There are a few differences between junk mailers and spammers.. Most people have pointed out that junk mailers pay the cost of the process, and so this provides something of a self-limiting aspect to the process. The other is that what these laws focus on is not spamming itself or specific messages, but rather the damaging and annoying aspect of spammning..
For example: Things like sending thousands of emails to random (often nonexistant) addresses, harvesting address off of random websites, using false return addresses that make it all but impossible to identify the original sender, Sometimes even trying to willfully jam mail systems to that they have to choose between letting spam thru or tossing thousands or pieces of legitimate email.
What the current spam statutes are is rather like a law that outlaws loudspeaker trucks at 4:00am.
So sure -- if you notify a spammer after the fact, or in advance, by some reasonable means, that they should not send further spam to you, then I think that it might very well be sufficient for the government to make sure that they don't. (Though I'm wary of this, since I'd rather err on the side of more speech than less)
The spammers have been notified, and they're ignoring the notice. When spammers take steps to circumvent and frustrate anti-spam filters, the are implicitly acknowlweging that they know that their messages are unwanted and they don't care.
It's rather like if you were talking at me inanely, and I told you to stop. When you ignored me I plugged my ears, so you started yelling louder, then I got headphones, so you got a megaphone, then I locked myself inside a soundproof room and you got an 800watt sound system.
When it gets to the point where you're breaking Windows(tm), then it's no longer a free speech issue. It'a an annoyance and damage issue. It's completely legitimate to legislate against annoyance and damage, even if the annoyance and damage are clothed in communication. Libel laws are an example. There is also the relatively famous analogy about standing up in a crouded theatre and yelling "FIRE!" -- and, of course, noise pollution laws.
His sister (who only got a $7,500 fine) had her conviction overturned -- apparently on a technicality. The primary conviction with the recommended 9 years in jail stood. I find this mostly annoying but acceptable. Given that it was a technicality, it's quite possible that it will be reversed again.
If the patent can't be upheld in court it is effectively invalid.
Unfortunately, that would have to be proven in court. Have you noticed the SCO case. or the eolas/Microsoft case? Millions of dollars and a couple of years later and it's still not resolved.
A company like Microsoft can afford that sort of a lawsuit. How much would you be willing to spend to defend your open source program against a frivolous patent? $4million? $200K? $75+free beer?
Foundations are being set up to help deal with this problem, but not everybody will know to (or be able to) take advantage of them.
There's a coupld of things at work here: First of all, we now know that Sun storms can destroy ozone. Thing is that they always did that -- long before man was on the scene, much less producing CFC's. Sun storms should simply be factored into the models for the (natural) semi-stable state that existed before the 20'th century.
Second: Ozone is created by sunlight as part of a feedback loop. Is it any shock that, during the 4 months of eternal polar night, the ozone supply would weaken where the sun don't shine?? That would be part of why CFC's have so much obvious an effect up there -- It's already naturally depleting.. The man-made chemicals accelerate the action and shift the equilibrium point. (I.e. They don't create the ozone hole, they enlarge it, and most sane literature describes it that way).
Actually, there's not a shred of evidence that Linux has any patented code in it.
Excuse me??? Microsoft took out a patent on sudo. Yes, I realize that this patent should have been shot at the gate, but right now sudo violates a patent that was probably written by somebody who was in diapers when sudo was first written.
The fact that a patent is absolutely assinine and should never have been granted may lessen, but does not remove it's chilling effect on Linux development. That's part of why it's so important to leash (if not put down) the software patent industry.
Google's answer to the tempest is that they can essentially only do one language at a time. Perhaps they should team up with the Europeans to get multiple languages in one shot. I think that everybody would benefit from the combined expertise/resources.
The company is paying $30-$40/ton for animal offaland producing diesel fuel at $80/barrel (compared to $50/barrel for petrolium derived diesel).
This isn't all too shocking when you consider that, once you find it, petrolium comes out of the ground for essentially free. Subtract the cost of the source stock and you end up with a refined product at roughly the same price.
(I realize that it's not quite that simple, but it's an interesting 'coincidence'.)
SHA1-256 is not a new algorithm. It's essentially the same algorithm with twice the bits. I'm pretty sure it's also vulnerable (it just has more bits so an attack is harder).
