The interference this service causes on the amature bands is well documented at the ARRL [arrl.org] website.
In other news, bread manufacturers are providing lots of evidence that the Atkins diet is crap.
ARRL says it interferes. The power company says it doesn't. Duh. I'd like to see some objective studies on this. Amateur radio has just as much right to exist as anything else in the spectrum. And it's true that power lines in general are quite good at causing RF interference. But I have not yet seen any objective evidence that Broadband over Powerlines causes more interference than the existence of the power lines themselves. Maybe the studies are there - if they are, great. But I haven't seen any that aren't sponsored by either amateur radio groups or energy companies.
I know that broadband over power lines sounds nice, but what if you lose power? How ya gonna surf the....oh...um...nevermind.
Doesn't bother me, I have a UPS, so my computer stays on during brief power outages. And now that the Internet comes over power lines, I'll have connectivity from my UPS too! I'm still jealous of my friend who's got a generator, though. He can generate his own power, and now he can generate his own Internet! Wish I could do that...
So, something is clearly wrong with the state of the world. Take a second, and go read the FSF
License List page. Look at how many licenses there are there. Look at how many libraries/packages/applications have their own specific license.
For the incompatible licenses, you see some big names there. OpenSSL, BSD, Apache, xinetd, Mozilla, LaTeX, Sun, PHP, and Apple. I know some pretty hardcore FSF zealots, and they use OpenSSL, Apache, and Mozilla, just to name a few. Clearly these products and their group/company backings are not so evil as to prevent their use. Some of the people I know even contribute to these projects, so clearly the license is not so evil as to tarnish their code. The incompatible licenses aer still "free software" according to that page. So what's the problem?
But that's a rhetorical question, so I'll address another glaring problem with the page. Look at all the compatible licenses. Again, a lot of big names: VIm, Perl, Python, Berkley DB, zlib, W3C, X11, and of course BSD. Why do all these licenses need to exist if they're compatible with the GPL? Again, I don't expect an answer.
But the fact that there exist a large number of compatible and incompatible licenses indicates that the state of the licensing world is broken. And there's an opportunity for the FSF to take a leadership role here. Call a license summit. For the compatible licenses, get some folks from each project together, and say "what is it that you find objectionable about the GPL, and how can we fix it? Can we create another license that is not the GPL, but is acceptable to all of you? Ditto for the incompatible ones. Many of those are from big companies that have an interest in Free Software and Open Source (IBM, Apple, Sun, Netscape). They probably each have their own license because their lawyers wanted to cover their asses. Get all the lawyers together, and say "Look, it's stupid to have all these licenses. Can we come up with a license that allows your software to be free, but won't scare your CEOs and shareholders?". That, of course, may be harder, since lawyers cost money. But the FSF should at least be able to get the attention of influential people within each company.
Unless the state of licensing is fixed soon, software will be strangled by it. Being more restrictive (c.f. debian-free, debian-nonfree, debian-illegal (tongue in cheek, get over it)) and claiming that everyone should use the GPL or LGPL is the wrong answer. If this is handled correctly, we'd ideally end up with something like 4 licenses: GPL, LGPL, "Open Source", "Free Software" (those last two would be licenses that cover GPL-compatible and GPL-incompatible licenses , respcetively). But as long as I'm dreaming, I'd like a pony.
Less carriers means less competition means higher prices.
In the end, it's the consumers who will lose out with this consolidation of mobile providers.
Not necessarily. Around here (south east new england) AT&T wireless sucks. Their service is crappy, they have more dead spots, and they charge more and give you less. Of the 5 people I know who switched to them, 4 switched back to someone else after 3 months. Also, I'm a cingular customer. Currently, I'm on one of the old Cingular Nation plans (no roaming fees, regardless of whose network you'reon). They don't offer that anymore, so eventually, once my phone dies, I'll have to switch to another plan. If cingular buys AT&T Wireless, their network will gain more coverage, and it'll cut down on roaming fees for their existing customers.
