Bug counts mean shit-all. You are comparing distributions that are carrying different patches for programs at different versions. Besides, who care what your bug count is when Ubuntu WRITES the shadow passwords to an unsecure file? Remember that? Ubuntu could have only 1 bug, but if that bug is enough to give a cracker root, who cares what the count is..
"Mrs. Green, can I be excused? My NADD is kicking in." "Dude, I've got NADD too!" "I'm going to kick you in the NADDs." "We need to talk about your NADD."
Huh, that kinda turned around my opinion. TCPA = okay = secure storage of keys, basically. Palladium = bad = trusted applications. Is that what I'm getting out of this?
So, I've read the relevant wiki articles, I've been trying to follow this whole thing. I still don't understand the point of the Parliament, if the Comission wields the veto power. If the comission can completely ignore the recommendation of Parliment, then why bother even having the Parliment, or the council of presidents? It sounds like just an advisory comittie (dammit, I've never been able to spell that right). Can somebody explain it to me?
But here's the problem : in the current war on "terror", if you even try to see things from the perspective of your adversary, you are a sympathetic terrorist. Sympathetic = Guantanamo time, like Walker got. So, this is a little different then other wars, because the support for the "terror" war is such that if you step out of line at home, they can arrest you. In previous wars, there were demonstrations against why it was occuring, and you could expect not to be arrested. Now, you try that, you'll end up deported.
Just for fun, try walking down the street and seeing what people say to you when you ask them, "Why do you think OBL hates us?" I've gotten responses from "you're anti-american" to "why don't you go over there and fight for them".
How about this for a possibility? Wiki is the foremost online encyclopedia, Google, one of the best search engines. So, assuming some amount of traffic on google is just there for "I don't know what x is", Google just points them to "x" wiki article, which is on their own servers. Like the current MW lookup from the top, but more.
Learn more about "x" at Wikipedia. Display top 10 web results of bajillions. (instead of the wiki article showing up in the results)
Of course, this will make the wiki explode with vandals "Wow, I can gafitti this place!", but they'll sort it out soon enough.
1) You restrict piracy, by putting on DRM. 2) The public either buys in or they stop buying, as economics tells you. But they only have a finite paycheck, and a CD is probably pretty far down on their list. They'll find reasonable substitutes. 3) Your profits fall, since nobody wants a CD you can't copy and share with your friends. 4) You blame it on piracy, send a few lawsuits and buy off some Congressional members. 5) Goto 1.
I think this is a pretty accurate description of the way it's working right now.
What's easier, sending a trojan out on the wire to unpatched windows boxes (or, maybe, they've got a special packet that will make the windows box install it automagically) or installing a hardware keylogger pn my *nix box? Besides, if I'm worth spending money for a hardware keylogger, I have bigger problems...
Mod parent up. Because if they want to install a keylogger, then it's very easy to get around (notice I didn't say circumvent, it may very well be illegal in the US to go around a "lawfully placed anti-circumvention device to record your circumventions") - just install something else (pick your distro of choice) that their software doesn't work on. Easy enough. Watch me elude their keylogging efforts simply by making a SSH keypair and using a *nix/*bsd variant.
What's the difference? When they have your private key, and they have your passphrase, they can do BOTH. I guess that was my point - even if they don't want to forge your name, they still have everything they want to know. It really doesn't help if they can impersonate the person on the other end if they can't decrypt your reply, encrypted with the posted parties key.
Well, sure, the FBI could implement a man in the middle attack, but if you're that paranoid (or interesting) that the FBI would want to do that, then you'll be signing your keys with direct exchange anyway. It's all a matter of how much security you want. If you don't want sysadmin Joe to read your mail, then you'll be encrypting it, but you're too lazy to sign the person's key you're sending it to. If, however, you're dealing in drugs, or, *gasp* something more dangerous (like dubya might want your head) then you'll be damn sure that your keys are signed, and that they're NOT publicly available.