Er, yeah. I kinda deduced that, but my point there is that you still have to edit the code to SHA1-160 to get to sha1-256.. once you do that, you then have the choice to go to 512 bits as well -- or completely replace it with one of the newer candidates. -- rather than going with two known-broken algorithms in their current forms and bitcounts, which is at least as much work for a less well-defined result
One thing that gets me is why would people have presumed that SHA-1 wouldn't have smaller collision fields than it's bit width? I realize that it's carefully designed by really good people, but they should know that if you can't prove that it's not possible then you shouldn't bet on it.
"..... Web Forms 2.0 aims to simplify the task of transforming XForms 1.0 systems into documents that can be rendered on HTML Web browsers that do not support XForms."
OK: So this backs up my gut feeling that allowing both is actually a good thing. XForms is for peoplw willing to go to a brand new browser, and WebForms provides a backup method for people staying with old browsers, while smoothing the road for the final move to a pure XForms platform.
I'm actually getting a feeling that the problem is with TFA, which might actually be springing from FUD.
Sure it does, because you're talking about two different algorithms.
Not really. SHA1+MD5 can be expressed as a singular algorithm that produces the combined signature.... thing is, you now end up with one algorithm broken in two different ways that may actually allow for an easier breakage down the road (it's a bit harder to predict, given that you're now looking at a relatively ad-hock concatonation).
It's not that it's a known breakage -- rather that you're now looking at a very ad-hock union that hasn't been carefully designed. In some ways, it's better to go with widening the key on a well designed system with known breakage than to go with an ad-hock system with unknown properties (other than two different kinds of classes of known holes).
Still sounds like a heck of a good joke.
No removable midia = no backup
It depends on what you describe as a joke.
It allows the marketing 'droids to say things like 'We took a C2 certified system, added a ZIP drive and 3COM ethernet card, and voila one of the most usable, secure systems you could hope for.' (then hold their breath and hope that the carefully balanced shoe doesn't drop).
It's not fraud if you honestly (if misleadingly) document what you're doing.
There are a number of ways to exploit breakage of SHA-1. Brute force is not the only way. A modification of one suggestion made on bugtraq:
Write a macro:
if( $TestBlock == "AAAAAAAAAAAAAAAAAAAAAAAA") { print "Deposit to the account of RMS" } else { print "Deposit to the account of Bill Gates" };
At that point, all you have to do is look for a message that modifies ANY of the characters of $TestBlock while keeping the SHA1 digest intact. You can encode more specific data by specifying multiple such blocks.
.
If you know what you're doing, you could easily hide this inside a PDF (which is essentially a postscript program) or a word macro.
For the most part, something that takes millions of dollars of hardware to exploit doesn't look like such a big deal, but once in a while we find ourselves caught in the middle of affairs much bigger than our piddly little lives, and knowing that someone with the resources of Bill Gates couldn't mount a man-in-the-middle attack on your PGP communications may be more important than you think in the moment.
Isn't this still Cost Savings, when you don't need to hire as many admins?
I think that by 'cost savings' they were talking about license costs -- and the straw-man that Linux licenses are 'free' (or can be, but won't be if you buy Red Hat).
Given that Cisco (probably) already has licenses for all of their Windows boxes, I doubt that they'll have any immediate payback on the per-machine licensing/support (( although they'll be laughing all the way to the bank when Longhorn starts gouging all of those companies still locked into Windows).
"Linux is easy because we set up proper polcies and enforce them. Windows is hard because we haven't bothered to do so."
I think it's more like "it's easier to get away without handing admin perms to Linux users."
Linux and unix, having been designed for multi-user use from day one, tends to be easier to separate user functions from admin. Multi-user capability has been retro=fitted (or jury-rigged) into Window, so users aren't quite as well isolated.
Yes, you can take 'administrator' access away from Windows users but it'll probably end up being a good bit more work whan with Linux.
I don't think that these images are all that good for stereo for a couple of reasons:
These pairs seem to be taken with different filters. This would, at least, explain why the two images seem to emphasize different details.
divergent stereo??? divergent stereo is WAY harder to do than cross-eyed stereo. Many people can't do divergent without mechanical aids (especially with larger images). My mothe, who'se an optometrist thinks that it's almost impossible (compared to cross-eyed stereo)
I'm not ssure if they're corrrectly rotated. For stereo images like this, the horizontal line should be coplanar to the location of the two lenses used to take the picture. I'm guessing that the pictures were just chosen for the leftmost and the rightmost, but no matching rotation was done.
