all end up in the Library of Congress. They don't accept everything (due largely to space limitations). And for some classes of works, such as source code to computer programs, the registration isn't even required to contain the entire work.
IMNSHO, due to the way Congress has extended copyright duration to ridiculous terms, they should require full deposit of source code (in its entirety) for all software that is registered, make that source code available for inspection (but not copying), and guarantee that it is preserved for the copyright term so that the purpose of copyright law (making sure that works eventually enter the public domain) is not completely thwarted.
Has anyone tried submitting FOIA requests to the
CIA, FBI, NSA, NRO, etc, to try to get copies of any Usenet archives they may have? If they have
such archives, it is unlikely that they will meet any
of the criteria that would allow them to deny a FOIA request, e.g., privacy, national security,
etc.
There are a lot of legal theories about this, but no case law. On theory is that since the messages are by their very nature expected to be copied to an arbitrarily large number of computers, they are public domain. If this is the case, people who put explicit copyright notices on their posts may be accomplishing nothing.
Another theory is that the act of posting grants an implied license to reproduce the post. The scope of such an implied license is unclear.
It is not clear that selling a collection of Usenet postings infringes any rights, since ownership of the postings is uncertain.
You can however force it to use glibc-compat, but that
isn't a solution for a production system.
That is *EXACTLY* the solution for a production system. Run the software with the libraries it was intended to run with. I can't imagine why this isn't obvious to everyone.
If you think using compatability libraries isn't adequate, please explain WHY, in technical terms (i.e., not "It seems yucky so I don't like it").
I really miss the days where software development and hardware engineering was really about being clever.
And it's not even just clever in retrospect. The engineers knew that they had to be clever. Some of my favorite quotes:
And in those days, many a clever programmer derived an immense satisfaction from the cunning tricks by means of which he contrived to squeeze the impossible into the constraints of the equipment.
-- Edsger W. Dijkstra, "The Humble Programmer", 1972 ACM Turing Award Lecture
Not written about software (or computers), but
equally applicable:
Perfection is achieved, not when there is nothing
more to add, but when there is nothing left to take away.
-- Antoine de Saint Exupery
That explains why Microsoft software (and indeed most software) will never reach perfection. It's not even their objective.
Today the art of making every byte of memory (and every gate of hardware) is nearly lost. It's still sometimes seen in very cost-sensitive embedded systems. But even there, in recent years there's been a tendency in recent years to say "screw it, let's just put in another 128K of flash memory and a faster processor."
My day job involves embedded systems with fast RISC processors and hundreds of megabytes of RAM.
There are occasional challenges, and I do take pride in my work, but when there are no resource limits it's just not fundamentally that interesting.
In my spare time, I prefer to try to wring the "impossible" out of tiny microcontrollers:
Closed-caption decoder with serial output, using only a microcontroller, comparator, and sync separator - the latest version uses a newer microcontroller with the comparator built in
Serial video display generating video entirely in software - the only active electronic component is the microcontroller
To someone who doesn't understand the concept of doing the most work with the least resources, none of these projects probably seem exceptional. But they were much more satisfying to develop than anything I ever do at a day job.
In the old days, the only alternative to doing things cleverly was not to do them at all. If the engineers at Draper had been less clever in how they designed the AGC, the Apollo program might have had to be delayed by several years. The AGC is one of the finest examples of computer engineering (both hardware and software) ever. I imagine that some of the disparaging comments about how primitive it was (i.e., that it was obsolete at launch) were from people who either were trying to be funny, or have no conception of system design.
What happened to Terastore, and their "near field recording"? Their web site seems to be kaput. When they first announced that they were developing products using this technology, it sounded impressive, but conventional magnetic storage seems to have improved more than most people expected. But still, they were supposed to have 10G on a cheap removable media, and IIRC they'd actually demonstrated a preproduction system.
I use the same setup (Qmail, maildirs, Courier-IMAP, and SquirrelMail). I've been really
happy with it because I can access my email from Gnus in Emacs (using IMAP), other MUAs that support either maildir or IMAP, and SquirrelMail (webmail) when I'm using a remote computer.
