Why not? If I download AOSP and compile it for a handset, and mode no changes, why can't I just link to google's AOSP site.
Because it's not up to you, the GPL license text explicitly covers this scenario in section 3, specifically section 3.c. You are only allowed to say "go get it at Debian" for non-commercial distribution and only if you received the program in object code or executable form with such an offer. "Such an offer" refers to if Debian has given you a written offer as stated in section 3.b: "Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code,[..]"
Well, to be perfectly honest, Linus has explicitly stated that it is ok, no matter what the GPL says. Even though he doesn't have copyright on the entire kernel code, nobody who is doing mainline kernel development seems to be arguing with him. Legally, it's probably a grey area.
I've been taught that the difference is static or dynamic linking: If you statically link your software with GPL'd software and distribute it, it's a derivative work and you need to release your software under the GPL. If you link dynamically, it's a legal grey area and nobody knows, but most people think it's ok.
2^128 is 340282366920938463463374607431768211456 unique combinations. Every 2^128 input string (at random) will hash to the same value, that called a Hash collision. Finding them is what is difficult: if you have a hash value and can find a string that hashes to that value, the algorithm is broken: You have succeeded with a collision attack. The algorithms that we use for secure hashing are designed to be resistant to those kinds of attacks. You should read up on some design criteria for Secure hash algorithms and you'll know why you're wrong.
No, you're wrong. Not in stating that a hash is a fixed length, but you're totally wrong about the consequences. If you were right, a 256-bit secure hash couldn't be used to protect your new shiny 4 GB ubuntu DVD image from malicious changes, for example. The whole point of secure hashes is that it is impossible (i.e. extremely improbable, as in you would never succeed before the universe dies a heat death) to generate a new input (of arbitrary length) which hashes to the same value. If you can, the algorithm is broken and should not be used (and this happens all the time: MD5 is broken, SHA1 is deprecated and everyone should be moving to SHA2).
It does not matter if you are using a one kilobyte password input to your fixed length hash algorithm. It's still just as secure because it's designed to be.
They benefited from the system all their lives but when it's their turn to pay in, they leave.
Please, what system? Workers are mobile inside Europe.
No, they're not. Inside the European union (which I'm sure is what you meant), while you have the right to move around and work as you wish, most people don't do it and don't want to. In practice there's language barries and cultural barries all over the place.
Social security and welfare is more or less equal inside Europe as well.
Absolutely not. You can start by looking at one article in wikipedia where it is immediately apparent that countries are running their own systems, with substantial differences in rules and rates. The Nordic countries (such as Finland) are generally in the lead.
Rovio is in this case a prime example of a company which has benefited substantially from Finland's school system for skilled employees (they're one of the absolutely best in the world), Finland's stable democracy and their stable economy. When they're asked to pay back, they flee -- an extremely immoral act which I sincerely hope will bite them in the ass.
You have a lot to learn about how consumer protection laws work over here. Yes, you can't claim one thing in the largest letters in the ads if the consumer can't reasonably expect it to be true. However, the reporting is a bit overblown as they're only thinking about starting an investigation. Quoting the Swedish Consumer Agency (my own error-prone translation of a MacWorld article at http://macworld.idg.se/2.1038/1.440631/konsumentverket-granskar-apple):
"- This is probably something we have to look into, it isn't totally obvious, says Marek Andresson, jurist at the Swedish Consumer Agency to the news agency TT.
- This advertisement might satisfy the demands of the law, but it could have been clearer. It needs to be correct and not misleading. It is only two countries on another continent where the product works according to the ads. But at the same time Apple isn't withholding information, says Marek Andersson."
What do you mean by "no system prevents buying votes"? Doesn't almost all paper ballot systems require you to vote (whether that means marking something on a slip or putting a paper inside an envelope or something else) behind a protective screen and no one else is allowed to watch (thus, you cannot prove how you voted)?. How does that not prevent buying votes?
There are a few issues, the major one is anonymity. Your proposed system, using an existing public key infrastructure (the Bank-ID system) tied to personal identities cannot be made anonymous. It would also encourage vote selling since you would be able to prove what you voted for.
