I actually do disagree with the first: making the path of least resistance the most secure oft leaves the non-obvious approaches open to exploitation.
Have you actually read the paper? If you have only read the ten one-sentence principles, you might have misinterpreted that one. The authors do not advocate offering an alternative, non-natural way of doing things that is insecure. In fact, that statement is not even about offering multiple ways to achieve the same task (e.g. "menu item or keyboard shortcut," or "dialog or wizard"). The idea is simply that using the system securely should be easier (i.e. less resistance) than using the system in an insecure way. In other words, whenever you're about to do something that is not secure, you'll face resistance, so taking the path of least resistance will be most secure.
I think a huge part the principle could be more simply described as "secure by default," which I hope everyone will agree with. Another important goal mentioned in the paper is "to keep the user's motivations and the security goals aligned with each other," i.e. you want to make sure that while working with your software, the user will never think about granting certain permissions simply because that would be more convinient.
This isn't anything new really, the security vs. usability arguement has been a problem forever, and frankly, it's not something to be addressed.
The fact that this has been a problem "forever" is exactly why it needs to be addressed.
You should read the paper, or at least take a short look at it, it provides some very interesting ideas. It's true that you'll never have 100% security unless you turn off your computer, but this doesn't mean that security and how it is presented to the user cannot be improved.
As far as I know, it doesn't have a "safe mode" like PHP does, so scripted pages run under the server's user id with all of the server's access permissions. However, Apache 2 provides the new perchild MPM, which allows you to assign different user ids to each virtual host. Unfortunately, according to the documentation "this MPM does not currently work on most platforms. Work is ongoing to make it functional."
Architecturally, assigning user IDs to virtual hosts is a far better solution (even the PHP developers admit that "safe mode" solves the problem at the wrong level) -- once it works, it will obviously solve the problem for all modules, including mod_python and mod_perl, without requiring the module developers to each develop their own, seperate safe mode equivalent.
Simpler to install? It comes packaged by default in RedHat. For Debian, it's apt-get install postgresql. For a source install, it's./configure;make;make install. Please explain to me how MySQL is easier.
It's available for Windows with a standard Windows-style setup program. Lots of people who develop a small website will do so on Windows, even if their server runs a UNIX-like system. I think that if there were a similar easy-to-install Windows distribution of PostgreSQL, it'd have much more users.
I don't need a somewhat pedantic definition of what a partial ordering is:-) My question is why Perl forces me to write all this less_than stuff if all I want is to compare two strings?
Ahh, but wait, how does XL know what to do with the < operator? Maybe it works built-in for strings and numbers, but what if I wanted to compare two arbitrary objects? I suppose I'd somehow have to make sure that my objects match the generic type ordered of your max/min code. How would I do that if not by writing a less_than function or overloading the < operator?
By the way, I don't understand the generic type ordered in your code at all. What I keep reading is "Something (what? two objects?) is of the generic type ordered if you have two ordered objects and can find out which of them is smaller," but this obviously doesn't make sense.
The most readable way of writing down the concept "ordered" in a somewhat formalized way somewhat similar to XL's syntax would imho be something like:
generic type ordered (A, B) if defined(A < B)
i.e. two objects A and B are ordered if the < operator is defined for these two objects. But that would be just like having an interface "comparable" in an object-oriented language.
Finally, let me say that I really do like some of the ideas in XL. I will certainly take a closer look at it when I have time. One thing I think you should consider changing is the name "concept programming." Look at all the confusion it generated in this/. discussion:-). What you really mean is simply "expressive programming," i.e. the goal of your project is to enable developers to write more expressive code, as opposed to e.g. forcing them to make everything an object and to sometimes write very verbose code like in Java-the-language. Of course, "expressive programming" is not a new idea, so you'd lose your new-buzzword marketing advantage;-)
However, a lot of the security problems in Outlook are due to its tight integration with the MSIE ActiveX components. If Mozilla were to allow that kind of tight binding, you'd likely open Mozilla up to a lot of security issues.
