Is it just me, or is the Bible just another book, and not something one could compare to the word of God?
It all depends on your point of view. People get pretty funny about things they believe strongly about, be it religion, or free software, or political systems. In particular, they tend to develop attachments to written documents that express central tenets of their belief.
It's just that within Free Software, that written document serves a dual purpose -- in addition to being a manifesto of sorts, it's also a license agreement.
Having that as a video at all is a complete waste of bandwidth. They could have just taken the audio, saved it as an MP3 file, and not lost any information at all.
Most of the time you can't even see who's speaking, and there's some guy standing in front of the camera for a significant part of it anyway.
Does anyone know what the license on the video is? Can someone just rip the audio track and repost it as a MP3 file, so people who don't want or can't play a WMV can listen?
As the AC said, back a little while ago, when IBM was last making noises about dumping Windows, they either created or had created for them, a customized version of RHEL. I believe it was called the "IBM Linux Client for e-business" or something like that.
What I'm trying to point out is that one man's "predatory lending practices" are another's "fair credit opportunities." Furthermore, I think the logical conclusion of his line of thinking -- that creditors are somehow responsible for only offering their services to people who are 'responsible enough' to use them and not get in trouble, is a draconian, rubber-room, nanny-state. The whole premise -- that there is something wrong with me offering credit to anyone I choose who wants to accept it -- is false and dangerous, and if it gained wide acceptance would take us to a very bad place. The transition from "this is wrong" to "this shouldn't be allowed" to "this is illegal" happens rather quickly; if you let people cluck their tongues and shake their heads long enough without pointing out why their thinking is fallacious, eventually some Senator will decide to win some political capital by codifying it. It happens all the time.
I am quoting your post since you're AC and thus probably will be invisible:
The difference is (and I'm not commenting on the truth of the claims, just on the implication assuming they are true) that the scenario in the story involved freezing of a monetary transaction at the investgatory level. There was no due process involved, nor was a charge filed. Sure, they probably have the right to do this, but it seems reasonable to me that any action such as this ought to require notification except in the case when it is accompanied by the impending filing of actual charges.
Let me remind you: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
This amounts to requiring due process even to freeze (a temporary seizure, as the asset is not available to the rightful owner). While a financial transaction that is not "in line with your patterns" might constitute some form of probable cause (a very speculative argument), the profiling itself may indeed be unconstitutional to begin with. Not if the bank itself wants to hold on a transaction, as you don't have to bank with them. Then the bank ought still be required to inform its customer of the status of his/her accounts. But to profile with the inclusion of governmental authorities, is probably unconstitutional without a warrant.
You make good points. I was not defending the unjustified freezing or, as you put it "temporary seizure" of assets, just investigation.
I'm not really sure how the laws surrounding asset freezing and holds work, but I would agree with you that they are on a different level than simply compiling information on someone, which is what investigation means to me.
It seems to me that freezing someone's assets without due process or cause is unlawful Conversion; whether the Courts count that as a "seizure" in the Constitutional sense I'm not sure -- although my feeling is that they ought to.
PutFwd seems pretty neat -- it reminds me a little of Flickr in its early days.
I could see a real use for it for people who want to share home movies. Flickr, with the iPhoto export plugin, is great for photos but falls flat if you try to send a movie its way. Given that many digital cameras will take short movies, and iPhoto will manage them, I think there's a demand for a way to make them easily shareable aside from Apple's.Mac service. (Especially because nobody I know likes getting hit with even a 2MB email attachment, much less a 20 or 200MB one, when they're not expecting it.)
I see you have an OS X dashboard widget, which is neat (I'd download and play with it if I wasn't at work); I wonder though if a more useful implementation wouldn't be a right-click option in the Finder. Click on a file, right-click, choose "Send to PutFwd" or something, and it would upload (and even handier would be if it put the resulting URL on the Clipboard).
Anyway, seems quite neat. I think the emphasis on desktop integration is the way to go; IMO that's the Achilles heel of most of the web-based file sharing systems that I've seen.
Like the guy said, it's not hard, but it's not easy either.
That's two more steps than signing up for Yahoo Mail takes. And you're not likely to get someone like my father, who doesn't have an SMS-enabled phone and probably doesn't know what an SMS is, to sign up that way. (Actually his first question would be, I can hear it now: "Why the hell do they want my phone number?")
I don't think Google ever wanted to just take over the webmail market overnight, though. It seems to me that they're comfortable with modest, continous growth in marketshare, rather than sharp peaks and declines.