The current paper ballot system fixes this by doing the identity check when you hand in your paper ballot, at which point your vote is already anonymized since it's in an opaque envelope. Vote selling is made a lot harder by ensuring that the only person present when you put your slip in the envelope is you (and you are doing it behind a protective screen).
You should also know that the Bank-ID token system is not secure; I would never trust my identity to it. Major parts of the client software has been reverse engineered as part of the FriBID project, and it ain't looking pretty.
Of the top of my head, I guess the major reason is that with paper ballots there is no attack vector for manipulating the whole system at once. To rig an election, you'd have to bribe a sufficient number of vote counters which isn't easily done without anyone noticing (and the number is quite big for a national wide election, that's why it works so well). When you introduce voting machines, if you discover a hole in the e-voting system you can manipulate the whole system without anyone knowing.
Then you introduce a paper trail but (surprise!) you're back to counting ballots by hand anyway. You could of course only count a small subset of all paper ballots but then you make bribing the right people easier.
A basic requirement on e-voting machines would, of course, be that they are completely open sourced (both hardware and software) and looked over by the best minds we have. Since that is probably never going to happen, e-voting shouldn't happen either.
Google admits this seems to be a real attack but it seems to be a Flash exploit. Since Flash seems to be an utter piece of sh^H^H not-so-good program, they've sandboxed it somewhat to get rid of a lot of attack vectors. However, in TFA they're publicly stating that their sandbox isn't perfect and that it won't stop all attacks. Google's Flash sandbox is better than nothing but it ain't perfect.
What I really think is the issue here is this french security firm that admittedly has a new zero-day against Flash and a way of compromising the Google Flash sandbox and they refuse to let Google or Adobe fix it. Instead, they've decided to profit from it selling the info to who knows what kind of organizations. That's immoral and should be downright illegal. Why isn't that the headline?
A) Same goes for any type of mine: coal, uranium or otherwise.
B) False (i.e., the opposite of true). Read the IAEA reports. No such correlation exists. There is however an increase in typhoid cancer risk, something which is accounted for.
C) You need to equate nuclear power with something else with base load capabilities. The alternatives are fossil fuel, hydropower and geothermal energy. Hydropower can only be built in countries with large rivers (and prepared to seriously mess up the landscape) and geothermal can only be built in countries that are geologically suitable. That leaves fossil fuels for all others, i.e. most of the world.
Then you can perhaps hang out with friends who are studying/have a PhD in another subject or have cross-disciplinary research teams? Today, you really need in-depth knowledge to be able to advance your field (which is actually the point of a PhD) because we've advanced a lot since the 1800s. I don't see any point in establishing a broad know-something-about-everything type of degree, it won't keep us going forward as a civilization.
Not having to deal with foot-inches is easier, too. (Although everybody seems to disagree about whether to use m, cm, or mm.
That's because they're the same unit just different prefixes; the metric has only got one length unit and that is the meter. I guess this might be a bit harder to get used to if you're used to imperial measurements but there's nothing wrong in mixing prefixes all over the place as long as you're typing them out properly. Scientists sometimes use scientific notation to be clear on scale though, but that would be a bit of a hassle for a building project:)
But if you are a member you can get some things for "free". Like using their churches and other buildings for weddings, baptisions, funerals etc. You don't need to pay the priest either.
So it might be a good deal even if you are not religious but still want to get married in a real church.
Well, if both parents aren't members of the church (and, by extension, probably do not self-identify as christians), why would they want their children baptised and their wedding performed by a priest in a church with God as a witness? I don't get that. If one parent subscribes to the Lord Jesus Christ, the church will provide those service free for the whole family.
The Swedish government collects taxes and then gives them to various religious. If I recall correctly you can opt out, but the government then just keeps the money anyway.
So creating a religion which supports your views may not be such a crazy thing after all.
If it lampoons the established religions which at the end of the day are no more sensible so much the better.
