So, do you provide those documents when you apply for a credit card via mail?
In Germany, the post offers a service called postident - the mail carrier will only give you the letter if you show him your passport, and he'll send the passport number back to the sender of the letter.
The system is in place for years, afaik it's the only way to open accounts at internet only banks. No need for a magic SSN.
That's not the point I was addressing. I was suggesting that for the average user (even the average corporate user) this shouldn't be cause for sudden panic. Many people seem concerned that the NSA *is* after Grandma's recipe for secret sauce.
Governments may well not encrypt large chunks of hyper-sensitive data with 1024-bit RSA.
Governments probably do not encrypt sensitive data based on public key cryptography. There is a rumor that the NSA was aware of public key cryptography before RSA invented it, but that they didn't know what to do with it. Authentication is provided by the armed guard that checks your ID, not by an algorithm that depends on the assumption that factorization is hard.
Public key algorithms are used for signing documents. According to the German signature law, 1024 bit signatures that meet some additional requirements are considered equivalent to physical signatures. (minimum recommended len for keys valid up to 2005). Thus it is important if intelligence agencies can break 1024 bit RSA keys.
The theaters HAVE to get the film before opening day, after all... well before it in most cases, because you do NOT want to have half a premiere because of some fedex delay.
Where is the problem? Send a sealed box, and disallow the movie theater to open it before the day of the premiere. Then hire one guy that travels across the country and randomly checks that the seals are not broken. I doubt that anyone would break a seal if you add a $BIGNUM fine into the contracts.
But I agree with the main point: I wouldn't rule out that MPAA doesn't even try hard to prevent leaks, because they don't hurt that much, and in the long run laws that (effectively) prevent private videotaping of TV transmissions will create more revenue.
It is relatively well known the Linus has essentially modified the terms of the GPL under which the kernel is distributed w.r.t. loadable modules to allow exactly this functionality.
This is a misleading half truth, i.e. what you can expect when you ask a question on slashdot.
According to the copyright law, you need the permission from the author to create a derived work.
The GPL grants that permission, but only if the changes are put under the GPL, too.
Linus never granted a GPL exception for kernel modules, he wrote a few years ago that he think that a device driver that is ported from another os to Linux is not derived from the kernel, thus no permission is needed.
This means that a binary only module is only permitted if the module is not derived from the kernel. If you take a windows driver, develop a clean-room abstraction layer and use that layer for the driver, then you are safe. That's what NVidia is doing. If you write a linux-only driver and sell it, then you enter a very dangerous area, you might end up in jail.
Given that the server is slashdotted, here are a few facts about pseudo-random number generators:
Interesting, but offtopic.
The TCP standard forbids to use random numbers as the initial sequence number. If you use random numbers, you cannot guarantee that the sequence number for one (dest_ip,dest_port,source_ip,source_port) tupel are monotonically increasing. That monotonic increase, which should be faster than the network transfer rate, is needed to reduce the probability of data corruption from stale packets.
The solution are one way hash functions, as described in RFC 1948
What about the forgotton opensource database? Have you considered SapDB? They claim that they have an Oracle 7 compatible mode. If yes, why have you choosen PostgreSQL?
Re:Finally, ABI stabilization. Now about optimizat
on
GCC 3.2 Released
·
· Score: 5, Informative
If -fno-strict-aliasing fixes the glitches, it could be an invalid assumption in the C code.
Read the gcc docu for the details: With the alias analysis,the compiler tries to figure out if 2 pointers point to different addresses. If it's guaranteed that they point to different addresses, then the compiler will reorder read and write operations.
The new C standard contains very strict rules about pointers, e.g. writing into an array with a "double *" pointer, and reading back with a "long *" pointer is now undefined.
Have you tried Intel's compiler, set to maximum optimization?
If you find you can't effectively transition your apps, you can stick with Windows, but drop Office in favor of Star/Open Office.
Has anyone tried that, or plans to do that? How good is the compatibility between OpenOffice & MS Office? How many complains about unreadable Ms Access databases, or not working Excel forms should the IT department expect?