This has nothing to do with "tight integration." The problem is that Mozilla insists on handling all URL schemes (e.g. http, https, mailto) itself that it can handle, instead of calling whatever application the user has configured to handle those URLs. I have the same problem, but in the opposite direction: I use Mozilla as my web browser but not as my email client. Yet whenever I click a "mailto:..." URL Mozilla opens it in Mozilla's mail client, not in my mail client of choice. The other way works fine: if I click a http or https URL in Outlook, it will open them in Mozilla, not in Internet Explorer.
The key needs to be stored with a trusted entity like Verisign
Huh? Why is Verisign a "trusted entity" and the Debian server operators are not? One cannot crack Verisign's servers and exchange the keys? One cannot become the man-in-the-middle between a user and the Verisign servers?
Sure, it's harder to break into both Debian's and Verisign's systems in order to deploy a trojan, but unless you get the code handed over personally from the developer, you'll never have 100% security.
You've never heard of Windows Update being trojanned, have you?
No, but you're naive if you think it cannot happen.
"In mid-March 2001, VeriSign, Inc., advised Microsoft that on January 29 and 30, 2001, it issued two VeriSign Class 3 code-signing digital certificates to an individual who fraudulently claimed to be a Microsoft employee. The common name assigned to both certificates is 'Microsoft Corporation'." (Microsoft Security Bulletin MS01-017)
Re:AltaVista vs. Google: speed and relevance shoot
on
Altavista Renewed
·
· Score: 2
Completely unrelated, but try a search on google for "stoner girl" and look at what the third result is...
How did THAT get there????
Well, since "stoned girl" returns the same page as the third result,....
The person who posted EMI's mail to the Heise forum also posted the mail headers in response to several other posters questioning the validity.
Though I have to admit I don't know if that is a real header. If it is, the recipient's software translated some of the header field names instead of displaying the actual, unmodified header ("Von" should be "From", "Datum" should be "Date", "An" should be "To", and "Betreff" should be "Subject"). The recipient's email address in the header is a mac.com address, so he probably is a Mac user. Does anyone know if the German version of Apple's Mail application, the.mac webmail service or some other popular Mac email client display translated headers?
My idea of hell is an editor that auto-saves code that I'm in the process of hacking up in an editor to let me think about the problem over top of code that already works.
You think that the article suggests making the computer click "Save" automatically. Wrong. It talks about removing the save command. This means that you no longer have to explicitly save your documents, because the system will do it for you. It doesn't mean anything else. Most importantly, it doesn't mean that you cannot tell the system to keep the previous version of a document. You could, for example, tell your system to "Keep this Revision" as "latest working revision" before starting to edit the code.
By the way, the method you describe (not saving) is somewhat dangerous, because you might irreversibly overwrite your working code by saving your document because you got used to regularly executing the save command. How is constantly having to remind yourself not to save a good interface?
My idea of hell is a platform where every document I've ever opened has no way to close it and no way to exit the application that's got it up in a window, because there;s no 'Quit' or 'Exit' option.
Most user's idea of hell is a system where a command in a menu that is conceptually attached to one document (it's called "File", isn't it?) can kill other documents.
And where exactly does the article say that all documents and applications will be open and running all the time? It only says that the system should find out automatically when an application needs to run, and when it doesn't.
My idea of hell is not being able to drag something in a GUI from one folder to another, because they have an obscure "parent of my parent" relationship, which makes me have to cut and paste the document, instead of just dragging it, because I on;'y have one file manager, which is running all the time, instead of a "file picker".
The article nowhere mentions that copying and pasting files should be required as a result of removing pickers.
My idea of hell is symbolic links that get changed when I rename a file out from under them because the OS thinks it knows what I want better than I do, so it's impossible to replace a file with another, while keeping, and the old one, unless you copy it, rename the original, rename the copy, and then edit the original (instead of replacing it).