That's not much of a commentary on Google, is it? I mean, if they're willing to take you to Egypt (or wherever) to perform some "rubber hose cryptanalysis," then there's nothing really stopping them from coming in and taking your computer, too. So having your data in encrypted form up on Google's servers really isn't increasing your exposure or risk any.
In fact, if Google encrypted everyone's files when they uploaded them on their GDrive, then it would probably limit your exposure, since then the encryption couldn't be an immediate red-flag. It's easy to single out people who are using encryption and get their passwords through some other means (keysniffing, etc.) when its only a few per thousand or million users, when it becomes universally used then it's much more difficult.
However as other people have pointed out I'm not sure that Google will offer any encryption, not because of government coercion but because it makes the data much harder to index (for advertising and searching purposes) and compress (you don't think that your 325 MB GMail box really takes up 325 MB on disk, do you?).
That was fun -- how about a conclusion we can actually use?
I'd like to see a competition between OSes, because as a user at some point I might want to choose between them, and even if none of them are truly secure (as long as they're plugged in), there's a certain value in knowing which one is more secure than the others, in various use cases.
There's a certain point where a system becomes 'secure enough' for a particular use. Depending on the use, you might be okay with a default install of Debian-stable, or you might want SELinux with all the hardening options. It's a matter of exposure the system will have and what the consequences of it getting compromised would be.
Sure, to get enough datapoints to be really valid, you'd have to run 'competitions' like this pretty much continuously, and even then I'd have serious questions about them and how they model real-world hacking scenarios, but that's not to say you wouldn't get interesting results. Certainly more interesting that TFA's "competition."
Yes, at most major airports it's required. I believe the excuse is to scan them for explosives.
The last three airports I've flown out of (Dulles/IAD, Baltimore/BWI, and Springfield/BDL) all did it. Maybe they aren't as strict if you went to some middle-of-nowhere regional airport, but I doubt it.
If you don't like the rules, you don't have to get on the plane. Maybe if you protest enough, you'll get a refund (however I'm pretty sure that your ticket contract will probably say something like 'nonrefundable if rejected by security'). You might also end up on a no-fly list as well -- the TSA takes a dim view of "righteous indignation."
Personally I just take Amtrak. I finally got sick of being hassled for every nailfile and pair of travel scissors in my carryon, now I just take my business elsewhere. Pity they don't have trans-Atlantic rail service.
It's worth noting though that you can't even take a Greyhound bus without showing ID now; if you don't like showing ID, you better get used to telecommuting.
Anyone can deduct gambling losses, if they have taxable gambling winnings to deduct them from.
Generally only people that you would consider 'professional gamblers' keep good enough reciepts to take advantage of this, but it's available to everyone. I had a few relatives who used to go bet on the ponies regularly, and they used to keep pretty scrupulous records, so that at the end of the year they if they broke even, they wouldn't have to pay taxes on the amount of money that they spent and re-made. All of them had day jobs and certainly weren't professional bettors.
It's exactly as someone further up described it, if you win $10,000 over the course of a year, but also bet $9,700, you are only taxed on $300 as income. If you weren't able to deduct the losses, you'd be taxed on the full $10k.
Loaning money to someone who can never pay it back is a very good business tactic. It means that they keep on paying interest payments for the rest of their lives, usually totalling much more than the loan was in the first place. Apart from that, it gives the jerks a feeling of power over the poor bastards so owned.
Who the hell are you to decide who can and can't 'ever pay it back?'
There are only two people who have any part of that decision: the person or entity loaning the money, and the person accepting the loan. That's it. If both of them want to be parties to the agreement, it's up to them -- that's part of being an adult in a free society. You get to make your own decisions, and that includes the right to run yourself into bankruptcy or wage-slave debt for the rest of your life. That's the other side to Freedom: you can make your life as good or as bad as you want it to be.
What you seem to be advocating is that we take away certain rights from people that we don't like, with the excuse that it's for their own good. "No, you can't offer him credit; he's irresponsible." Sure, he may not be a criminal, or have done anything strictly illegal, and he may even think that he wants credit -- but we know better than he does. It's for his own good.
People like you complain about laws like the Patriot Act, but the things you're advocating are a lot scarier. You can't keep people from messing up their own lives without basically taking away all choice -- and thus risk -- in life.
The sad truth about post 9/11 is that you could solve the airline threat by simply keeping guns off the planes
What are you talking about?