If anybody knows the layout of the peobe well enough to draw the line which would be coplanar to the two lenses, I'd be happy to rotate the images (and swap them, too, if need be)
(Just an FYI: I used to own a stereo camera (stereo realist) I've still got a thousand or so images in my archive. Since losing the camera, I've also done my own setero pairs 'the hard way', so I've gotten reasonably good at doing this)
As bulk mail, it'll probably cost them about $20K to send out snail-mail notices. Far less (perhaps $2K) if they manage to send out email notices. I figure that that's nothing compared to what they've gotten from questionable companies making requests. -- In fact, I'd be shocked if they were charging less than $1.00 per query (probably more in the range of $10), which would still leave them with a healthy profit buffer.
Nope. They never denied that there were non-Californians affected. All that they confirmed is that California law required them to inform the 35,000 affected CA residents. Given that CA represents about 10% of the US population, I took that to mean that there were about 300,000 affected US residnts.
That they're announcing that they're 'only' informing 100,000 other US residents can be explained in any of the following ways:
The attacks were focused on CA residents, for some reason.
They have only identified 100,000 people this week, and there's another 3 weeks of work to do.
They are willfully underreporting the actual numbers and hoping that nobody will do the research to prove them wrong.
Given that the law doesn't require them to inform everybody who got hit, they're only informing those non CA residents who got hit the worst. 2/3 of the people who would have been informed under CA law will never know...
The most interesting information is between the lines. Learn to read there more often. ("Diplomacy is the art of telling a lion 'Nice kitty kitty' while you search for a big rock. Media relations is doing for a company what a diplomat does for a country.")
Also every article I've read, incuuding this one, shure hasn't seemed to scientific. Phrases like "all rational people will agree that this is the only cuase" is so insane for something like atmospheric conditions.
You're confusing scientific papers with newspaper (and other general media) articles. From a true science point of view, the only real value of most general media articles is as pointers to more real papers. Unless I have a good history with them, I don't even trust them to get the facts right.
I've been on the inside of enough news stories to be very jaded about the ability of 'the press' to get more than the most basic underlying data right (like the fact that there's a controversy about 'X' going on and these are some of the people talking about it).
The author suggests that Humans have in fact halted and reversed an Ice age through the development of agriculture about 8000 years ago.
That would fit in nicely with the Greenland glacial info which indicated that temperatures stabalized at the high end about 8000 years ago. In the last century, however, we've had another spike which has gone way above the stabalization point.
Which is why this particular study is so very important - they didn't tweak the models, they took a bunch of existing tweaked models and applied them to another set of data.
That's how most science works --
examine available data, come up with a model for it.
Look at the model and figure out what else it predicts that's not obvious.
Collect datat to see if the new predictions are accurate
In Britain, the TV service is mostly paid for with TV licenses. I think that only ITV broadcasts ads, and those are mostly at the beginning and end of the show -- In other words, Brits grabbing US broadcasts mean that advertisers get more exposure for their ads (even if they're often skipped).
If you're already directly paying for your TV shows via taxes, I can easily
see there being far less guilt about recording and trading them.
Slashdot Mirror
For example: Things like sending thousands of emails to random (often nonexistant) addresses, harvesting address off of random websites, using false return addresses that make it all but impossible to identify the original sender, Sometimes even trying to willfully jam mail systems to that they have to choose between letting spam thru or tossing thousands or pieces of legitimate email.
What the current spam statutes are is rather like a law that outlaws loudspeaker trucks at 4:00am.
So sure -- if you notify a spammer after the fact, or in advance, by some reasonable means, that they should not send further spam to you, then I think that it might very well be sufficient for the government to make sure that they don't. (Though I'm wary of this, since I'd rather err on the side of more speech than less)
The spammers have been notified, and they're ignoring the notice. When spammers take steps to circumvent and frustrate anti-spam filters, the are implicitly acknowlweging that they know that their messages are unwanted and they don't care.
It's rather like if you were talking at me inanely, and I told you to stop. When you ignored me I plugged my ears, so you started yelling louder, then I got headphones, so you got a megaphone, then I locked myself inside a soundproof room and you got an 800watt sound system.