Really, there are easier ways to break public key encryption if you haven't taken the necessary precautions - all the FBI has to do is install a keylogger and they have your passphrase, sieze your computer and they've got your private key - what more do they need to BE you? You also need to consider those problems on the recieving end too. Those are all order of magnitude easier than cracking a good 256 bit blowfish.
Central servers make it easier to prevent CASUAL perusal of your mail, nothing else. If they're sophisticated enough to mount a man-in-the-middle, then they can install a keylogger too. So I don't think that this is a terrible idea.
Well, see, if you were a researcher, in CS, then you'd be seeing your money drain away as the dotboom progressed. Hey, you've got kids to feed. The feds want terrorism datamining, and, well, you're a giant nerd. Let's put the two together, okay?
And don't blame the researcher so much, if they didn't do it, someone else would, or the feds would subcontract it. (Yes, I do agree, some researchers have no moral compass. Some do. It may be different then yours, though.) It would get done. Just because it's NSF, doesn't mean that they're doing it because it's altruistic - it's because someone (CIA? FBI? Who cares?) WANTS it done, and has earmarked funds for this kind of thing, not necessaricly this EXACT thing.
>As SCO come closer to death it's interesting to see Microsoft's anti-Linux activities seeming more desperate as they flail around looking for options however implausible they may be. The ultimate effect of this one though may be the isolation of Microsoft to American territory, their overseas markets cut off by their own hand.
Yeah, I think this is the most telling. They tried sublety, that didn't work. They tried plenty of FUD, well, didn't work either. SCO has been going aboslutely nowhere against IBM, so the "have the cronies do it" option isn't working either. So, where does that leave you? You'd better do it yourself. Well, in the countries where the GDP doesn't depend on MS, then it looks feasible to switch and give them the finger on your way out. No recourse for MS, no leverage. (The US is screwed, but that's a different story.)
Well, what I find interesting, is that the/. crowd, who are aguably the most informed and knowledgable about computers, are the ones who are arguing against evoting. Why is that?
1)/. knows that the users ARE stupid, and nothing can change that, so go for the least common denominator (paper ballots).
2) They know that, despite assurances, there's always another bug, and that none of them trust their vote to a damn computer (despite the fact that their livelyhood depends upon it).
Yeah, that's capitalism. I wonder how many/. people have got money invested in 401k/IRA. I wonder how many of them actually peruse their prospectuses and find out that, my god, MS is probably one of their largest investments! Now what? You want to vote, vote with your feet and get out of the investment. Wow. Now, is the government supporting them or are YOU? Take a look, I think you'll be suprised.
Here's the problem. How many privately owned satillites are there that can do "land sensing"? Not many. LANDSAT, GOES, all the important ones are govt owned. So that's a Bad Idea.
Okay, so nobody wants proliferation of nukes. Okay, that's fine. But if someone really wants a nuke, do you think that they will buy this and crack it open? Hell no! They'll roll their own. And there won't have been any point to this port-a-reactor that generates a pittiance of energy (100MW is about enough to cover a few small cities, but not much else). Oh yeah, and if they do try to crack it open, I guarantee you the US will have an excuse to invade, but that's a side note.
Yeah, the prices are just ridiculous. $3000 for an average (not good, like Phys Rev) journal for the year? Isn't that a bit crazy, especially when you have to ask the publisher to use your own paper in another of your own papers? That's ridiculous, especially when it's taxpayer money that's paying for more than, oh, 3/4 of the papers in this $3k journal. I, as a taxpayer, would like access to those papers that I fund through my IRS donation, even if I can't understand them. Perhaps this will also lead more people to science, as well, for all those brainiac kids (Charles Murry, for example:)
Yeah, but it's just Phys Rev. A lot of cool stuff happens that never gets published in Phys Rev. Sometimes, it's a talk at a symposium that is published and makes a big splash.
Slashdot Mirror
Bug counts mean shit-all. You are comparing distributions that are carrying different patches for programs at different versions. Besides, who care what your bug count is when Ubuntu WRITES the shadow passwords to an unsecure file? Remember that? Ubuntu could have only 1 bug, but if that bug is enough to give a cracker root, who cares what the count is..
