> but once DNSSEC is deployed (which it looks like it will be)
I forgot to finish this sentence. Once DNSSEC is widely deployed, I suspect DJB will acknowledge that it is better than no cryptographic signing at all. And with djbdns being in the public domain now, I'm sure *someone* will write the code to implement DNSSEC, even if Bernstein doesn't do so himself.
> This Bernstein guy is pushing a new crypto algorithm.
Yeah, that bothers me too. I assume he has a reason, and he has a very good security track record so far, but every cryptographer knows that you want to be a little careful about deploying new and lightly-tested crypto algorithms, especially for something as important as this. His objections to RSA are not without merit, but I'd like to see a rationale for why an existing known algorithm with well-understood properties can't be used with perhaps a larger key size. Elliptic curves are not completely new in principle, though. I'd like to see a third-party crypto expert from outside the DNS community, e.g., Schneier, post a discussion of this issue, because as it stands I would have reservations about DNSCurve from that perspective alone (let alone the momentum issue, namely, the DNSSEC has all the momentum, and therefore is far more likely to actually get deployed).
> Industry coalitions are great, but this seems to be an attempt to create a new de facto standard controlled > by a few large corporate interests, most of which are based in the United States. Isn't this kind of > organization exactly what ICANN was created to avoid (I'm side-stepping the controversy surrounding them here)?
It helps to know the history here. Cryptographic signing has for a long time been something the DNS community has acknowledged as desirable in the long term, and DNSSEC has been in the works for a while. This coalition has been formed to work on get it deployed more quickly, because of the Kaminsky bug, because all the parties involved understand that the issue is now more urgent than anyone realized before Kaminsky.
The coincidence of timing (the DNSSEC coalition and Bernstein's DNSCurve both coming out around the same time) is almost certainly not a coincidence at all, but rather a direct result of the Kaminsky issue. The patches that were done right away (which, it may be noted, djbdns didn't need because it already did source port randomization) are universally understood to be a short-term fix, which makes Kaminsky's exploit take much longer to perform (on average) and therefore much less of a short-term threat, but everyone who understands the issue will tell you that the real solution, long-term, is cryptographic signing of DNS. These are two different approaches to that, and they both just came out because in the wake of the Kaminsky debacle it is obvious that something like this is necessary.
Based on past history, I am guessing that DJB will leave his page about DNSCurve up, explaining why it would have been better, but once DNSSEC is deployed (which it looks like it will be)
As for most of the companies involved being based in the United States, that's mainly because most of the outfits in charge of maintaining the major gTLDs are based in the US, at least partly for historical reasons (because DNS was invented here, as was the internet generally, and it's only been a few years, so a lot of internet stuff is still headquartered here sort of by default, because it got started here).
> It seems to me they're rushing headlong toward a solution to solve a problem that hasn't yet made a major impact
They're rushing now because the Kaminsky vulnerability has seriously increased everyone's estimation of the urgent necessity.
> Perhaps he should start his own separate Internet and be done with it.
Actually, when DJB speaks of maintaining a "local DNS root", he's very clearly speaking of a local clone of ICANN's root zone, updated regularly from the canonical data. He raises questions in terms of the exact details (how often, what software to use to do it, and whether it wouldn't be better to use http to retrieve a cryptographically signed and compressed root zone data file rather than doing the AXFR zone transfer thing), but in general he's clearly talking about retrieving and using the ICANN root zone data. Basically it's a special type of caching situation, rather than an alternate authority.
So fundamentally you'd be seeing the same internet everyone else sees.
Perl is also very useful in a lot of jobs that don't list "Perl" specifically in the job description. I don't know how a network administrator could survive without it, for instance. You'd constantly find yourself spending hours to do a ten-minute job.
Actually, I tried to learn functional programming techniques with Emacs lisp and again with Scheme, and I never really understood what was going on. Then someone on Perlmonks explained how lexical closures work, and it just made *sense*.
I also never understood continuations in Scheme, and then someone on a Perl mailing list explained them (in the context of Perl6, which, granted, is still not ready five years later) and, again, it actually made sense.
I'm trying to understand the "confidentiality" advantage of DNSCurve. I'm willing to cut Bernstein a little slack, based on his good security track record so far, so I want to try to understand what he's arguing for here, but I'm just not getting it. Why is it bad if the bad guys can find out what DNS records a certain domain server provides? Isn't the whole point of DNS to *publish* such information, i.e., make it widely available? Why would we want to keep it confidential? I thought we wanted to protect against forgery, not discovery. What am I missing?
This isn't really about anonymity per se. It's about libel, and whether someone can trivially get away with libel by doing it anonymously. If the comment had said, "I don't like Dunkin' Donuts because the food just isn't yummy enough for me, and also I don't like the decor", a lower court would have thrown the case out and the state supreme court would never have touched it. In this case, though, the comment made concrete claims that the plaintiff holds are untrue. That is (at least potentially) libel, and it's legally actionable.
Being anonymous is one thing. Getting away with things you otherwise couldn't just *because* you're anonymous is something else altogether.
> Because they won't work on 2.0 anymore. It will not be supported and > will no longer receive security updates. How hard is that to understand?
It's not difficult to understand.
It's also not relevant. I'm pretty sure the license terms it's released under allow us to continue using the software on our computers until *we* decide we don't want it anymore. Those of us who choose to still use it are mostly *aware* of the fact that it's not the latest version and is not officially supported any more, but for one reason or another we choose to still use it anyway. We're allowed to do that, and if the Mozilla folks don't like it they can go jump in a lake.