The 9/11 hijackers didn't use guns. Nobody had guns. They had box cutters, which were at the time, allowable carryon items. They have an exposed blade of less than 3/4", usually.
The security measures which prevent someone from bringing a gun on board an aircraft are basically the same now as they were pre-9/11: metal detectors and X-ray machines. Except now, in addition to looking for guns, they now remove and confiscate basically every sharp rigid object that could even theoretically be a weapon, X-raying everyone's shoes, and using explosive "sniffers." (I frankly don't find this to be particularly confidence-inspiring, since a well-built man can kill an unsuspecting opponent with a tablecloth, or indeed without any weapon at all.)
Don't act so surprised; neither are the police. Being "investigated" doesn't entitle you to any sort of notification, because it doesn't mean anything. If you get charged with something, then you get to see all the evidence, confront your accusers, all the rest of that good stuff. But you do not have any right to know when you're being "investigated" -- and this is not a new development, there is no basis in law for it traditionally.
So don't point the Big Brother finger at Homeland Security as if they're somehow unique; you could be under investigation by any number of agencies, including your local police, and not neccessarily be aware of it. Unless they're going to charge you with something, they don't have any reason to inform you or anyone else about it.
Is that before or after the changeover? Dave Schroeder (the guy running the test) mentioned elsewhere in the thread that because of the high traffic, the test was being moved to a different subnet, and the IP would change at this time. It was supposed to happen last night.
I see it still works now (7 Mar 0940 EST) but it was also mentioned that the new box is not going to be the same one, but a clone of the original, so it's possible that by using an IP address you could be pointing to the old one.
Some of those patent applications look rather fishy.
In particular, I'm thinking of application 20030223409, available here.
Methods and apparatus for transporting digital audio-related signals over point-to-point, non-circuit-switched, non-packet-based, local area connections. In one example, multiple digital audio-related signals are combined as a time division multiplexed (TDM) serial bit stream. In addition to the one or more multiplexed digital audio-related signals, the TDM serial bit stream also may be encoded with other information that pertains to one or more of the digital audio-related signals being multiplexed (e.g., data rates of the signals, various data type or status information, timing or other synchronization information, etc.). In one aspect, the TDM serial bit stream is transmitted and received via conventional packet-based network physical layer transceivers (e.g., Ethernet transceivers) that are particularly configured and controlled to transmit and receive essentially continuous bit streams rather than data packets.
Maybe someone with more background in the field can give a better answer, but it seems as though what they're describing is a system where you use Ethernet transcievers to send time-division multiplexed data as a constant stream rather than packets. I find it very hard to believe that nobody has done that before, given that almost all multichannel digital audio systems (I think) are TDMA.
If anyone knows of clear prior art, here's your chance to nip an abusive patent in the bud.
This is true, however you can get a plugin for $8 USD that does this.
It's called iChatter, and it does a nice job of translating acronyms back to phrases using a customizable dictionary, etc. (So you can program "LOL" to be spoken as "ha ha" or anything else you want.)
I can't personally vouch for it, but it's out there. I use Adium (or AdiumX, I'm not clear on what it's 'official' name is) as my day-to-day client, and iChat for file transfers and on the very few occasions I've wanted to use audio or video chat.
My killer feature is multiple-protocol support, because I always seem to have a few people who I can't talk out of using MSN Messenger or Yahoo Messenger, and I don't feel like running three clients all the time. The OTR encryption is fairly slick, too; I'd be nice if Apple took a hint and included that in the future as well, although they've seemed reticent to provide any kind of iChat encryption in the past.
If you can get the 'nobody' (or 'http' or whatever) user to be able to access arbitrary code by fuzzing Apache
This would still require that there be an exploitable hole in Apache (or other running service), correct?
A usable priv-escalation vulnerability defeats the jails and "nobody" users -- although probably not completely, because it still provides an additional bar -- but would still require that the globally-accessible service to be compromised itself, in order for the computer to be rooted remotely, without any way in like the article competition's shell accounts.
So it's a two-step process, and a privilege escalation is step 2. Step 1 is still lacking, so it's not as though every OS X box in existence became compromised while Apple or whomever fixes the problem. (Which I hope they do, I don't mean to totally undermine the seriousness of this exploit, although I'm annoyed that it wasn't documented.)
Why would he need to do that, since if you go to http://test.doit.wisc.edu/, the machine itself presents a page explaining the competition?
