It had always been that way through history. All performing artists (actors, musicians, dancers etc) were paid for their live performances (surprising, huh?). The advent of technology that enabled the recording of performances gave the illusion that one (studio) performance should be enough to make a living and be rich. However this was a situation that worked only temporarily. It worked because the demand for the creations of the artists was high and the mass-copying machines were too expensive and controlled by few distribution companies.
While this situation worked, laws were passed to extend copyrights. The distribution companies were able to pass the law because nobody in the society cared. It was a case of company defending their copyrighted work from other companies. The average Joe couldn't think of a vinyl copying machine (and those who could knew that they wouldn't be able to afford it), so he didn't really care to object extending copyrights. It seemed fair at that time. However now the technology for copying performances exists, so the game now is the (super-extended) copyright holders vs the society. The copyright holders are so gonna lose and they know it. They just try to make a buck while they can.
And the artists? Well, since the artists have already been deprived from the copyright of their work, it's all over touring for them like the old days. Not that they don't like it.
Compiling isn't really a good option for a production server, unless you are really desperate for a specific piece of software or you're mad enough to run Gentoo on it. When you compile something, you undertake the cost of updating it each time a bugfix comes out or some dependency breaks it.
The balance between new stuff and stability is very delicate. IMHO, the Debian folks have lost it, leaning too much towards stability. This is wrong, because it makes life of users difficult when it is practically infeasible to guarantee perfect stability. See Bug#411487 as an example. Insisting on supporting only python2.4 for mod_py, didn't save debian from a conflict with php5-mhash which went undetected.
While I'm happy to see that libapache2-mod-python at last supports python2.5, I'm very dissapointed that debian developers didn't include python2.6. Do we have to wait another 22 months for it?
If the debian folks think that python2.6 could cause problems they are free not to make it the *default* python. But not including it at all is insulting for the python development team. Most important, since python2.6 is considered a stepping stone to python3, it is also very inconvenient for those who want to start migrating their code to python3.
Does Egyptian military really rely on the use of GPS for their operations? The GPS satellites are controlled by the US. So, relying on them does not seem a very good idea. That's why Russia operates GLONASS and EU prepares to launch Galileo. Additionally, terrestrial GPS jamming can disrupt GPS operation.
Multipot is an excellent and cool looking solution for organizing your chargers and cable. However it comes with a price tag of ~$200. So you have to be either very rich or very desperate* to buy it.
Since it shouldn't include any fancy electronics, it would be nice to see some Chinese guy producing something similar on a reasonable price.
*Desperate either with your cable problem or your love-life. Multipot looks like a great girl-attractor.
Even though I was moderated "Troll" and most people didn't see the original post, my point still stands and here is the defense.
The whole idea of SSL is to provide mutual authentication via a public key infrastructure (PKI). It was not intended soley to protect the data "in transit" but to, in addition to transport security, provide mutual authentication using PKI.
And you're still a troll. SSL was later named TLS exactly because it has to do with securing the transport layer connection. PKI is a requirement for establishing an SSL connection. Otherwise PKI has nothing to do with SSL.
PS for the readers: Apologies for feeding the troll.
There are many scenarios involving semi-sensitive data (access to some collaboration website, access to services only supporting basic HTTP authentication etc) where a signed certificate is an overkill.
In these cases a self-signed cert and SSL surely won't protect your data from a malicious web server. However SSL will do a great job protecting your data as they travel to get there. Without SSL, someone with access to any intermediate router can get your data with a plain tcpdump.
Of the hash of a self-signed certificate should be confirmed by a side-channel. Otherwise a MITM attack is possible. But even with the hash uncofirmed, how many people you know that are able to launch a MITM attack?
PS: Do you use self-signed certificate for the ssh server of your linux box/server? If yes, why do you even bother using ssh? You would do fine with telnet in the first place.
IMHO, the current handling of certificates by Firefox is wrong.
I doubt that the Firefox developers have thoroughly discussed the issue*.
It's sad to say, but the current handling seems like a copycat from IE.
What the Firefox folks don't seem to get is that in practice there
are 3 types of certificates. Each type has a different usage scope.
The user interface of Firefox should make clear the scope of each type,
not the type itself.
Plain Certificates: Used to certify the identity of the website.