When it gets to the point where you're breaking Windows(tm), then it's no longer a free speech issue. It'a an annoyance and damage issue. It's completely legitimate to legislate against annoyance and damage, even if the annoyance and damage are clothed in communication. Libel laws are an example. There is also the relatively famous analogy about standing up in a crouded theatre and yelling "FIRE!" -- and, of course, noise pollution laws.
His sister (who only got a $7,500 fine) had her conviction overturned -- apparently on a technicality. The primary conviction with the recommended 9 years in jail stood. I find this mostly annoying but acceptable. Given that it was a technicality, it's quite possible that it will be reversed again.
Unfortunately, that would have to be proven in court. Have you noticed the SCO case. or the eolas/Microsoft case? Millions of dollars and a couple of years later and it's still not resolved.
A company like Microsoft can afford that sort of a lawsuit. How much would you be willing to spend to defend your open source program against a frivolous patent? $4million? $200K? $75+free beer?
Foundations are being set up to help deal with this problem, but not everybody will know to (or be able to) take advantage of them.
(er. um, we now return you to your regular programming).
Second: Ozone is created by sunlight as part of a feedback loop. Is it any shock that, during the 4 months of eternal polar night, the ozone supply would weaken where the sun don't shine?? That would be part of why CFC's have so much obvious an effect up there -- It's already naturally depleting.. The man-made chemicals accelerate the action and shift the equilibrium point. (I.e. They don't create the ozone hole, they enlarge it, and most sane literature describes it that way).
Excuse me??? Microsoft took out a patent on sudo. Yes, I realize that this patent should have been shot at the gate, but right now sudo violates a patent that was probably written by somebody who was in diapers when sudo was first written.
The fact that a patent is absolutely assinine and should never have been granted may lessen, but does not remove it's chilling effect on Linux development. That's part of why it's so important to leash (if not put down) the software patent industry.
Google's answer to the tempest is that they can essentially only do one language at a time. Perhaps they should team up with the Europeans to get multiple languages in one shot. I think that everybody would benefit from the combined expertise/resources.
This isn't all too shocking when you consider that, once you find it, petrolium comes out of the ground for essentially free. Subtract the cost of the source stock and you end up with a refined product at roughly the same price.
(I realize that it's not quite that simple, but it's an interesting 'coincidence'.)
Er, yeah. I kinda deduced that, but my point there is that you still have to edit the code to SHA1-160 to get to sha1-256.. once you do that, you then have the choice to go to 512 bits as well -- or completely replace it with one of the newer candidates. -- rather than going with two known-broken algorithms in their current forms and bitcounts, which is at least as much work for a less well-defined result
One thing that gets me is why would people have presumed that SHA-1 wouldn't have smaller collision fields than it's bit width? I realize that it's carefully designed by really good people, but they should know that if you can't prove that it's not possible then you shouldn't bet on it.
OK: So this backs up my gut feeling that allowing both is actually a good thing. XForms is for peoplw willing to go to a brand new browser, and WebForms provides a backup method for people staying with old browsers, while smoothing the road for the final move to a pure XForms platform.
I'm actually getting a feeling that the problem is with TFA, which might actually be springing from FUD.
Once you do that, then why not just go to a brand new algorithm? That's actually what's being done -- whether it's sha256, or tiger.
Not really. SHA1+MD5 can be expressed as a singular algorithm that produces the combined signature.... thing is, you now end up with one algorithm broken in two different ways that may actually allow for an easier breakage down the road (it's a bit harder to predict, given that you're now looking at a relatively ad-hock concatonation).
It's not that it's a known breakage -- rather that you're now looking at a very ad-hock union that hasn't been carefully designed. In some ways, it's better to go with widening the key on a well designed system with known breakage than to go with an ad-hock system with unknown properties (other than two different kinds of classes of known holes).
No removable midia = no backup
It depends on what you describe as a joke.
It allows the marketing 'droids to say things like 'We took a C2 certified system, added a ZIP drive and 3COM ethernet card, and voila one of the most usable, secure systems you could hope for.' (then hold their breath and hope that the carefully balanced shoe doesn't drop).
It's not fraud if you honestly (if misleadingly) document what you're doing.