The only function that signing the invitation here on Slashdot would do, is positively link the owner of the Slashdot account daveschroeder to the machine...but really, what does that matter? The owner of the machine, even if it's not daveschroeder (and I'm not implying that this is the case, but speaking hypothetically -- especially since his name is at the bottom of the page) is inviting people to hack it. I think that pretty much makes it valid, signature or not.
Is it just me, or is the Bible just another book, and not something one could compare to the word of God?
It all depends on your point of view. People get pretty funny about things they believe strongly about, be it religion, or free software, or political systems. In particular, they tend to develop attachments to written documents that express central tenets of their belief.
It's just that within Free Software, that written document serves a dual purpose -- in addition to being a manifesto of sorts, it's also a license agreement.
As opposed to our esteemed Slashdot editors, who post ...
Oh, wait. Nevermind.
Announcement In a statement opposite heise open got IBM straight the role of open SOURCE often commodity and open standard in the enterprise.
Well, that clears things right up. Thanks, babelfish!
Having that as a video at all is a complete waste of bandwidth. They could have just taken the audio, saved it as an MP3 file, and not lost any information at all.
Most of the time you can't even see who's speaking, and there's some guy standing in front of the camera for a significant part of it anyway.
Does anyone know what the license on the video is? Can someone just rip the audio track and repost it as a MP3 file, so people who don't want or can't play a WMV can listen?
As the AC said, back a little while ago, when IBM was last making noises about dumping Windows, they either created or had created for them, a customized version of RHEL. I believe it was called the "IBM Linux Client for e-business" or something like that.
l ent_1.html
Here's an old article that references it (this is from when they called off their previous internal 'switch' campaign):
http://www.infoworld.com/article/05/01/25/HNibmsi
So it sounds like they're dragging this out of the closet and are thinking of actually going ahead with the existing plan, at least in Germany.
I wonder if this means that they're actually going to port Lotus Notes to Linux, or if they're just going to have everybody run it under WINE.
What I'm trying to point out is that one man's "predatory lending practices" are another's "fair credit opportunities." Furthermore, I think the logical conclusion of his line of thinking -- that creditors are somehow responsible for only offering their services to people who are 'responsible enough' to use them and not get in trouble, is a draconian, rubber-room, nanny-state. The whole premise -- that there is something wrong with me offering credit to anyone I choose who wants to accept it -- is false and dangerous, and if it gained wide acceptance would take us to a very bad place. The transition from "this is wrong" to "this shouldn't be allowed" to "this is illegal" happens rather quickly; if you let people cluck their tongues and shake their heads long enough without pointing out why their thinking is fallacious, eventually some Senator will decide to win some political capital by codifying it. It happens all the time.
You make good points. I was not defending the unjustified freezing or, as you put it "temporary seizure" of assets, just investigation.
I'm not really sure how the laws surrounding asset freezing and holds work, but I would agree with you that they are on a different level than simply compiling information on someone, which is what investigation means to me.
It seems to me that freezing someone's assets without due process or cause is unlawful Conversion; whether the Courts count that as a "seizure" in the Constitutional sense I'm not sure -- although my feeling is that they ought to.
PutFwd seems pretty neat -- it reminds me a little of Flickr in its early days.
.Mac service. (Especially because nobody I know likes getting hit with even a 2MB email attachment, much less a 20 or 200MB one, when they're not expecting it.)
I could see a real use for it for people who want to share home movies. Flickr, with the iPhoto export plugin, is great for photos but falls flat if you try to send a movie its way. Given that many digital cameras will take short movies, and iPhoto will manage them, I think there's a demand for a way to make them easily shareable aside from Apple's
I see you have an OS X dashboard widget, which is neat (I'd download and play with it if I wasn't at work); I wonder though if a more useful implementation wouldn't be a right-click option in the Finder. Click on a file, right-click, choose "Send to PutFwd" or something, and it would upload (and even handier would be if it put the resulting URL on the Clipboard).
Anyway, seems quite neat. I think the emphasis on desktop integration is the way to go; IMO that's the Achilles heel of most of the web-based file sharing systems that I've seen.
Like the guy said, it's not hard, but it's not easy either.
That's two more steps than signing up for Yahoo Mail takes. And you're not likely to get someone like my father, who doesn't have an SMS-enabled phone and probably doesn't know what an SMS is, to sign up that way. (Actually his first question would be, I can hear it now: "Why the hell do they want my phone number?")
I don't think Google ever wanted to just take over the webmail market overnight, though. It seems to me that they're comfortable with modest, continous growth in marketshare, rather than sharp peaks and declines.