Alternatively, one could argue that indeed less carriers means higher prices and less service. And we'll end up back with a monopoly where we started. And the federal government will break it up again. Lather, rinse repeat. Seriously, look at what happened after the AT&T breakup - they divided into all the Baby Bells - how many are left? Precious few. These are just the ones I can think of off the top of my hat that are gone as well as some defucnt wireless providers:
New England Telephone
New York Telephone
Illinois Bell
NYNEX
Bell Atlantic
MetroMobile
Cellular One
US West
Pacific Bell
Ameritech
Southwestern Bell
Watch how long it takes before we're right back with "The Phone Company"(TM)
I assert that the tools already exist. I.e., we don't need a new one. The emphasis needs to be on getting people to follow the standards, and possibly creaitng a cross-dsitro standard fo everyone to follow.
I totally agree with that. But I think there should be two options for a each distribution - the native one, and a cross platform one. For filesystem layout, cross-platform packages should assume that everything defined in FHS - Filesystem Hierarchy Standard (part of LSB). And the distributions should provide that, either by changing their native format to conform, or providing some sort of compatibility layer (symlinks, for example). So if you want to make a.rpm, good for you, but it'll only work on RedHat. If you want to make a new-fomat package, it'll work on all the major distros. Unfortunately, these debates seem to get mired down in flame wars about how apt is better than rpm, and.tgz is far superior to everything else, etc, etc.
Its easy enough to trick a switch into "hub" mode simply by throwing arp traffic everywhere.
A $40 Linksys box? Sure. Not most enterprise switches. They have sufficiently large amounts of memory that it is difficult if not impossible to break the address table by spoofing MAC addresses and flooding the network.
More importantly, most switches and routers have a remote monitoring feature that allows you to copy all packets to an interface for monitoring purposes. Gain control of the network gear and then switching does nothing.
Gain control of the network gear and it's game over, man. Port Knocking or not.
I see a lot of comments saying "Well, why not just have two passwords?". It seems that people didn't read the article (the first link is/.ed, the second is not). The whole point is that with this, until you knock, the machine appears as a closed machine. No ports open. All ports will simply drop packets on the floor, meaning that a hacker scanning your subnet will not bother with that machine. The machine essentially appears invisible until knocked. Even with the most secure system, the hacker can still see that you're running, say, sshd, Apache, CUPS, and a few other services. And if a buffer overflow was announced 5 minutes ago for, say, sshd, they know that they can attempt to exploit the machine, since they see port 22 open. If you are using Port Knocking, you can have a vulnerable sshd, and it's a hell of a lot less likely to get exploited since the cracker has no way of knowing that you're running sshd...
Sniffing only works on the same segment. It's totally useless on a switched network, which includes most networks these days. Additionally, if the knock sequence is has a sufficiently number of ports, it's simply going to look like a port scan. Which are fairly commonplace these days. Yes, a long knock sequence is complicated to remember, however the program can be automated (so the PHB just clicks on "knock" in the taskbar and it does the rest), to avoid that.
Who out there is saying, "Oh, look, this message got past all my spam filters and contains a lot of jumbled, garbled nonsense text alongside a plug for herbal penis enlarging pills. This must be legitimate. Now, where's my credit card,"? Do the spammers think that we're all clones of Dilbert's pointy-haired manager?
No, but some people are. Even if one person anywhere responds, the spammer can deem it a success. It's all about the cost of spam being paid by the recipient. You'd get just as many flyers and catalogs as spam if the USPS allowed advertisers to send 3rd class mail with postage due and forced you to pay it.
And there are a sufficiently large number of insecure teenage boys with credit cards that there's always going to be someone who wants this herbal viagra, no matter how crappy the message looks.
Which goes to show how rediculously versatile the iPods are in relation to almost anything
I can see it now:
Jack Valenti: A gang of pirates, let by this Jackson fellow (whoever he is) copied footage of the Lord of the Rings trilogy and delivered it halfway around the world, thanks to Apple's technology. Think of the poor directors and film crews who would be put out of business if pirates like Peter Jackson continued to steal footage. Rest assured, we will prosecute Mr. Jackson for pirating footage of this film, while the film's director, Peter Jackson, has seen revenue losses because of this...
voice offscreen whispers
Oh, uh, really? But, Jackson was copying movies. But he's the director. But, but, copying.. But.. but.... Valenti's head explodes
Or they should put money into making a better product. Something that would be great would be more scratch-resistant DVD. Or perhaps a thin layer of clear film that can be applied to the bottom of the DVD, but doesn't interfere with viewing. (Much like a screen protector on a PDA).
My one problem with DVDs is that when you rent them, they're usually scratched, because other customers are stupid, or let their kids chew on them, or something. Twice I've had to take them back and get the VHS version so I could watch the movie in its entirety. VHS may have inferior quality, but the cassette is burly compared to a DVD.
