And with it the separation of the powers of legislative, executive, judiciary functions. Americans should say "thanks for the good times, farewell". With a bit of goodwill, you will still see these things in history books for a few years.
Yeah, this looks like redundant now, but if the/. database hadn't been hosed that very moment I was going to post this, it would have been about third post. Bleh.
So, this is basically like your friendly open source IRC channel, for example as on freenode.net (or wherever your project of choice is located)? Talk about reinventing stuff...
I live in Athens and I don't see either giant mosqitoes, nor do I see more mosqitoes than usual. In fact I'll be happy to leave town for an island in summer, but I'm not looking forward to the increase in mosquitoes I will have to face there compared to Athens.
> You could always set up a face-to-face meeting to examine each other's > credentials, but why not just spend the five minutes to get a free > personal email certificate from Thawte?
And this would prove *what* exactly? Answer: A "free personal email certificate" from Thawte proves that you had (not even "have") access to the mail account in question for the duration of signing up. Ever noticed that your name is not on the "free" certificate, only your E-Mail?
I have a S/MIME certificate to the name of "Joe DiMaggio", Thawte has a passport number from Burundi (IIRC), a phone number in Uruguay, some other made up bits of data, and a mail address on my server. Neither could Thawte certify the existence of this Joe DiMaggio, nor that it's really him. They don't even try - and they tell you so.
If you want your "identity" to be certified with e.g. Thawte, you have to either pay them (which uses a credit card as a means of proving your identity, which is just foolish), or use their own "web of trust". Yes, they copied the system from PGP.
S/MIME really works only for corporations, where I sign on the dotted line for the job and get issued a company ID and my S/MIME mail certificate.
> It is pretty clear S/MIME is going to win the battle to be the most > common form of email security on the Internet.
If this is going to happen then S/MIME has yet some way to go first. Reality is that I see S/MIME only ever "used" by corporate minions. I put quote marks around "used", because I have yet to receive anything more than a signed mail. On the other hand there are ISPs and domain registrars who work with PGP - you can give them your public key and do business like that.
Have you noticed how many open source projects use PGP signatures to verify source downloads? Would you like to wait for them to use S/MIME to sign those tarballs?
Then there is what happens on a more personal level. Myself I'm communicating with geeks and non-geeks in my surrounding with GPG and it works fine once it's been set up. A book like the one described could be a big help here. I can't really say that the book "would help", because the review just plain sucks - it doesn't tell us if the book is any good, it just says what it attempts to do.
The main problem with S/MIME is certificate revocation though. And this is an old problem with S/MIME, it's been said again and again. There is just no good strategy to deal with revoked keys/certificates. You have revocation lists, but they do not get used (same problem as with webserver SSL certificates). Even if revocation lists in S/MIME got used, the setup is tailored for corporations.
That is the reason why PGP had and still has that little bit of success: It was designed for us "little guys", the normal people. We're no corparations, corporations don't work for us, and their software doesn't work for us.
Which world do these numbers come out of? This month on my private site so far I got 1400 incoming links vom Google and 30 from MSN (the next runner up), 27 from Yahoo. Maybe it's just that Google loves my site for some strange reason, but I can't imagine my own little sample of web hits is statistically so "off" from their numbers. Other sites I admin for have similar numbers.
The numbers of pagehits by spiders from those search companies are much more on an equal basis. Sometimes one of them is on top, sometimes the other, but they all spider like crazy.
Much more interesting are little search engines like gigabot, which never ever gave me one incoming link but still spider like it's going out of style. Somehow makes me think they must live either off warm air or spam. What reason to be do they have?
"ever tried to get friends and family to do PGP handshakes?"
Yes, I've tried... and I've been and am quite successfull with it. Using GPG to send/receive encrypted mail and check signatures with a good plugin isn't rocket science.
Agreed, setting up keys and such is hard, but with friends and familiy we geeks can help. We do that with E-Mail, Games, Wordprocessors, why not with PGP?
> I know it's the first thing that comes to mind but I'm sure They > can monitor who calls ("tunes into") that phone number regularily. > Broadcasts are anonymous and many people own shortwave radios, > VOIP can be traced to a subscriber so what gives?
That's the point of posting to craigslist. Anyone being caught listening in can claim that "I've just seen the funny ad and called to see what it's about", even better now that all those freaks called. The recipients of the message have definitely vanished in the noise.