It is worth noting here that Firefox 3.0 is not available for the latest stable version of my operating system, and I'm certainly not going to run unstable versions of every library and application on my whole computer just to accommodate one application whose developers have their knickers in a twist. And it's not like Debian is an obscure platform, especially in the open-source community. I shall continue to run Firefox 2.0 until version 3 becomes available for the *stable* version of Debian, and if the Mozilla folks don't like it they can go soak their collective head.
My mom's in a similar situation with her OS of choice, and although Windows 98 is no longer supported by the distributor (Microsoft in that case), the upgrade would cost money *and* require newer hardware, which just isn't in the budget, so, again, she's going to run Firefox 2.0 for another couple of years probably, and if the Mozilla folks don't like it they can go play in traffic.
However, with all that said, the turning off of the anti-phishing thingydoo doesn't really bother me much, especially if it's Google that's discontinuing the service the old software uses. It's more the continual "stop using version 2.0" harping they do on every forum on the whole internet that bothers me. Go fly a kite. We know the old version isn't supported anymore, and we don't care, so give it up and leave us alone already.
Heck, it was only a couple of weeks ago that I got the last of our PACs at work upgraded *to* version 2. These systems are on a private subnet and only have access through the firewall to a very short list of websites (three, IIRC), so upgrading them was low priority, and I just now finally got the last of them upgraded from sarge and Firefox 1 to etch and Firefox 2. Incidentally, upgrading them to Firefox 3 is not an option yet, for two reasons: first, an important extension they require has not been updated for Firefox 3 yet, and second, Firefox 2 isn't available for Debian yet (unless you run unstable or testing, which would be inappropriate for these systems).
> At least the version 2 users are being given some warning, as > opposed to just being left out to dry without any heads up at all.
For a lot of us, Firefox 3 isn't really an option, because it's not available for our operating system. This is true for me on one platform (Debian stable) and for my mom on another (Windows 98, which I will eventually have to pry from her cold dead fingers I think).
Besides, Firefox 2 isn't that bad. Okay, sure, certain actions consume more CPU time than they should (e.g., opening a new tab, or turning page colors on or off). But on the whole the difference between Firefox 2 and Firefox 3 is mostly quite minor stuff, especially if you aren't absurdly excited about the location bar changes.
I think the Mozilla folks should chill out just a little and learn to *accept* the idea that some people might continue using the old version for a while.
Actually, this saying has an interesting etymology. At one point in history, telegrams didn't have punctuation, so if you wanted to break up sentences you had to state the punctuation using the word. (This worked out pretty well for the company, since they charged you by the word.) In America of course we would have said "period", but in Merry Old England they call the period a "full stop". Usually in telegrams they just said "stop" and that was clear enough, but "full stop" is a more emphatic version of essentially the same thing.
> Ages ago, while selling > computers at > $BIGCOMPSTORE, I > had a guy come in who > was convinced that the > people at Netscape > were spying on him
Oh, they probably were. Netscape had a big domestic spying program back then, on account of the deal they had with the NSA. That's also why they had two different versions of their software, one for US customers and one for export. The one for US customers was designed to spy on you, but then they had to figure out a way to get the public to buy it, so they said it was more secure because it encrypted traffic. But that was just a marketing gimmick. In actuality, both versions had the same level of actual encryption.
> He insisted that he > needed a new > computer,
Obviously he didn't really understand how the spying program worked, because a new computer wouldn't have helped at all. As long as you're still living in the same place, the NSA still knows who you are. What you really have to do is move every month or so.
> wanted a Mac because > they don't have the > same "intrusion issues > Windows computers > have."
Not only did this loon not understand how the spying program worked, he also bought into the computer industry's nonsense hook, line, and sinker. Macs and Windows computers had pretty much the same intrusion issues because they really used almost exactly the same software for their networking stuff. They rebranded it (Trumpet something on the Windows side, I forget what the Mac port was called), but it was basically just the BSD networking stack, only without the security features because they had to cut down on that stuff to improve the performance so it could run on 16-bit operating systems. (This was in the days of Mac System 7 and Windows 3.1.)
> He buys one... Has us > remove the modem > and network port.
Yeah, see, that wouldn't help at all. Might as well wear a tinfoil hat for all the good it will do.
> Three days later, he's > back in and "this > computer is infected > too!"
Technically, "infected" is the wrong terminology, but the real issue he was running into is that the computer wasn't really the problem at all. He was probably still living in the same house!
> He was insistent that > the fiends at Netscape > had used a satellite to > beam in programs to > spy on him via IrDA.
Now, that's just silly. Netscape didn't even have an IrDA-equipped satellite.
> We politely took the > computer back, then > refused to sell him > another, as this was > the 5th one in a month
So, switching computers didn't work, but all he could think to do is try it again? Dumb.
> the manager > suggested he seek > medical attention.
That wouldn't have helped either. Most of the doctors in this country were under NSA control. Still are, actually, that's why they order so many tests.
I suppose "terminally lazy" could mean too lazy to eat. I've know of someone to be too _tired_ to eat, and that's kind of scary. Fortunately in that case it was temporary. (She'd been sick...)
Theoretically, if certain actions weren't involuntary (breathing, voiding the bladder when that becomes urgently necessary) it might be possible to die if you were too lazy to do them.
Actually, over the long term, just being too lazy to move around or get out of bed could lead, at least in theory, to terminal bedsores.