I'm very concerned about security, so I configured Courier-IMAP to ONLY provide SSL/TLS secure POP and IMAP. I set it up to provide insecure (non-SSL) service only on localhost (127.0.0.1), but not visible over the network. That way SquirrelMail or MUAs running on my server can get to it without SSL, which is OK because there's no way for someone else on the wire to eavesdrop. Of course, I also have the.htaccess file for SquirrelMail set up to only server over SSL/TLS (see below), and I don't allow telnet, rlogin, or non-SSL'd FTP. into my server.
I'm somewhat interested in developing up with a database back end for the IMAP server, so that old archived email can be stored more efficiently than either a maildir or mbox, but still be readily accessible.
#.htaccess for SSL-only services
# Options -Indexes
<IfDefine HAVE_SSL>
SSLRequireSSL
# insert the https: URL of the service in the next line
# for automatic redirect if the user attempts a non-SSL connection
ErrorDocument 403 https://host/webmail/
</IfDefine>
<IfDefine !HAVE_SSL>
# this is to make sure that if the web server is accidentally started without
# mod_ssl, the web pages won't be served up insecurely
Deny from all
</IfDefine>
Slashdot Mirror
You do not at any time in the registration process (or afterward) give your site's private server key to Verisign. You only send them your public key, and that is what they sign.
This is not a back door, because ANYONE connecting to your SSL'd server gets that very same public key.
If the NSA can break the public key crypto and use your public key to compute your private key, they certainly don't need (or want) Verisign involved in the process.
It's also possible to buy "wildcard certificates", e.g., for "*.mydomain.com", but these are very expensive and not all browsers (or other SSL software) know about them.
The point of having two is that we can choose to use the free one, instead of supporting people who took publicly contributed data and made it proprietary.
A microscope can be used to extract the raw bits from a DVD, without regard to the copy protection. Are microscopes now banned by the DMCA?
I used to think that such suggestions were paranoid to the extreme, but now I realize that with all the billions of dollars that the RIAA and MPAA *claim* to lose every year, they will be delighted to fund research into the necessary technology.
But now, thanks to the DMCA, it is illegal to circumvent any new copy protection system they come up with, no matter how cheesy it is. The DMCA only requires that the copy protection be "effective", and in the one major test of the legislation to date, the judge decided that the lame copy protection of DVDs was "effective" because the DMCA made it illegal to bypass it. (What a wonderful example of circular reasoning!)
The DMCA also states that it does not limit fair use. However, the same judge decided that fair use was not a defense against DMCA actions.
Sorry, brain fade (I've been up for >24 hours). THe KI10 was not asynchronous. Just the KA10 and the 166.
There have already been commercially successful asynchronous computers. For instance, in the DEC PDP-10 family, the KA10 (1968) and KI10 (1972) processors were asynchronous, as was their predecessor, the 166 processor of the PDP-6 (1964). The PDP-10 family was commonly found in universities until the late 1980s.
Ah! Good idea, thanks. I didn't know about that.
However, they do support interlace on NTSC and PAL sources.
There's nothing wrong with researching bleeding-edge technology, by all means we should do it. But when we're trying to build a "production use" vehicle, it should use proven technology.
The X-33 concept relied on many unproven concepts. They've found that they can't even manufacture fuel tanks for it that will meet the extreme requirements!
My only complaint isn't about Mozilla, it's about dumbasses that design their web site so that you can't view the content unless you're using a browser they "support". For instance, I went to one site that told me I had to upgrade to a browser that supported frames. This is moronic, they should have sent the content, and put the upgrade message in the "noframes" section.
I guess I'll have to run a proxy to tell the servers that I'm running NS 4.something. Blech!
There are a lot of unincorporated organizations that do not have 501c3 status, but serve legitimate non-commercial interests. They should not yank the .org domains from such organizations.
Perhaps a better solution is to create a new TLD for government-recognized non-profit corporations (.npc perhaps), and leave .org as it is.
Since laws for non-profit corporations vary from country to country, it might be even better to make it .npc.us, and let other countries worry about their own. ICANN wouldn't even need to be involved in that.