Self-signed Certificates: Do no certify any entity. Only used to establish an encrypted connection.
Currently Firefox discriminates only between 1 and 2. They don't actually have a different
presentation for 3. They only display this misleading screen. As soon as you accept the certificate,
self signed certificates are hard to tell apart from type 2 certificates.
I think that it is necessary to add a third type of certificates in Firefox to accomodate
self-signed certificates. For this new type a separate color should be used in the address bar.
Orange would be probably a good choice: it doesn't scream danger like red but isn't either assuring
like green (type 1 certificates) or blue (type 2 certificates). A warning screen should also be
present, but it should use more mild language. It should also be easier to bypass.
* Hint: If they are really scared of the self-signed certificates,
why do they have the "Permanently store this exception" box checked by default?
CDs were around for a long time before burners were available (for practical definitions of "available"). Most of the people who had CD players and changers in the late '80s and early '90s didn't even have a computer, much less a computer that was fast enough to run a CD burner, much less the means to afford said burner.
True. However, in the early days of the CD people were also very careful with handling their CDs because they were used to handle the much more fragile LPs. Also, the market wasn't full of cheapo CD players that would wear-out the medium. So, in most cases, the worn CDs do not come from the early days of the CD.
CD changers for cars were in the $300-$500 range, and were more common than single-disk in-dash players. Burners were thousands of dollars + the cost of the computer to hook them up to.
Not true. Check this article. It is clear that (at least in the Netherlands) the car CD players were the least common type of CD player up to the mid 90s. At that time, the prices of CD burners started plummeting.
Car CD-changers were darn expensive as well in these early days. So anyone having money to spend on a car CD-changer could probably also afford a burner.
Also, the CD burners have stopped being expensive since the late 90s. That's a lot of time for anyone to identify the media deterioration and make his backups.
I don't want to be mean, but why would anyone use original (and sometimes irreplaceable) CDs in his car? Always use copies of the originals for in-car listening.
I totally agree with the author of the article. He doesn't suggest that there should be no verification of the SSL certificates. He just says that the warning message is an overkill because it scares people from using SSL in encryption-only mode. It's kind of a G.W. Bush approach ("You are either with, or against us.") that I wouldn't expect from Mozilla foundation.
IMHO, the new approach of Mozilla to SSL cert handling is flawed because:
1. The displayed message has the look of an error message, while in fact it is a warning message. You have to read the fine-print in order to understand that.
2. The message gives erroneous suggestion for the source of the (perceived) problem. In 99% of the cases, neither of the following is true:
This could be a problem with the server's configuration, or it could be someone trying to impersonate the server.
If you have connected to this server successfully in the past, the error may be temporary, and you can try again later.
3. If the Mozilla guys really think that there is something bad going on, why do they have checked by default the "Permanently store this exception" checkbox?
Finally, running running a CA is not an option for many companies. There is a quite heavy administrative overhead (compared to the received benefits) for doing so. Also, what happens with business partners of the company who don't want to trust all of the sites certified by their CA?
I am sorry to say, but this new warning screen is a bad copycat from IE7. I would bet that there is a thread somewhere in/. where the/.-ers moan about the new warning screen of IE7.;-)
Call me troll or whatever you want, but I don't understand why this post was submitted/accepted. I like Cringley's blog too, but some stories on it just are not worth posting on/..
PAST is a large-scale, peer-to-peer archival storage facility very similar with Baxter. Content replication and distribution, fault tolerance and other major issues are discussed in the publications on PAST web site. And guess what: PAST has been around since 2001.
And if you don't like PAST because it came off (ahem) Microsoft research labs, other/.rs mentioned a bunch of other similar systems (Mango, Pensamos, Freenet).
So, there's nothing really new and exciting in this Cringley's post. It's fine to post this in his blog (it's HIS blog after all) but not in/.. Morons that cheer whatever their idol spews out of his head should be kept away from/. if possible.
A reply from Mark Cuban to a comment of a reader in his blog:
A compressed DVD 2hour movie can be 900mbs, give or take. A compressed HD 2 hr movie at only Mpeg2/ATSC/1080i equivalency is about 9 GBS, at the low end. Thats 10x.. Do you see upload and download speeds increasing 10x in the next couple years? I dont...