The system thinks it knows what you want better than you do either way. The system you seem to be used to "knows" that the link should continue to point to the same filename, assuming that you'll put a replacement there. The system proposed by the author assumes that a link should point to a document, not to a filename. Just because you got used to the one way of the OS knowing better, that doesn't mean it's the best solution -- in fact, since linking to a filename as opposed to linking to a document is quite an abstract concept in a GUI where what you see and interact with is the document, not its filename, I suppose the link-to-document system will be more intuitive for most users.
By the way, you could also have a "Replace this File" command.
"you may not distribute modifications of the Software under terms that purport to require the Software or derivative works to be sublicensed to others", a very straight, and extremely amusing ("purport"??) attack on the GPL.
Well, I don't think the GPL requires that derivative works are sublicensed to others. It allows derivative works to be sublicensed to others, and requires that if you do so, the license must be the GPL, and the source code (or at least an option to get it) must be included.
Actually, I don't know of any license that requires sublicensing, so the above clause doesn't make any sense to me.
However, you haven't quoted the complete clause:
"You may modify this Software and distribute the modified Software for non-commercial purposes, however, you may not grant rights to the Software or derivative works that are broader than those provided by this License. For example, you may not distribute modifications of the Software under terms that would permit commercial use, or under terms that purport to require the Software or derivative works to be sublicensed to others."
Since all free software licenses grant broader rights and allow commercial use, this is effectively an anti-software-freedom clause (not just anti-GPL). However, it's quite understandable that Microsoft doesn't want their software to become free simply by someone downloading and re-licensing it, so I don't think the clause is unreasonable.
So if I add a login header, is that just another GET request? It's the difference between http://root:12345@www.0wn3d.com/ and http://www.0wn3d.com/.
No. In that case, you're trying to circumvent (by having illegally obtained or by guessing the password) a security measure. (Also see below.)
It would cause the same kind of division in society as if we had a law that said burglary doesn't count unless you have an expensive security system.
No. There is a difference between trying to receive information (i.e. trying to have it delivered to me), and trying to actively enter someone else's property. The breaking-in analogy is fundamentally flawed, at least as long as we're not talking about trying to circumvent any security that is installed (e.g. trying to guess passwords -- that would be trying to actively enter).
Also note that houses (and physical locations in general) usually make it quite obvious whether they're supposed to be public or private. All private houses, even if they have no locks or security systems, have an implicit security mechanism: doors. Even if they're unlocked, closed doors tell most people not to enter unless invited by someone opening the door, or by a sign that tells them it's public. Why do you think most stores have doors that allow you to look into the store, that have obvious "open" signs, and that sometimes even open for you automatically? It's a way of telling people that the door is, unlike most other doors, not intended to keep them out.
URLs, however, are all designed the same way, there is no obvious difference between private and public resources. The only way to recognize them as private is to request them and see if a password request will show up. And experience suggests that most URLs are public.
Making it potentially illegal to try an URL will get you into the same legal problems as trying to make a difference between precise links ("deep links") and generic links (links to front pages).
Some of the questions you'd have to answer are:
If you have requested, by following a link, the resource/some/path/document, and get a 404 Page not Found error, is it legal for you to try accessing/some/path/ by changing the URL in your browser's URL field?
Is it legal to type some domain name into your browser, even if it is not published anywhere? (E.g. you're looking for Foo Corporation's web site and try www.foo.com.)
If you're currently reading/2001/some-report, and you think that the year 2002 record would be more interesting, would you not try to type/2002/some-report into your browser?
If you're reading a structured document, e.g. an online book or a howto article, and you're currently reading/3-1, and you realize you'd like to skip chapter three but the "Next" link points to/3-2, is it legal for you to type/4 into your browser?
If you follow a link and get a 404, and the URL looks like the webmaster simply made a typo, is trying to correct the URL illegal without permission?
If any of the above is illegal, but someone did it anyway and then published the URL on his web site, without telling how he found it, is it illegal to click? To copy and paste?
I am a webmaster myself, and I do agree that there are some requests that are sent with obviously malicious intentions (e.g. requests for cmd.exe etc.). But I am also a web user, and I don't want browsing the web to become a legal risk simply because I know how URLs work and make use of that knowledge. Some web site operators seem to believe that simply because they intended their visitors to behave in a certain way, and didn't provide any means for the users to behave differently, that anything but what they expect you to do should be illegal.
