The core problem we're really trying to solve with a CAPTCHA is: anonymous identities are very cheap to create. We can require the user to provide and verify an email address, but it turns out those are cheap to create too. What we really need is a way for the user to prove that they have something invested in their identity - be it monetary value, time, cpu cycles, or whatever. A bit like slashdot karma (so you can filter out trolls/spammers using identities with nothing invested in them, which are cheaply created/replaced.)
Bitcoin, if it should ever gain widespread adoption, provides a very convenient mechanism to accomplish this: 1. each bitcoin user already owns pseudonymous unique public identifier (ie. their bitcoin address), which they can provide to any website as a portable identity 2. to prove ownership of this identity the user can sign a challenge from the website using their private key (hey, we just solved the password problem too!) 3. an amount of monetary value (ie. bitcoin) stored at this address, plus the length of time it has been stored there, is publicly visible on the block chain.
This allows the website to assign weight to the identity based on a combination of: the amount of value stored with the identity + the time it has been stored there. An identity that has had $20 stored with it for 3 days is probably not a spammer. An identity that has had $0.20 stored with it for 3 months is also probably not a spammer.
Of course it is easy to generate an unlimited number of such identities - but hard to have a decent amount of value stored with each of them for a decent amount of time. Websites can easily adjust the weighting threshold required to sign up / post comments based on experience with incoming spam. And there's always the ban hammer - which suddenly has some real weight behind it again:)
Important to note: 1. the money (ie. bitcoin) associated with the ID stays under the user's control at all times. The user alone has the private keys required to transfer/spend it any time they like - of course doing so would lower the weight assigned to their identity by any websites that inspect it. 2. the website need not store any authentication information for the user (eg. a password). The user retains control of their private key, and can use it to authenticate without disclosing it to the website.
Too hard for Joe Public to understand? Maybe.
Just imagine this all wrapped up in a friendly browser plugin. When you visit a website there's no login page - your browser has your private keys (perhaps encrypted with a master password, like Firefox's password manager does today) and just automatically authenticates you. Your browser could provide a drop-down "switch identity" widget in the toolbar to let you flip between multiple IDs / generate new ones, which is the only bit visible to the user (they need never hear terms like "private key".)
An "add weight to this identity" option would allow you to add/withdraw funds for any ID. Initially this might look like a bitcoin transfer (confusing for non-technical people), but a private company could easily provide a regular payment gateway on top of this (ie. accepting dollars), making the process no harder than recharging your skype credit.
Adding weight to any identity would be strictly optional, but might eg: * allow you to skip CAPTCHAs * allow you to post at +2 on slashdot by default * generally increase the trust in your identity being genuine all over the web - use your imagination....
You could indeed get a cert for s1ashdot.org, but if you don't mind my saying, that's a pretty crappy attack mate:)
A lot of people might notice the blatant "1" in your domain name; many more might never visit that domain at all. Which is really the point here.
Let's pretend for the sake of this example that slashdot actually supports SSL:) When I visit the real https://slashdot.org/, with their valid CA-signed cert, I still have confidence I'm communicating with their server not yours.
If you were in a position to intercept my packets to slashdot - ie. the situation in which SSL is of some value - then you still couldn't do much. You can send fake replies to me, pretending to be slashdot.org - classic MITM attack - but your self-signed certificate is a dead giveaway. Good luck getting a CA to issue you a cert for slashdot.org, I doubt they're interested in issuing a duplicate while there's already a valid one out there.
This is the problem trusted certs are designed to solve. Your problem is a different one; it's called phishing (terrible name huh?).
Actually, they've kludged something something together to help with that problem also: big institutions that really need it (eg. banks) can pay a ton of money to a CA for an "extra special cert", which gives them eg. that nice green address bar in firefox, indicating a higher level of identity trust to the user.
Yes, it's probably a cash cow. But hopefully they do a few background checks before issuing those at least, and the high fee presents a barrier that Joe Random Phisher may be unwilling to pay.
This is a misconception. DNS poisoning is certainly not required.
If somebody is in a position to read your packets, they are also very likely to be in a position to intercept / modify those packets.
Any point on the route between you and the destination host could be sending those reply packets you receive and failing to pass yours along to the next hop; you really have no way of knowing.
This could be fully automated and, for example, enabled by default for data going to a particular destination host. The initial implementation is non-trivial, I'll grant you, but it only needs to be written once and then every script kidding from here to Timbuktu can pass it around amongst themselves. The attacker requires no more resources than regular plaintext sniffing, excluding a little cpu time to handle the crypto. You think these things don't exist?:)
Wow brave post; looks like you were really inviting trouble with these kind of statements:) I used to hold similar views, and I know it can be a hard position to defend. It's not my fault / I have a slow metabolism / I exercise all the time and don't lose weight / some people are just built differently / etc.
Back then I weighed 132kg and had been fat all my life. Today I weigh 91.5kg, fit into ordinary size clothes (read: M, L), and feel springy & full of energy after climbing a couple flights of stairs, instead of puffed & out of breath. The change came only after I saw through all of these excuses and changed my own attitude.
You are obviously proud of the self control you have developed thus far, and you should be, but I would suggest you need to develop it a little further. You can't prevent your brain telling you that you feel hungry, but you can recognise that it is malfunctioning and choose to ignore the signal; nobody is holding a gun to your head compelling you to eat large portions. Eat nutritious food in "moderate" (look it up, it's smaller than you think!) size portions, and enjoy the feeling of being "hungry" - that's your body running low on fuel and burning the reserves!
It's not a terrible thing to feel "hungry". Not the way people in rich western countries use the word (I'm from New Zealand). There are many people in the world who live with real hunger on a daily basis. Do not mistake "I feel like eating" for *hunger* - in your case & in mine it's really not that serious that it can't be overlooked:) After you get used to eating less, your brain will catch on and stop sending the "hunger" signals.
Also, don't knock weight training. Firstly, any kind of exercise is better than none. Secondly, if your body converts fat into muscle you may not initially lose weight (muscle weighs more), but you're already more healthy. Thirdly, having more muscle is like having a bigger engine in a car; you need more juice to run it, even just during daily tasks. In other words more muscle means your metabolism rises and you burn fat more easily, plus you feel like you have more energy and exercise becomes easier. Cardio training is important too, but you've gotta start somewhere - it's a momentum thing. The more you do, the easier it gets.