When I first opened the page the menues on the left appeared to be all empty. Only after moving my mouse over the entries did they appear - but only in the "Sections" part.
Then I read the comments here and noticed one can click the triangle to collapse menu sections. I did that and voila! section entries appeared all. Untill I reloaded, now they sometimes are there, sometimes not.
Might be a bug in an older version of Safari, might just be someone overdid it with the CSS games. Not every clever hack deserves to be done IMHO.
Another summmer of work on BPG - "An OpenPGP Privacy Toolkit for NetBSD" would have been nice. BPG is a BSD licensed implementation of the OpenPGP standard. In this time of global surveillance this project makes a lot of sense. We do have GPG, but choice is good in security applications.
Years ago - so many years that I don't remember exactly, must have been around 2000 - I got a laptop backpack from Spire. I used it for daily commutes, travelling all across Europe, and generally carrying my laptop everywhere. It still looks like new (well, like new but *dirty*).
These bags are so tough I was afraid the company was going out of business, they can't have that much of repeat buys that way. Really recommended. They have *huge* bags too.
> "Our new engineers have an average of seven to 15 years > experience," says Patty McCord, Netflix's chief talent > officer. "Five years ago, we hired people with three to > five years of experience."
5 years ago: 3 to 5 years experience. Now: 7 to 15 years experience. The people who had 3 to 5 years experience 5 years ago have now 8 to 10 years experience.
So, in essence they hire the same people they hired five years ago. Only those people worked on in the meantime and got more years of experience under their belts.
It is not clear from the article, but if the guys with the 15 years of experience do anything with web development, their names better be "Tim Berners-Lee", cuz 2006 - 15 = 1991.
First because it's just way more cool and second cuz when I got a C64 later I had a background about what I was doing. Having keyed in opcodes and written my programs on paper had prepared me.
Looking at the guy with the TI-58 in the article, yes I was happy to have the magnetic card system of the TI-59. Even though quite often the cards would fail to read in for whatever reason.
How could there ever be a mention of the word "vaporware" without mentioning Project Xanadu . For some people that is the ultimate vaporware: How about being delayed since the 1960's?
> Oh, and I've not read this anywhere else, but there's a post here > which gives a few other details, including the mysterious > "suicide" of one of the local security officials... not that I can > tell you that it's anything real other than some radom dude posted > something here
The story of the Vodafone employee who was found dead two days after the discovery of the "spyware" has been in the TV news here (in Greece) and in some online news reports too. There was a "thorough investigation" by a high ranking state attorney, after which it was declared suicide. Vodafone denies any connection of this death to the phone tapping.
Set up a wiki, set the privileges so that only the site's owners can edit and add pages and presto... the simplest Content Management System. Works really well for small companies where you train one or two persons to be in charge of the site.
Use something like ZWiki that has a big application server behind it, so you can integrate other tools (shop, blogs, forum) and let the site grow as needed.
Yes, I remember that Canon lens, I played around with it once in a trade show (though I have not really worked with it). But it exists just to prove my point: It is very limited in what you can actually do. Both tilting and shifting have a very low range and it's just one lens (a wide angle), so limiting the use you can get out of it. It was made for architectural photography mostly (so you can get parallel building lines and maybe "fold" the plane of sharpness a bit "down"). Getting two (or more) focal points exactly right is not easy with such a tiny thing. Mechanics are limiting clearly.
Have you ever worked with a real large format camera? The difference is immense. With a good camera, the limits of tilt and shift are the limits of the lens being used. Put a big magnifying loupe on and you get the focus very accurate in multiple points across a 3d field.
This seems to be actually repeating early developments in professional digital photography. The first digital backs for cameras like the Sinar, and the Arca Suisse were miniaturized flatbed scanners like that. Obviously they were really good only for still life. But still (back in 1992 or so) when I was in photographers school and we visited someone who had one of those backs, we managed a portrait of someone sitting very still. There were little smears where his breathing caused motion.
Sadly we did not experiment with more motion. I think the "experimenting" with motion is the interesting part (as far as photography is concerned). Some of the pictures on the site are enjoyable. Hacking it all together yourself is interesting too, at least for us geeks.