Write a macro:
At that point, all you have to do is look for a message that modifies ANY of the characters of $TestBlock while keeping the SHA1 digest intact. You can encode more specific data by specifying multiple such blocks. . If you know what you're doing, you could easily hide this inside a PDF (which is essentially a postscript program) or a word macro.For the most part, something that takes millions of dollars of hardware to exploit doesn't look like such a big deal, but once in a while we find ourselves caught in the middle of affairs much bigger than our piddly little lives, and knowing that someone with the resources of Bill Gates couldn't mount a man-in-the-middle attack on your PGP communications may be more important than you think in the moment.
Can I call it????
(sigh)
I think that by 'cost savings' they were talking about license costs -- and the straw-man that Linux licenses are 'free' (or can be, but won't be if you buy Red Hat).
Given that Cisco (probably) already has licenses for all of their Windows boxes, I doubt that they'll have any immediate payback on the per-machine licensing/support (( although they'll be laughing all the way to the bank when Longhorn starts gouging all of those companies still locked into Windows).
I think it's more like "it's easier to get away without handing admin perms to Linux users."
Linux and unix, having been designed for multi-user use from day one, tends to be easier to separate user functions from admin. Multi-user capability has been retro=fitted (or jury-rigged) into Window, so users aren't quite as well isolated.
Yes, you can take 'administrator' access away from Windows users but it'll probably end up being a good bit more work whan with Linux.
- These pairs seem to be taken with different filters. This would, at least, explain why the two images seem to emphasize different details.
- divergent stereo??? divergent stereo is WAY harder to do than cross-eyed stereo. Many people can't do divergent without mechanical aids (especially with larger images). My mothe, who'se an optometrist thinks that it's almost impossible (compared to cross-eyed stereo)
- I'm not ssure if they're corrrectly rotated. For stereo images like this, the horizontal line should be coplanar to the location of the two lenses used to take the picture. I'm guessing that the pictures were just chosen for the leftmost and the rightmost, but no matching rotation was done.
(Just an FYI: I used to own a stereo camera (stereo realist) I've still got a thousand or so images in my archive. Since losing the camera, I've also done my own setero pairs 'the hard way', so I've gotten reasonably good at doing this)If anybody knows the layout of the peobe well enough to draw the line which would be coplanar to the two lenses, I'd be happy to rotate the images (and swap them, too, if need be)
As bulk mail, it'll probably cost them about $20K to send out snail-mail notices. Far less (perhaps $2K) if they manage to send out email notices. I figure that that's nothing compared to what they've gotten from questionable companies making requests. -- In fact, I'd be shocked if they were charging less than $1.00 per query (probably more in the range of $10), which would still leave them with a healthy profit buffer.
That they're announcing that they're 'only' informing 100,000 other US residents can be explained in any of the following ways:
- The attacks were focused on CA residents, for some reason.
- They have only identified 100,000 people this week, and there's another 3 weeks of work to do.
- They are willfully underreporting the actual numbers and hoping that nobody will do the research to prove them wrong.
- Given that the law doesn't require them to inform everybody who got hit, they're only informing those non CA residents who got hit the worst. 2/3 of the people who would have been informed under CA law will never know...
The most interesting information is between the lines. Learn to read there more often. ("Diplomacy is the art of telling a lion 'Nice kitty kitty' while you search for a big rock. Media relations is doing for a company what a diplomat does for a country.")If they did that, it would cost them business. That would cost them profit. They're a company. Next question?
You're confusing scientific papers with newspaper (and other general media) articles. From a true science point of view, the only real value of most general media articles is as pointers to more real papers. Unless I have a good history with them, I don't even trust them to get the facts right.
I've been on the inside of enough news stories to be very jaded about the ability of 'the press' to get more than the most basic underlying data right (like the fact that there's a controversy about 'X' going on and these are some of the people talking about it).
That would fit in nicely with the Greenland glacial info which indicated that temperatures stabalized at the high end about 8000 years ago. In the last century, however, we've had another spike which has gone way above the stabalization point.
That's how most science works --
- examine available data, come up with a model for it.
- Look at the model and figure out what else it predicts that's not obvious.
- Collect datat to see if the new predictions are accurate
- Profi... SLAP!
(sorry 'bout that last bit).If you're already directly paying for your TV shows via taxes, I can easily see there being far less guilt about recording and trading them.