Well, what the article claims about SSH is only partly true. The ssh client remembers the host-key of any host it ever connectedto. So man-in-the-middle attacks would only work the first time a connection is made. After that the client has a means of identifying the host it connects to.
This is not a pissing contest. Nobody is doubting that the US could nuke the whole planet 100 times, and France just 2 times. But I don't think that is the issue here.
I think your wrong. Maybe XFree4 doesn't use more than 24 bits/pixel, but:
As far as I can tell, the (3D) chip could easily generate 10:10:10 bit, even when only using 24 bit textures, with all the lighting and shading going on.
The X11 protocol/API limits a pixel value to 32 bits, which is good enough for 10:10:10 bits pixels. Individual color R,G&B components are even specified as 16 bits numbers in some places! 'man XColor' is your friend.
GPLing obfuscated code is no good.
on
Abusing the GPL?
·
· Score: 1
The thing that concerns me is what will take the place of these fiels when their population decreases. Nature usually doesn't permit a kind of vacuum, and it might well be that there are unforseen side-effects to this kind of action.
I don't know what nationality Berners-Lee currently has, but according to his bio on w3c, he was born and educated in the UK.
That being said, I think this discussion is rather silly. I always felt that free software and internet
were about cooperation instead of this kind of stupidity.
Yeah, but the point I am trying to make is that
server certificates and a decent random number generator are enough to establish a shared secret, and thus secure communication.
Obviously, the server will have no prove of the identity of the client.
The client (web-browser) has the public key of the CA (certificate authority), so it can verify the server's identity. It can then use the public key of the server to send a random number to the server, and ONLY somebody knowing the server's private key, will know this number. This establishes a shared secret between the server and the client, and should prevent the man-in-the-middle attack that is described in the article.
No. If they have a commercial, binary distribution, they are responsible for physically supplying the source-code. The GPL only makes an exception for non-commercial binary distributions. These can get away with saying 'you can get the source at company X that gave us the binaries.'
No. If they have a commercial, binary distribution, they are responsible for physically supplying the source-code. The GPL only makes an exception for non-commercial binary distributions. These can get away with saying 'you can get the source at company X that gave us the binaries.'
The way I read it, you should accompany a binary distribution of software based on GPL with either the source-code, or a written offer to supply any third party with the source code.
AFAIK only France used to have restrictions on the use (and possibly export) of cryptography, but they dropped those.
Here in the Netherlands some attempts were made to regulate crypto, but public outcry made the politicians drop the silly plan. It is still legal to produce, sell, import, export or own cryptographic software here.
The US pushed the world to include crypto software as dual-use goods in the Wassenaar agreements, but since an explicit exception is made for `Public Domain' (includes GPL) software, it is relatively harmless. As far as cryptography is concerned, Europe is much more free than the US.
Slashdot Mirror
Well, what the article claims about SSH is only partly true. The ssh client remembers the host-key of any host it ever connectedto. So man-in-the-middle attacks would only work the first time a connection is made. After that the client has a means of identifying the host it connects to.
I really hope you're trolling, but just in case:
GET A LIFE!
This is not a pissing contest. Nobody is doubting that the US could nuke the whole planet 100 times, and France just 2 times. But I don't think that is the issue here.
Care to substantiate this in any way? Or are you really so full of shit as you seem to be?
Did you actually bother to read a manpage?
Your wrong.
'man X', under 'COLOR NAMES'
The syntax is an initial sharp sign character followed by a numeric specification, in one of the following formats:
#RGB (4 bits each)
#RRGGBB (8 bits each)
#RRRGGGBBB (12 bits each)
#RRRRGGGGBBBB (16 bits each)
The source code for a work means the preferred form of the work for making modifications to it.
So I guess, this is not going to work. Then again, IANAL, and I don't want to be one.
The thing that concerns me is what will take the place of these fiels when their population decreases. Nature usually doesn't permit a kind of vacuum, and it might well be that there are unforseen side-effects to this kind of action.
I don't know what nationality Berners-Lee currently has, but according to his bio on w3c, he was born and educated in the UK. That being said, I think this discussion is rather silly. I always felt that free software and internet were about cooperation instead of this kind of stupidity.
see espacenet for the European patent-office stuff. The interface is a bit stupid, but anyway.
Yeah, but the point I am trying to make is that
server certificates and a decent random number generator are enough to establish a shared secret, and thus secure communication.
Obviously, the server will have no prove of the identity of the client.
What is the problem with SSL?
The client (web-browser) has the public key of the CA (certificate authority), so it can verify the server's identity. It can then use the public key of the server to send a random number to the server, and ONLY somebody knowing the server's private key, will know this number. This establishes a shared secret between the server and the client, and should prevent the man-in-the-middle attack that is described in the article.
No. If they have a commercial, binary distribution, they are responsible for physically supplying the source-code. The GPL only makes an exception for non-commercial binary distributions. These can get away with saying 'you can get the source at company X that gave us the binaries.'
No. If they have a commercial, binary distribution, they are responsible for physically supplying the source-code. The GPL only makes an exception for non-commercial binary distributions. These can get away with saying
'you can get the source at company X that gave us the binaries.'
The way I read it, you should accompany a binary distribution of software based on GPL with either the source-code, or a written offer to supply any third party with the source code.
Here in the Netherlands some attempts were made to regulate crypto, but public outcry made the politicians drop the silly plan. It is still legal to produce, sell, import, export or own cryptographic software here.
The US pushed the world to include crypto software as dual-use goods in the Wassenaar agreements, but since an explicit exception is made for `Public Domain' (includes GPL) software, it is relatively harmless. As far as cryptography is concerned, Europe is much more free than the US.