In short: you have to eat less (esp. less fat; going crazy with fruit & veg can't hurt) and exercise more. That's the only way, and it's damn tough, but it does work and when you get to the other side you realise it's really really worth it:-)
Your body simply can't construct fat cells out of thin air - you have to put the right things in to it to enable it to become fat. Whatever your makeup predisposes you to, what food you put inside your body is your always your own choice.
How dare you. You may think you're being clever, green, perhaps even resourceful. But the fact is, every time you use recycled equipment you're stealing from the pockets of the hard-working, starving engineers at Intel!
Who do you think created the "intellectual property" inside your machine? Intel, I presume, have invested a lot of time and money into designing that chip you're running, and you've never paid them a dime for their effort. Thief! Just imagine if everybody behaved as you do - nobody would make computers anymore!
CPUs want to be free. Intel want to be paid. You just want to be cheap.
Oh yeah, great idea. Build your massive library of kitten images with an automated search. The spammer can't possibly manually enumerate all your kitten images then, right? Sigh. If only the spammer could think of some automated method to enumerate a large library of kitten images... oh, hang on.:)
The key issue here is this: you need to find a method that makes you more efficient at identifying kitten pictures than the spammer. The spammer can probably throw more resources at the problem than you can, so you need to be a LOT more efficient. If you want to manually tag your own library of cat images, the spammer can keep up with you by manually tagging your images himself. If you want to generate your library of cat images with some automated method, the spammer can use the same automated method to generate the same library himself.
And if an exploitable bug should be found in the browser, what then? Send out new CDs to all your customers and hope nobody continues to use the old one?
Building your system around read only media has always been a bad idea. You can't patch it when something goes wrong - and something always goes wrong.
I see this particular misconception going around on/. all the time nowadays, and I'm rather tired of it. The claim is always something along the lines of: "there's no security advantage in using open source software unless you examine the source and compile everything yourself".
That holds true if you run around downloading random binaries from random websites (ie. the way your typical Windows user acquires all their software). But hardly anybody who has used an OS with a proper package manager for more than 10 minutes actually does this.
I get all my software from my distribution. Currently Ubuntu, for example. Yes, their package maintainers build my binaries, I don't build 'em myself. But it isn't unreasonable for me to trust Ubuntu. They supply my OS, after all, so if I can't even trust them then I'm already up the creek:) The same is true of every other OS on the planet. (yes yes, even Gentoo, and even if you hypothetically audited every application yourself before compiling it. Hopefully I don't need to explain this, many other posters have already linked to 'trusting trust'. Suffice to say that you have to trust someone at some point, even if it's the supplier of your C compiler, your processor microcode, etc).
Now, Ubuntu are presumably building from the publically released source code for each application (ie. the source code supplied by the original application author), the same as everyone else. So in the open source world, all the binaries floating around out there (at least from the people you trust!) DO match the available source code. And we don't all need to audit it - it only takes one person (maybe working at a company that pays them to audit open source programs, as other posters have suggested) to discover something nefarious, and we'd all drop it like a hot potato.
That isn't to say that it's impossible to sneak back doors into open source programs, or that package maintainers are all 100% trustworthy (they're only human. but so far they have an exceptional track record). But using an open source program supplied by your distribution is a damn sight safer than downloading and
running some binary from Joe Random's obscure website (or company, for that matter).
Of course, there are still occasions where you need some program that isn't in the repositories, but those occasions seem to be becoming more and more rare these days. When this occurs I do actually tend to compile it myself (./configure; make; make install. really tricky eh?), but I can't remember the last time I needed to install something like this. 98% of what I need is in the repositories, and I'd wager 100% of what your average man-on-the-street needs.
And this, ladies and gentlemen, is the perfect example of a poster who "doesn't get" freedom of speech.
The whole concept is about the protection of people from their government. Your government shouldn't persecute you for your thoughts or beliefs, or (indirectly) through your expression of those thoughts and beliefs (speech). History has taught us that when a government starts making rules like "if you think / say XYZ then we'll throw you in jail" (or even just stop you from saying it), then they're well on their way to becoming oppressive. Thus, we don't stand for it (or at least, shouldn't).
Too many people interpret this as "I can say anything I like, and you have to listen to me / give me a place or medium to say it / agree with what I'm saying / etc etc". That's false.
Your speech isn't without consequences. If you oppose popular opinion on such an emotional topic, from such vastly unpopular and indefensible position, you should expect that you're going to cause some... aggravation, to say the least. If you scream "fire" in a crowed theatre you're also going to cause people some aggravation. All this has absolutely zero to do with the concept of freedom of speech.
The amount of people who honestly think like this really surprises me sometimes. I suspect "freedom of speech" is somewhat of a misnomer for what is really a simple enough concept. I wish I could think of a more appropriate name. Suggestions?:)
The lack of LOCALIZED phone support for things is a big problem, if I'm calling a company's 1-800 number I want to speak to someone who understands and speaks the language that I know with at least enough fluency to understand them, I dont really care about accents so much as long as I can understand them.
I agree that LOCALISED support is important. If I call up a support centre for a company in my own country, the last thing I want is to get someone on the phone who sticks Z's in all his words:-P
Ok, seriously... I do think you make a fair point, but it's a point I hope would be obvious to anyone anyway. The closer the support person you're talking to is to you geographically, the more comfortable you're likey to feel. Ideally it'd be nice to speak to someone from the same town/city. Failing that, at least the same country. Fluency in the language used on the calls is obviously a requirement, but I don't think that's all - having someone who is physically closer to the problem is nice. That way they know the company they supposedly represent, know how they operate in your local area, etc etc. If it's personal (home) customer support they can personally relate to you better (chat to you about the local sports team winning, or whatever), which gives you a nice fuzzy feeling toward the company. Talking to someone on the other side of the world, even with perfect English, you get the feeling that they don't have any real power to fix your problem, and frankly don't care.
I can imagine that if the situation were reversed and people in India were calling to the US for tech support that they would want people who can speak whatever language is common there.
Um, that would be English. At least in business settings - I don't know if you realise, but everybody actually speaks English at the office. Never-the-less, I'd agree that they would likely rather speak to somebody local - of course - for some of the reasons above.
Just as I, a New Zealander, would expect to get a New Zealander on the phone when calling a New Zealand company - I'd be pretty miffed to get an American or a Brit on the phone, good English skills or no.
Wow, all the trolls are getting modded insightful today. What are the mods smoking?
*sigh*
Speaking as somebody who has spent a year living in India and working in IT there, I would like to point out that many Indians speak exceptionally good English - the richer ones even speak it as a first language, in their own homes. Office workers all speak fluent English, right across the country. I never had any problems communicating with my coworkers.
