Slashdot came around just as I was starting college... perfect timing and really influenced me at the time. My interest has waxed and waned, mostly waned in the last five years or so, but the influence Slashdot had on the burgeoning web can not be denied. Godspeed CmdrTaco. Godspeed.
How does an company like Microsoft "learn" to become more "transparent"? Painfully, with community push, things like the IronRuby project and groups like Alt.NET really are slowly changing the way Microsoft operates. Tell me ScottGu would have been where he is now 10 years ago at MS.
Ruby.NET was something totally different (http://rubydotnet.googlegroups.com/web/Home.htm) and was actually a community based project started by Dr. Wayne Kelly (who is know helping with IronRuby).
1) John Lam has stated that IronRuby is Ruby first. The goal is to run real ruby programs,.NET interop is secondary.
2) IronRuby is published under the MS-PL an OSI-approved license (http://www.opensource.org/licenses/ms-pl.html) if they start to get persnickety the community will just fork it.
There is, of course, quite a difference between being backwards compatible with regards to the end-user experience and being backwards compatible with the legion of web developers out there. I'm sure the first statement was for the former, and the second one for the latter.
...Is hanging out with some mighty strange types these days...I mean Jay-Z? What has the ol' Lonely Hearts Club Band come to? Next it'll be human sacrifices, cats and dogs living together, mass hysteria!
if you're using qmail simply add mail.ispname.com or smtp.ispname.com to your smtproutes file, it really is a trivial thing to do and prevents your mail being blocked for such reasons while allowing you to still run your own mail server.
I should clarify though that it would only be possible if someone was on your system WHILE you were encrypting something or decrypting something that was encrypted with your key. It isn't/possible/ to execute this attack AFTER something is encrypted, only during the encrypting process.
Someone tell me if I'm wrong...I might be, but I don't think I am...
According to the conclusion at the end of the article:
"We devised and implemented a timing attack against OpenSSL { a library commonly used in web servers. Our experiments show that, counter to current belief, the timing attack is eective when carried out between two machines in a local network. Similarly, the timing attack is eective between two processes on the same machine and two Virtual Machines on the same computer. We hope these results will convince designers of crypto libraries to implement defenses against timing attacks as described in the previous section."
So it looks like it is only useful against machines on the local network, which means you would have to have a comprimised machine on the network to launch the attack from. Possible yes, but it's not has simple has querying a remote system over the internet (I would assume that the unknown latency would render a timing attack useless, but couldn't use you use a traceroute to determine the latency and compinsate? Just a thought..) Anyway, I don't expect there to be 1,000s of comprimised servers by tommorow...
"Many crypto libraries completely ignore the timing attack and have no defenses implemented to prevent it. For example, libgcrypt [6] (used in GNUTLS and GPG) and Cryptlib [7] do not defend against timing attacks."
So I would say yes it is (If you consider GPG the same has PGP that is)
Honestly people...how dense to you have to be to know that giving out your SOCIAL SECUIRTY NUMBER and/or CREDIT CARD NUMBER to an UNTRUSTED, UNKNOWN source of the INTERNET is a/BAD/ idea?
Does the public really need to be educated on this?
I would NEVER give that information out until I was sitting across the table from the prospective employer or at least had a verifiable phone number and did it over the phone..even then I think it would have to be face to face for me to be comfortable.
It just seems like a "Well Duh don't do that" type of message...
I would say that this is usually true UNLESS you use encryption (ie PGP or GPG), which I think could be easily argued is MORE secure then regular mail OR the telephone (or even face to face communications since it's harder to "overhear" since we told talk in encypt-speak:) )
Fundamental problem with that idea...on that graph not all points are equidistant from the center. The second you move so much as a millimeter along that line the point at which it is at changes by it's slope. ie you move 1 unit to the left you've just moved.5 units down. In eucliden geometry ONLY a circle as all points the same distance from the center.
First a few questions...which amendment is it that says the United States Constitution applies to the states? As far as I still know the United States Constitution ONLY applies to the United States Government. The State governments are still regulated by their own constitutions.
Also, many people seem to forget that you have NO rights until you become a voting citizen in the republic, ie you turn eighteen. Which makes sense. Just like the poll tax, but that's a whole other subject.
I think it's about time Slashdot started editing the stories that go on the main page. There are SO MANY grammatical and spelling errors seeping into thse posts that it is getting to be unbearable.
thse posts no grammer have, nor speeeling,/. this is, use to it you are not, get use you must. speel checker for post not bad idea might not be
GPG is based on the OpenPGP standard ( RFC 2440 ) which doesn't, AFAIK, include "Key Escrow" or "ADK". PGP seemes to have "added" this feature, perhaps this is what the mean by "multiple recipents" in the E-business product.
Of course I could be wrong, but that's the way it looks to me:)
Slashdot Mirror
Slashdot came around just as I was starting college... perfect timing and really influenced me at the time. My interest has waxed and waned, mostly waned in the last five years or so, but the influence Slashdot had on the burgeoning web can not be denied. Godspeed CmdrTaco. Godspeed.