There is a difference between an author telling you that it makes sense to read chapter four of his book before reading chapter five, and an author trying to put you in jail for reading chapter five first anyway.
... even though they ruefully admit that the log spamming may falsely boost their ranking on some search engines.
Umm, huh? I don't think the spammers actually link to the sites, they probably just send HTTP requests with faked referrer headers that contain the URLs of the spammer's web site. That won't boost your search engine rankings.
Please, please do not use the words "secure application" when what you really mean is "approved application".
Thank you.
"Approval" is a great word to describe what Palladium is actually about. "Approved computing" also sounds much less childish than RMS's "treacherous computing."
Perhaps that's good, although I'd like to see an option where you can choose to apply the feature to all links leading to HTML pages.
No, that would be a very bad idea. Just right now in the navigation menu of the Slashdot page I'm viewing ("Post Comment"), there are 17 navigation links, plus the category links, etc. You cannot tell me that you'll be following all of those 17 links. Web sites (and probably ISPs as well) would not like such a feature due to the increased bandwidth costs they'd have to account for.
Also note that e.g. this page has a "log out" link that I really do not want to be automatically prefetched for obvious reasons. Granted, it contains a query-string so Mozilla would not prefetch it anyway, but I imagine there will also be web sites that have log out links without query strings in the URL. And there are lots of other actions that might be associated with following a link (think prefetched one-click-shopping).
The HTTP standard (RFC2616) states that "In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the
significance of taking an action other than retrieval. These methods ought to be considered 'safe'", and if there are side effects, "the user did not request the side-effects, so therefore cannot be held accountable for them", but I wouldn't trust on web site administrators knowing this.
Yes and no. The two-year-warranty minimum is required by consumer protection laws in Europe, so this applies only when selling to end users. I'm not sure if there's a Europe-wide minimum warranty that applies when selling to business customers. In Germany it's one year, I think.
So what this means is that PC builders will purchse drives at a one-year-warranty from the manufacturer, then have to sell the whole system with a two-year-warranty to the end users. If anything breaks after the first year, the PC builder will have to pay for the new hard drive since they will not get a replacement from the manufacturer.
In other words, the warranty costs will be added to the price by the retailers, not by the manufacturers. And hard drives will (probably) become less reliable, since the manufacturer no longer has any economic benefits from making them more reliable. The one who loses is the consumer, especially those who don't make regular backups (i.e. just about everyone).
What's even more amazing is that even those who dislike the current and proposed copyright and patent laws use those misleading terms. Even the author of the article linked to in this Slashdot story writes that "property is a misnomer," but continues to use it anyway.
The FSF maintains a list of confusing words and phrases are worth avoiding. The arguments they give and the alternatives they suggest often are as much propaganda as the terms they suggest avoiding, but still I think the list is quite good. I'm surprised that "trustworthy computing" isn't included, by the way.
If you know that I'm likely to be talking about the "World Trade Center", you can then plug that key phrase into the resulting cyphertext at every possible point and look at the result. If you get a message back that looks like:
"T*e atta** **ll *e at ******* on t*e World Trade Center"
No, what you would get back would look like this:
World Trade Center************* and
*World Trade Center************ and
**World Trade Center*********** and so on,
because each individual character of the original message is encrypted with its own key. So, knowing that e.g. the first character is a "W" will not tell you anything about any of the other characters. It will not tell you where the other "W"s are located.
If you have a message ("foo") that contains two equal characters, they will not enrcypt to the same byte values in the encypted message. To encrypt the string "foo," you'd use a one time pad that contains three random values, and then you xor the first character with the first pad value, the second character with the second pad value, and so on. Your encrypted message might then e.g. be 12-78-42. As an attacker, if you do not know the one time pad, you have zero information about that message. The original message might as well have been "bar" or any other three-letter word (in fact, you don't even know whether the message was a plain text or a binary).