I can understand there not being very many fluent German, Russian, or French speakers there, but English is pretty much a defacto national language. It's the only language that is spoken by large numbers of people in every state.
Stating that you had bad experiences dealing with representatives from companies X, Y, and Z, where you were unable to communicate effectively due to language issues, isn't racist at all. That's perfectly fair - let's call it 'truth', if it pleases you. I have not a word to say against it. But when you take your little set of limited experiences, and your (usually grossly overestimated) perception of others sharing your experiences, and generalise those as applying to an entire nation of people, then you have crossed the line into racism.
And hey, at least they do speak English - you know, the language that came from England - not the twisted atrocity of a language that Americans speak and call "English". I'd rather have an Indian answer my tech support call than an American, thank-you-very-much:-P All Americans have the most shocking accents, I can't understand a bloody word. What they speak doesn't even deserve to be called "English".
Incidentally, I'm completely in support of the notion that there is value to be had in having any face of your company that deals with your customers localised. I'd have thought that was pretty obvious. Companies who offshore tech support shouldn't be surprised if they turn around and find they've alienated all their customers. I won't contest that at all. Just, watch who you're accusing of not speaking proper English, and of speaking with a strong accent.:)
PS. note to mods - for those unable to detect it, that fourth paragraph only exists to make a point. I haven't actually got anything against Americans at all - in my experience they tend to be friendly and likeable people, and their accents really aren't any more difficult to understand than my own:)
The open source drivers for ATI and NV of course don't have GL support, or at least, not very good support. Unless you're using GL, you shouldn't notice a significant difference.
I recently bought an old IBM T30 laptop. It has a 16MB ATI Radeon Mobility 7500. Not exactly flash:)
I slapped Ubuntu 7.04 on it, and was very surprised to find that OpenGL was working in the default install! Turns out it's using the open source 'ati' driver. So I popped a copy of the Quake III Arena demo on there, and was delighted to find I get a liquid smooth framerate. I ran a quick timedemo - 800x600 / 24bit / bilinear filtering / 'demo001' demo - it came back at 47 FPS:) In-game my FPS counter seems to hang around 60 FPS most of the time.
Frankly, that's a lot better than I was expecting of an old 16MB ATI card. And on a "out of the box" Ubuntu install, with open source drivers. All the compiz effects run nice & smooth too. So yeah, I think we're gettin there. Oh, they're dead stable too - haven't even hosed my X server yet, nevermind my kernel. More than I can say for NVidia's garbage. Hats off to the 'ati' driver guys, you bloody legends.
Understood. But there was a time when intellectual property was treated the same way -- guilds used secrets, and force, to maintain their hold on skills and technology. And it's always been possible to use force to protect, well, just about anything.
With the existence of the internet, I don't think that's a problem any more:) Heck, it's not even possible to use lawyers to "protect just about anything" nowadays;)
Besides, if property ownership were really a "natural" right, and not a government-granted monopoly, the government wouldn't be able to simply take your land (emminent domain), or kick you off for not paying your taxes. Your land is your only so long as you and the government are on good terms.
Yes, the government will do bad things to you if you get off side with them (like by not paying your taxes;) , and they have the threat of force to back them up. This isn't a new thing. But this is a feature of governments, not of property. The fact they may choose to kick you off your land is largely irrelevant.
I have to admit I'm playing devil's advocate a bit here... but, when distinguishing between "natural" and "artificial" rights, what I really mean to convey is the difference in people's feeling between what are generally seen as "just" or "moral" kinds of rights - the right to breathe, to communicate with people, to own property, etc - widely recognised, whether enforced by relevant laws or not - and arbitrary rights that have been assigned by certain governments in the world, usually with good intentions, but which would not be widely recognised if not for the laws that enforce them.
That party "A" should have a right to dictate how parties "B" and "C" share information with each other is not intrinsically obvious to people. That sharing a copy of something you enjoy with a friend is somehow wrong is not something that is intrinsically obvious to people. Without the relevant laws in place, people would forget the notion very soon. But it's not the case with physical property - even without the relevant laws backing it up, I would contend that most people would still recognise the concepts of "yours" and "mine", and that it's wrong to take physical property from someone. I hope you can appreciate the difference:)
Why this distinction is important should be pretty clear - although the law recognises both physical property and IP rights right now, those who disagree with the latter are hoping to see the law changed - so "but the law says it's my right" is not a valid argument against changing the law.
But a lot of rights are "artificial." Why single out IP? What about, say, the right to vote? The right to a jury trial? The right to not have to testify against oneself? The right to keep and bear arms? The right to freedom of press, or freedom of religion? All of these "artifical" rights are spelled out in the same document that created IP rights -- why don't we look on any of these with the same disdain?
I'm glad you brought that up actually. That document was created a long time ago now, and - although this is blasphemy in some people's eyes (burning karma, heh) - while I can appreciate the original logic behind everything you listed, some of it is a bit out dated, and not such a good idea in today's modern world. Freedom of the press & of religion are obviously still very important.
Something like the "right to keep and bear arms" ought to be looked at again. Of course I understand that it was intended as a way for the people to protect themselves from their government becoming oppressive - and because of that I'd actually be pretty worried if I saw that law being changed in the USA today, the government shouldn't be able to remove the safeguards set in place against it, right? But still, I'm happy to say that I live in a countr
Would have been true, if they had made each address 256 bit. But that is not the case. An IPv6 address is only 128 bits. And it is not like they are going to get assigned in small chunks. There is supposed to be assigned a 64 bit range to every single net segment. And IIRC you are supposed to be getting at least 16 bit to address the segments in your own network, which means anybody getting an IPv6 range is going to have 80 bit of addressing. That leaves only 48 bits to address each such network. So if there is going to be more than 281 billion households on the Internet we are going to run out of IPv6 addresses.
Ah. I didn't think of that. That's completely crazy - what's the point of having such a huge address space if you divide it up into sufficiently large chunks? Who could possibly need that many addresses?! Sh*t, there are very very few households that have more than 256 addressable devices I suspect - if you do you should probably be more worried about the power requirements than how many IP addresses you'll have:) That's 8 bits.
Sure, there are some large organisations around that'll need more, but why not allocate them larger blocks on a case-by-case basis - "if you request it, we give you more" kind of thing. Not many places that don't need it would bother to file the request.
