I've actually read almost the same set of Heinlein books (Stranger, Moon and Time Enough for Love), and come to almost the same conclusion. I quite enjoyed some of the concepts he raised in the books, especially Stranger and Moon, but the way he constantly presented his socio-economic and sexual ideologies as utopian ideals really irritated me. Bringing up the concept in a book and examining the pros and cons is one thing, but all of those books brought them up, generally multiple times. It felt like he was telling an allegory rather than a story, and that annoyed me.
Computer Science: Computational branch of mathematics
Software Development: Programming, software architecture, etc
Information Technology: Hardware, networking, systems admin, etc
There'd probably be some overlap, and it would probably also be advantageous for students of one major to take a few electives in another. My university distinguished between the latter two, but didn't really offer any pure Computer Science degree.
I think you have a misunderstanding of how software development works. It's not as if Microsoft Executives said "Stop working on the security, boys, and start frettin' those guitars!" They're independent teams - working on Windows sounds isn't going to pull resources off the programming teams.
No, it'd happen earlier in the process, when they decide to hire a team of expensive sound engineers and consequently cut the security team's budget. I'm not saying they did that - it's probably that the budget for sound development was proportional to its importance - but you can't claim that spending a lot of resources on one facet is going to have no impact on another facet - if they start stretching the budget and decide aesthetics are more important than security, they won't hand a security engineer a guitar and tell him to start strumming, they'll fire the security engineer and hire a guitarist.
Until you start running low on fissionable materials. The point of these sort of energies (solar, wind, hydro, geothermal, tidal, etc) isn't that they are "green", it's that they are renewable - they don't depend on an easily-depletable fuel.
You're right, but the people who sign up as hosts on sites like these are likely not a representative sample of humanity. The question is, are people with evil intent more likely to sign up to a website like this.
Anyone else find the title for this story misleading? I was expecting it to be about some new legislation that was suddenly passed, or some sort of skeleton-crack or something. What it actually should have been was "Some Guy Thinks Music Labels Screwed, DRM Dead".
Granted, the subset of Christians who are Creationists do refer to themselves as Christian, trying to claim the label for themselves
If they are a subset of Christians, then they don't need to "claim the label for themselves" - they already have it. Being a Christian does not necessarily imply that you believe in either creation or evolution - but then, the term "Christian" has become so diluted in the last century or so, that doesn't really mean much. Most Christians believe God had a hand in creation, but don't really care whether that was through setting up the initial variables, guiding evolution or direct creation of the species. It's certainly not a core tenet of the faith.
It's the difference between looking at the source code, and compiling and running it. The code for this virus is sitting there in our genome, but it doesn't get run in the normal course of events.
As a actual Wiccan I can say it definitely has a lot to do ancient witchcraft, it is just that our religion isn't afraid of change and it helps our religion evolve and change over time and not be stuck in some 5,000+ year old paradigm that is totally unpractical.
So, what you're saying is that it actually doesn't have anything to do with ancient withcraft, but claiming an ancient lineage makes it sound cool? Is using paragraph breaks offensive to Wiccans too, or is that just a personal thing?
There's a limit to the amount of carbon dioxide humanity will pump into the air - and that limit is of the amount of fossil fuel we have left to burn. Burning trees and such is fine as far as the carbon cycle goes - it came from the atmosphere, it was burned into the atmosphere, and eventually it will be drawn from the atmosphere again. The problem is all that old carbon that's been out of the system for thousands of years - that's what's causing the problem. But we're running out of that stuff anyway. Relatively soon we'll have to start investigating renewable (or at least non-fossil fuel based) energy sources, not because of their environmental impact, but because of the lack of alternatives.
Re:You're kidding me right?
on
Slashdot's Vastu
·
· Score: 2, Funny
Did you use feng shui to determine the aesthetics of your post's punctuation?
The problem is, your money isn't supporting the artists at all. It's just enriching some guys in Russia who run a server and have nothing to do with the music they distribute.
And this is different to buying it normally how? Except that the rich guys are in the US, of course.
No, Authentication is about trust. Authentication is supposed to guarantee that the person who you are talking to is who they say they are. Encryption is all about stopping any third parties from eavesdropping on your conversation.