So, given any message encrypted with a secure (i.e., truly random) one time pad, the only thing you know is that each of the bytes in the messages might have been any byte in the original message.
Obviuosly, you cannot use that knowledge to break the encryption.
Being unwilling to publish it makes me suspecious right from the start.
Huh? A patent is a method of publishing your invention, in fact, that is (or used to be) one of the points of the patent system: to make it profitable for people to share their inventions instead of keeping them secret. The idea of patents is, as your constitution puts it, "to promote the progress of science."
Of course, this doesn't work if patents are granted on solutions that are obvious once you know the problem, but that is not the case here. (Assuming the cryptographic algorithm actually works, it is likely that it was not obvious.)
Remember that RSA is a very successful cryptographic technology, despite being protected by a (now expired) patent.
// Default Minimum to be same as Maximum min = max
I'm not sure if this is a good comment. Of course it depends on the context, but if I read this comment, I'd immediately wonder why the default minimum is the same as the maximum. Imho it would be much better to explain the complete algorithm at the beginning of the routine, and then have only few comments within the code. However, as I said, this depends on the context and in some situations the above comment might be useful.
// We have finished this data cell, Move onto next data cell i++;
This is not a good comment, imho. Or at least an unnecessary one. If it is not clear from the context (e.g. the loop is short enough) what the variable i is being used for, you should give it a more explanatory name. Your example could be much better written as
cellIndex++;
Using too many comments instead of self-explaining code is not only unnecessary, it often also causes the problem of the comments not being updated when the code is modified.
It would be fairly simple to tune his software so that it considers only the header and that part of the email that is normally displayed, i.e. the HTML part (even if your mail software is configured differently, that of most people isn't, so the HTML part is where you should calculate the probabilities). That would be a one-time improvement, without any need to continuously adapt the software to the spammers.
The HTML part should have a fairly high probability, given that it contains things like "text/html" (he probably should consider a slash as part of a token), "img" etc. that normally don't appear in valid email.
Slashdot Mirror
Have you actually read the paper? If you have only read the ten one-sentence principles, you might have misinterpreted that one. The authors do not advocate offering an alternative, non-natural way of doing things that is insecure. In fact, that statement is not even about offering multiple ways to achieve the same task (e.g. "menu item or keyboard shortcut," or "dialog or wizard"). The idea is simply that using the system securely should be easier (i.e. less resistance) than using the system in an insecure way. In other words, whenever you're about to do something that is not secure, you'll face resistance, so taking the path of least resistance will be most secure.
I think a huge part the principle could be more simply described as "secure by default," which I hope everyone will agree with. Another important goal mentioned in the paper is "to keep the user's motivations and the security goals aligned with each other," i.e. you want to make sure that while working with your software, the user will never think about granting certain permissions simply because that would be more convinient.
The fact that this has been a problem "forever" is exactly why it needs to be addressed.
You should read the paper, or at least take a short look at it, it provides some very interesting ideas. It's true that you'll never have 100% security unless you turn off your computer, but this doesn't mean that security and how it is presented to the user cannot be improved.
As far as I know, it doesn't have a "safe mode" like PHP does, so scripted pages run under the server's user id with all of the server's access permissions. However, Apache 2 provides the new perchild MPM, which allows you to assign different user ids to each virtual host. Unfortunately, according to the documentation "this MPM does not currently work on most platforms. Work is ongoing to make it functional."
Architecturally, assigning user IDs to virtual hosts is a far better solution (even the PHP developers admit that "safe mode" solves the problem at the wrong level) -- once it works, it will obviously solve the problem for all modules, including mod_python and mod_perl, without requiring the module developers to each develop their own, seperate safe mode equivalent.
It's available for Windows with a standard Windows-style setup program. Lots of people who develop a small website will do so on Windows, even if their server runs a UNIX-like system. I think that if there were a similar easy-to-install Windows distribution of PostgreSQL, it'd have much more users.
Ahh, but wait, how does XL know what to do with the < operator? Maybe it works built-in for strings and numbers, but what if I wanted to compare two arbitrary objects? I suppose I'd somehow have to make sure that my objects match the generic type ordered of your max/min code. How would I do that if not by writing a less_than function or overloading the < operator?