As for the comments in the style of "large format photography is only about the image quality"... it isn't exactly only about that. It is also about stuff like parallax control (putting buildings "upright" with parallel lines) and depth of field control (laying the plane of the depth of field folded through the scene in order to allow image to be sharp on other areas). All this can theoretically be achieved even with smaller formats, but due to mechanics it gets harder the smaller the format (Arca Suisse's 6x9cm cameras seem to be the smallest that still work very well, at least in my experience).
Therefore the "experiments" done with this hack to in a line a bit with stuff like putting ordinary photographic paper into a large format camera or using polaroids for transfer prints. The "long exposure" part of it is also a reference to the times way back, when due to old processes like the daguerreotype, portrait subjects were held up with wire constructions. Very cool, all of this hack, congratulations.
They missed the obvious mistake in this: The "Cause of Death" with these mice is not strangulation or decapitacion, but "bored, cruel scientists with too much time on their hands". Since in both cases the cause of death has been the same, the investigation turned out useless.
> Why? I haven't looked at Lynx recently, but Lynx used to be a > very insecure browser - Lynx code had lots & lots of Buffer Overflows.
Lynx is part of the base install of OpenBSD, which gets code audited very heavily. I somehow doubt that these guys leave a browser with lots of Buffer Overflows in their default install. So now for me the only question is wheather those fixes got upstream and fixed in lynx too. Very likely they were.
Wow, IF goes Wall Street Journal! This made me remember my quest for a Z-Code interpreter for my phone (P910), and after yet another websearch I found something that seems to work:
"malinche" software lists a lot of clients, of which Frotz UIQ seems to work for me. Lots of other phone interpreters listed too (next to more "normal" plattform interpreters).
It's not exactly illegal to do this (in the same way as it is not illegal to carry a TV out of an electronics store). You just have to pay for it. Which we do, the difference is that we are not hooking up a radio (tuned to some boring station) or one single CD, like most businesses with a similar setup do.
Slashdot Mirror
And with it the separation of the powers of legislative, executive, judiciary functions. Americans should say "thanks for the good times, farewell". With a bit of goodwill, you will still see these things in history books for a few years.
Yeah, this looks like redundant now, but if the /. database hadn't been hosed that very moment I was going to post this, it would have been about third post. Bleh.
So, this is basically like your friendly open source IRC channel, for example as on freenode.net (or wherever your project of choice is located)? Talk about reinventing stuff...
Excuse me, but I call bullsxxt on this one.
I live in Athens and I don't see either giant mosqitoes, nor do I see more mosqitoes than usual. In fact I'll be happy to leave town for an island in summer, but I'm not looking forward to the increase in mosquitoes I will have to face there compared to Athens.
> You could always set up a face-to-face meeting to examine each other's
> credentials, but why not just spend the five minutes to get a free
> personal email certificate from Thawte?
And this would prove *what* exactly? Answer: A "free personal email certificate" from Thawte proves that you had (not even "have") access to the mail account in question for the duration of signing up. Ever noticed that your name is not on the "free" certificate, only your E-Mail?
I have a S/MIME certificate to the name of "Joe DiMaggio", Thawte has a passport number from Burundi (IIRC), a phone number in Uruguay, some other made up bits of data, and a mail address on my server. Neither could Thawte certify the existence of this Joe DiMaggio, nor that it's really him. They don't even try - and they tell you so.
If you want your "identity" to be certified with e.g. Thawte, you have to either pay them (which uses a credit card as a means of proving your identity, which is just foolish), or use their own "web of trust". Yes, they copied the system from PGP.
S/MIME really works only for corporations, where I sign on the dotted line for the job and get issued a company ID and my S/MIME mail certificate.
> It is pretty clear S/MIME is going to win the battle to be the most
> common form of email security on the Internet.
If this is going to happen then S/MIME has yet some way to go first. Reality is that I see S/MIME only ever "used" by corporate minions. I put quote marks around "used", because I have yet to receive anything more than a signed mail. On the other hand there are ISPs and domain registrars who work with PGP - you can give them your public key and do business like that.
Have you noticed how many open source projects use PGP signatures to verify source downloads? Would you like to wait for them to use S/MIME to sign those tarballs?
Then there is what happens on a more personal level. Myself I'm communicating with geeks and non-geeks in my surrounding with GPG and it works fine once it's been set up. A book like the one described could be a big help here. I can't really say that the book "would help", because the review just plain sucks - it doesn't tell us if the book is any good, it just says what it attempts to do.