Certificates don't even claim to stop man-in-the-middle attacks. Certificates attempt to stop "spoofing" attacks. When you click on a spammy link, and you go to www.eebay.com, they are not supposed to be able to have a certificate unless they can prove to the issuing agency that they really are eebay.com. In practice, they don't, they just take their money and grant a certificate. The absolute most a modern certificate can prove is that the recipient of the certificate can get mail through that domain.
Man-in-the-middle attacks are prevented by encryption - there's no point in standing between two people listening to their conversation if you don't understand what they're saying.
The problem with this is that I cannot defend me or my users against man-in-the-middle attacks without also buying one of their snake-oil certificates. Not for any technical reason, mind you. Not because I actually need their services. Just because the SSL protocol is engineered such that you can't have one without the other unless you want warning boxes popping up all over your site.
You can issue yourself self-signed certs using any of the fine crypto packages out there. The difference is that the browser isn't simply going to accept it on faith since you're not in its list of automatically trusted certificate authorities.
Exactly. But I don't want the browser to tell the user that it's sure I am who I say I am. I want the browser to encrypt the damn data. SSL incorporates two mechanisms, one for authentication (proving you are who you say you are) and one for encryption (making sure nobody but the two parties involced can understand the data exchanged). Authentication requires a cert signed by a trusted authority. Encryption doesn't. But because the two are bundled, I can't encrypt anything without paying an organisation to sign a cert. I don't want a cert, I don't want any of the features the cert offers me, as they are related to authentication, not encryption. But I have to pay for it anyway, unless I want a big flashing warning sign on my page.
That's ignoring the fact that none of the trusted authorities are actually trustworthy. The original idea was that you'd pay them to investigate your application and vouch for your identity. They don't do that now, they just take your money, and hand over a cert. This makes the cert absolutely useless for what it's intended for.
None of which requires an SSL cert, and so isn't germane to this conversation. This conversation isn't about requiring you to disclose your identity, this conversation is about requiring you to purchase an SSL cert. The "disclose your identity" thing was a strawman setup by the grandparent.
There is. You can still get cheap SSL certificates.
Bzzzt. Wrong answer. I shouldn't need to pay anyone to encrypt my traffic, even "cheaply". There is no technical reason why I need to.
If you accept payments through a web site without disclosing who you are, you're a criminal.
Wrong again. Two out of two, you aren't doing too good here.
Firstly, I can disclose who I am without paying for a certificate. "Disclosing" does not equal "proving", and even if it did, these certificates prove nothing anyway, because Verisign et al aren't doing their job properly. The only thing having a certificate proves is that you had enough money to pay for it. Cert companies don't check to make sure you are who you say you are. They should, but they don't.
Secondly, there are uses for encryption that aren't related to payment processing (*gasp*). I could be running a forum, and want to protect my users login details, for example.
And soon, browsers are going to put up a big red flag that will make your customers go away.
Exactly. That is why this is a racket. It's a protection racket. "Pay us money or we'll make your customers go away".
It's actually a good idea. Early in the history of SSL, getting a certificate required presenting appropriate business identification info to the certificate issuer. The problem is that some issuers (GoDaddy comes to mind) started issuing "domain only" SSL certificates; the only verification is that the domain can get email. Then, instead of revoking GoDaddy's root certificate for this, the other cert issuers copied GoDaddy's approach. Now anybody can get a meaningless certificate with a meaningless Relying Party Agreement.
So what you're saying is it's a good idea, because they're talking about extorting more money to do what they should have been doing from the get-go? I don't buy that. There should be a mechanism for encrypting web data that doesn't rely on paying a third party for a service only tangentially related to encryption, which they don't provide properly anyway. The only reason certs are being sold is that they're required to encrypt web data without a big warning box popping up. They aren't sold for their actual purpose - conclusively indentifying the holder - because they actually don't fulfil that purpose. This new cert is a racket, but then, so is the whole cert system.
Slashdot Mirror
I've actually read almost the same set of Heinlein books (Stranger, Moon and Time Enough for Love), and come to almost the same conclusion. I quite enjoyed some of the concepts he raised in the books, especially Stranger and Moon, but the way he constantly presented his socio-economic and sexual ideologies as utopian ideals really irritated me. Bringing up the concept in a book and examining the pros and cons is one thing, but all of those books brought them up, generally multiple times. It felt like he was telling an allegory rather than a story, and that annoyed me.