The whole Unix philosophy is that you *don't* use the same one tool for everything. You use the right tool for the right job. If you're doing text processing, you almost certainly want Perl; if you're doing extensive GUI work, you might make a different choice. In some cases you might glue two or three languages together in the same project. Evergreen is written in C and Perl. Large parts of the Firefox GUI are done in XUL and Javascript, but the base application is written in C or C++. Emacs is written mostly in Emacs lisp, but the core is done in C.
Doing everything with the same one tool whether it makes any sense or not is the Microsoft approach. If you're going to do Linux development, you'll do better to unlearn that.
> i keep looking at the introduction of new tld's as a license to print money (almost).
That only works if people buy the things. My suggestion is, don't. Let them take someone *else's* money. It's obvious that your customers won't know or care whether you have a.tel domain or not, so if you don't buy your.tel and a competitor or squatter snaps it up, how does that hurt you? They just wasted their money. Let them have it.
Frankly I'm starting to wonder about our.net domain (at work). The.org makes sense for us and is the primary one we use and advertise to the public, and of course you've got to have.com no matter what you are because people *will* look for you under that even if it doesn't make any sense. We'll keep the.lib.oh.us one because other libraries might look for us under that, and in any event I don't think it even costs us anything. (I think WINSLO or OPLIN or somebody like that just views that as something they do for all Ohio public libraries.) But I'm starting to wonder, if we let.net go and the squatters snap it up, would anyone even notice or care?
We sure as death and taxes don't need domains in.info,.biz,.tel,.name,.pro,.rec,.shop,.web,.pub,.store,.rec,.assoc,.books,.ohio,.club,.public,.private,.america,.free,.hobby,.cool,.hot, and.awesome.
They're obviously human because both parents were human. How could they be anything else?
Infertile or barren *individuals* are something that happens occasionally in many different kinds of creatures, but an infertile human is still human, an infertile dog is still a dog, and so on. On a different occasion the same two parents may produce fertile offspring, thus proving that there's no species barrier involved. The infertility does not arise because of mixed ancestry, but for other reasons.
However, if you have two completely different *kinds* of creatures, then interbreeding between them will *consistently* not produce fertile offspring. We're no longer talking just about individuals here, but the whole line. You breed a donkey and a horse, you're always going to get an infertile mule. You will not, on a different occasion, get a different outcome. You can pick a different donkey and a different horse, but you're still going to get a mule -- or possibly a hinny, if you consider that different from a mule; either way, it's always always always going to be infertile, always. It's not just the individual that's infertile; the whole pairing (donkey with horse) is not viable past one generation, period.
A kid with trisomy 21 is 100% human. All of the genetic material is human.
In summary, it's not the same at all.
Now, it should be noted that this is *not* how Darwin defined "species", nor do modern evolutionists define species this way. *Creationists* use this definition, for what it means for animals to be a different kind, versus the same kind (they usually don't use the word "species"). Evolutionists consider two groups to be different species if they do not ordinarily interbreed under natural conditions, or something like that. But Tolkein was a creationist.
Oh, one other thing: this isn't really an important point, but trisomy 21 does not always make a person *completely* infertile. Fertility is greatly reduced, but the *potential* to have children is there. It's just not particularly likely.
> to be pedantic.... elves, hobbits and orcs are different species.
I'm pretty sure elves[1], orcs[2], and hobbits[3] are all capable of interbreeding with humans and producing fertile offspring. There are sociological reasons why it's not commonly done, but that just makes them different, umm, what was that word? Oh, yeah, different "races".
[1] The line of the kings of Numenor, for instance, contains elvish blood and even a small fraction of Ainur. [2] The movie handles it differently, but my take from the books is that this is how the Uruk-hai were created. [3] I don't know of any examples of this in the third age, but if you go back farther the Stoors were clearly
related to men, and then they interbred with the other hobbits.
> I recall reading an article a few years ago about how Yahoo gets approximately half of it's total bandwidth for free
Yahoo pays for bandwith?
*Why*?
Who's going to disconnect from them if they quit paying? Anybody who tried it would spend more money answering irate phone calls from customers than the bandwidth is worth.
> Is it unfair?
Why is it unfair? Yahoo provides content that the ISP's customers *want*. Those customers will willingly pay for the bandwidth it takes to bring them Yahoo content, plus the advertising that goes with it. Only the largest and most popular content providers are in this kind of position, but off the top of my head I can only think of *one* internet content provider more popular than Yahoo (namely, Google).
> A healthy economy is one where everything can be handled within the country.
Realistically, manufacturing labor is not *worth* the kind of money Americans expect to make. The only way to fix this and keep a significant manufacturing sector in this country is to turn back the economy (and the standard of living) to mid-twentieth-century levels -- at least for manufacturing workers.
Fewer kitchen appliances. No dishwasher, no food processor, no electric can opener, no bread maker, no microwave oven. One car per household, and it doesn't have a billion fancy extras (power everything, dual climate, GPS,...). One phone line (or cell phone) per _household_, not per person. No cable television, just 2-3 broadcast channels, and renting a movie costs enough you can't do it every weekend. No expensive prepared foods: you buy ingredients and you cook. And so on and so forth. That's the standard of living a manufacturing job will support. Of course, the labor unions will not allow the manufacturers to pay workers that kind of wage. Indeed, our social *welfare* programs give people who don't work at all a higher standard of living than that at taxpayer expense. (Whether that level of welfare for non-workers is a good thing or a bad thing is... arguable. But for better or for worse that is the way things are now.)