Even though that number is large enough to be pretty unrealistic, I still don't get why they didn't take it a step further and really made the addresses 256 or 512 bits. Or at least something which was guaranteed to scale to that size. If they ain't going to give every person in the world that personal/48, it means there are too few addresses, or maybe political reasons to block the usage of IPv6.
Can you imagine what a pain it would be to type 512 bit addresses by hand?;)
Besides, what would that solve - they'd just allocate everybody even bigger chunks!
The rest of what you said I completely agree with. The real problem with IPv6 is the same problem various good spam-fighting solutions face - the high amount of inertia involved in moving everybody from an old entrenched technology to a new & superior one can not be overcome easily, and certainly not all in one go. You need a plan to shift gradually, with inter-operation between the new & old technologies during the years of the changeover period. The scheme you described sounds pretty good.
Requiring everybody to change at the same time is damn near impossible.
It's helpful to keep in mind that some people consider physical property ownership as a natural right. You say that the ability to keep people off your private land is a government-granted monopoly. But without some form of government you'd still be able to keep people off your land - to some degree, anyway - by threat of physical force. I'd bet that for as long as man has walked the earth, he has been aware of the notion of physical property - my cave, my spear, etc etc. The essence of property ownership is that ability to deny others access to something, even if it was in the past limited to what you could physically defend.
Copyright, on the other hand, is a very recent invention. Throughout history man has had no notion of limiting the dissemination of information that he creates. Copyright is an invented 'right' - a government-granted monopoly that simply would not exist without said government's intervention. That is why some people look on it as a purely artificial construction.
If you create something then indeed you should have the right to control what you create, and indeed you can. By all means do - keep it to yourself, don't distribute it, nobody will come and prize it from you. But if you do decide to give out (or sell) copies of your creation, your expectation to have a say in what is done with those copies once they have left your control is considered unreasonable by some. Suppose Bob buys a book off you. He then lends me the book to read. That you could turn around and say "hey, you can't do that! I didn't give you permission to share that with anybody" to Bob would seem quite outrageous to most reasonable people. After all, why should you be telling Bob what he can and can't do? Of course it isn't optimal for you, because you would prefer to have sold me a copy of your book too - but what right do you have to dictate how Bob should behave?
So, what say instead of lending me the physical copy, Bob makes a small optimization, which is good for both Bob and me, but not for you - he photocopies the book and gives me a copy. Now at this point Bob is guilty of copyright infringement. He is in breach of laws that our society has put in place, not for your benefit, as you may like to imagine, but because they are designed to benefit society as a whole, by encouraging production of books such as yours. That's fair enough - it's a compromise, sure, but I can see the logic in it. But at the end of the day it's an artificial construction designed to benefit society.
Of course, you could just firewall all privileged ports... But then you'd still be leaving things open for inward connections to trojans with a daemon.
When trying to come up with a good design for your network security, do you really think you should be worrying about protecting machines that are already compromised?
By the time there is a trojan on the machine, you have already lost. Game over. Why bother blocking incoming connections to the trojan? What would be to stop the trojan from placing it's own outgoing connection to the attacker's network?
Please don't suggest blocking miscellaneous outgoing connections either:) That is the path of band-aids. Only madness lies there.
("we'll only allow certain protocols!" -> "the trojan can simply tunnel over an allowed one, like http". "ok, we'll run the firewall on the actual machine, and only allow specific applications to initiate network connections" -> "hello? the trojan already owns your machine."... etc etc. I'm sure you get the idea).
Nothing. The problem with that would be... what exactly?
You do realise that the address space of IPv6 is completely insane don't you? Something like "1 address for every atom in the universe" kind of scale, I think I've heard thrown around?:)
I don't think I personally want to register more addresses than I have atoms in my body. I'm fairly confident my mother would feel the same way.
Perhaps Doom3 automatically picked the wrong render path for you or something? Happened to me (back when it first came out I played the entire thing start to finish on my GNU/Linux system).
I seem to recall that there's a one line console command (the in-game console, I mean) you can use to force a particular render path that performs best on your hardware, if the one the game automatically picked is chugging. For almost no noticable loss in graphical detail I drastically improved my framerate from what it was "out of the box". May be worth googling:)
As far as I'm concerned, it's "Ubuntu" or "Fedora" or "SuSE", or just plain "Linux". If that means "being a jerk" then that's too bad.
Ubuntu is an operating system.
Fedora is an operating system.
SuSE is an operating system.
Linux is not an operating system. Linux is a kernel.
How many times have you heard somebody tell you "Linux is a Unix clone"? That's really what makes it so nice for many of us to use, afterall - it isn't that "linux" makes for a nice operating system, it's that Unix does. A lot people can happily switch from "linux" to one of the BSDs, for example. Now I know Linux (the kernel) strives, I believe, for POSIX compliance, but Unix it ain't. GNU is the Unix clone. GNU is what gives the "operating system" basically all the visible characteristics of Unix to you, the user.
Now, you can keep your fancy KDE and what have you - heck, take X too, while you're at it. Back when my machine wasn't so powerful I used to run without it (X is just a way to fit more terminals on your screen at once anyway, right?;)... I would've been hard pressed to find somebody who would claim I wasn't running "linux" though, wouldn't I? "linux" without X is still "linux" to most everybody who knows anything about it.
But please, don't take my GNU tools. Take away those and it's just Not Unix anymore (irony intended). And what's more, it just wouldn't be "linux" to most people's eyes - I mean, yes, technically, if you boot just the kernel on an embedded device or something, we all know it's still Linux in there... but it isn't "linux" in the sense that most people think of it (the desktop OS distributions).
What people think of as "linux" is really GNU. GNU is the essence of the operating system - it's basically all of the truely essential stuff that is visible to the user. I could happily run another Unix-like system without a Linux kernel (eg. FreeBSD, if it supported all my hardware) without noticing too much difference, but I'd sooner poke myself in the eye with a fork than use Linux without a Unix-like environment.
The Unix environment is the heart of the operating system. And GNU happens to be a particularly good clone of it. The key similarity between the Fedora, SuSE, and Ubuntu operating systems that you mentioned is that they are all GNU operating systems. To describe the Ubuntu operating system as a GNU/Linux based operating system seems the most accurate to me, quite aside from the fact that it gives credit to people who deserve it.
You guys aren't allowed to say obscene words on TV up there? Not even after 10pm or something?
But... but... what about all your rap music videos and stuff? No... it can't be true.