I suspect brain damage on Mark if he cannot understand that nobody gives a s#1t for HD movies. DVD quality is good enough for most people standards. HD movies are doomed for the very same reason DVD-Audio and Super-Audio-CD are a failure today. Even if MPAA manages somehow to distribute only HD movies, people will happily downgrade them to DVD quality and keep sharing them:-P
Shipping a million units does not mean a thing. Floppy disk drives still sell millions but they are considered dead for good, practically used ony on emergency situations. Bluetooth is pretty much the same, it sells millions because it is integrated into things you would buy anyway, but its use is limited.
Floppy drives still exist because there is no really cheap replacement for them. IR eclipsed only because Bluetooth was pushed in the market, and it does the same thing better at ~ the same price. I call that zombie-techs: Technologies that are dead, but they don't know it until another technology tells them. Bluetooth is the latest zombie-tech.
I think that in the end Bluetooth will be replaced by Zigbee for low-end devices and wifi for high-end.
Happy birthday to LDP! I think though that this birthday is a time to plan ahead and reorganize, not to celebrate. To make myself clear, here is the story.
Documents do get outdated. I wanted to install a nis server the other day, so I read the corresponding howto. I found it quite out of date. Half of the things referred in the howto are now automatically done in any decent distribution. Plus a large part of the document was referring to things that are relevant only if you support legacy systems. Finally I got little insight on how to configure what the distribution had left for me. And I never managed to have an MD5 password file shadowed over nis. I am quite sure that there are (more modern) alternatives to nis, but they weren't referred anywhere there.
Some other howtos I read also looked more like 'historic' documents rather than up to date, regularly updated documents. I don't think that LDP was meant to be that way. I hope I was just unlucky with the documents I picked/needed to read.
With Windows '98 Microsoft was proudly proclaiming that they integrated the browser with the OS, thus unifying and enhancing the user experience. I remember hearing stupid quotes like "The browser is the OS" and other crap from these days.
Microsoft said that because in '98, surfing the web was supposedely the coolest thing around. Today weblogs are considered cool, so Microsoft goes that way. They just want to make the "average" user eager to pay them to get the new "cool" features.
Personally I don't expect anything exciting from Longhorn's weblogging features.
I read the stories and I am in doubt that Microsoft will launch its own portable media player. To me it sounded like MS will make some software that will run on devices built by third parties.
Haven't they learn from Hollywood movies? In the most critical moment, a bad guy will squash the spy-roach under his boot and the good guys will have to find another way to get what they want.
Have you ever heard of versioning systems (e.g. cvs)? Assuming that their programmers check-in their code at the end of each day, Valve can detect&remove any mal-ware added in a few minutes without losing more than a day's work
Slashdot Mirror
It had always been that way through history. All performing artists (actors, musicians, dancers etc) were paid for their live performances (surprising, huh?). The advent of technology that enabled the recording of performances gave the illusion that one (studio) performance should be enough to make a living and be rich. However this was a situation that worked only temporarily. It worked because the demand for the creations of the artists was high and the mass-copying machines were too expensive and controlled by few distribution companies.
While this situation worked, laws were passed to extend copyrights. The distribution companies were able to pass the law because nobody in the society cared. It was a case of company defending their copyrighted work from other companies. The average Joe couldn't think of a vinyl copying machine (and those who could knew that they wouldn't be able to afford it), so he didn't really care to object extending copyrights. It seemed fair at that time. However now the technology for copying performances exists, so the game now is the (super-extended) copyright holders vs the society. The copyright holders are so gonna lose and they know it. They just try to make a buck while they can.
And the artists? Well, since the artists have already been deprived from the copyright of their work, it's all over touring for them like the old days. Not that they don't like it.
It would be more accurate to say: "plenty of sun, excellent food and enough wine so that every woman you meet looks beautiful".
Compiling isn't really a good option for a production server, unless you are really desperate for a specific piece of software or you're mad enough to run Gentoo on it. When you compile something, you undertake the cost of updating it each time a bugfix comes out or some dependency breaks it.
The balance between new stuff and stability is very delicate. IMHO, the Debian folks have lost it, leaning too much towards stability. This is wrong, because it makes life of users difficult when it is practically infeasible to guarantee perfect stability. See Bug#411487 as an example. Insisting on supporting only python2.4 for mod_py, didn't save debian from a conflict with php5-mhash which went undetected.