We don't have a lot of small family-owned farms anymore for the same reason. A small family-owned farm does not produce enough value to support the standard of living an American family expects these days. So almost all of our agriculture now consists of large agribusinesses. Fewer workers per unit of production means more income per worker and a higher standard of living.
> So, it all ties back in. China having so much manufacturing is growing in financial power, and the > USA lacking manufacturing is losing that financial power since this country does not have the exports.
Now you're just confused. China has thriving factories, yes, but it's not because they have some special economic power. On the contrary, it is precisely because they have the *lower* economic standing and thus the cheap labor. Specialization and trade are good for both sides: China benefits from the industrialization that the manufacturing sector brings, yes, but the US also benefits from the relationship. Where do you think we get the money to buy so much imported *stuff* from China? We have exports too, but our exports (on average) carry a higher value per unit of our labor that went into them.
> If China decided to cut exports to the USA, this country would be in deep trouble.
There are other sources of manufactured goods besides just China. If all or most of the nations with an industrial economy decided to get together and not sell stuff to us, we'd be in some hot water. Similarly, Wal-Mart would be in trouble if all their suppliers got together and said, "Let's not sell to Wal-Mart any more." But the suppliers (collectively) have no reason to behave that way, and plenty of reason *not* to do so. And if *one* supplier (even a *big* supplier) decides not to sell to Wal-Mart, it hurts the supplier more than it hurts Wal-Mart. Similarly, China has more to lose by not selling to us than we have to lose by not buying from them.
I'm not saying we don't have some economic problems. We certainly do. Not least, the national debt and federal budget deficite are dangerously out of control again. There are other issues as well.
But going back to an industrial economy is not desirable.
> the underlying businesses are still healthy - with the exception of the... financial industry, of course.
There are other exceptions as well. For instance, there was news just recently about the trouble the automobile industry is in.
Of course, that's manufacturing, and on the whole the manufacturing sector is not doing so hot these days, for reasons that ought to be obvious. (Okay, I'll state the obvious: our economy has developed to the point where the standard of living most of us have come to expect requires a higher income level than manufacturing jobs are worth. If we want the manufacturing sector to really recover, long-term, we'd need to reduce the standard of living to the point where labor costs are within a few percentage points of developing countries. We could keep factories working here if we paid the workers a lot less than they think they have to have, but the labor unions won't allow that.)
But nonetheless, that's another industry that is in trouble, besides the financial industry.
The WPA didn't get us out of the depression. It was intended to do so, but it didn't actually work.
It was World War II that actually got us out of the depression. On the balance if I had to choose between a world war and a depression, all else being equal I'd probably rather have the depression. Nonetheless, for all the general badness of the war, at least it did have a positive effect on something.
> the amount of hacks and viruses and malware on an os/ browser > has absolutely nothing to do with anything other than marketshare
This isn't strictly true. Marketshare is very *relevant*, of course, but it's not the only factor.
There were *way* more viruses for the classic MacOS than there are for OS X, even though the market share of the new version is, if anything, higher. Perhaps the best counterexample is in web server software, where Apache has always had the lion's share of the market while IIS has always had the lion's share of the exploits.
But yes, marketshare *is* relevant, and the most popular software in any given category definitely tends to have the worst security track record, all else being equal. Good examples here include Sendmail, BIND, MS Windows, and IE. As noted above, there are counterexamples, but they are the exceptions, not the rule.
> Bank security should (IMO) be also based on "something you have", like an ATM card.
Over the internet, it's difficult or perhaps impossible to tell the difference between something the user has (e.g., the ATM card, or USB key, or whatever) and something the user knows (e.g., the numbers on the card, or the algorithm and private key the USB key uses to generate fresh numbers each time, or whatever).
> The hardware device would be implemented in such a way to make it impossible > to copy the functionality of it without physical access to it.
I don't think that's technically possible, and even if it were, people lose small objects all the time, and they can also be easily stolen.
> The AARP does it's best to keep states from requiring > vision tests for driver's license renewal after a > certain age.
I actually agree with that. If the vision test is only required after a certain age, it's discrimination based on age.
Now, if you require the vision test for driver's license renewal EVERY TIME, for every driver, then age has nothing to do with it. The AARP would have no business complaining in that case. You might occasionally have to deny a license to a younger person who can't see well, but I fail to see a downside there.
I also think the vision tests they give you for getting a driver's license in the first place are nowhere near strict enough. The smallest line at the bottom is enormous bold-face type that you don't have to actually be able to see clearly to read, but do they even ask you to read that line? No, they ask you to read the next line up, which is even more enormous. I think you ought to have to be able to read the bottom line on a normal eye-exam chart at the normal distance, with zero errors, on the first try (and, obviously, they should have a number of different charts so you can't just memorize the answer ahead of time). The roads are dangerous enough.
I also think driving while intoxicated, while operating an additional device (such as a cell phone, GPS, razor, make-up applicator,...), while reading a book, or having had less than eight hours of sleep in the last twenty-four should carry a minimum penalty of six months' license revocation on the first offense, two years on the second offense, and permanent on the third.
And I don't want to hear nonsense about "how can I get to work I must drive". You can get a job closer to home, a home closer to the job, use public transportation, pitch in for gas and ride with somebody else, get a bicycle, or any number of other options that don't endanger everybody on the road if you're too irresponsible to handle driving in a safe and sane manner.
Slashdot Mirror
> but once DNSSEC is deployed (which it looks like it will be)
I forgot to finish this sentence. Once DNSSEC is widely deployed, I suspect DJB will acknowledge that it is better than no cryptographic signing at all. And with djbdns being in the public domain now, I'm sure *someone* will write the code to implement DNSSEC, even if Bernstein doesn't do so himself.