First off, what video store costs only $2?! Its more like $4-5 here in Boston
Local video stores. I live in Boston, and at my local video store, I pay $2 each for 5-day rentals if I rent on M-Th. And they have a huge selection, too - I often end up going there because Blockbuster doesn't have what I want.
Apple also is keen on sticking customers with high costs for point releases. Apple charges for updates to OSX; MS has yet to bill me for a service pack.
Bzzt! Wrong. Apple does not charge for updates. They charge for upgrades. The updates from 10.2 to 10.2.1, to 10.2.2, to.... to 10.2.8 are all free. Downloadable via the Software Update application, just like Windows Update and Service Pack N.
Apple does charge for an upgrade from, say, 10.2 to 10.3. Just like Microsoft charges for upgrading from Windows 2000 to Windows XP. Just because the version number seems like it's a minor update does not make it so. 10.1 is drastically different from 10.2 which is drastically different from 10.3.
I wish she'd talked about each keyboard's tactile feedback, and long-term comfort on the oddball designs (emph added)
Considering the author is a guy (click on the author link on the article page for his bio and picture), that's pretty painful. I'd be pissed off if someone got my gender wrong...
First of all, it's an Ultra 5, not a Sparc 5. And they're not _that_ old. It's an UltraSparc processor running anywhere from 266 to 400 MHz. I really don't think it's that impressive to find something to do with it. Now if it was a SparcStation 5 (ca 1995), which was a 32-bit, 85MHz machine, I'd be a little more impressed. But not that much, since I know several people running NetBSD on their Sparc 5s and using them as routers for their home networks.
Next week: Slashdot impressed when someone figures out how to use an ancient PIII/700. Yeesh.
What sort of security is built into these things? If it's stolen can anyone just go and use it to buy some fries, or does it require some sort of user interaction like a credit card (pin/signature)?
I don't know about the watches, but I have a speedpass, and there's no security. Just swipe and go. I got it when they first came out, long before the whole RFID craze, and I admit, I didn't really think about the privacy implications. (OTOH, it can be used while wearing gloves, and getting a card out of your wallet with gloves on is hard, and it's nice to keep your gloves on while you're freezing on the side of the NYS Thruway filling up your car).
Of course, there's negligible security with a credit card these days. Certainly at the supermarket, or drugstore (or anywhere else they have those "swipe the card yourself" things), they rarely, if ever, check the signature. Yeah, if your speedpass is stolen, anyone can go buy some gas or groceries (you can use it at some Stop & Shops), but you can do that if you steal a credit card too. And your speedpass is usually on your keys, and you tend to notice if you lose your keys (because, like, you can't start your car) Of course, it works like a credit card - if it's stolen, call them, tell them, and it'll get cancelled immediately.
I think the security implications are probably less important than than the privacy ones.
it's not just the swipe card, you also want to make sure that whoever swiped the card is the person on it.
While not foolproof, we had a method for this where I used to work. We used a Kronos timecard system, where each employee had a bar code on the back of their photo ID badge. If you were caught with another employee's ID badge, it was instant dismissal. While not foolproof (ie: the employee could simply try not to get caught), it worked reasonably well. We caught a couple of people at it, and that encouraged others not to do it.
Because a cert signed by you is useful for nothing more than "This conversation is encrypted, and I say I'm me." A cert signed by a Verisign translates to "This conversation is encrypted, and Verisign says I'm me."
Except the Verisign cert actually translates to "This conversation is encrypted, and I paid Verisign a bunch of money so they'd say I'm me." Verisign does fuck all for identity checking. I'm sure they'd gladly issue an SSL certificate to Santos L Halper, as long as he paid them.
The fact is, this is a huge problem, in that you have to basically pay protection money in order to sell stuff online. SSL certificates should be available from state governments, when you get your "Permit to Make Sales at Retail" and that sort of thing. It wouldn't be that difficult to implement.