While I'm happy to see that libapache2-mod-python at last supports python2.5, I'm very dissapointed that debian developers didn't include python2.6. Do we have to wait another 22 months for it?
If the debian folks think that python2.6 could cause problems they are free not to make it the *default* python. But not including it at all is insulting for the python development team. Most important, since python2.6 is considered a stepping stone to python3, it is also very inconvenient for those who want to start migrating their code to python3.
Does Egyptian military really rely on the use of GPS for their operations? The GPS satellites are controlled by the US. So, relying on them does not seem a very good idea. That's why Russia operates GLONASS and EU prepares to launch Galileo. Additionally, terrestrial GPS jamming can disrupt GPS operation.
...if you have the money!
Multipot is an excellent and cool looking solution for organizing your chargers and cable. However it comes with a price tag of ~$200. So you have to be either very rich or very desperate* to buy it.
Since it shouldn't include any fancy electronics, it would be nice to see some Chinese guy producing something similar on a reasonable price.
*Desperate either with your cable problem or your love-life. Multipot looks like a great girl-attractor.
Even though I was moderated "Troll" and most people didn't see the original post, my point still stands and here is the defense.
The whole idea of SSL is to provide mutual authentication via a public key infrastructure (PKI). It was not intended soley to protect the data "in transit" but to, in addition to transport security, provide mutual authentication using PKI.
And you're still a troll. SSL was later named TLS exactly because it has to do with securing the transport layer connection. PKI is a requirement for establishing an SSL connection. Otherwise PKI has nothing to do with SSL.
PS for the readers: Apologies for feeding the troll.
Do you even know what SSL is for?
Do you?
There are many scenarios involving semi-sensitive data (access to some collaboration website, access to services only supporting basic HTTP authentication etc) where a signed certificate is an overkill.
In these cases a self-signed cert and SSL surely won't protect your data from a malicious web server. However SSL will do a great job protecting your data as they travel to get there. Without SSL, someone with access to any intermediate router can get your data with a plain tcpdump.
Of the hash of a self-signed certificate should be confirmed by a side-channel. Otherwise a MITM attack is possible. But even with the hash uncofirmed, how many people you know that are able to launch a MITM attack?
PS: Do you use self-signed certificate for the ssh server of your linux box/server? If yes, why do you even bother using ssh? You would do fine with telnet in the first place.
IMHO, the current handling of certificates by Firefox is wrong. I doubt that the Firefox developers have thoroughly discussed the issue*. It's sad to say, but the current handling seems like a copycat from IE.
What the Firefox folks don't seem to get is that in practice there are 3 types of certificates. Each type has a different usage scope. The user interface of Firefox should make clear the scope of each type, not the type itself.
Currently Firefox discriminates only between 1 and 2. They don't actually have a different presentation for 3. They only display this misleading screen. As soon as you accept the certificate, self signed certificates are hard to tell apart from type 2 certificates.
I think that it is necessary to add a third type of certificates in Firefox to accomodate self-signed certificates. For this new type a separate color should be used in the address bar. Orange would be probably a good choice: it doesn't scream danger like red but isn't either assuring like green (type 1 certificates) or blue (type 2 certificates). A warning screen should also be present, but it should use more mild language. It should also be easier to bypass.
* Hint: If they are really scared of the self-signed certificates, why do they have the "Permanently store this exception" box checked by default?
CDs were around for a long time before burners were available (for practical definitions of "available"). Most of the people who had CD players and changers in the late '80s and early '90s didn't even have a computer, much less a computer that was fast enough to run a CD burner, much less the means to afford said burner.
True. However, in the early days of the CD people were also very careful with handling their CDs because they were used to handle the much more fragile LPs. Also, the market wasn't full of cheapo CD players that would wear-out the medium. So, in most cases, the worn CDs do not come from the early days of the CD.
CD changers for cars were in the $300-$500 range, and were more common than single-disk in-dash players. Burners were thousands of dollars + the cost of the computer to hook them up to.
Not true. Check this article. It is clear that (at least in the Netherlands) the car CD players were the least common type of CD player up to the mid 90s. At that time, the prices of CD burners started plummeting.