By the way, I don't understand the generic type ordered in your code at all. What I keep reading is "Something (what? two objects?) is of the generic type ordered if you have two ordered objects and can find out which of them is smaller," but this obviously doesn't make sense.
The most readable way of writing down the concept "ordered" in a somewhat formalized way somewhat similar to XL's syntax would imho be something like:
i.e. two objects A and B are ordered if the < operator is defined for these two objects. But that would be just like having an interface "comparable" in an object-oriented language.
Finally, let me say that I really do like some of the ideas in XL. I will certainly take a closer look at it when I have time. One thing I think you should consider changing is the name "concept programming." Look at all the confusion it generated in this /. discussion :-). What you really mean is simply "expressive programming," i.e. the goal of your project is to enable developers to write more expressive code, as opposed to e.g. forcing them to make everything an object and to sometimes write very verbose code like in Java-the-language. Of course, "expressive programming" is not a new idea, so you'd lose your new-buzzword marketing advantage ;-)
This has nothing to do with "tight integration." The problem is that Mozilla insists on handling all URL schemes (e.g. http, https, mailto) itself that it can handle, instead of calling whatever application the user has configured to handle those URLs. I have the same problem, but in the opposite direction: I use Mozilla as my web browser but not as my email client. Yet whenever I click a "mailto:..." URL Mozilla opens it in Mozilla's mail client, not in my mail client of choice. The other way works fine: if I click a http or https URL in Outlook, it will open them in Mozilla, not in Internet Explorer.
Huh? Why is Verisign a "trusted entity" and the Debian server operators are not? One cannot crack Verisign's servers and exchange the keys? One cannot become the man-in-the-middle between a user and the Verisign servers?
Sure, it's harder to break into both Debian's and Verisign's systems in order to deploy a trojan, but unless you get the code handed over personally from the developer, you'll never have 100% security.
No, but you're naive if you think it cannot happen.
"In mid-March 2001, VeriSign, Inc., advised Microsoft that on January 29 and 30, 2001, it issued two VeriSign Class 3 code-signing digital certificates to an individual who fraudulently claimed to be a Microsoft employee. The common name assigned to both certificates is 'Microsoft Corporation'." (Microsoft Security Bulletin MS01-017)
Well, since "stoned girl" returns the same page as the third result, ....
Think Stoned
The person who posted EMI's mail to the Heise forum also posted the mail headers in response to several other posters questioning the validity.
Though I have to admit I don't know if that is a real header. If it is, the recipient's software translated some of the header field names instead of displaying the actual, unmodified header ("Von" should be "From", "Datum" should be "Date", "An" should be "To", and "Betreff" should be "Subject"). The recipient's email address in the header is a mac.com address, so he probably is a Mac user. Does anyone know if the German version of Apple's Mail application, the .mac webmail service or some other popular Mac email client display translated headers?
You think that the article suggests making the computer click "Save" automatically. Wrong. It talks about removing the save command. This means that you no longer have to explicitly save your documents, because the system will do it for you. It doesn't mean anything else. Most importantly, it doesn't mean that you cannot tell the system to keep the previous version of a document. You could, for example, tell your system to "Keep this Revision" as "latest working revision" before starting to edit the code.
By the way, the method you describe (not saving) is somewhat dangerous, because you might irreversibly overwrite your working code by saving your document because you got used to regularly executing the save command. How is constantly having to remind yourself not to save a good interface?
Most user's idea of hell is a system where a command in a menu that is conceptually attached to one document (it's called "File", isn't it?) can kill other documents.
And where exactly does the article say that all documents and applications will be open and running all the time? It only says that the system should find out automatically when an application needs to run, and when it doesn't.
The article nowhere mentions that copying and pasting files should be required as a result of removing pickers.