You are not recalling correctly. Swedish citizens automatically become members of the Swedish Church at birth. As a member of that church, one pays a specific tax that goes directly to the Swedish church, not any other religious foundation. It is perfectly possible to opt out of being a member of the Swedish Church and then one does not pay any such tax anymore.
Well, to be honest, neither are you =) Since the separation of the Swedish church and the Swedish state in 2000, children do not automatically become members of the Swedish church (unless both parents are members or something like that, IIRC).
What GP could have gotten mixed up is the compulsory leftover of the old church tax even if you opt out: the funeral fee or begravningsavgiften, which is about 0.07%. That tax pays for your funeral and makes sure there is somewhere to put your grave when your time comes (without any christian bling-bling if you are not a church member, of course).
For all of you shouting "encryption": Done properly, that will of course ensure that (evil) corporations and (evil) government won't be able to read your e-mails. However, that's often not what they are interested in, they're interested in who you're talking to. There's no support for encrypting the destination address in any standard.
Sorry but the spam problem has made that impossible. The reason that you can't run a mail server at home is not a shortage of IP addresses in IPv4 but that most ISPs will refuse to deliver mail from dynamic IPs since thats mostly home subscribers (running an old an unpatched version of Windows and are therefore most likely part of a botnet) and not larger companies. That problem won't change with IPv6.
They're used (I think the system is called ACARS), but the links are expensive so I think they are used sparingly (triggered when the aircraft is in an emergency and so on).
Even if the overall number of people dying would go down, when I devolve my safety to a machine like an autopilot, I want to make sure that I am just as safe as when I drive myself.
Here's where you're wrong: You are always less safe when you drive yourself, you only feel safer.That's because human beings are not rational when it comes to safety: We automatically trust ourselves more than others (although it is very often completely wrong) and people related to us more than a random stranger. You just demonstrated that point...
They work fine if you're buying a lot of stuff or some expensive stuff. However, if you've just bought a plastic shelf as the parent poster, the minimum charges are prohibitively expensive.
It's called the Visby classcorvette. Pretty cool ship actually, although apparently the on-board systems run Windows, which should make it a pretty easy target...:)
The tsunami happened either way. But with the Fukushima reactor, additional loss of life has resulted, and will continue to for decades to come.
I've been reading this a lot as of late and I'm getting annoyed. The radioactive isotope from Fukushima that has a half-life long enough and has sufficient concentration to be a concern is Iodine-131, which has a half-life of eight days. Not "several decades". What you're thinking of is probably Cesium-137 and Strontium-90 (which are really bad long-term), but they haven't been released in any large quantities to warrant any concern so far.
Cancer doesn't tend to kill you the moment the first neutron damages your DNA. It takes a while.
What, do you think the primary risk with nuclear power is that there will be an atom-bomb style explosion?
No, and I don't think that most people suggests that. We can calculate (an upper bound to) the cancer risk given a certain amount of absorbed radiation, so that's well known. We've been able to do this for quite some time so there's no need to spread fear about mysterious future dangers.
One could spin the same question in the other direction:
So there was a reactor running in a zone known to be exposed to tsunamis, which was not even designed to widthstand a tsunami?
Yes it was, however IIRC it was only engineered to withstanda three metre tsunami and not a (what is it now?) 15 metre one which no one seemed to be able to imagine happening.
And the first tsunami to ever hit it managed to take out the cooling power and the backup cooling power too with one stroke?
I don't think it was the first tsunami to ever hit it (see above) but the first tsunami to be that much higher than the height of the tsunami barrier since the 1960s
And the third cooling system managed to keep going for how long? 1.5 hrs?
The backup batteries lasted for eight hours, precisely what they were engineered to do. However, considering that all infrastructure in a helluva radius had been washed away, bringing in backup generators proved to be a bit more problematic.
We have a flawly designed reactor at a flawly chosen place. We have been so lucky that nothing happened for 40 years.
You could be right, but we can actually figure out just how lucky (or unlucky) we've been in the last 40 years and draw our conclusions from facts when the disaster is over. The correct way of doing this is re-engineering existing and future power plants using the experience we can get from Fukushima.