Car CD-changers were darn expensive as well in these early days. So anyone having money to spend on a car CD-changer could probably also afford a burner. Also, the CD burners have stopped being expensive since the late 90s. That's a lot of time for anyone to identify the media deterioration and make his backups.
I don't want to be mean, but why would anyone use original (and sometimes irreplaceable) CDs in his car? Always use copies of the originals for in-car listening.
I totally agree with the author of the article. He doesn't suggest that there should be no verification of the SSL certificates. He just says that the warning message is an overkill because it scares people from using SSL in encryption-only mode. It's kind of a G.W. Bush approach ("You are either with, or against us.") that I wouldn't expect from Mozilla foundation.
IMHO, the new approach of Mozilla to SSL cert handling is flawed because:
1. The displayed message has the look of an error message, while in fact it is a warning message. You have to read the fine-print in order to understand that.
2. The message gives erroneous suggestion for the source of the (perceived) problem. In 99% of the cases, neither of the following is true:
3. If the Mozilla guys really think that there is something bad going on, why do they have checked by default the "Permanently store this exception" checkbox?
Finally, running running a CA is not an option for many companies. There is a quite heavy administrative overhead (compared to the received benefits) for doing so. Also, what happens with business partners of the company who don't want to trust all of the sites certified by their CA?
I am sorry to say, but this new warning screen is a bad copycat from IE7. I would bet that there is a thread somewhere in /. where the /.-ers moan about the new warning screen of IE7. ;-)
PAST is a large-scale, peer-to-peer archival storage facility very similar with Baxter. Content replication and distribution, fault tolerance and other major issues are discussed in the publications on PAST web site. And guess what: PAST has been around since 2001. And if you don't like PAST because it came off (ahem) Microsoft research labs, other /.rs mentioned a bunch of other similar systems (Mango, Pensamos, Freenet).
So, there's nothing really new and exciting in this Cringley's post. It's fine to post this in his blog (it's HIS blog after all) but not in /.. Morons that cheer whatever their idol spews out of his head should be kept away from /. if possible.
Snow in new Mexico?
Floppy drives still exist because there is no really cheap replacement for them. IR eclipsed only because Bluetooth was pushed in the market, and it does the same thing better at ~ the same price. I call that zombie-techs: Technologies that are dead, but they don't know it until another technology tells them. Bluetooth is the latest zombie-tech.
I think that in the end Bluetooth will be replaced by Zigbee for low-end devices and wifi for high-end.
Documents do get outdated. I wanted to install a nis server the other day, so I read the corresponding howto. I found it quite out of date. Half of the things referred in the howto are now automatically done in any decent distribution. Plus a large part of the document was referring to things that are relevant only if you support legacy systems. Finally I got little insight on how to configure what the distribution had left for me. And I never managed to have an MD5 password file shadowed over nis. I am quite sure that there are (more modern) alternatives to nis, but they weren't referred anywhere there.
Some other howtos I read also looked more like 'historic' documents rather than up to date, regularly updated documents. I don't think that LDP was meant to be that way. I hope I was just unlucky with the documents I picked/needed to read.
With Windows '98 Microsoft was proudly proclaiming that they integrated the browser with the OS, thus unifying and enhancing the user experience. I remember hearing stupid quotes like "The browser is the OS" and other crap from these days.
Microsoft said that because in '98, surfing the web was supposedely the coolest thing around. Today weblogs are considered cool, so Microsoft goes that way. They just want to make the "average" user eager to pay them to get the new "cool" features.
Personally I don't expect anything exciting from Longhorn's weblogging features.
I read the stories and I am in doubt that Microsoft will launch its own portable media player. To me it sounded like MS will make some software that will run on devices built by third parties.
Gator is crap, so who cares? I wonder what kind of morons use such software. Bonzi Buddy rulez!
Haven't they learn from Hollywood movies? In the most critical moment, a bad guy will squash the spy-roach under his boot and the good guys will have to find another way to get what they want.
Does it run linux & kde?
Have you ever heard of versioning systems (e.g. cvs)? Assuming that their programmers check-in their code at the end of each day, Valve can detect&remove any mal-ware added in a few minutes without losing more than a day's work