> This Bernstein guy is pushing a new crypto algorithm.
Yeah, that bothers me too. I assume he has a reason, and he has a very good security track record so far, but every cryptographer knows that you want to be a little careful about deploying new and lightly-tested crypto algorithms, especially for something as important as this. His objections to RSA are not without merit, but I'd like to see a rationale for why an existing known algorithm with well-understood properties can't be used with perhaps a larger key size. Elliptic curves are not completely new in principle, though. I'd like to see a third-party crypto expert from outside the DNS community, e.g., Schneier, post a discussion of this issue, because as it stands I would have reservations about DNSCurve from that perspective alone (let alone the momentum issue, namely, the DNSSEC has all the momentum, and therefore is far more likely to actually get deployed).
> Industry coalitions are great, but this seems to be an attempt to create a new de facto standard controlled
> by a few large corporate interests, most of which are based in the United States. Isn't this kind of
> organization exactly what ICANN was created to avoid (I'm side-stepping the controversy surrounding them here)?
It helps to know the history here. Cryptographic signing has for a long time been something the DNS community has acknowledged as desirable in the long term, and DNSSEC has been in the works for a while. This coalition has been formed to work on get it deployed more quickly, because of the Kaminsky bug, because all the parties involved understand that the issue is now more urgent than anyone realized before Kaminsky.
The coincidence of timing (the DNSSEC coalition and Bernstein's DNSCurve both coming out around the same time) is almost certainly not a coincidence at all, but rather a direct result of the Kaminsky issue. The patches that were done right away (which, it may be noted, djbdns didn't need because it already did source port randomization) are universally understood to be a short-term fix, which makes Kaminsky's exploit take much longer to perform (on average) and therefore much less of a short-term threat, but everyone who understands the issue will tell you that the real solution, long-term, is cryptographic signing of DNS. These are two different approaches to that, and they both just came out because in the wake of the Kaminsky debacle it is obvious that something like this is necessary.
Based on past history, I am guessing that DJB will leave his page about DNSCurve up, explaining why it would have been better, but once DNSSEC is deployed (which it looks like it will be)
As for most of the companies involved being based in the United States, that's mainly because most of the outfits in charge of maintaining the major gTLDs are based in the US, at least partly for historical reasons (because DNS was invented here, as was the internet generally, and it's only been a few years, so a lot of internet stuff is still headquartered here sort of by default, because it got started here).
> It seems to me they're rushing headlong toward a solution to solve a problem that hasn't yet made a major impact
They're rushing now because the Kaminsky vulnerability has seriously increased everyone's estimation of the urgent necessity.
> Perhaps he should start his own separate Internet and be done with it.
Actually, when DJB speaks of maintaining a "local DNS root", he's very clearly speaking of a local clone of ICANN's root zone, updated regularly from the canonical data. He raises questions in terms of the exact details (how often, what software to use to do it, and whether it wouldn't be better to use http to retrieve a cryptographically signed and compressed root zone data file rather than doing the AXFR zone transfer thing), but in general he's clearly talking about retrieving and using the ICANN root zone data. Basically it's a special type of caching situation, rather than an alternate authority.
So fundamentally you'd be seeing the same internet everyone else sees.
Perl is also very useful in a lot of jobs that don't list "Perl" specifically in the job description. I don't know how a network administrator could survive without it, for instance. You'd constantly find yourself spending hours to do a ten-minute job.
Actually, I tried to learn functional programming techniques with Emacs lisp and again with Scheme, and I never really understood what was going on. Then someone on Perlmonks explained how lexical closures work, and it just made *sense*.
I also never understood continuations in Scheme, and then someone on a Perl mailing list explained them (in the context of Perl6, which, granted, is still not ready five years later) and, again, it actually made sense.
I'm trying to understand the "confidentiality" advantage of DNSCurve. I'm willing to cut Bernstein a little slack, based on his good security track record so far, so I want to try to understand what he's arguing for here, but I'm just not getting it. Why is it bad if the bad guys can find out what DNS records a certain domain server provides? Isn't the whole point of DNS to *publish* such information, i.e., make it widely available? Why would we want to keep it confidential? I thought we wanted to protect against forgery, not discovery. What am I missing?
This isn't really about anonymity per se. It's about libel, and whether someone can trivially get away with libel by doing it anonymously. If the comment had said, "I don't like Dunkin' Donuts because the food just isn't yummy enough for me, and also I don't like the decor", a lower court would have thrown the case out and the state supreme court would never have touched it. In this case, though, the comment made concrete claims that the plaintiff holds are untrue. That is (at least potentially) libel, and it's legally actionable.
Being anonymous is one thing. Getting away with things you otherwise couldn't just *because* you're anonymous is something else altogether.
> Because they won't work on 2.0 anymore. It will not be supported and
> will no longer receive security updates. How hard is that to understand?
It's not difficult to understand.
It's also not relevant. I'm pretty sure the license terms it's released under allow us to continue using the software on our computers until *we* decide we don't want it anymore. Those of us who choose to still use it are mostly *aware* of the fact that it's not the latest version and is not officially supported any more, but for one reason or another we choose to still use it anyway. We're allowed to do that, and if the Mozilla folks don't like it they can go jump in a lake.