As a side note, Billy Connolly is a very funny man. But if you were to censor all the obscenities out it would just totally destroy it:(
Everybody knows the "or any later version" clause is an option. If you have a copy of some GPL v2 code with the "or any later version" clause lying around, you can choose to adhere to the GPL v3 terms if you wish, but you can also choose to adhere to the v2 terms and ignore your option to use "any later version". So what's your point?
The first thing an author learns is how little she has to say.
Hey, no offence, but authors can be male you know:)
In english we use the pronoun "he" when discussing a person of unspecified gender, thank-you-very-much. "She" is used for the discussion of inanimate things - ships, countries, motor vehicles, etc. No need to be too over the top with political correctness.
Sorry, pet peeve:)
--
he1/hi; unstressed i/ Pronunciation Key - Show Spelled Pronunciation[hee; unstressed ee] Pronunciation Key - Show IPA Pronunciation pronoun, nominative he, possessive his, objective him; plural nominative they, possessive their or theirs, objective them; noun, plural hes; adjective
-pronoun
1. the male person or animal being discussed or last mentioned; that male. 2. anyone (without reference to sex); that person: He who hesitates is lost.
-noun
3. any male person or animal; a man: hes and shes.
-adjective
4. male (usually used in combination): a he-goat.
Slashdot Mirror
I think Joe Cascio's idea of "collateralized identity" looks really interesting here:
http://joecascio.net/joecblog/2013/03/25/collateralized-identity-using-bitcoin-to-suppress-sockpuppets/
The core problem we're really trying to solve with a CAPTCHA is: anonymous identities are very cheap to create. We can require the user to provide and verify an email address, but it turns out those are cheap to create too. What we really need is a way for the user to prove that they have something invested in their identity - be it monetary value, time, cpu cycles, or whatever. A bit like slashdot karma (so you can filter out trolls/spammers using identities with nothing invested in them, which are cheaply created/replaced.)
Bitcoin, if it should ever gain widespread adoption, provides a very convenient mechanism to accomplish this:
1. each bitcoin user already owns pseudonymous unique public identifier (ie. their bitcoin address), which they can provide to any website as a portable identity
2. to prove ownership of this identity the user can sign a challenge from the website using their private key (hey, we just solved the password problem too!)
3. an amount of monetary value (ie. bitcoin) stored at this address, plus the length of time it has been stored there, is publicly visible on the block chain.
This allows the website to assign weight to the identity based on a combination of: the amount of value stored with the identity + the time it has been stored there. An identity that has had $20 stored with it for 3 days is probably not a spammer. An identity that has had $0.20 stored with it for 3 months is also probably not a spammer.
Of course it is easy to generate an unlimited number of such identities - but hard to have a decent amount of value stored with each of them for a decent amount of time. Websites can easily adjust the weighting threshold required to sign up / post comments based on experience with incoming spam. And there's always the ban hammer - which suddenly has some real weight behind it again :)
Important to note:
1. the money (ie. bitcoin) associated with the ID stays under the user's control at all times. The user alone has the private keys required to transfer/spend it any time they like - of course doing so would lower the weight assigned to their identity by any websites that inspect it.
2. the website need not store any authentication information for the user (eg. a password). The user retains control of their private key, and can use it to authenticate without disclosing it to the website.
Too hard for Joe Public to understand? Maybe.
Just imagine this all wrapped up in a friendly browser plugin. When you visit a website there's no login page - your browser has your private keys (perhaps encrypted with a master password, like Firefox's password manager does today) and just automatically authenticates you. Your browser could provide a drop-down "switch identity" widget in the toolbar to let you flip between multiple IDs / generate new ones, which is the only bit visible to the user (they need never hear terms like "private key".)
An "add weight to this identity" option would allow you to add/withdraw funds for any ID. Initially this might look like a bitcoin transfer (confusing for non-technical people), but a private company could easily provide a regular payment gateway on top of this (ie. accepting dollars), making the process no harder than recharging your skype credit.
Adding weight to any identity would be strictly optional, but might eg:
* allow you to skip CAPTCHAs
* allow you to post at +2 on slashdot by default
* generally increase the trust in your identity being genuine all over the web - use your imagination....
You can restrict what a particular user is allowed to execute with sudo.
You could indeed get a cert for s1ashdot.org, but if you don't mind my saying, that's a pretty crappy attack mate :)
:) When I visit the real https://slashdot.org/, with their valid CA-signed cert, I still have confidence I'm communicating with their server not yours.
A lot of people might notice the blatant "1" in your domain name; many more might never visit that domain at all. Which is really the point here.
Let's pretend for the sake of this example that slashdot actually supports SSL
If you were in a position to intercept my packets to slashdot - ie. the situation in which SSL is of some value - then you still couldn't do much. You can send fake replies to me, pretending to be slashdot.org - classic MITM attack - but your self-signed certificate is a dead giveaway. Good luck getting a CA to issue you a cert for slashdot.org, I doubt they're interested in issuing a duplicate while there's already a valid one out there.
This is the problem trusted certs are designed to solve. Your problem is a different one; it's called phishing (terrible name huh?).
Actually, they've kludged something something together to help with that problem also: big institutions that really need it (eg. banks) can pay a ton of money to a CA for an "extra special cert", which gives them eg. that nice green address bar in firefox, indicating a higher level of identity trust to the user.
Yes, it's probably a cash cow. But hopefully they do a few background checks before issuing those at least, and the high fee presents a barrier that Joe Random Phisher may be unwilling to pay.
This is a misconception. DNS poisoning is certainly not required.
:)
If somebody is in a position to read your packets, they are also very likely to be in a position to intercept / modify those packets.
Any point on the route between you and the destination host could be sending those reply packets you receive and failing to pass yours along to the next hop; you really have no way of knowing.
This could be fully automated and, for example, enabled by default for data going to a particular destination host. The initial implementation is non-trivial, I'll grant you, but it only needs to be written once and then every script kidding from here to Timbuktu can pass it around amongst themselves. The attacker requires no more resources than regular plaintext sniffing, excluding a little cpu time to handle the crypto. You think these things don't exist?
Encryption is nothing without trust.
Wow brave post; looks like you were really inviting trouble with these kind of statements :) I used to hold similar views, and I know it can be a hard position to defend. It's not my fault / I have a slow metabolism / I exercise all the time and don't lose weight / some people are just built differently / etc.
:) After you get used to eating less, your brain will catch on and stop sending the "hunger" signals.