Also, someone needs to get together and start a new, free Certificate Authority. Or perhaps a nominal processing fee, like no more than $10. They could easily get their root CA into Mozilla and the other open browsers. Netscape probably wouldn't be terribly difficult. IE would of course be nigh on impossible, but that wouldn't be too terrible, I guess. There are enough huge companies backing Free Software these days that it wouldn't be impossible to convince them to start using this new root CA. After all, a free CA is a logical next step from Free Software, in my opinion. Of course, there's the problem of how to verify that people really are who they say they are, and there's no good way to do that without at least coming in in person. Which is probably why local municipalities are a better choice. Companies have to fill out a bunch of paperwork when they want to get started in an area - it wouldn't be hard to issue certificates then.
The problem is, so many cheapskates have now signed their own certificate that the bogus authority error isn't stopping users since it's so common when nothing's really wrong. As a result, we're seeing a lot of look alike sites use SSL to get the padlock to come up, and users not being phased by the red-flag alerts that this doesn't seem to be the site they think it is.
Calling them cheapskates is a bit harsh. It's like saying "those cheapskates who walked to work instead of buying a Lexus". Personally, I think they're quite right to sign their own certs, explain it to their customers, and help to undermine Verisign's "trust", since it's not really trust anyway. The problem is with the system itself, not that people don't want to prop it up.
And I have BT running pretty much all the time. Right now I'm downloading at ~100kB/s and uploading at ~25kB/s which is pretty much typical. Besides that I have also done a lot of FTPs which last all night and into the morning, maxing out my downstream (which is 1.8Mbps.)
Nor have I. I also have Comcast, and although a fair number of the "letter" stories on/. seem to concern Comcast, I haven't got one. I use a fairbit of bandwidth too, though mainly downstream. I wonder if they only care about upstream. I'd also like to hear how much bandwidth people who get these letter are using. None of the submitters ever say - "leaving BT running" is not a measure of bandwidth.
Also, every state should have a Public Utilities Commission, or the like. Complain to them, and write to your state's AG, and get them to force Comcast to tell you what the limit is. There's no need to take this sitting down.
The first line reads: "It was twenty years ago today that I quit my job at MIT to begin developing a free software operating system, GNU."
Did anyone else start thinking up new lyrics to Sgt. Pepper's Lonely Hearts Club Band when they read that first sentence? Perhaps a new Free Software Song is in the making....
Well, the article is dead with only 8 comments, so I can't RTFA (not that anyone does), but what I want to know is what about the broadcast flag? Will this still timeshift programs that have the "this is not the program you want to record" flag set?
IIRC, the flag also tells you how long recorded copies can exist for - will this pay attention to that field? Will I be able to time-shift a show, but only by 60 or 90 minutes?
I usually recommend a hardware firewall, in particular the little blue Linksys firewalls. Home users can hook up their ADSL connection, plug in the firewall, and then their PC. Then as long as they don't download email until their system is patched and anti-virus is updated, they're relatively safe from most malware.
Except for the folks on dialup. And don't say you can't get a worm from dialup. The payloads are really tiny - it doesn't take that long on 56K. I have personally seen two computers infected with blaster via a dialup connection. If you're on there browsing the web for more than 30 minutes or so, the chances are quite good you'll get one, what with all the scans happening. Most ISPs are blocking the ms networking ports at their border, but within a segment, it's a free for all.
The only hardware solution is to get a 2nd PC to be the gateway and run iptables on it (not practical), or to get an Apple Airport which will do that for you (because it has a built-in modem), but that's too expensive. I haven't found any other hardware solutions for dialup users - do any exist that are reasonably priced? (read: no more expensive than a linksys home router)
Yep, that fool must not have bought a cellphone in the past 10 years, since they virtually all come with Li-ion batteries new.
Bzzt, wrong!
10 years ago was 1993. And most cell phones back then had NiCd batteries, and the older ones even had SLA batteries.
But that's beside the point. My Nokia 5165, an entry level phone purchased brand new last year, has a NiMH battery. So do most of the entry-level phones. Just because _you_ can afford to buy the top of the line with LiIon batteries doesn't mean the rest of the world can.
I'm not saying Apple is the way and the light. But Lithium Polymer batteries are damn expensive to purchase, compared to other rechargeable ones. And you're paying for labor. And yes, paying for labor is a rip-off, just like it is in every industry. (Go ask your local garage how much they'll charge to install a car battery for you)
Slashdot Mirror
In other news, bread manufacturers are providing lots of evidence that the Atkins diet is crap.