It is worth noting here that Firefox 3.0 is not available for the latest stable version of my operating system, and I'm certainly not going to run unstable versions of every library and application on my whole computer just to accommodate one application whose developers have their knickers in a twist. And it's not like Debian is an obscure platform, especially in the open-source community. I shall continue to run Firefox 2.0 until version 3 becomes available for the *stable* version of Debian, and if the Mozilla folks don't like it they can go soak their collective head.
My mom's in a similar situation with her OS of choice, and although Windows 98 is no longer supported by the distributor (Microsoft in that case), the upgrade would cost money *and* require newer hardware, which just isn't in the budget, so, again, she's going to run Firefox 2.0 for another couple of years probably, and if the Mozilla folks don't like it they can go play in traffic.
However, with all that said, the turning off of the anti-phishing thingydoo doesn't really bother me much, especially if it's Google that's discontinuing the service the old software uses. It's more the continual "stop using version 2.0" harping they do on every forum on the whole internet that bothers me. Go fly a kite. We know the old version isn't supported anymore, and we don't care, so give it up and leave us alone already.
Heck, it was only a couple of weeks ago that I got the last of our PACs at work upgraded *to* version 2. These systems are on a private subnet and only have access through the firewall to a very short list of websites (three, IIRC), so upgrading them was low priority, and I just now finally got the last of them upgraded from sarge and Firefox 1 to etch and Firefox 2. Incidentally, upgrading them to Firefox 3 is not an option yet, for two reasons: first, an important extension they require has not been updated for Firefox 3 yet, and second, Firefox 2 isn't available for Debian yet (unless you run unstable or testing, which would be inappropriate for these systems).
> At least the version 2 users are being given some warning, as
> opposed to just being left out to dry without any heads up at all.
For a lot of us, Firefox 3 isn't really an option, because it's not available for our operating system. This is true for me on one platform (Debian stable) and for my mom on another (Windows 98, which I will eventually have to pry from her cold dead fingers I think).
Besides, Firefox 2 isn't that bad. Okay, sure, certain actions consume more CPU time than they should (e.g., opening a new tab, or turning page colors on or off). But on the whole the difference between Firefox 2 and Firefox 3 is mostly quite minor stuff, especially if you aren't absurdly excited about the location bar changes.
I think the Mozilla folks should chill out just a little and learn to *accept* the idea that some people might continue using the old version for a while.
Actually, this saying has an interesting etymology. At one point in history, telegrams didn't have punctuation, so if you wanted to break up sentences you had to state the punctuation using the word. (This worked out pretty well for the company, since they charged you by the word.) In America of course we would have said "period", but in Merry Old England they call the period a "full stop". Usually in telegrams they just said "stop" and that was clear enough, but "full stop" is a more emphatic version of essentially the same thing.
> Ages ago, while selling
> computers at
> $BIGCOMPSTORE, I
> had a guy come in who
> was convinced that the
> people at Netscape
> were spying on him
Oh, they probably were. Netscape had a big domestic spying program back then, on account of the deal they had with the NSA. That's also why they had two different versions of their software, one for US customers and one for export. The one for US customers was designed to spy on you, but then they had to figure out a way to get the public to buy it, so they said it was more secure because it encrypted traffic. But that was just a marketing gimmick. In actuality, both versions had the same level of actual encryption.
> He insisted that he
> needed a new
> computer,
Obviously he didn't really understand how the spying program worked, because a new computer wouldn't have helped at all. As long as you're still living in the same place, the NSA still knows who you are. What you really have to do is move every month or so.
> wanted a Mac because
> they don't have the
> same "intrusion issues
> Windows computers
> have."
Not only did this loon not understand how the spying program worked, he also bought into the computer industry's nonsense hook, line, and sinker. Macs and Windows computers had pretty much the same intrusion issues because they really used almost exactly the same software for their networking stuff. They rebranded it (Trumpet something on the Windows side, I forget what the Mac port was called), but it was basically just the BSD networking stack, only without the security features because they had to cut down on that stuff to improve the performance so it could run on 16-bit operating systems. (This was in the days of Mac System 7 and Windows 3.1.)
> He buys one... Has us
> remove the modem
> and network port.
Yeah, see, that wouldn't help at all. Might as well wear a tinfoil hat for all the good it will do.
> Three days later, he's
> back in and "this
> computer is infected
> too!"
Technically, "infected" is the wrong terminology, but the real issue he was running into is that the computer wasn't really the problem at all. He was probably still living in the same house!
> He was insistent that
> the fiends at Netscape
> had used a satellite to
> beam in programs to
> spy on him via IrDA.
Now, that's just silly. Netscape didn't even have an IrDA-equipped satellite.
> We politely took the
> computer back, then
> refused to sell him
> another, as this was
> the 5th one in a month
So, switching computers didn't work, but all he could think to do is try it again? Dumb.
> the manager
> suggested he seek
> medical attention.
That wouldn't have helped either. Most of the doctors in this country were under NSA control. Still are, actually, that's why they order so many tests.
HTH.HAND. (And yes, I'm being facetious.)
I suppose "terminally lazy" could mean too lazy to eat. I've know of someone to be too _tired_ to eat, and that's kind of scary. Fortunately in that case it was temporary. (She'd been sick...)
Theoretically, if certain actions weren't involuntary (breathing, voiding the bladder when that becomes urgently necessary) it might be possible to die if you were too lazy to do them.
Actually, over the long term, just being too lazy to move around or get out of bed could lead, at least in theory, to terminal bedsores.