The main problem with S/MIME is certificate revocation though. And this is an old problem with S/MIME, it's been said again and again. There is just no good strategy to deal with revoked keys/certificates. You have revocation lists, but they do not get used (same problem as with webserver SSL certificates). Even if revocation lists in S/MIME got used, the setup is tailored for corporations.
That is the reason why PGP had and still has that little bit of success: It was designed for us "little guys", the normal people. We're no corparations, corporations don't work for us, and their software doesn't work for us.
There seems to be no transcript, nothing to read.
The only option is a couple of media files to download - at least they have options that should work on a variety of platforms.
Which world do these numbers come out of? This month on my private site so far I got 1400 incoming links vom Google and 30 from MSN (the next runner up), 27 from Yahoo. Maybe it's just that Google loves my site for some strange reason, but I can't imagine my own little sample of web hits is statistically so "off" from their numbers. Other sites I admin for have similar numbers.
The numbers of pagehits by spiders from those search companies are much more on an equal basis. Sometimes one of them is on top, sometimes the other, but they all spider like crazy.
Much more interesting are little search engines like gigabot, which never ever gave me one incoming link but still spider like it's going out of style. Somehow makes me think they must live either off warm air or spam. What reason to be do they have?
Maybe it's the storage farm the NSA makes them build to store all the queries from every google user in the world...
"ever tried to get friends and family to do PGP handshakes?"
Yes, I've tried... and I've been and am quite successfull with it. Using GPG to send/receive encrypted mail and check signatures with a good plugin isn't rocket science.
Agreed, setting up keys and such is hard, but with friends and familiy we geeks can help. We do that with E-Mail, Games, Wordprocessors, why not with PGP?
My experiences with PGP with friends and family: Do You Use PGP? - Encryption is not just for techies any more.
> I know it's the first thing that comes to mind but I'm sure They
> can monitor who calls ("tunes into") that phone number regularily.
> Broadcasts are anonymous and many people own shortwave radios,
> VOIP can be traced to a subscriber so what gives?
That's the point of posting to craigslist. Anyone being caught listening in can claim that "I've just seen the funny ad and called to see what it's about", even better now that all those freaks called. The recipients of the message have definitely vanished in the noise.
Trying out Safari 1.2.4 here (Mac OS X 10.3.8).
When I first opened the page the menues on the left appeared to be all empty. Only after moving my mouse over the entries did they appear - but only in the "Sections" part.
Then I read the comments here and noticed one can click the triangle to collapse menu sections. I did that and voila! section entries appeared all. Untill I reloaded, now they sometimes are there, sometimes not.
Might be a bug in an older version of Safari, might just be someone overdid it with the CSS games. Not every clever hack deserves to be done IMHO.
Another summmer of work on BPG - "An OpenPGP Privacy Toolkit for NetBSD" would have been nice. BPG is a BSD licensed implementation of the OpenPGP standard. In this time of global surveillance this project makes a lot of sense. We do have GPG, but choice is good in security applications.
:-). BPG was in last years batch of NetBSD Summer of Code projects.
Of course I'm to lame to look up if the same project can be accepted twice
Years ago - so many years that I don't remember exactly, must have been around 2000 - I got a laptop backpack from Spire. I used it for daily commutes, travelling all across Europe, and generally carrying my laptop everywhere. It still looks like new (well, like new but *dirty*).
These bags are so tough I was afraid the company was going out of business, they can't have that much of repeat buys that way. Really recommended. They have *huge* bags too.
Quote from the Article:
> "Our new engineers have an average of seven to 15 years
> experience," says Patty McCord, Netflix's chief talent
> officer. "Five years ago, we hired people with three to
> five years of experience."
5 years ago: 3 to 5 years experience.
Now: 7 to 15 years experience.
The people who had 3 to 5 years experience 5 years ago have
now 8 to 10 years experience.
So, in essence they hire the same people they hired five
years ago. Only those people worked on in the meantime and
got more years of experience under their belts.
It is not clear from the article, but if the guys with the
15 years of experience do anything with web development,
their names better be "Tim Berners-Lee", cuz 2006 - 15 = 1991.
...so I started out before "home computers".
First because it's just way more cool and second cuz when I got a C64 later I had a background about what I was doing. Having keyed in opcodes and written my programs on paper had prepared me.