> so there you go: already after a few searches > I've found out that 3 patents are already not > wirth anything: > http://www.panip.com/patents.htm > ('115, '359, '355)
I think you are too quick:
The entire patent '359 is invalid, and some claims of patent '355 are invalid. Patent '115 was not infringed by American Airlines, but that doesn't means that the patent is invalid.
But your main point is correct, it seems that they list patent '355 on their website, but the court held "the '355 patent invalid under 35 U.S.C. 102(b)". And the appeals court agreed, and it seems that the case was not sent to the supreme court.
Not so: anyone can read the document. Go there and download it. (Really, try it.)
No. Don't read it.
That's what Microsoft tries to achieve: get developers to read the text, then wait until a patch from one of these developers appears in the samba sources.
Wait a bit, then sue. The difficult part is proving that the patch author has read the CIFS docs, but Microsoft has enough money to find an expert that proves that a certain information was not found through reverse engineering.
The Samba team must document every reverse engeneering step.
Before querying the server, how is orbz to know that it is lotus?
By checking the SMTP greeting: Lotus adds it's own name into the greeting?
220 mailserver.domain.com ESMTP Service (Lotus Domino Release 5.0.6a) ready at Sat, 2 Jun 2001 13:40:23 -0400
I guess Ian didn't want to skip the checks if he sees that greeting, because someone with a open relay might add "Lotus" into his greeting to defeat orbz.
If a lawyer claims that it's safe to ignore the GPL, always ask him if he has reviewed the national copyright laws of every country your company does buisness with. E.g. if you copy code from the Linux-kernel and you sell copies of your product to Germany, Suse might sue you in Germany. Or Conectiva might sue you in Brasil.
I really don't want to be the messanger that informs the CEO that he must cancel his trip to Rio due to an arrest warrent;-)
It it legal to put C&D letters on a public website, or could the sender claim copyright infringement?
In Germany, there is something similar to C&D letters ("Abmahnung", slightly worse because you must pay a few hunderd dollers, or they'll go to court). There is a database about it, but you must never quote the Abmahnung on a website - you'd get another one for copyright infringment.
I wonder how much sway MPAA has in Taiwan. Certainly in the US this little "problem" would be fixed quickly...
Better mark Taiwan up on the Axis of Evil list too..
That's due to being too friendly with China:
According to the Bern convention, you don't need to register for copyright protection.
But Taiwan was thrown out of the UN and most international bodies, in order to please China.
And thus Taiwan couldn't take part in the negotiations, didn't modify it's national laws.
Nice sideeffect.
As the RCA patents expired, scientists at Systems and Processes Engineering Corp. (SPEC), a small technology think tank here, were developing emissive tips, based on synthetic diamond and silicon carbide, that could be used in the cathodes needed for radiation-hardened, high-bandwidth radio frequency amplifiers. The U.S. Air Force funded much of the SPEC-based research, which continues at Extreme Devices as a contract research effort.
Patent application in 1974, thus no reseach until the patent has expired. Aren't patents supposed to promote research?
According to the US constitution, Congress may pass law to promote the progress of science and useful arts, by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries. But it doesn't have to.
And several million voters got used to Napster.
I doubt that there will be any dramatic steps in either direction, but disallowing and preventing everything probably won't happen.
No, it's a very good idea, but a bad implementation.
A good implementation would use a one-time-pad from a random number generator.
- build a structure with the billing details.
- generate a random number block, as long as the whole structure.
- XOR encrypt the billing details with the random block, only store the encrypted version on your server.
- send the random number block back as a cookie to the client.
That's absolutely secure - you can't get the CC# without the user cookie. A simpler alternative would use a block chipher instead of a one-time-pad.
Unfortunately it doesn't solve the problem - what if a user doesn't log in for a month?
...I dunno... if it's not safe to store gasoline cans or propane cylinders in my house, why would it be safe to store hydrogen in my house?