The whole Unix philosophy is that you *don't* use the same one tool for everything. You use the right tool for the right job. If you're doing text processing, you almost certainly want Perl; if you're doing extensive GUI work, you might make a different choice. In some cases you might glue two or three languages together in the same project. Evergreen is written in C and Perl. Large parts of the Firefox GUI are done in XUL and Javascript, but the base application is written in C or C++. Emacs is written mostly in Emacs lisp, but the core is done in C.
Doing everything with the same one tool whether it makes any sense or not is the Microsoft approach. If you're going to do Linux development, you'll do better to unlearn that.
> i keep looking at the introduction of new tld's as a license to print money (almost).
.tel domain or not, so if you don't buy your .tel and a competitor or squatter snaps it up, how does that hurt you? They just wasted their money. Let them have it.
.net domain (at work). The .org makes sense for us and is the primary one we use and advertise to the public, and of course you've got to have .com no matter what you are because people *will* look for you under that even if it doesn't make any sense. We'll keep the .lib.oh.us one because other libraries might look for us under that, and in any event I don't think it even costs us anything. (I think WINSLO or OPLIN or somebody like that just views that as something they do for all Ohio public libraries.) But I'm starting to wonder, if we let .net go and the squatters snap it up, would anyone even notice or care?
.info, .biz, .tel, .name, .pro, .rec, .shop, .web, .pub, .store, .rec, .assoc, .books, .ohio, .club, .public, .private, .america, .free, .hobby, .cool, .hot, and .awesome.
That only works if people buy the things. My suggestion is, don't. Let them take someone *else's* money. It's obvious that your customers won't know or care whether you have a
Frankly I'm starting to wonder about our
We sure as death and taxes don't need domains in
> What about humans with Down's Syndrome?
They're obviously human because both parents were human. How could they be anything else?
Infertile or barren *individuals* are something that happens occasionally in many different kinds of creatures, but an infertile human is still human, an infertile dog is still a dog, and so on. On a different occasion the same two parents may produce fertile offspring, thus proving that there's no species barrier involved. The infertility does not arise because of mixed ancestry, but for other reasons.
However, if you have two completely different *kinds* of creatures, then interbreeding between them will *consistently* not produce fertile offspring. We're no longer talking just about individuals here, but the whole line. You breed a donkey and a horse, you're always going to get an infertile mule. You will not, on a different occasion, get a different outcome. You can pick a different donkey and a different horse, but you're still going to get a mule -- or possibly a hinny, if you consider that different from a mule; either way, it's always always always going to be infertile, always. It's not just the individual that's infertile; the whole pairing (donkey with horse) is not viable past one generation, period.
A kid with trisomy 21 is 100% human. All of the genetic material is human.
In summary, it's not the same at all.
Now, it should be noted that this is *not* how Darwin defined "species", nor do modern evolutionists define species this way. *Creationists* use this definition, for what it means for animals to be a different kind, versus the same kind (they usually don't use the word "species"). Evolutionists consider two groups to be different species if they do not ordinarily interbreed under natural conditions, or something like that. But Tolkein was a creationist.
Oh, one other thing: this isn't really an important point, but trisomy 21 does not always make a person *completely* infertile. Fertility is greatly reduced, but the *potential* to have children is there. It's just not particularly likely.
> to be pedantic.... elves, hobbits and orcs are different species.
I'm pretty sure elves[1], orcs[2], and hobbits[3] are all capable of interbreeding with humans and producing fertile offspring. There are sociological reasons why it's not commonly done, but that just makes them different, umm, what was that word? Oh, yeah, different "races".
[1] The line of the kings of Numenor, for instance, contains elvish blood and even a small fraction of Ainur.
[2] The movie handles it differently, but my take from the books is that this is how the Uruk-hai were created.
[3] I don't know of any examples of this in the third age, but if you go back farther the Stoors were clearly
related to men, and then they interbred with the other hobbits.
> I recall reading an article a few years ago about how Yahoo gets approximately half of it's total bandwidth for free
Yahoo pays for bandwith?
*Why*?
Who's going to disconnect from them if they quit paying? Anybody who tried it would spend more money answering irate phone calls from customers than the bandwidth is worth.
> Is it unfair?
Why is it unfair? Yahoo provides content that the ISP's customers *want*. Those customers will willingly pay for the bandwidth it takes to bring them Yahoo content, plus the advertising that goes with it. Only the largest and most popular content providers are in this kind of position, but off the top of my head I can only think of *one* internet content provider more popular than Yahoo (namely, Google).
> A healthy economy is one where everything can be handled within the country.
...). One phone line (or cell phone) per _household_, not per person. No cable television, just 2-3 broadcast channels, and renting a movie costs enough you can't do it every weekend. No expensive prepared foods: you buy ingredients and you cook. And so on and so forth. That's the standard of living a manufacturing job will support. Of course, the labor unions will not allow the manufacturers to pay workers that kind of wage. Indeed, our social *welfare* programs give people who don't work at all a higher standard of living than that at taxpayer expense. (Whether that level of welfare for non-workers is a good thing or a bad thing is... arguable. But for better or for worse that is the way things are now.)
Realistically, manufacturing labor is not *worth* the kind of money Americans expect to make. The only way to fix this and keep a significant manufacturing sector in this country is to turn back the economy (and the standard of living) to mid-twentieth-century levels -- at least for manufacturing workers.
Fewer kitchen appliances. No dishwasher, no food processor, no electric can opener, no bread maker, no microwave oven. One car per household, and it doesn't have a billion fancy extras (power everything, dual climate, GPS,
We don't have a lot of small family-owned farms anymore for the same reason. A small family-owned farm does not produce enough value to support the standard of living an American family expects these days. So almost all of our agriculture now consists of large agribusinesses. Fewer workers per unit of production means more income per worker and a higher standard of living.