Read the EULA.
Ruby.NET was something totally different (http://rubydotnet.googlegroups.com/web/Home.htm) and was actually a community based project started by Dr. Wayne Kelly (who is know helping with IronRuby).
Two points:
.NET interop is secondary.
1) John Lam has stated that IronRuby is Ruby first. The goal is to run real ruby programs,
2) IronRuby is published under the MS-PL an OSI-approved license (http://www.opensource.org/licenses/ms-pl.html) if they start to get persnickety the community will just fork it.
You're on your own, after all noone is accountable. Don't you wish you had paid for your software now?
Given their attitude.
There is, of course, quite a difference between being backwards compatible with regards to the end-user experience and being backwards compatible with the legion of web developers out there. I'm sure the first statement was for the former, and the second one for the latter.
...Is hanging out with some mighty strange types these days...I mean Jay-Z? What has the ol' Lonely Hearts Club Band come to? Next it'll be human sacrifices, cats and dogs living together, mass hysteria!
if you're using qmail simply add mail.ispname.com or smtp.ispname.com to your smtproutes file, it really is a trivial thing to do and prevents your mail being blocked for such reasons while allowing you to still run your own mail server.
Qmail is small, fast, easy and secure.
I should clarify though that it would only be possible if someone was on your system WHILE you were encrypting something or decrypting something that was encrypted with your key. It isn't /possible/ to execute this attack AFTER something is encrypted, only during the encrypting process.
Someone tell me if I'm wrong...I might be, but I don't think I am...
According to the conclusion at the end of the article:
"We devised and implemented a timing attack against OpenSSL { a library commonly used in web
servers. Our experiments show that, counter to current belief, the timing attack is eective when
carried out between two machines in a local network. Similarly, the timing attack is eective
between two processes on the same machine and two Virtual Machines on the same computer. We
hope these results will convince designers of crypto libraries to implement defenses against timing
attacks as described in the previous section."
So it looks like it is only useful against machines on the local network, which means you would have to have a comprimised machine on the network to launch the attack from. Possible yes, but it's not has simple has querying a remote system over the internet (I would assume that the unknown latency would render a timing attack useless, but couldn't use you use a traceroute to determine the latency and compinsate? Just a thought..) Anyway, I don't expect there to be 1,000s of comprimised servers by tommorow...
Well, according to the article:
"Many crypto libraries completely ignore the timing attack and have no defenses implemented to
prevent it. For example, libgcrypt [6] (used in GNUTLS and GPG) and Cryptlib [7] do not defend
against timing attacks."
So I would say yes it is (If you consider GPG the same has PGP that is)
Honestly people...how dense to you have to be to know that giving out your SOCIAL SECUIRTY NUMBER and/or CREDIT CARD NUMBER to an UNTRUSTED, UNKNOWN source of the INTERNET is a /BAD/ idea?
Does the public really need to be educated on this?
I would NEVER give that information out until I was sitting across the table from the prospective employer or at least had a verifiable phone number and did it over the phone..even then I think it would have to be face to face for me to be comfortable.
It just seems like a "Well Duh don't do that" type of message...
I would say that this is usually true UNLESS you use encryption (ie PGP or GPG), which I think could be easily argued is MORE secure then regular mail OR the telephone (or even face to face communications since it's harder to "overhear" since we told talk in encypt-speak :) )
Of course I just missed the line:" Just redefining ONE simple function (to simulate city streets) will make PI equal 2."
Still dude...it just seems wrong....
Fundamental problem with that idea...on that graph not all points are equidistant from the center. The second you move so much as a millimeter along that line the point at which it is at changes by it's slope. ie you move 1 unit to the left you've just moved .5 units down. In eucliden geometry ONLY a circle as all points the same distance from the center.
:)
Might want to rethink your theory
First a few questions...which amendment is it that says the United States Constitution applies to the states? As far as I still know the United States Constitution ONLY applies to the United States Government. The State governments are still regulated by their own constitutions. Also, many people seem to forget that you have NO rights until you become a voting citizen in the republic, ie you turn eighteen. Which makes sense. Just like the poll tax, but that's a whole other subject.
I think it's about time Slashdot started editing the stories that go on the main page. There are SO MANY grammatical and spelling errors seeping into thse posts that it is getting to be unbearable.
/. this is, use to it you are not, get use you must. speel checker for post not bad idea might not be
thse posts no grammer have, nor speeeling,
how low can we go?
Well if da Taco replies....
pshaw, you new fangled users don't know what low is....;)
oh come on, be honest, the Olympics might be exciting but are they really all that intresting?
SENGAN!?!?!?
Where have YOU been?
Damn....
It shouldn't, at all.
:)
GPG is based on the OpenPGP standard ( RFC 2440 ) which doesn't, AFAIK, include "Key Escrow" or "ADK". PGP seemes to have "added" this feature, perhaps this is what the mean by "multiple recipents" in the E-business product.
Of course I could be wrong, but that's the way it looks to me