The system thinks it knows what you want better than you do either way. The system you seem to be used to "knows" that the link should continue to point to the same filename, assuming that you'll put a replacement there. The system proposed by the author assumes that a link should point to a document, not to a filename. Just because you got used to the one way of the OS knowing better, that doesn't mean it's the best solution -- in fact, since linking to a filename as opposed to linking to a document is quite an abstract concept in a GUI where what you see and interact with is the document, not its filename, I suppose the link-to-document system will be more intuitive for most users.
By the way, you could also have a "Replace this File" command.
Well, I don't think the GPL requires that derivative works are sublicensed to others. It allows derivative works to be sublicensed to others, and requires that if you do so, the license must be the GPL, and the source code (or at least an option to get it) must be included.
Actually, I don't know of any license that requires sublicensing, so the above clause doesn't make any sense to me.
However, you haven't quoted the complete clause:
Since all free software licenses grant broader rights and allow commercial use, this is effectively an anti-software-freedom clause (not just anti-GPL). However, it's quite understandable that Microsoft doesn't want their software to become free simply by someone downloading and re-licensing it, so I don't think the clause is unreasonable.
No. In that case, you're trying to circumvent (by having illegally obtained or by guessing the password) a security measure. (Also see below.)
No. There is a difference between trying to receive information (i.e. trying to have it delivered to me), and trying to actively enter someone else's property. The breaking-in analogy is fundamentally flawed, at least as long as we're not talking about trying to circumvent any security that is installed (e.g. trying to guess passwords -- that would be trying to actively enter).
Also note that houses (and physical locations in general) usually make it quite obvious whether they're supposed to be public or private. All private houses, even if they have no locks or security systems, have an implicit security mechanism: doors. Even if they're unlocked, closed doors tell most people not to enter unless invited by someone opening the door, or by a sign that tells them it's public. Why do you think most stores have doors that allow you to look into the store, that have obvious "open" signs, and that sometimes even open for you automatically? It's a way of telling people that the door is, unlike most other doors, not intended to keep them out.
URLs, however, are all designed the same way, there is no obvious difference between private and public resources. The only way to recognize them as private is to request them and see if a password request will show up. And experience suggests that most URLs are public.
Making it potentially illegal to try an URL will get you into the same legal problems as trying to make a difference between precise links ("deep links") and generic links (links to front pages).
Some of the questions you'd have to answer are:
I am a webmaster myself, and I do agree that there are some requests that are sent with obviously malicious intentions (e.g. requests for cmd.exe etc.). But I am also a web user, and I don't want browsing the web to become a legal risk simply because I know how URLs work and make use of that knowledge. Some web site operators seem to believe that simply because they intended their visitors to behave in a certain way, and didn't provide any means for the users to behave differently, that anything but what they expect you to do should be illegal.
There is a difference between an author telling you that it makes sense to read chapter four of his book before reading chapter five, and an author trying to put you in jail for reading chapter five first anyway.
From the wired article:
Umm, huh? I don't think the spammers actually link to the sites, they probably just send HTTP requests with faked referrer headers that contain the URLs of the spammer's web site. That won't boost your search engine rankings.
Thank you.
"Approval" is a great word to describe what Palladium is actually about. "Approved computing" also sounds much less childish than RMS's "treacherous computing."
No, that would be a very bad idea. Just right now in the navigation menu of the Slashdot page I'm viewing ("Post Comment"), there are 17 navigation links, plus the category links, etc. You cannot tell me that you'll be following all of those 17 links. Web sites (and probably ISPs as well) would not like such a feature due to the increased bandwidth costs they'd have to account for.
Also note that e.g. this page has a "log out" link that I really do not want to be automatically prefetched for obvious reasons. Granted, it contains a query-string so Mozilla would not prefetch it anyway, but I imagine there will also be web sites that have log out links without query strings in the URL. And there are lots of other actions that might be associated with following a link (think prefetched one-click-shopping).
The HTTP standard (RFC2616) states that "In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered 'safe'", and if there are side effects, "the user did not request the side-effects, so therefore cannot be held accountable for them", but I wouldn't trust on web site administrators knowing this.