:-)
Back then I weighed 132kg and had been fat all my life. Today I weigh 91.5kg, fit into ordinary size clothes (read: M, L), and feel springy & full of energy after climbing a couple flights of stairs, instead of puffed & out of breath. The change came only after I saw through all of these excuses and changed my own attitude.
You are obviously proud of the self control you have developed thus far, and you should be, but I would suggest you need to develop it a little further. You can't prevent your brain telling you that you feel hungry, but you can recognise that it is malfunctioning and choose to ignore the signal; nobody is holding a gun to your head compelling you to eat large portions. Eat nutritious food in "moderate" (look it up, it's smaller than you think!) size portions, and enjoy the feeling of being "hungry" - that's your body running low on fuel and burning the reserves!
It's not a terrible thing to feel "hungry". Not the way people in rich western countries use the word (I'm from New Zealand). There are many people in the world who live with real hunger on a daily basis. Do not mistake "I feel like eating" for *hunger* - in your case & in mine it's really not that serious that it can't be overlooked
Also, don't knock weight training. Firstly, any kind of exercise is better than none. Secondly, if your body converts fat into muscle you may not initially lose weight (muscle weighs more), but you're already more healthy. Thirdly, having more muscle is like having a bigger engine in a car; you need more juice to run it, even just during daily tasks. In other words more muscle means your metabolism rises and you burn fat more easily, plus you feel like you have more energy and exercise becomes easier. Cardio training is important too, but you've gotta start somewhere - it's a momentum thing. The more you do, the easier it gets.
In short: you have to eat less (esp. less fat; going crazy with fruit & veg can't hurt) and exercise more. That's the only way, and it's damn tough, but it does work and when you get to the other side you realise it's really really worth it
Your body simply can't construct fat cells out of thin air - you have to put the right things in to it to enable it to become fat. Whatever your makeup predisposes you to, what food you put inside your body is your always your own choice.
My 2 cents.
How dare you. You may think you're being clever, green, perhaps even resourceful. But the fact is, every time you use recycled equipment you're stealing from the pockets of the hard-working, starving engineers at Intel!
Who do you think created the "intellectual property" inside your machine? Intel, I presume, have invested a lot of time and money into designing that chip you're running, and you've never paid them a dime for their effort. Thief! Just imagine if everybody behaved as you do - nobody would make computers anymore!
CPUs want to be free. Intel want to be paid. You just want to be cheap.
Oh yeah, great idea. Build your massive library of kitten images with an automated search. The spammer can't possibly manually enumerate all your kitten images then, right? Sigh. If only the spammer could think of some automated method to enumerate a large library of kitten images... oh, hang on. :)
:)
The key issue here is this: you need to find a method that makes you more efficient at identifying kitten pictures than the spammer. The spammer can probably throw more resources at the problem than you can, so you need to be a LOT more efficient. If you want to manually tag your own library of cat images, the spammer can keep up with you by manually tagging your images himself. If you want to generate your library of cat images with some automated method, the spammer can use the same automated method to generate the same library himself.
It isn't an easy problem.
And if an exploitable bug should be found in the browser, what then? Send out new CDs to all your customers and hope nobody continues to use the old one?
Building your system around read only media has always been a bad idea. You can't patch it when something goes wrong - and something always goes wrong.
I see this particular misconception going around on /. all the time nowadays, and I'm rather tired of it. The claim is always something along the lines of: "there's no security advantage in using open source software unless you examine the source and compile everything yourself".
:) The same is true of every other OS on the planet. (yes yes, even Gentoo, and even if you hypothetically audited every application yourself before compiling it. Hopefully I don't need to explain this, many other posters have already linked to 'trusting trust'. Suffice to say that you have to trust someone at some point, even if it's the supplier of your C compiler, your processor microcode, etc).
That holds true if you run around downloading random binaries from random websites (ie. the way your typical Windows user acquires all their software). But hardly anybody who has used an OS with a proper package manager for more than 10 minutes actually does this.
I get all my software from my distribution. Currently Ubuntu, for example. Yes, their package maintainers build my binaries, I don't build 'em myself. But it isn't unreasonable for me to trust Ubuntu. They supply my OS, after all, so if I can't even trust them then I'm already up the creek
Now, Ubuntu are presumably building from the publically released source code for each application (ie. the source code supplied by the original application author), the same as everyone else. So in the open source world, all the binaries floating around out there (at least from the people you trust!) DO match the available source code. And we don't all need to audit it - it only takes one person (maybe working at a company that pays them to audit open source programs, as other posters have suggested) to discover something nefarious, and we'd all drop it like a hot potato.
That isn't to say that it's impossible to sneak back doors into open source programs, or that package maintainers are all 100% trustworthy (they're only human. but so far they have an exceptional track record). But using an open source program supplied by your distribution is a damn sight safer than downloading and running some binary from Joe Random's obscure website (or company, for that matter).
Of course, there are still occasions where you need some program that isn't in the repositories, but those occasions seem to be becoming more and more rare these days. When this occurs I do actually tend to compile it myself (./configure; make; make install. really tricky eh?), but I can't remember the last time I needed to install something like this. 98% of what I need is in the repositories, and I'd wager 100% of what your average man-on-the-street needs.
And this, ladies and gentlemen, is the perfect example of a poster who "doesn't get" freedom of speech.
:)
The whole concept is about the protection of people from their government. Your government shouldn't persecute you for your thoughts or beliefs, or (indirectly) through your expression of those thoughts and beliefs (speech). History has taught us that when a government starts making rules like "if you think / say XYZ then we'll throw you in jail" (or even just stop you from saying it), then they're well on their way to becoming oppressive. Thus, we don't stand for it (or at least, shouldn't).
Too many people interpret this as "I can say anything I like, and you have to listen to me / give me a place or medium to say it / agree with what I'm saying / etc etc". That's false.
Your speech isn't without consequences. If you oppose popular opinion on such an emotional topic, from such vastly unpopular and indefensible position, you should expect that you're going to cause some... aggravation, to say the least. If you scream "fire" in a crowed theatre you're also going to cause people some aggravation. All this has absolutely zero to do with the concept of freedom of speech.
The amount of people who honestly think like this really surprises me sometimes. I suspect "freedom of speech" is somewhat of a misnomer for what is really a simple enough concept. I wish I could think of a more appropriate name. Suggestions?
I don't often laugh at /. comments, but for some inexplicable reason that just cracked me up.
I've never seen it put quite THAT way before. That's the funniest thing I've read all week.