Because hydrogen is lighter than air, and propane is heavier than air.
Suppose you have a tiny leak in the propane cylinder: the propane will accumulate in your cellar, it'll reach the explosive concentration (IIRC around 5 percent), and your house explodes when something creates a spark.
Hydrogen is lighter: it can't accumulate in the cellar, it'll leave through your roof. Therefore it won't reach the critical concentration and it can't cause a big explosion.
But that's only true if you don't have a huge leak in you hydrogen tank.
#insert picture of the exploding spaceshuttle.
According to their description they store the hydrogen bound to metal atoms.
Metal hydrides inside keep gas under low-pressure
That's the safest and most expensive way to store hydrogen. It's expensive because you need special metals, but it's absolutely safe because the metal only releases hydrogen at a very low rate - too low to create an explosive concentration.
If you choose a BSD style licence, think about patents.
The BSD licence doesn't prevent an author from
applying for a patent, and distributing the
code "for free".
A few years later you can come and sue for patent
infringement.
That's a known problem for Linux kernel drivers,
and I assume that media codecs are a large patent
minefield.
Example:
http://www.uwsg.iu.edu/hypermail/linux/kernel/01 09.2/0805.html
Even if all of the Xanadu stuff was written in 1987 (and it wasn't), wouldn't that be prior art for this 1989 patent?
No, prior art must be published before the filing date.
The patent seems to be a "submarine patent": File a patent. Wait several years. Modify and complete the applicacion. If the patent is finally granted, you have a new patent, and no competitor has a chance to avoid infringing your patent, simply because not-yet granted patents are not published in the US. Submarine patents also made it possible to extent the lifetime of a patent beyond 20 years.
So if an American website is not bound by a French ruling, then perhaps there's hope for a certain Russian Programmer accused of breaking US law.
That Russian Programmer made the error of traveling into the US, and even taking with him a copy of the program in question.
The interesting question is:
Will France apply for international search warrents for the Yahoo executives? Will they get arrested as soon as they leave the US?
It obvious that French law doesn't apply in the US.
That's an easy one; they disabled the P4's on-chip thermal protection (see this document [intel.com], section 2.4).
I doubt that.
There are 2 levels of thermal protection in the P4:
It automatically switches itself to 50% duty cycle if a certain temperature is reached.
But: 50% duty cycle are still 30W power, far too much without a heatsink.
The limit without a heatsink is around 10W, perhaps even less.
But:
The operating system can read the current temperature, too, and switch to a more aggressive throtteling. IIRC down to 12.5% duty cycle.
Probably Tom tested with a board where the OS/BIOS/ACPI (I'm not 100% sure who does what) throtteled to 12.5%, and there was no auto shutdown without a heatsink.
AMD has choosen a board without that 2nd throtteling limit. The CPU overheated and shutted itself down
Slashdot Mirror
In Germany, the post offers a service called postident - the mail carrier will only give you the letter if you show him your passport, and he'll send the passport number back to the sender of the letter.
The system is in place for years, afaik it's the only way to open accounts at internet only banks. No need for a magic SSN.
Governments probably do not encrypt sensitive data based on public key cryptography. There is a rumor that the NSA was aware of public key cryptography before RSA invented it, but that they didn't know what to do with it. Authentication is provided by the armed guard that checks your ID, not by an algorithm that depends on the assumption that factorization is hard.
Public key algorithms are used for signing documents. According to the German signature law, 1024 bit signatures that meet some additional requirements are considered equivalent to physical signatures. (minimum recommended len for keys valid up to 2005). Thus it is important if intelligence agencies can break 1024 bit RSA keys.
Where is the problem? Send a sealed box, and disallow the movie theater to open it before the day of the premiere. Then hire one guy that travels across the country and randomly checks that the seals are not broken. I doubt that anyone would break a seal if you add a $BIGNUM fine into the contracts.
But I agree with the main point: I wouldn't rule out that MPAA doesn't even try hard to prevent leaks, because they don't hurt that much, and in the long run laws that (effectively) prevent private videotaping of TV transmissions will create more revenue.