Slashdot Mirror
Why not? If I download AOSP and compile it for a handset, and mode no changes, why can't I just link to google's AOSP site.
Because it's not up to you, the GPL license text explicitly covers this scenario in section 3, specifically section 3.c. You are only allowed to say "go get it at Debian" for non-commercial distribution and only if you received the program in object code or executable form with such an offer. "Such an offer" refers to if Debian has given you a written offer as stated in section 3.b: "Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code,[..]"
Well, to be perfectly honest, Linus has explicitly stated that it is ok, no matter what the GPL says. Even though he doesn't have copyright on the entire kernel code, nobody who is doing mainline kernel development seems to be arguing with him. Legally, it's probably a grey area.
I've been taught that the difference is static or dynamic linking: If you statically link your software with GPL'd software and distribute it, it's a derivative work and you need to release your software under the GPL. If you link dynamically, it's a legal grey area and nobody knows, but most people think it's ok.
2^128 is 340282366920938463463374607431768211456 unique combinations. Every 2^128 input string (at random) will hash to the same value, that called a Hash collision. Finding them is what is difficult: if you have a hash value and can find a string that hashes to that value, the algorithm is broken: You have succeeded with a collision attack. The algorithms that we use for secure hashing are designed to be resistant to those kinds of attacks. You should read up on some design criteria for Secure hash algorithms and you'll know why you're wrong.
No, you're wrong. Not in stating that a hash is a fixed length, but you're totally wrong about the consequences. If you were right, a 256-bit secure hash couldn't be used to protect your new shiny 4 GB ubuntu DVD image from malicious changes, for example. The whole point of secure hashes is that it is impossible (i.e. extremely improbable, as in you would never succeed before the universe dies a heat death) to generate a new input (of arbitrary length) which hashes to the same value. If you can, the algorithm is broken and should not be used (and this happens all the time: MD5 is broken, SHA1 is deprecated and everyone should be moving to SHA2).
It does not matter if you are using a one kilobyte password input to your fixed length hash algorithm. It's still just as secure because it's designed to be.
They benefited from the system all their lives but when it's their turn to pay in, they leave.
Please, what system? Workers are mobile inside Europe.
No, they're not. Inside the European union (which I'm sure is what you meant), while you have the right to move around and work as you wish, most people don't do it and don't want to. In practice there's language barries and cultural barries all over the place.
Social security and welfare is more or less equal inside Europe as well.
Absolutely not. You can start by looking at one article in wikipedia where it is immediately apparent that countries are running their own systems, with substantial differences in rules and rates. The Nordic countries (such as Finland) are generally in the lead.
Rovio is in this case a prime example of a company which has benefited substantially from Finland's school system for skilled employees (they're one of the absolutely best in the world), Finland's stable democracy and their stable economy. When they're asked to pay back, they flee -- an extremely immoral act which I sincerely hope will bite them in the ass.
You have a lot to learn about how consumer protection laws work over here. Yes, you can't claim one thing in the largest letters in the ads if the consumer can't reasonably expect it to be true. However, the reporting is a bit overblown as they're only thinking about starting an investigation. Quoting the Swedish Consumer Agency (my own error-prone translation of a MacWorld article at http://macworld.idg.se/2.1038/1.440631/konsumentverket-granskar-apple):
"- This is probably something we have to look into, it isn't totally obvious, says Marek Andresson, jurist at the Swedish Consumer Agency to the news agency TT.
- This advertisement might satisfy the demands of the law, but it could have been clearer. It needs to be correct and not misleading. It is only two countries on another continent where the product works according to the ads. But at the same time Apple isn't withholding information, says Marek Andersson."
What do you mean by "no system prevents buying votes"? Doesn't almost all paper ballot systems require you to vote (whether that means marking something on a slip or putting a paper inside an envelope or something else) behind a protective screen and no one else is allowed to watch (thus, you cannot prove how you voted)?. How does that not prevent buying votes?
There are a few issues, the major one is anonymity. Your proposed system, using an existing public key infrastructure (the Bank-ID system) tied to personal identities cannot be made anonymous. It would also encourage vote selling since you would be able to prove what you voted for.