Ok, seriously... I do think you make a fair point, but it's a point I hope would be obvious to anyone anyway. The closer the support person you're talking to is to you geographically, the more comfortable you're likey to feel. Ideally it'd be nice to speak to someone from the same town/city. Failing that, at least the same country. Fluency in the language used on the calls is obviously a requirement, but I don't think that's all - having someone who is physically closer to the problem is nice. That way they know the company they supposedly represent, know how they operate in your local area, etc etc. If it's personal (home) customer support they can personally relate to you better (chat to you about the local sports team winning, or whatever), which gives you a nice fuzzy feeling toward the company. Talking to someone on the other side of the world, even with perfect English, you get the feeling that they don't have any real power to fix your problem, and frankly don't care.
Um, that would be English. At least in business settings - I don't know if you realise, but everybody actually speaks English at the office. Never-the-less, I'd agree that they would likely rather speak to somebody local - of course - for some of the reasons above.
Just as I, a New Zealander, would expect to get a New Zealander on the phone when calling a New Zealand company - I'd be pretty miffed to get an American or a Brit on the phone, good English skills or no.
My 2c.
Wow, all the trolls are getting modded insightful today. What are the mods smoking?
:-P All Americans have the most shocking accents, I can't understand a bloody word. What they speak doesn't even deserve to be called "English".
:)
:)
*sigh*
Speaking as somebody who has spent a year living in India and working in IT there, I would like to point out that many Indians speak exceptionally good English - the richer ones even speak it as a first language, in their own homes. Office workers all speak fluent English, right across the country. I never had any problems communicating with my coworkers.
I can understand there not being very many fluent German, Russian, or French speakers there, but English is pretty much a defacto national language. It's the only language that is spoken by large numbers of people in every state.
Stating that you had bad experiences dealing with representatives from companies X, Y, and Z, where you were unable to communicate effectively due to language issues, isn't racist at all. That's perfectly fair - let's call it 'truth', if it pleases you. I have not a word to say against it. But when you take your little set of limited experiences, and your (usually grossly overestimated) perception of others sharing your experiences, and generalise those as applying to an entire nation of people, then you have crossed the line into racism.
And hey, at least they do speak English - you know, the language that came from England - not the twisted atrocity of a language that Americans speak and call "English". I'd rather have an Indian answer my tech support call than an American, thank-you-very-much
Incidentally, I'm completely in support of the notion that there is value to be had in having any face of your company that deals with your customers localised. I'd have thought that was pretty obvious. Companies who offshore tech support shouldn't be surprised if they turn around and find they've alienated all their customers. I won't contest that at all. Just, watch who you're accusing of not speaking proper English, and of speaking with a strong accent.
PS. note to mods - for those unable to detect it, that fourth paragraph only exists to make a point. I haven't actually got anything against Americans at all - in my experience they tend to be friendly and likeable people, and their accents really aren't any more difficult to understand than my own
I recently bought an old IBM T30 laptop. It has a 16MB ATI Radeon Mobility 7500. Not exactly flash
I slapped Ubuntu 7.04 on it, and was very surprised to find that OpenGL was working in the default install! Turns out it's using the open source 'ati' driver. So I popped a copy of the Quake III Arena demo on there, and was delighted to find I get a liquid smooth framerate. I ran a quick timedemo - 800x600 / 24bit / bilinear filtering / 'demo001' demo - it came back at 47 FPS
Frankly, that's a lot better than I was expecting of an old 16MB ATI card. And on a "out of the box" Ubuntu install, with open source drivers. All the compiz effects run nice & smooth too. So yeah, I think we're gettin there. Oh, they're dead stable too - haven't even hosed my X server yet, nevermind my kernel. More than I can say for NVidia's garbage. Hats off to the 'ati' driver guys, you bloody legends.
With the existence of the internet, I don't think that's a problem any more :) Heck, it's not even possible to use lawyers to "protect just about anything" nowadays ;)
Yes, the government will do bad things to you if you get off side with them (like by not paying your taxes ;) , and they have the threat of force to back them up. This isn't a new thing. But this is a feature of governments, not of property. The fact they may choose to kick you off your land is largely irrelevant.
:)
I have to admit I'm playing devil's advocate a bit here... but, when distinguishing between "natural" and "artificial" rights, what I really mean to convey is the difference in people's feeling between what are generally seen as "just" or "moral" kinds of rights - the right to breathe, to communicate with people, to own property, etc - widely recognised, whether enforced by relevant laws or not - and arbitrary rights that have been assigned by certain governments in the world, usually with good intentions, but which would not be widely recognised if not for the laws that enforce them.
That party "A" should have a right to dictate how parties "B" and "C" share information with each other is not intrinsically obvious to people. That sharing a copy of something you enjoy with a friend is somehow wrong is not something that is intrinsically obvious to people. Without the relevant laws in place, people would forget the notion very soon. But it's not the case with physical property - even without the relevant laws backing it up, I would contend that most people would still recognise the concepts of "yours" and "mine", and that it's wrong to take physical property from someone. I hope you can appreciate the difference
Why this distinction is important should be pretty clear - although the law recognises both physical property and IP rights right now, those who disagree with the latter are hoping to see the law changed - so "but the law says it's my right" is not a valid argument against changing the law.
I'm glad you brought that up actually. That document was created a long time ago now, and - although this is blasphemy in some people's eyes (burning karma, heh) - while I can appreciate the original logic behind everything you listed, some of it is a bit out dated, and not such a good idea in today's modern world. Freedom of the press & of religion are obviously still very important.
Something like the "right to keep and bear arms" ought to be looked at again. Of course I understand that it was intended as a way for the people to protect themselves from their government becoming oppressive - and because of that I'd actually be pretty worried if I saw that law being changed in the USA today, the government shouldn't be able to remove the safeguards set in place against it, right? But still, I'm happy to say that I live in a countr
Ah. I didn't think of that. That's completely crazy - what's the point of having such a huge address space if you divide it up into sufficiently large chunks? Who could possibly need that many addresses?! Sh*t, there are very very few households that have more than 256 addressable devices I suspect - if you do you should probably be more worried about the power requirements than how many IP addresses you'll have
Sure, there are some large organisations around that'll need more, but why not allocate them larger blocks on a case-by-case basis - "if you request it, we give you more" kind of thing. Not many places that don't need it would bother to file the request.
Can you imagine what a pain it would be to type 512 bit addresses by hand?
Besides, what would that solve - they'd just allocate everybody even bigger chunks!