That's not much of a commentary on Google, is it? I mean, if they're willing to take you to Egypt (or wherever) to perform some "rubber hose cryptanalysis," then there's nothing really stopping them from coming in and taking your computer, too. So having your data in encrypted form up on Google's servers really isn't increasing your exposure or risk any.
In fact, if Google encrypted everyone's files when they uploaded them on their GDrive, then it would probably limit your exposure, since then the encryption couldn't be an immediate red-flag. It's easy to single out people who are using encryption and get their passwords through some other means (keysniffing, etc.) when its only a few per thousand or million users, when it becomes universally used then it's much more difficult.
However as other people have pointed out I'm not sure that Google will offer any encryption, not because of government coercion but because it makes the data much harder to index (for advertising and searching purposes) and compress (you don't think that your 325 MB GMail box really takes up 325 MB on disk, do you?).
Okay, so there aren't any "secure" OSes.
That was fun -- how about a conclusion we can actually use?
I'd like to see a competition between OSes, because as a user at some point I might want to choose between them, and even if none of them are truly secure (as long as they're plugged in), there's a certain value in knowing which one is more secure than the others, in various use cases.
There's a certain point where a system becomes 'secure enough' for a particular use. Depending on the use, you might be okay with a default install of Debian-stable, or you might want SELinux with all the hardening options. It's a matter of exposure the system will have and what the consequences of it getting compromised would be.
Sure, to get enough datapoints to be really valid, you'd have to run 'competitions' like this pretty much continuously, and even then I'd have serious questions about them and how they model real-world hacking scenarios, but that's not to say you wouldn't get interesting results. Certainly more interesting that TFA's "competition."
Yes, at most major airports it's required. I believe the excuse is to scan them for explosives.
The last three airports I've flown out of (Dulles/IAD, Baltimore/BWI, and Springfield/BDL) all did it. Maybe they aren't as strict if you went to some middle-of-nowhere regional airport, but I doubt it.
If you don't like the rules, you don't have to get on the plane. Maybe if you protest enough, you'll get a refund (however I'm pretty sure that your ticket contract will probably say something like 'nonrefundable if rejected by security'). You might also end up on a no-fly list as well -- the TSA takes a dim view of "righteous indignation."
Personally I just take Amtrak. I finally got sick of being hassled for every nailfile and pair of travel scissors in my carryon, now I just take my business elsewhere. Pity they don't have trans-Atlantic rail service.
It's worth noting though that you can't even take a Greyhound bus without showing ID now; if you don't like showing ID, you better get used to telecommuting.
No, this is not true.
Anyone can deduct gambling losses, if they have taxable gambling winnings to deduct them from.
Generally only people that you would consider 'professional gamblers' keep good enough reciepts to take advantage of this, but it's available to everyone. I had a few relatives who used to go bet on the ponies regularly, and they used to keep pretty scrupulous records, so that at the end of the year they if they broke even, they wouldn't have to pay taxes on the amount of money that they spent and re-made. All of them had day jobs and certainly weren't professional bettors.
It's exactly as someone further up described it, if you win $10,000 over the course of a year, but also bet $9,700, you are only taxed on $300 as income. If you weren't able to deduct the losses, you'd be taxed on the full $10k.
Okay, I just had to respond to this part:
Loaning money to someone who can never pay it back is a very good business tactic. It means that they keep on paying interest payments for the rest of their lives, usually totalling much more than the loan was in the first place. Apart from that, it gives the jerks a feeling of power over the poor bastards so owned.
Who the hell are you to decide who can and can't 'ever pay it back?'
There are only two people who have any part of that decision: the person or entity loaning the money, and the person accepting the loan. That's it. If both of them want to be parties to the agreement, it's up to them -- that's part of being an adult in a free society. You get to make your own decisions, and that includes the right to run yourself into bankruptcy or wage-slave debt for the rest of your life. That's the other side to Freedom: you can make your life as good or as bad as you want it to be.
What you seem to be advocating is that we take away certain rights from people that we don't like, with the excuse that it's for their own good. "No, you can't offer him credit; he's irresponsible." Sure, he may not be a criminal, or have done anything strictly illegal, and he may even think that he wants credit -- but we know better than he does. It's for his own good.
People like you complain about laws like the Patriot Act, but the things you're advocating are a lot scarier. You can't keep people from messing up their own lives without basically taking away all choice -- and thus risk -- in life.
The sad truth about post 9/11 is that you could solve the airline threat by simply keeping guns off the planes
What are you talking about?