Someone had to say it first....
FTFA:
"Collection and use of expertise:
There was no need for external expertise."
Read:
"We set the length and types of retention. Suck it up, kids. You're gonna get fucked."
Nerd Attention Deficit Disorder - NADD.
"Mrs. Green, can I be excused? My NADD is kicking in."
"Dude, I've got NADD too!"
"I'm going to kick you in the NADDs."
"We need to talk about your NADD."
dbitch
Huh, that kinda turned around my opinion. TCPA = okay = secure storage of keys, basically. Palladium = bad = trusted applications. Is that what I'm getting out of this?
So, I've read the relevant wiki articles, I've been trying to follow this whole thing. I still don't understand the point of the Parliament, if the Comission wields the veto power. If the comission can completely ignore the recommendation of Parliment, then why bother even having the Parliment, or the council of presidents? It sounds like just an advisory comittie (dammit, I've never been able to spell that right). Can somebody explain it to me?
But here's the problem : in the current war on "terror", if you even try to see things from the perspective of your adversary, you are a sympathetic terrorist. Sympathetic = Guantanamo time, like Walker got. So, this is a little different then other wars, because the support for the "terror" war is such that if you step out of line at home, they can arrest you. In previous wars, there were demonstrations against why it was occuring, and you could expect not to be arrested. Now, you try that, you'll end up deported.
Just for fun, try walking down the street and seeing what people say to you when you ask them, "Why do you think OBL hates us?" I've gotten responses from "you're anti-american" to "why don't you go over there and fight for them".
How about this for a possibility? Wiki is the foremost online encyclopedia, Google, one of the best search engines. So, assuming some amount of traffic on google is just there for "I don't know what x is", Google just points them to "x" wiki article, which is on their own servers. Like the current MW lookup from the top, but more.
Learn more about "x" at Wikipedia.
Display top 10 web results of bajillions.
(instead of the wiki article showing up in the results)
Of course, this will make the wiki explode with vandals "Wow, I can gafitti this place!", but they'll sort it out soon enough.
It's a neat vicious spiral, isn't it?
1) You restrict piracy, by putting on DRM.
2) The public either buys in or they stop buying, as economics tells you. But they only have a finite paycheck, and a CD is probably pretty far down on their list. They'll find reasonable substitutes.
3) Your profits fall, since nobody wants a CD you can't copy and share with your friends.
4) You blame it on piracy, send a few lawsuits and buy off some Congressional members.
5) Goto 1.
I think this is a pretty accurate description of the way it's working right now.
What's easier, sending a trojan out on the wire to unpatched windows boxes (or, maybe, they've got a special packet that will make the windows box install it automagically) or installing a hardware keylogger pn my *nix box? Besides, if I'm worth spending money for a hardware keylogger, I have bigger problems...
Mod parent up. Because if they want to install a keylogger, then it's very easy to get around (notice I didn't say circumvent, it may very well be illegal in the US to go around a "lawfully placed anti-circumvention device to record your circumventions") - just install something else (pick your distro of choice) that their software doesn't work on. Easy enough. Watch me elude their keylogging efforts simply by making a SSH keypair and using a *nix/*bsd variant.
What's the difference? When they have your private key, and they have your passphrase, they can do BOTH. I guess that was my point - even if they don't want to forge your name, they still have everything they want to know. It really doesn't help if they can impersonate the person on the other end if they can't decrypt your reply, encrypted with the posted parties key.
Well, sure, the FBI could implement a man in the middle attack, but if you're that paranoid (or interesting) that the FBI would want to do that, then you'll be signing your keys with direct exchange anyway. It's all a matter of how much security you want. If you don't want sysadmin Joe to read your mail, then you'll be encrypting it, but you're too lazy to sign the person's key you're sending it to. If, however, you're dealing in drugs, or, *gasp* something more dangerous (like dubya might want your head) then you'll be damn sure that your keys are signed, and that they're NOT publicly available.