This is a misleading half truth, i.e. what you can expect when you ask a question on slashdot.
According to the copyright law, you need the permission from the author to create a derived work.
The GPL grants that permission, but only if the changes are put under the GPL, too.
Linus never granted a GPL exception for kernel modules, he wrote a few years ago that he think that a device driver that is ported from another os to Linux is not derived from the kernel, thus no permission is needed.
He clarified that just a few weeks ago
http://marc.theaimsgroup.com/?l=linux-kernel&m=
http://marc.theaimsgroup.com/?l
This means that a binary only module is only permitted if the module is not derived from the kernel. If you take a windows driver, develop a clean-room abstraction layer and use that layer for the driver, then you are safe. That's what NVidia is doing.
If you write a linux-only driver and sell it, then you enter a very dangerous area, you might end up in jail.
Interesting, but offtopic.
The TCP standard forbids to use random numbers as the initial sequence number. If you use random numbers, you cannot guarantee that the sequence number for one (dest_ip,dest_port,source_ip,source_port) tupel are monotonically increasing.
That monotonic increase, which should be faster than the network transfer rate, is needed to reduce the probability of data corruption from stale packets.
The solution are one way hash functions, as described in RFC 1948
What about the forgotton opensource database?
Have you considered SapDB?
They claim that they have an Oracle 7 compatible mode.
If yes, why have you choosen PostgreSQL?
If -fno-strict-aliasing fixes the glitches, it could be an invalid assumption in the C code.
,the compiler tries to figure out if 2 pointers point to different addresses. If it's guaranteed that they point to different addresses, then the compiler will reorder read and write operations.
Read the gcc docu for the details: With the alias analysis
The new C standard contains very strict rules about pointers, e.g. writing into an array with a "double *" pointer, and reading back with a "long *" pointer is now undefined.
Have you tried Intel's compiler, set to maximum optimization?
Has anyone tried that, or plans to do that? How good is the compatibility between OpenOffice & MS Office?
How many complains about unreadable Ms Access databases, or not working Excel forms should the IT department expect?
> so there you go: already after a few searches
> I've found out that 3 patents are already not
> wirth anything:
> http://www.panip.com/patents.htm
> ('115, '359, '355)
I think you are too quick:
The entire patent '359 is invalid, and some claims of patent '355 are invalid.
Patent '115 was not infringed by American Airlines, but that doesn't means that the patent is invalid.
But your main point is correct, it seems that they list patent '355 on their website, but the court held "the '355 patent invalid under 35 U.S.C. 102(b)". And the appeals court agreed, and it seems that the case was not sent to the supreme court.
Compile and run this app:
The output is
nan stands for NotANumber. According to IEEE floating point arithmetics, 1/0 is infinite, and 0/0 is undefined.
But I wouldn't dare to say that aloud if matematicians are around.
That's what Microsoft tries to achieve: get developers to read the text, then wait until a patch from one of these developers appears in the samba sources.
Wait a bit, then sue. The difficult part is proving that the patch author has read the CIFS docs, but Microsoft has enough money to find an expert that proves that a certain information was not found through reverse engineering.
The Samba team must document every reverse engeneering step.
By checking the SMTP greeting: Lotus adds it's own name into the greeting?
220 mailserver.domain.com ESMTP Service (Lotus Domino Release 5.0.6a) ready at Sat, 2 Jun 2001 13:40:23 -0400
I guess Ian didn't want to skip the checks if he sees that greeting, because someone with a open relay might add "Lotus" into his greeting to defeat orbz.
If a lawyer claims that it's safe to ignore the GPL, always ask him if he has reviewed the national copyright laws of every country your company does buisness with.
;-)
E.g. if you copy code from the Linux-kernel and you sell copies of your product to Germany, Suse might sue you in Germany. Or Conectiva might sue you in Brasil.