The 9/11 hijackers didn't use guns. Nobody had guns. They had box cutters, which were at the time, allowable carryon items. They have an exposed blade of less than 3/4", usually.
The security measures which prevent someone from bringing a gun on board an aircraft are basically the same now as they were pre-9/11: metal detectors and X-ray machines. Except now, in addition to looking for guns, they now remove and confiscate basically every sharp rigid object that could even theoretically be a weapon, X-raying everyone's shoes, and using explosive "sniffers." (I frankly don't find this to be particularly confidence-inspiring, since a well-built man can kill an unsuspecting opponent with a tablecloth, or indeed without any weapon at all.)
At any rate, get your facts straight.
Don't act so surprised; neither are the police. Being "investigated" doesn't entitle you to any sort of notification, because it doesn't mean anything. If you get charged with something, then you get to see all the evidence, confront your accusers, all the rest of that good stuff. But you do not have any right to know when you're being "investigated" -- and this is not a new development, there is no basis in law for it traditionally.
So don't point the Big Brother finger at Homeland Security as if they're somehow unique; you could be under investigation by any number of agencies, including your local police, and not neccessarily be aware of it. Unless they're going to charge you with something, they don't have any reason to inform you or anyone else about it.
Is that before or after the changeover? Dave Schroeder (the guy running the test) mentioned elsewhere in the thread that because of the high traffic, the test was being moved to a different subnet, and the IP would change at this time. It was supposed to happen last night.
I see it still works now (7 Mar 0940 EST) but it was also mentioned that the new box is not going to be the same one, but a clone of the original, so it's possible that by using an IP address you could be pointing to the old one.
Oh -- I hacked in and changed it back.
Sorry.
Well, what the heck else do you expect people to do there in the winter?
Wait ... what?
I got something about a camel, and a tent, and campaign financing. Can you run that metaphor by me again?
Maybe this is their new plan for increasing revenue.
(Reminds me of the Dilbert cartoon where they have first-aid supplies in the company vending machine...)
In particular, I'm thinking of application 20030223409, available here.
Maybe someone with more background in the field can give a better answer, but it seems as though what they're describing is a system where you use Ethernet transcievers to send time-division multiplexed data as a constant stream rather than packets. I find it very hard to believe that nobody has done that before, given that almost all multichannel digital audio systems (I think) are TDMA.
If anyone knows of clear prior art, here's your chance to nip an abusive patent in the bud.
This is true, however you can get a plugin for $8 USD that does this.
It's called iChatter, and it does a nice job of translating acronyms back to phrases using a customizable dictionary, etc. (So you can program "LOL" to be spoken as "ha ha" or anything else you want.)
http://www.ecamm.com/mac/ichatter/
I can't personally vouch for it, but it's out there. I use Adium (or AdiumX, I'm not clear on what it's 'official' name is) as my day-to-day client, and iChat for file transfers and on the very few occasions I've wanted to use audio or video chat.
My killer feature is multiple-protocol support, because I always seem to have a few people who I can't talk out of using MSN Messenger or Yahoo Messenger, and I don't feel like running three clients all the time. The OTR encryption is fairly slick, too; I'd be nice if Apple took a hint and included that in the future as well, although they've seemed reticent to provide any kind of iChat encryption in the past.
If you can get the 'nobody' (or 'http' or whatever) user to be able to access arbitrary code by fuzzing Apache
This would still require that there be an exploitable hole in Apache (or other running service), correct?
A usable priv-escalation vulnerability defeats the jails and "nobody" users -- although probably not completely, because it still provides an additional bar -- but would still require that the globally-accessible service to be compromised itself, in order for the computer to be rooted remotely, without any way in like the article competition's shell accounts.
So it's a two-step process, and a privilege escalation is step 2. Step 1 is still lacking, so it's not as though every OS X box in existence became compromised while Apple or whomever fixes the problem. (Which I hope they do, I don't mean to totally undermine the seriousness of this exploit, although I'm annoyed that it wasn't documented.)
Why would he need to do that, since if you go to http://test.doit.wisc.edu/, the machine itself presents a page explaining the competition?
The only function that signing the invitation here on Slashdot would do, is positively link the owner of the Slashdot account daveschroeder to the machine...but really, what does that matter? The owner of the machine, even if it's not daveschroeder (and I'm not implying that this is the case, but speaking hypothetically -- especially since his name is at the bottom of the page) is inviting people to hack it. I think that pretty much makes it valid, signature or not.