Speaking of which, when was the .int TLD created? I just started seeing it recently, and don't recall any public announcement or discussion.
"Hate crime" as a category is ridiculous, and should have no special legal standing.
IMNSHO, due to the way Congress has extended copyright duration to ridiculous terms, they should require full deposit of source code (in its entirety) for all software that is registered, make that source code available for inspection (but not copying), and guarantee that it is preserved for the copyright term so that the purpose of copyright law (making sure that works eventually enter the public domain) is not completely thwarted.
Has anyone tried submitting FOIA requests to the CIA, FBI, NSA, NRO, etc, to try to get copies of any Usenet archives they may have? If they have such archives, it is unlikely that they will meet any of the criteria that would allow them to deny a FOIA request, e.g., privacy, national security, etc.
There are a lot of legal theories about this, but no case law. On theory is that since the messages are by their very nature expected to be copied to an arbitrarily large number of computers, they are public domain. If this is the case, people who put explicit copyright notices on their posts may be accomplishing nothing. Another theory is that the act of posting grants an implied license to reproduce the post. The scope of such an implied license is unclear. It is not clear that selling a collection of Usenet postings infringes any rights, since ownership of the postings is uncertain.
If you think using compatability libraries isn't adequate, please explain WHY, in technical terms (i.e., not "It seems yucky so I don't like it").
Not written about software (or computers), but equally applicable:
That explains why Microsoft software (and indeed most software) will never reach perfection. It's not even their objective.
Today the art of making every byte of memory (and every gate of hardware) is nearly lost. It's still sometimes seen in very cost-sensitive embedded systems. But even there, in recent years there's been a tendency in recent years to say "screw it, let's just put in another 128K of flash memory and a faster processor."
My day job involves embedded systems with fast RISC processors and hundreds of megabytes of RAM. There are occasional challenges, and I do take pride in my work, but when there are no resource limits it's just not fundamentally that interesting.
In my spare time, I prefer to try to wring the "impossible" out of tiny microcontrollers:
To someone who doesn't understand the concept of doing the most work with the least resources, none of these projects probably seem exceptional. But they were much more satisfying to develop than anything I ever do at a day job.
In the old days, the only alternative to doing things cleverly was not to do them at all. If the engineers at Draper had been less clever in how they designed the AGC, the Apollo program might have had to be delayed by several years. The AGC is one of the finest examples of computer engineering (both hardware and software) ever. I imagine that some of the disparaging comments about how primitive it was (i.e., that it was obsolete at launch) were from people who either were trying to be funny, or have no conception of system design.
Anyone have a still photo of the thing?
What happened to Terastore, and their "near field recording"? Their web site seems to be kaput. When they first announced that they were developing products using this technology, it sounded impressive, but conventional magnetic storage seems to have improved more than most people expected. But still, they were supposed to have 10G on a cheap removable media, and IIRC they'd actually demonstrated a preproduction system.
I'm very concerned about security, so I configured Courier-IMAP to ONLY provide SSL/TLS secure POP and IMAP. I set it up to provide insecure (non-SSL) service only on localhost (127.0.0.1), but not visible over the network. That way SquirrelMail or MUAs running on my server can get to it without SSL, which is OK because there's no way for someone else on the wire to eavesdrop. Of course, I also have the .htaccess file for SquirrelMail set up to only server over SSL/TLS (see below), and I don't allow telnet, rlogin, or non-SSL'd FTP. into my server.
I'm somewhat interested in developing up with a database back end for the IMAP server, so that old archived email can be stored more efficiently than either a maildir or mbox, but still be readily accessible.
# .htaccess for SSL-only services
# Options -Indexes
<IfDefine HAVE_SSL>
SSLRequireSSL
# insert the https: URL of the service in the next line
# for automatic redirect if the user attempts a non-SSL connection
ErrorDocument 403 https://host/webmail/
</IfDefine>
<IfDefine !HAVE_SSL>
# this is to make sure that if the web server is accidentally started without
# mod_ssl, the web pages won't be served up insecurely
Deny from all
</IfDefine>