I really don't want to be the messanger that informs the CEO that he must cancel his trip to Rio due to an arrest warrent
It it legal to put C&D letters on a public website, or could the sender claim copyright infringement?
In Germany, there is something similar to C&D letters ("Abmahnung", slightly worse because you must pay a few hunderd dollers, or they'll go to court).
There is a database about it, but you must never quote the Abmahnung on a website - you'd get another one for copyright infringment.
According to the Bern convention, you don't need to register for copyright protection.
But Taiwan was thrown out of the UN and most international bodies, in order to please China.
And thus Taiwan couldn't take part in the negotiations, didn't modify it's national laws.
Nice sideeffect.
Patent application in 1974, thus no reseach until the patent has expired.
Aren't patents supposed to promote research?
I agree.
We have leftover part from Phillips in our lab - they abandoned the project a few years ago.
They stopped the research on improving manufacturing of CRT tube cases.
According to the US constitution, Congress may pass law to promote the progress of science and useful arts, by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries.
But it doesn't have to.
And several million voters got used to Napster.
I doubt that there will be any dramatic steps in either direction, but disallowing and preventing everything probably won't happen.
A good implementation would use a one-time-pad from a random number generator.
- build a structure with the billing details.
- generate a random number block, as long as the whole structure.
- XOR encrypt the billing details with the random block, only store the encrypted version on your server.
- send the random number block back as a cookie to the client.
That's absolutely secure - you can't get the CC# without the user cookie. A simpler alternative would use a block chipher instead of a one-time-pad.
Unfortunately it doesn't solve the problem - what if a user doesn't log in for a month?
Another option is software emulation.
I remember one bugreport with a PDP/11 software emulator running on a dual (or quad?) Pentium III (Linux OS)
It wasn't that long ago - less than 2 years.
Suppose you have a tiny leak in the propane cylinder: the propane will accumulate in your cellar, it'll reach the explosive concentration (IIRC around 5 percent), and your house explodes when something creates a spark.
Hydrogen is lighter: it can't accumulate in the cellar, it'll leave through your roof. Therefore it won't reach the critical concentration and it can't cause a big explosion.
But that's only true if you don't have a huge leak in you hydrogen tank.
#insert picture of the exploding spaceshuttle.
According to their description they store the hydrogen bound to metal atoms.
That's the safest and most expensive way to store hydrogen. It's expensive because you need special metals, but it's absolutely safe because the metal only releases hydrogen at a very low rate - too low to create an explosive concentration.
If you choose a BSD style licence, think about patents.1 09 .2/0805.html
The BSD licence doesn't prevent an author from
applying for a patent, and distributing the
code "for free".
A few years later you can come and sue for patent
infringement.
That's a known problem for Linux kernel drivers,
and I assume that media codecs are a large patent
minefield.
Example:
http://www.uwsg.iu.edu/hypermail/linux/kernel/0
No, prior art must be published before the filing date.
The patent seems to be a "submarine patent": File a patent. Wait several years. Modify and complete the applicacion. If the patent is finally granted, you have a new patent, and no competitor has a chance to avoid infringing your patent, simply because not-yet granted patents are not published in the US. Submarine patents also made it possible to extent the lifetime of a patent beyond 20 years.
The interesting question is:
Will France apply for international search warrents for the Yahoo executives?
Will they get arrested as soon as they leave the US?
It obvious that French law doesn't apply in the US.
I doubt that.
There are 2 levels of thermal protection in the P4:
It automatically switches itself to 50% duty cycle if a certain temperature is reached.
But: 50% duty cycle are still 30W power, far too much without a heatsink.
The limit without a heatsink is around 10W, perhaps even less.
But:
The operating system can read the current temperature, too, and switch to a more aggressive throtteling. IIRC down to 12.5% duty cycle.
Probably Tom tested with a board where the OS/BIOS/ACPI (I'm not 100% sure who does what) throtteled to 12.5%, and there was no auto shutdown without a heatsink.
AMD has choosen a board without that 2nd throtteling limit. The CPU overheated and shutted itself down