Yes and no. The two-year-warranty minimum is required by consumer protection laws in Europe, so this applies only when selling to end users. I'm not sure if there's a Europe-wide minimum warranty that applies when selling to business customers. In Germany it's one year, I think.
So what this means is that PC builders will purchse drives at a one-year-warranty from the manufacturer, then have to sell the whole system with a two-year-warranty to the end users. If anything breaks after the first year, the PC builder will have to pay for the new hard drive since they will not get a replacement from the manufacturer.
In other words, the warranty costs will be added to the price by the retailers, not by the manufacturers. And hard drives will (probably) become less reliable, since the manufacturer no longer has any economic benefits from making them more reliable. The one who loses is the consumer, especially those who don't make regular backups (i.e. just about everyone).
What's even more amazing is that even those who dislike the current and proposed copyright and patent laws use those misleading terms. Even the author of the article linked to in this Slashdot story writes that "property is a misnomer," but continues to use it anyway.
The FSF maintains a list of confusing words and phrases are worth avoiding. The arguments they give and the alternatives they suggest often are as much propaganda as the terms they suggest avoiding, but still I think the list is quite good. I'm surprised that "trustworthy computing" isn't included, by the way.
Note that there is a project that attempts to add jail-syscall-like functionality to the Linux kernel: vserver.
I haven't tested it yet, but it looks very promising.
No, what you would get back would look like this:
World Trade Center************* and
*World Trade Center************ and
**World Trade Center*********** and so on,
because each individual character of the original message is encrypted with its own key. So, knowing that e.g. the first character is a "W" will not tell you anything about any of the other characters. It will not tell you where the other "W"s are located.
If you have a message ("foo") that contains two equal characters, they will not enrcypt to the same byte values in the encypted message. To encrypt the string "foo," you'd use a one time pad that contains three random values, and then you xor the first character with the first pad value, the second character with the second pad value, and so on. Your encrypted message might then e.g. be 12-78-42. As an attacker, if you do not know the one time pad, you have zero information about that message. The original message might as well have been "bar" or any other three-letter word (in fact, you don't even know whether the message was a plain text or a binary).
So, given any message encrypted with a secure (i.e., truly random) one time pad, the only thing you know is that each of the bytes in the messages might have been any byte in the original message.
Obviuosly, you cannot use that knowledge to break the encryption.
Huh? A patent is a method of publishing your invention, in fact, that is (or used to be) one of the points of the patent system: to make it profitable for people to share their inventions instead of keeping them secret. The idea of patents is, as your constitution puts it, "to promote the progress of science."
Of course, this doesn't work if patents are granted on solutions that are obvious once you know the problem, but that is not the case here. (Assuming the cryptographic algorithm actually works, it is likely that it was not obvious.)
Remember that RSA is a very successful cryptographic technology, despite being protected by a (now expired) patent.
It's only the working title.
Slashdot's summary is wrong. The document is called "Perl 6 Quick Reference."
I'm not sure if this is a good comment. Of course it depends on the context, but if I read this comment, I'd immediately wonder why the default minimum is the same as the maximum. Imho it would be much better to explain the complete algorithm at the beginning of the routine, and then have only few comments within the code. However, as I said, this depends on the context and in some situations the above comment might be useful.
This is not a good comment, imho. Or at least an unnecessary one. If it is not clear from the context (e.g. the loop is short enough) what the variable i is being used for, you should give it a more explanatory name. Your example could be much better written as
Using too many comments instead of self-explaining code is not only unnecessary, it often also causes the problem of the comments not being updated when the code is modified.
Umm, even Microsoft doesn't implement all of the Windows API in the kernel. The cryptography services are a shared library, just like OpenSSL.
It would be fairly simple to tune his software so that it considers only the header and that part of the email that is normally displayed, i.e. the HTML part (even if your mail software is configured differently, that of most people isn't, so the HTML part is where you should calculate the probabilities). That would be a one-time improvement, without any need to continuously adapt the software to the spammers.
The HTML part should have a fairly high probability, given that it contains things like "text/html" (he probably should consider a slash as part of a token), "img" etc. that normally don't appear in valid email.