The current paper ballot system fixes this by doing the identity check when you hand in your paper ballot, at which point your vote is already anonymized since it's in an opaque envelope. Vote selling is made a lot harder by ensuring that the only person present when you put your slip in the envelope is you (and you are doing it behind a protective screen).
You should also know that the Bank-ID token system is not secure; I would never trust my identity to it. Major parts of the client software has been reverse engineered as part of the FriBID project, and it ain't looking pretty.
Of the top of my head, I guess the major reason is that with paper ballots there is no attack vector for manipulating the whole system at once. To rig an election, you'd have to bribe a sufficient number of vote counters which isn't easily done without anyone noticing (and the number is quite big for a national wide election, that's why it works so well). When you introduce voting machines, if you discover a hole in the e-voting system you can manipulate the whole system without anyone knowing. Then you introduce a paper trail but (surprise!) you're back to counting ballots by hand anyway. You could of course only count a small subset of all paper ballots but then you make bribing the right people easier. A basic requirement on e-voting machines would, of course, be that they are completely open sourced (both hardware and software) and looked over by the best minds we have. Since that is probably never going to happen, e-voting shouldn't happen either.
Google admits this seems to be a real attack but it seems to be a Flash exploit. Since Flash seems to be an utter piece of sh^H^H not-so-good program, they've sandboxed it somewhat to get rid of a lot of attack vectors. However, in TFA they're publicly stating that their sandbox isn't perfect and that it won't stop all attacks. Google's Flash sandbox is better than nothing but it ain't perfect.
What I really think is the issue here is this french security firm that admittedly has a new zero-day against Flash and a way of compromising the Google Flash sandbox and they refuse to let Google or Adobe fix it. Instead, they've decided to profit from it selling the info to who knows what kind of organizations. That's immoral and should be downright illegal. Why isn't that the headline?
A) Same goes for any type of mine: coal, uranium or otherwise.
B) False (i.e., the opposite of true). Read the IAEA reports. No such correlation exists. There is however an increase in typhoid cancer risk, something which is accounted for.
C) You need to equate nuclear power with something else with base load capabilities. The alternatives are fossil fuel, hydropower and geothermal energy. Hydropower can only be built in countries with large rivers (and prepared to seriously mess up the landscape) and geothermal can only be built in countries that are geologically suitable. That leaves fossil fuels for all others, i.e. most of the world.
Then you can perhaps hang out with friends who are studying/have a PhD in another subject or have cross-disciplinary research teams? Today, you really need in-depth knowledge to be able to advance your field (which is actually the point of a PhD) because we've advanced a lot since the 1800s. I don't see any point in establishing a broad know-something-about-everything type of degree, it won't keep us going forward as a civilization.
Not having to deal with foot-inches is easier, too. (Although everybody seems to disagree about whether to use m, cm, or mm.
That's because they're the same unit just different prefixes; the metric has only got one length unit and that is the meter. I guess this might be a bit harder to get used to if you're used to imperial measurements but there's nothing wrong in mixing prefixes all over the place as long as you're typing them out properly. Scientists sometimes use scientific notation to be clear on scale though, but that would be a bit of a hassle for a building project :)
But if you are a member you can get some things for "free". Like using their churches and other buildings for weddings, baptisions, funerals etc. You don't need to pay the priest either.
So it might be a good deal even if you are not religious but still want to get married in a real church.
Well, if both parents aren't members of the church (and, by extension, probably do not self-identify as christians), why would they want their children baptised and their wedding performed by a priest in a church with God as a witness? I don't get that. If one parent subscribes to the Lord Jesus Christ, the church will provide those service free for the whole family.
The Swedish government collects taxes and then gives them to various religious. If I recall correctly you can opt out, but the government then just keeps the money anyway. So creating a religion which supports your views may not be such a crazy thing after all. If it lampoons the established religions which at the end of the day are no more sensible so much the better.