The rest of what you said I completely agree with. The real problem with IPv6 is the same problem various good spam-fighting solutions face - the high amount of inertia involved in moving everybody from an old entrenched technology to a new & superior one can not be overcome easily, and certainly not all in one go. You need a plan to shift gradually, with inter-operation between the new & old technologies during the years of the changeover period. The scheme you described sounds pretty good.
Requiring everybody to change at the same time is damn near impossible.
It's helpful to keep in mind that some people consider physical property ownership as a natural right. You say that the ability to keep people off your private land is a government-granted monopoly. But without some form of government you'd still be able to keep people off your land - to some degree, anyway - by threat of physical force. I'd bet that for as long as man has walked the earth, he has been aware of the notion of physical property - my cave, my spear, etc etc. The essence of property ownership is that ability to deny others access to something, even if it was in the past limited to what you could physically defend.
Copyright, on the other hand, is a very recent invention. Throughout history man has had no notion of limiting the dissemination of information that he creates. Copyright is an invented 'right' - a government-granted monopoly that simply would not exist without said government's intervention. That is why some people look on it as a purely artificial construction.
If you create something then indeed you should have the right to control what you create, and indeed you can. By all means do - keep it to yourself, don't distribute it, nobody will come and prize it from you. But if you do decide to give out (or sell) copies of your creation, your expectation to have a say in what is done with those copies once they have left your control is considered unreasonable by some. Suppose Bob buys a book off you. He then lends me the book to read. That you could turn around and say "hey, you can't do that! I didn't give you permission to share that with anybody" to Bob would seem quite outrageous to most reasonable people. After all, why should you be telling Bob what he can and can't do? Of course it isn't optimal for you, because you would prefer to have sold me a copy of your book too - but what right do you have to dictate how Bob should behave?
So, what say instead of lending me the physical copy, Bob makes a small optimization, which is good for both Bob and me, but not for you - he photocopies the book and gives me a copy. Now at this point Bob is guilty of copyright infringement. He is in breach of laws that our society has put in place, not for your benefit, as you may like to imagine, but because they are designed to benefit society as a whole, by encouraging production of books such as yours. That's fair enough - it's a compromise, sure, but I can see the logic in it. But at the end of the day it's an artificial construction designed to benefit society.
Please don't confuse it with a right.
When trying to come up with a good design for your network security, do you really think you should be worrying about protecting machines that are already compromised?
By the time there is a trojan on the machine, you have already lost. Game over. Why bother blocking incoming connections to the trojan? What would be to stop the trojan from placing it's own outgoing connection to the attacker's network?
Please don't suggest blocking miscellaneous outgoing connections either
("we'll only allow certain protocols!" -> "the trojan can simply tunnel over an allowed one, like http". "ok, we'll run the firewall on the actual machine, and only allow specific applications to initiate network connections" -> "hello? the trojan already owns your machine."
Nothing. The problem with that would be... what exactly?
:)
You do realise that the address space of IPv6 is completely insane don't you? Something like "1 address for every atom in the universe" kind of scale, I think I've heard thrown around?
I don't think I personally want to register more addresses than I have atoms in my body. I'm fairly confident my mother would feel the same way.
Perhaps Doom3 automatically picked the wrong render path for you or something? Happened to me (back when it first came out I played the entire thing start to finish on my GNU/Linux system).
:)
I seem to recall that there's a one line console command (the in-game console, I mean) you can use to force a particular render path that performs best on your hardware, if the one the game automatically picked is chugging. For almost no noticable loss in graphical detail I drastically improved my framerate from what it was "out of the box". May be worth googling
Fedora is an operating system.
SuSE is an operating system.
Linux is not an operating system. Linux is a kernel.
How many times have you heard somebody tell you "Linux is a Unix clone"? That's really what makes it so nice for many of us to use, afterall - it isn't that "linux" makes for a nice operating system, it's that Unix does. A lot people can happily switch from "linux" to one of the BSDs, for example. Now I know Linux (the kernel) strives, I believe, for POSIX compliance, but Unix it ain't. GNU is the Unix clone. GNU is what gives the "operating system" basically all the visible characteristics of Unix to you, the user.
Now, you can keep your fancy KDE and what have you - heck, take X too, while you're at it. Back when my machine wasn't so powerful I used to run without it (X is just a way to fit more terminals on your screen at once anyway, right?
But please, don't take my GNU tools. Take away those and it's just Not Unix anymore (irony intended). And what's more, it just wouldn't be "linux" to most people's eyes - I mean, yes, technically, if you boot just the kernel on an embedded device or something, we all know it's still Linux in there... but it isn't "linux" in the sense that most people think of it (the desktop OS distributions).
What people think of as "linux" is really GNU. GNU is the essence of the operating system - it's basically all of the truely essential stuff that is visible to the user. I could happily run another Unix-like system without a Linux kernel (eg. FreeBSD, if it supported all my hardware) without noticing too much difference, but I'd sooner poke myself in the eye with a fork than use Linux without a Unix-like environment.
The Unix environment is the heart of the operating system. And GNU happens to be a particularly good clone of it. The key similarity between the Fedora, SuSE, and Ubuntu operating systems that you mentioned is that they are all GNU operating systems. To describe the Ubuntu operating system as a GNU/Linux based operating system seems the most accurate to me, quite aside from the fact that it gives credit to people who deserve it.
Just something to think about.
What?!
:(
You guys aren't allowed to say obscene words on TV up there? Not even after 10pm or something?
But... but... what about all your rap music videos and stuff? No... it can't be true.
As a side note, Billy Connolly is a very funny man. But if you were to censor all the obscenities out it would just totally destroy it
In your example Yahoo are clearly using the software themselves, in-house.
Providing a web service != software distribution.
I'm going to go with troll.
Everybody knows the "or any later version" clause is an option. If you have a copy of some GPL v2 code with the "or any later version" clause lying around, you can choose to adhere to the GPL v3 terms if you wish, but you can also choose to adhere to the v2 terms and ignore your option to use "any later version". So what's your point?
In english we use the pronoun "he" when discussing a person of unspecified gender, thank-you-very-much. "She" is used for the discussion of inanimate things - ships, countries, motor vehicles, etc. No need to be too over the top with political correctness.
Sorry, pet peeve
--
he1
-pronoun
1. the male person or animal being discussed or last mentioned; that male.
2. anyone (without reference to sex); that person: He who hesitates is lost.
-noun
3. any male person or animal; a man: hes and shes.
-adjective
4. male (usually used in combination): a he-goat.