Looking at the guy with the TI-58 in the article, yes I was happy to have the magnetic card system of the TI-59. Even though quite often the cards would fail to read in for whatever reason.
How could there ever be a mention of the word "vaporware" without mentioning Project Xanadu . For some people that is the ultimate vaporware: How about being delayed since the 1960's?
> Oh, and I've not read this anywhere else, but there's a post here
> which gives a few other details, including the mysterious
> "suicide" of one of the local security officials... not that I can
> tell you that it's anything real other than some radom dude posted
> something here
The story of the Vodafone employee who was found dead two days after the discovery of the "spyware" has been in the TV news here (in Greece) and in some online news reports too. There was a "thorough investigation" by a high ranking state attorney, after which it was declared suicide. Vodafone denies any connection of this death to the phone tapping.
Set up a wiki, set the privileges so that only the site's owners can edit and add pages and presto... the simplest Content Management System. Works really well for small companies where you train one or two persons to be in charge of the site.
Use something like ZWiki that has a big application server behind it, so you can integrate other tools (shop, blogs, forum) and let the site grow as needed.
Yes, I remember that Canon lens, I played around with it once in a trade show (though I have not really worked with it). But it exists just to prove my point: It is very limited in what you can actually do. Both tilting and shifting have a very low range and it's just one lens (a wide angle), so limiting the use you can get out of it. It was made for architectural photography mostly (so you can get parallel building lines and maybe "fold" the plane of sharpness a bit "down"). Getting two (or more) focal points exactly right is not easy with such a tiny thing. Mechanics are limiting clearly.
Have you ever worked with a real large format camera? The difference is immense. With a good camera, the limits of tilt and shift are the limits of the lens being used. Put a big magnifying loupe on and you get the focus very accurate in multiple points across a 3d field.
This seems to be actually repeating early developments in professional digital photography. The first digital backs for cameras like the Sinar, and the Arca Suisse were miniaturized flatbed scanners like that. Obviously they were really good only for still life. But still (back in 1992 or so) when I was in photographers school and we visited someone who had one of those backs, we managed a portrait of someone sitting very still. There were little smears where his breathing caused motion.
Sadly we did not experiment with more motion. I think the "experimenting" with motion is the interesting part (as far as photography is concerned). Some of the pictures on the site are enjoyable. Hacking it all together yourself is interesting too, at least for us geeks.
As for the comments in the style of "large format photography is only about the image quality"... it isn't exactly only about that. It is also about stuff like parallax control (putting buildings "upright" with parallel lines) and depth of field control (laying the plane of the depth of field folded through the scene in order to allow image to be sharp on other areas). All this can theoretically be achieved even with smaller formats, but due to mechanics it gets harder the smaller the format (Arca Suisse's 6x9cm cameras seem to be the smallest that still work very well, at least in my experience).
Therefore the "experiments" done with this hack to in a line a bit with stuff like putting ordinary photographic paper into a large format camera or using polaroids for transfer prints. The "long exposure" part of it is also a reference to the times way back, when due to old processes like the daguerreotype, portrait subjects were held up with wire constructions. Very cool, all of this hack, congratulations.
They missed the obvious mistake in this: The "Cause of Death" with these mice is not strangulation or decapitacion, but "bored, cruel scientists with too much time on their hands". Since in both cases the cause of death has been the same, the investigation turned out useless.
> Why? I haven't looked at Lynx recently, but Lynx used to be a
> very insecure browser - Lynx code had lots & lots of Buffer Overflows.
Lynx is part of the base install of OpenBSD, which gets code audited very heavily. I somehow doubt that these guys leave a browser with lots of Buffer Overflows in their default install. So now for me the only question is wheather those fixes got upstream and fixed in lynx too. Very likely they were.
Wow, IF goes Wall Street Journal! This made me remember my quest for a Z-Code interpreter for my phone (P910), and after yet another websearch I found something that seems to work:
"malinche" software lists a lot of clients, of which Frotz UIQ seems to work for me. Lots of other phone interpreters listed too (next to more "normal" plattform interpreters).
It's not exactly illegal to do this (in the same way as it is not illegal to carry a TV out of an electronics store). You just have to pay for it. Which we do, the difference is that we are not hooking up a radio (tuned to some boring station) or one single CD, like most businesses with a similar setup do.