You are not recalling correctly. Swedish citizens automatically become members of the Swedish Church at birth. As a member of that church, one pays a specific tax that goes directly to the Swedish church, not any other religious foundation. It is perfectly possible to opt out of being a member of the Swedish Church and then one does not pay any such tax anymore.
Well, to be honest, neither are you =) Since the separation of the Swedish church and the Swedish state in 2000, children do not automatically become members of the Swedish church (unless both parents are members or something like that, IIRC).
What GP could have gotten mixed up is the compulsory leftover of the old church tax even if you opt out: the funeral fee or begravningsavgiften, which is about 0.07%. That tax pays for your funeral and makes sure there is somewhere to put your grave when your time comes (without any christian bling-bling if you are not a church member, of course).
.
For all of you shouting "encryption": Done properly, that will of course ensure that (evil) corporations and (evil) government won't be able to read your e-mails. However, that's often not what they are interested in, they're interested in who you're talking to. There's no support for encrypting the destination address in any standard.
Sorry but the spam problem has made that impossible. The reason that you can't run a mail server at home is not a shortage of IP addresses in IPv4 but that most ISPs will refuse to deliver mail from dynamic IPs since thats mostly home subscribers (running an old an unpatched version of Windows and are therefore most likely part of a botnet) and not larger companies. That problem won't change with IPv6.
They're used (I think the system is called ACARS), but the links are expensive so I think they are used sparingly (triggered when the aircraft is in an emergency and so on).
Even if the overall number of people dying would go down, when I devolve my safety to a machine like an autopilot, I want to make sure that I am just as safe as when I drive myself.
Here's where you're wrong: You are always less safe when you drive yourself, you only feel safer.That's because human beings are not rational when it comes to safety: We automatically trust ourselves more than others (although it is very often completely wrong) and people related to us more than a random stranger. You just demonstrated that point ...
They work fine if you're buying a lot of stuff or some expensive stuff. However, if you've just bought a plastic shelf as the parent poster, the minimum charges are prohibitively expensive.
It's called the Visby classcorvette. Pretty cool ship actually, although apparently the on-board systems run Windows, which should make it a pretty easy target ... :)
The tsunami happened either way. But with the Fukushima reactor, additional loss of life has resulted, and will continue to for decades to come.
I've been reading this a lot as of late and I'm getting annoyed. The radioactive isotope from Fukushima that has a half-life long enough and has sufficient concentration to be a concern is Iodine-131, which has a half-life of eight days. Not "several decades". What you're thinking of is probably Cesium-137 and Strontium-90 (which are really bad long-term), but they haven't been released in any large quantities to warrant any concern so far.
Cancer doesn't tend to kill you the moment the first neutron damages your DNA. It takes a while.
What, do you think the primary risk with nuclear power is that there will be an atom-bomb style explosion?
No, and I don't think that most people suggests that. We can calculate (an upper bound to) the cancer risk given a certain amount of absorbed radiation, so that's well known. We've been able to do this for quite some time so there's no need to spread fear about mysterious future dangers.
One could spin the same question in the other direction: So there was a reactor running in a zone known to be exposed to tsunamis, which was not even designed to widthstand a tsunami?
Yes it was, however IIRC it was only engineered to withstanda three metre tsunami and not a (what is it now?) 15 metre one which no one seemed to be able to imagine happening.
And the first tsunami to ever hit it managed to take out the cooling power and the backup cooling power too with one stroke?
I don't think it was the first tsunami to ever hit it (see above) but the first tsunami to be that much higher than the height of the tsunami barrier since the 1960s
And the third cooling system managed to keep going for how long? 1.5 hrs?
The backup batteries lasted for eight hours, precisely what they were engineered to do. However, considering that all infrastructure in a helluva radius had been washed away, bringing in backup generators proved to be a bit more problematic.
We have a flawly designed reactor at a flawly chosen place. We have been so lucky that nothing happened for 40 years.
You could be right, but we can actually figure out just how lucky (or unlucky) we've been in the last 40 years and draw our conclusions from facts when the disaster is over. The correct way of doing this is re-engineering existing and future power plants using the experience we can get from Fukushima.