> So, it all ties back in. China having so much manufacturing is growing in financial power, and the
> USA lacking manufacturing is losing that financial power since this country does not have the exports.
Now you're just confused. China has thriving factories, yes, but it's not because they have some special economic power. On the contrary, it is precisely because they have the *lower* economic standing and thus the cheap labor. Specialization and trade are good for both sides: China benefits from the industrialization that the manufacturing sector brings, yes, but the US also benefits from the relationship. Where do you think we get the money to buy so much imported *stuff* from China? We have exports too, but our exports (on average) carry a higher value per unit of our labor that went into them.
> If China decided to cut exports to the USA, this country would be in deep trouble.
There are other sources of manufactured goods besides just China. If all or most of the nations with an industrial economy decided to get together and not sell stuff to us, we'd be in some hot water. Similarly, Wal-Mart would be in trouble if all their suppliers got together and said, "Let's not sell to Wal-Mart any more." But the suppliers (collectively) have no reason to behave that way, and plenty of reason *not* to do so. And if *one* supplier (even a *big* supplier) decides not to sell to Wal-Mart, it hurts the supplier more than it hurts Wal-Mart. Similarly, China has more to lose by not selling to us than we have to lose by not buying from them.
I'm not saying we don't have some economic problems. We certainly do. Not least, the national debt and federal budget deficite are dangerously out of control again. There are other issues as well.
But going back to an industrial economy is not desirable.
> the underlying businesses are still healthy - with the exception of the ... financial industry, of course.
There are other exceptions as well. For instance, there was news just recently about the trouble the automobile industry is in.
Of course, that's manufacturing, and on the whole the manufacturing sector is not doing so hot these days, for reasons that ought to be obvious. (Okay, I'll state the obvious: our economy has developed to the point where the standard of living most of us have come to expect requires a higher income level than manufacturing jobs are worth. If we want the manufacturing sector to really recover, long-term, we'd need to reduce the standard of living to the point where labor costs are within a few percentage points of developing countries. We could keep factories working here if we paid the workers a lot less than they think they have to have, but the labor unions won't allow that.)
But nonetheless, that's another industry that is in trouble, besides the financial industry.
> It was called the WPA. Learn a little history
The WPA didn't get us out of the depression. It was intended to do so, but it didn't actually work.
It was World War II that actually got us out of the depression. On the balance if I had to choose between a world war and a depression, all else being equal I'd probably rather have the depression. Nonetheless, for all the general badness of the war, at least it did have a positive effect on something.
> the amount of hacks and viruses and malware on an os/ browser
> has absolutely nothing to do with anything other than marketshare
This isn't strictly true. Marketshare is very *relevant*, of course, but it's not the only factor.
There were *way* more viruses for the classic MacOS than there are for OS X, even though the market share of the new version is, if anything, higher. Perhaps the best counterexample is in web server software, where Apache has always had the lion's share of the market while IIS has always had the lion's share of the exploits.
But yes, marketshare *is* relevant, and the most popular software in any given category definitely tends to have the worst security track record, all else being equal. Good examples here include Sendmail, BIND, MS Windows, and IE. As noted above, there are counterexamples, but they are the exceptions, not the rule.
> Bank security should (IMO) be also based on "something you have", like an ATM card.
Over the internet, it's difficult or perhaps impossible to tell the difference between something the user has (e.g., the ATM card, or USB key, or whatever) and something the user knows (e.g., the numbers on the card, or the algorithm and private key the USB key uses to generate fresh numbers each time, or whatever).
> The hardware device would be implemented in such a way to make it impossible
> to copy the functionality of it without physical access to it.
I don't think that's technically possible, and even if it were, people lose small objects all the time, and they can also be easily stolen.
Security is hard. There are no magic bullets.
> The AARP does it's best to keep states from requiring
...), while reading a book, or having had less than eight hours of sleep in the last twenty-four should carry a minimum penalty of six months' license revocation on the first offense, two years on the second offense, and permanent on the third.
> vision tests for driver's license renewal after a
> certain age.
I actually agree with that. If the vision test is only required after a certain age, it's discrimination based on age.
Now, if you require the vision test for driver's license renewal EVERY TIME, for every driver, then age has nothing to do with it. The AARP would have no business complaining in that case. You might occasionally have to deny a license to a younger person who can't see well, but I fail to see a downside there.
I also think the vision tests they give you for getting a driver's license in the first place are nowhere near strict enough. The smallest line at the bottom is enormous bold-face type that you don't have to actually be able to see clearly to read, but do they even ask you to read that line? No, they ask you to read the next line up, which is even more enormous. I think you ought to have to be able to read the bottom line on a normal eye-exam chart at the normal distance, with zero errors, on the first try (and, obviously, they should have a number of different charts so you can't just memorize the answer ahead of time). The roads are dangerous enough.
I also think driving while intoxicated, while operating an additional device (such as a cell phone, GPS, razor, make-up applicator,
And I don't want to hear nonsense about "how can I get to work I must drive". You can get a job closer to home, a home closer to the job, use public transportation, pitch in for gas and ride with somebody else, get a bicycle, or any number of other options that don't endanger everybody on the road if you're too irresponsible to handle driving in a safe and sane manner.
> What Doctor in his right mind is going to prescribe
[the device]
I don't know about the "right mind" part, but some doctors will prescribe pretty much anything the patient wants.