Like all those people who use Lynx because they are too cheap to buy a computer with a video card, are going to be good costumers
As long as you're not a theatrical supply shop, why would you care?
I'd actually suggest three courses:
Computer Science: Computational branch of mathematics
Software Development: Programming, software architecture, etc
Information Technology: Hardware, networking, systems admin, etc
There'd probably be some overlap, and it would probably also be advantageous for students of one major to take a few electives in another. My university distinguished between the latter two, but didn't really offer any pure Computer Science degree.
I think you have a misunderstanding of how software development works. It's not as if Microsoft Executives said "Stop working on the security, boys, and start frettin' those guitars!" They're independent teams - working on Windows sounds isn't going to pull resources off the programming teams.
No, it'd happen earlier in the process, when they decide to hire a team of expensive sound engineers and consequently cut the security team's budget. I'm not saying they did that - it's probably that the budget for sound development was proportional to its importance - but you can't claim that spending a lot of resources on one facet is going to have no impact on another facet - if they start stretching the budget and decide aesthetics are more important than security, they won't hand a security engineer a guitar and tell him to start strumming, they'll fire the security engineer and hire a guitarist.
Until you start running low on fissionable materials. The point of these sort of energies (solar, wind, hydro, geothermal, tidal, etc) isn't that they are "green", it's that they are renewable - they don't depend on an easily-depletable fuel.
Yes, employers should be encouraged to try to fire employees for their political affiliation.
You're right, but the people who sign up as hosts on sites like these are likely not a representative sample of humanity. The question is, are people with evil intent more likely to sign up to a website like this.
An idiot. It looks like he doesn't know the difference between an "email" and an "email address".
If you can get your fingers down a blouse, the need for peeping is moot.
Anyone else find the title for this story misleading? I was expecting it to be about some new legislation that was suddenly passed, or some sort of skeleton-crack or something. What it actually should have been was "Some Guy Thinks Music Labels Screwed, DRM Dead".
Granted, the subset of Christians who are Creationists do refer to themselves as Christian, trying to claim the label for themselves
If they are a subset of Christians, then they don't need to "claim the label for themselves" - they already have it. Being a Christian does not necessarily imply that you believe in either creation or evolution - but then, the term "Christian" has become so diluted in the last century or so, that doesn't really mean much. Most Christians believe God had a hand in creation, but don't really care whether that was through setting up the initial variables, guiding evolution or direct creation of the species. It's certainly not a core tenet of the faith.
It's the difference between looking at the source code, and compiling and running it. The code for this virus is sitting there in our genome, but it doesn't get run in the normal course of events.
or/> that should be.
or
and select "HTML"
As a actual Wiccan I can say it definitely has a lot to do ancient witchcraft, it is just that our religion isn't afraid of change and it helps our religion evolve and change over time and not be stuck in some 5,000+ year old paradigm that is totally unpractical.
So, what you're saying is that it actually doesn't have anything to do with ancient withcraft, but claiming an ancient lineage makes it sound cool? Is using paragraph breaks offensive to Wiccans too, or is that just a personal thing?
There's a limit to the amount of carbon dioxide humanity will pump into the air - and that limit is of the amount of fossil fuel we have left to burn. Burning trees and such is fine as far as the carbon cycle goes - it came from the atmosphere, it was burned into the atmosphere, and eventually it will be drawn from the atmosphere again. The problem is all that old carbon that's been out of the system for thousands of years - that's what's causing the problem. But we're running out of that stuff anyway. Relatively soon we'll have to start investigating renewable (or at least non-fossil fuel based) energy sources, not because of their environmental impact, but because of the lack of alternatives.
Did you use feng shui to determine the aesthetics of your post's punctuation?
The problem is, your money isn't supporting the artists at all. It's just enriching some guys in Russia who run a server and have nothing to do with the music they distribute.
And this is different to buying it normally how? Except that the rich guys are in the US, of course.
No, the copyright holder has to want to press charges. Who do you think owns those songs? I'll give you a hint, it's not the artist.