ARRL says it interferes. The power company says it doesn't. Duh. I'd like to see some objective studies on this. Amateur radio has just as much right to exist as anything else in the spectrum. And it's true that power lines in general are quite good at causing RF interference. But I have not yet seen any objective evidence that Broadband over Powerlines causes more interference than the existence of the power lines themselves. Maybe the studies are there - if they are, great. But I haven't seen any that aren't sponsored by either amateur radio groups or energy companies.
Doesn't bother me, I have a UPS, so my computer stays on during brief power outages. And now that the Internet comes over power lines, I'll have connectivity from my UPS too! I'm still jealous of my friend who's got a generator, though. He can generate his own power, and now he can generate his own Internet! Wish I could do that...
and one more thing... we found life on Mars!
Steve Jobs?! Yeesh. Kids these days. When I was a kid, we associated "and one more thing" with Lt. Columbo, not Steve Jobs.
For the incompatible licenses, you see some big names there. OpenSSL, BSD, Apache, xinetd, Mozilla, LaTeX, Sun, PHP, and Apple. I know some pretty hardcore FSF zealots, and they use OpenSSL, Apache, and Mozilla, just to name a few. Clearly these products and their group/company backings are not so evil as to prevent their use. Some of the people I know even contribute to these projects, so clearly the license is not so evil as to tarnish their code. The incompatible licenses aer still "free software" according to that page. So what's the problem?
But that's a rhetorical question, so I'll address another glaring problem with the page. Look at all the compatible licenses. Again, a lot of big names: VIm, Perl, Python, Berkley DB, zlib, W3C, X11, and of course BSD. Why do all these licenses need to exist if they're compatible with the GPL? Again, I don't expect an answer.
But the fact that there exist a large number of compatible and incompatible licenses indicates that the state of the licensing world is broken. And there's an opportunity for the FSF to take a leadership role here. Call a license summit. For the compatible licenses, get some folks from each project together, and say "what is it that you find objectionable about the GPL, and how can we fix it? Can we create another license that is not the GPL, but is acceptable to all of you? Ditto for the incompatible ones. Many of those are from big companies that have an interest in Free Software and Open Source (IBM, Apple, Sun, Netscape). They probably each have their own license because their lawyers wanted to cover their asses. Get all the lawyers together, and say "Look, it's stupid to have all these licenses. Can we come up with a license that allows your software to be free, but won't scare your CEOs and shareholders?". That, of course, may be harder, since lawyers cost money. But the FSF should at least be able to get the attention of influential people within each company.
Unless the state of licensing is fixed soon, software will be strangled by it. Being more restrictive (c.f. debian-free, debian-nonfree, debian-illegal (tongue in cheek, get over it)) and claiming that everyone should use the GPL or LGPL is the wrong answer. If this is handled correctly, we'd ideally end up with something like 4 licenses: GPL, LGPL, "Open Source", "Free Software" (those last two would be licenses that cover GPL-compatible and GPL-incompatible licenses , respcetively). But as long as I'm dreaming, I'd like a pony.
In the end, it's the consumers who will lose out with this consolidation of mobile providers.
Not necessarily. Around here (south east new england) AT&T wireless sucks. Their service is crappy, they have more dead spots, and they charge more and give you less. Of the 5 people I know who switched to them, 4 switched back to someone else after 3 months. Also, I'm a cingular customer. Currently, I'm on one of the old Cingular Nation plans (no roaming fees, regardless of whose network you'reon). They don't offer that anymore, so eventually, once my phone dies, I'll have to switch to another plan. If cingular buys AT&T Wireless, their network will gain more coverage, and it'll cut down on roaming fees for their existing customers.
Alternatively, one could argue that indeed less carriers means higher prices and less service. And we'll end up back with a monopoly where we started. And the federal government will break it up again. Lather, rinse repeat. Seriously, look at what happened after the AT&T breakup - they divided into all the Baby Bells - how many are left? Precious few. These are just the ones I can think of off the top of my hat that are gone as well as some defucnt wireless providers:
Watch how long it takes before we're right back with "The Phone Company"(TM)
I totally agree with that. But I think there should be two options for a each distribution - the native one, and a cross platform one. For filesystem layout, cross-platform packages should assume that everything defined in FHS - Filesystem Hierarchy Standard (part of LSB). And the distributions should provide that, either by changing their native format to conform, or providing some sort of compatibility layer (symlinks, for example). So if you want to make a .rpm, good for you, but it'll only work on RedHat. If you want to make a new-fomat package, it'll work on all the major distros. Unfortunately, these debates seem to get mired down in flame wars about how apt is better than rpm, and .tgz is far superior to everything else, etc, etc.