Really, there are easier ways to break public key encryption if you haven't taken the necessary precautions - all the FBI has to do is install a keylogger and they have your passphrase, sieze your computer and they've got your private key - what more do they need to BE you? You also need to consider those problems on the recieving end too. Those are all order of magnitude easier than cracking a good 256 bit blowfish.
Central servers make it easier to prevent CASUAL perusal of your mail, nothing else. If they're sophisticated enough to mount a man-in-the-middle, then they can install a keylogger too. So I don't think that this is a terrible idea.
Well, see, if you were a researcher, in CS, then you'd be seeing your money drain away as the dotboom progressed. Hey, you've got kids to feed. The feds want terrorism datamining, and, well, you're a giant nerd. Let's put the two together, okay?
And don't blame the researcher so much, if they didn't do it, someone else would, or the feds would subcontract it. (Yes, I do agree, some researchers have no moral compass. Some do. It may be different then yours, though.) It would get done. Just because it's NSF, doesn't mean that they're doing it because it's altruistic - it's because someone (CIA? FBI? Who cares?) WANTS it done, and has earmarked funds for this kind of thing, not necessaricly this EXACT thing.
>As SCO come closer to death it's interesting to see Microsoft's anti-Linux activities seeming more desperate as they flail around looking for options however implausible they may be. The ultimate effect of this one though may be the isolation of Microsoft to American territory, their overseas markets cut off by their own hand.
Yeah, I think this is the most telling. They tried sublety, that didn't work. They tried plenty of FUD, well, didn't work either. SCO has been going aboslutely nowhere against IBM, so the "have the cronies do it" option isn't working either. So, where does that leave you? You'd better do it yourself. Well, in the countries where the GDP doesn't depend on MS, then it looks feasible to switch and give them the finger on your way out. No recourse for MS, no leverage. (The US is screwed, but that's a different story.)
Well, what I find interesting, is that the /. crowd, who are aguably the most informed and knowledgable about computers, are the ones who are arguing against evoting. Why is that?
/. knows that the users ARE stupid, and nothing can change that, so go for the least common denominator (paper ballots).
1)
2) They know that, despite assurances, there's always another bug, and that none of them trust their vote to a damn computer (despite the fact that their livelyhood depends upon it).
Yeah, that's capitalism. I wonder how many /. people have got money invested in 401k/IRA. I wonder how many of them actually peruse their prospectuses and find out that, my god, MS is probably one of their largest investments! Now what? You want to vote, vote with your feet and get out of the investment. Wow. Now, is the government supporting them or are YOU? Take a look, I think you'll be suprised.
Here's the problem. How many privately owned satillites are there that can do "land sensing"? Not many. LANDSAT, GOES, all the important ones are govt owned. So that's a Bad Idea.
Jesus, DOE/DOD can't make up their mind.
Okay, so nobody wants proliferation of nukes. Okay, that's fine. But if someone really wants a nuke, do you think that they will buy this and crack it open? Hell no! They'll roll their own. And there won't have been any point to this port-a-reactor that generates a pittiance of energy (100MW is about enough to cover a few small cities, but not much else). Oh yeah, and if they do try to crack it open, I guarantee you the US will have an excuse to invade, but that's a side note.
Yeah, the prices are just ridiculous. $3000 for an average (not good, like Phys Rev) journal for the year? Isn't that a bit crazy, especially when you have to ask the publisher to use your own paper in another of your own papers? That's ridiculous, especially when it's taxpayer money that's paying for more than, oh, 3/4 of the papers in this $3k journal. I, as a taxpayer, would like access to those papers that I fund through my IRS donation, even if I can't understand them. Perhaps this will also lead more people to science, as well, for all those brainiac kids (Charles Murry, for example:)
Yeah, but it's just Phys Rev. A lot of cool stuff happens that never gets published in Phys Rev. Sometimes, it's a talk at a symposium that is published and makes a big splash.