There is if both people unwittingly negotiate session keys with you rather than each other. Avoiding that is the very essence of authentication.
Exactly. Of authentication, not encryption.
No, Authentication is about trust. Authentication is supposed to guarantee that the person who you are talking to is who they say they are. Encryption is all about stopping any third parties from eavesdropping on your conversation.
Certificates don't even claim to stop man-in-the-middle attacks. Certificates attempt to stop "spoofing" attacks. When you click on a spammy link, and you go to www.eebay.com, they are not supposed to be able to have a certificate unless they can prove to the issuing agency that they really are eebay.com. In practice, they don't, they just take their money and grant a certificate. The absolute most a modern certificate can prove is that the recipient of the certificate can get mail through that domain.
Man-in-the-middle attacks are prevented by encryption - there's no point in standing between two people listening to their conversation if you don't understand what they're saying.
The problem with this is that I cannot defend me or my users against man-in-the-middle attacks without also buying one of their snake-oil certificates. Not for any technical reason, mind you. Not because I actually need their services. Just because the SSL protocol is engineered such that you can't have one without the other unless you want warning boxes popping up all over your site.
You can issue yourself self-signed certs using any of the fine crypto packages out there. The difference is that the browser isn't simply going to accept it on faith since you're not in its list of automatically trusted certificate authorities.
Exactly. But I don't want the browser to tell the user that it's sure I am who I say I am. I want the browser to encrypt the damn data. SSL incorporates two mechanisms, one for authentication (proving you are who you say you are) and one for encryption (making sure nobody but the two parties involced can understand the data exchanged). Authentication requires a cert signed by a trusted authority. Encryption doesn't. But because the two are bundled, I can't encrypt anything without paying an organisation to sign a cert. I don't want a cert, I don't want any of the features the cert offers me, as they are related to authentication, not encryption. But I have to pay for it anyway, unless I want a big flashing warning sign on my page.
That's ignoring the fact that none of the trusted authorities are actually trustworthy. The original idea was that you'd pay them to investigate your application and vouch for your identity. They don't do that now, they just take your money, and hand over a cert. This makes the cert absolutely useless for what it's intended for.
None of which requires an SSL cert, and so isn't germane to this conversation. This conversation isn't about requiring you to disclose your identity, this conversation is about requiring you to purchase an SSL cert. The "disclose your identity" thing was a strawman setup by the grandparent.
There is. You can still get cheap SSL certificates.
Bzzzt. Wrong answer. I shouldn't need to pay anyone to encrypt my traffic, even "cheaply". There is no technical reason why I need to.
If you accept payments through a web site without disclosing who you are, you're a criminal.
Wrong again. Two out of two, you aren't doing too good here.
Firstly, I can disclose who I am without paying for a certificate. "Disclosing" does not equal "proving", and even if it did, these certificates prove nothing anyway, because Verisign et al aren't doing their job properly. The only thing having a certificate proves is that you had enough money to pay for it. Cert companies don't check to make sure you are who you say you are. They should, but they don't.
Secondly, there are uses for encryption that aren't related to payment processing (*gasp*). I could be running a forum, and want to protect my users login details, for example.
And soon, browsers are going to put up a big red flag that will make your customers go away.
Exactly. That is why this is a racket. It's a protection racket. "Pay us money or we'll make your customers go away".
It's actually a good idea. Early in the history of SSL, getting a certificate required presenting appropriate business identification info to the certificate issuer. The problem is that some issuers (GoDaddy comes to mind) started issuing "domain only" SSL certificates; the only verification is that the domain can get email. Then, instead of revoking GoDaddy's root certificate for this, the other cert issuers copied GoDaddy's approach. Now anybody can get a meaningless certificate with a meaningless Relying Party Agreement.
So what you're saying is it's a good idea, because they're talking about extorting more money to do what they should have been doing from the get-go? I don't buy that. There should be a mechanism for encrypting web data that doesn't rely on paying a third party for a service only tangentially related to encryption, which they don't provide properly anyway. The only reason certs are being sold is that they're required to encrypt web data without a big warning box popping up. They aren't sold for their actual purpose - conclusively indentifying the holder - because they actually don't fulfil that purpose. This new cert is a racket, but then, so is the whole cert system.