A $40 Linksys box? Sure. Not most enterprise switches. They have sufficiently large amounts of memory that it is difficult if not impossible to break the address table by spoofing MAC addresses and flooding the network.
More importantly, most switches and routers have a remote monitoring feature that allows you to copy all packets to an interface for monitoring purposes. Gain control of the network gear and then switching does nothing.
Gain control of the network gear and it's game over, man. Port Knocking or not.
I see a lot of comments saying "Well, why not just have two passwords?". It seems that people didn't read the article (the first link is /.ed, the second is not). The whole point is that with this, until you knock, the machine appears as a closed machine. No ports open. All ports will simply drop packets on the floor, meaning that a hacker scanning your subnet will not bother with that machine. The machine essentially appears invisible until knocked. Even with the most secure system, the hacker can still see that you're running, say, sshd, Apache, CUPS, and a few other services. And if a buffer overflow was announced 5 minutes ago for, say, sshd, they know that they can attempt to exploit the machine, since they see port 22 open. If you are using Port Knocking, you can have a vulnerable sshd, and it's a hell of a lot less likely to get exploited since the cracker has no way of knowing that you're running sshd...
Sniffing only works on the same segment. It's totally useless on a switched network, which includes most networks these days. Additionally, if the knock sequence is has a sufficiently number of ports, it's simply going to look like a port scan. Which are fairly commonplace these days. Yes, a long knock sequence is complicated to remember, however the program can be automated (so the PHB just clicks on "knock" in the taskbar and it does the rest), to avoid that.
No, but some people are. Even if one person anywhere responds, the spammer can deem it a success. It's all about the cost of spam being paid by the recipient. You'd get just as many flyers and catalogs as spam if the USPS allowed advertisers to send 3rd class mail with postage due and forced you to pay it.
And there are a sufficiently large number of insecure teenage boys with credit cards that there's always going to be someone who wants this herbal viagra, no matter how crappy the message looks.
I can see it now:
My one problem with DVDs is that when you rent them, they're usually scratched, because other customers are stupid, or let their kids chew on them, or something. Twice I've had to take them back and get the VHS version so I could watch the movie in its entirety. VHS may have inferior quality, but the cassette is burly compared to a DVD.
Local video stores. I live in Boston, and at my local video store, I pay $2 each for 5-day rentals if I rent on M-Th. And they have a huge selection, too - I often end up going there because Blockbuster doesn't have what I want.
Bzzt! Wrong. Apple does not charge for updates. They charge for upgrades. The updates from 10.2 to 10.2.1, to 10.2.2, to .... to 10.2.8 are all free. Downloadable via the Software Update application, just like Windows Update and Service Pack N.
Apple does charge for an upgrade from, say, 10.2 to 10.3. Just like Microsoft charges for upgrading from Windows 2000 to Windows XP. Just because the version number seems like it's a minor update does not make it so. 10.1 is drastically different from 10.2 which is drastically different from 10.3.
(emph added)
Considering the author is a guy (click on the author link on the article page for his bio and picture), that's pretty painful. I'd be pissed off if someone got my gender wrong...
Next week: Slashdot impressed when someone figures out how to use an ancient PIII/700. Yeesh.
No, no, that would be very bad. He'd come back as an evil superhero. Yeesh, haven't we learned anything from the movies
I don't know about the watches, but I have a speedpass, and there's no security. Just swipe and go. I got it when they first came out, long before the whole RFID craze, and I admit, I didn't really think about the privacy implications. (OTOH, it can be used while wearing gloves, and getting a card out of your wallet with gloves on is hard, and it's nice to keep your gloves on while you're freezing on the side of the NYS Thruway filling up your car).
Of course, there's negligible security with a credit card these days. Certainly at the supermarket, or drugstore (or anywhere else they have those "swipe the card yourself" things), they rarely, if ever, check the signature. Yeah, if your speedpass is stolen, anyone can go buy some gas or groceries (you can use it at some Stop & Shops), but you can do that if you steal a credit card too. And your speedpass is usually on your keys, and you tend to notice if you lose your keys (because, like, you can't start your car) Of course, it works like a credit card - if it's stolen, call them, tell them, and it'll get cancelled immediately.
I think the security implications are probably less important than than the privacy ones.
While not foolproof, we had a method for this where I used to work. We used a Kronos timecard system, where each employee had a bar code on the back of their photo ID badge. If you were caught with another employee's ID badge, it was instant dismissal. While not foolproof (ie: the employee could simply try not to get caught), it worked reasonably well. We caught a couple of people at it, and that encouraged others not to do it.
Except the Verisign cert actually translates to "This conversation is encrypted, and I paid Verisign a bunch of money so they'd say I'm me." Verisign does fuck all for identity checking. I'm sure they'd gladly issue an SSL certificate to Santos L Halper, as long as he paid them.
The fact is, this is a huge problem, in that you have to basically pay protection money in order to sell stuff online. SSL certificates should be available from state governments, when you get your "Permit to Make Sales at Retail" and that sort of thing. It wouldn't be that difficult to implement.
Also, someone needs to get together and start a new, free Certificate Authority. Or perhaps a nominal processing fee, like no more than $10. They could easily get their root CA into Mozilla and the other open browsers. Netscape probably wouldn't be terribly difficult. IE would of course be nigh on impossible, but that wouldn't be too terrible, I guess. There are enough huge companies backing Free Software these days that it wouldn't be impossible to convince them to start using this new root CA. After all, a free CA is a logical next step from Free Software, in my opinion. Of course, there's the problem of how to verify that people really are who they say they are, and there's no good way to do that without at least coming in in person. Which is probably why local municipalities are a better choice. Companies have to fill out a bunch of paperwork when they want to get started in an area - it wouldn't be hard to issue certificates then.
The problem is, so many cheapskates have now signed their own certificate that the bogus authority error isn't stopping users since it's so common when nothing's really wrong. As a result, we're seeing a lot of look alike sites use SSL to get the padlock to come up, and users not being phased by the red-flag alerts that this doesn't seem to be the site they think it is.
Calling them cheapskates is a bit harsh. It's like saying "those cheapskates who walked to work instead of buying a Lexus". Personally, I think they're quite right to sign their own certs, explain it to their customers, and help to undermine Verisign's "trust", since it's not really trust anyway. The problem is with the system itself, not that people don't want to prop it up.
Nor have I. I also have Comcast, and although a fair number of the "letter" stories on /. seem to concern Comcast, I haven't got one. I use a fairbit of bandwidth too, though mainly downstream. I wonder if they only care about upstream. I'd also like to hear how much bandwidth people who get these letter are using. None of the submitters ever say - "leaving BT running" is not a measure of bandwidth.
Also, every state should have a Public Utilities Commission, or the like. Complain to them, and write to your state's AG, and get them to force Comcast to tell you what the limit is. There's no need to take this sitting down.
Did anyone else start thinking up new lyrics to Sgt. Pepper's Lonely Hearts Club Band when they read that first sentence? Perhaps a new Free Software Song is in the making....
IIRC, the flag also tells you how long recorded copies can exist for - will this pay attention to that field? Will I be able to time-shift a show, but only by 60 or 90 minutes?
Except for the folks on dialup. And don't say you can't get a worm from dialup. The payloads are really tiny - it doesn't take that long on 56K. I have personally seen two computers infected with blaster via a dialup connection. If you're on there browsing the web for more than 30 minutes or so, the chances are quite good you'll get one, what with all the scans happening. Most ISPs are blocking the ms networking ports at their border, but within a segment, it's a free for all.
The only hardware solution is to get a 2nd PC to be the gateway and run iptables on it (not practical), or to get an Apple Airport which will do that for you (because it has a built-in modem), but that's too expensive. I haven't found any other hardware solutions for dialup users - do any exist that are reasonably priced? (read: no more expensive than a linksys home router)
Bzzt, wrong!
10 years ago was 1993. And most cell phones back then had NiCd batteries, and the older ones even had SLA batteries.
But that's beside the point. My Nokia 5165, an entry level phone purchased brand new last year, has a NiMH battery. So do most of the entry-level phones. Just because _you_ can afford to buy the top of the line with LiIon batteries doesn't mean the rest of the world can.
I'm not saying Apple is the way and the light. But Lithium Polymer batteries are damn expensive to purchase, compared to other rechargeable ones. And you're paying for labor. And yes, paying for labor is a rip-off, just like it is in every industry. (Go ask your local garage how much they'll charge to install a car battery for you)