Since I commented in this article, the system won't let me use any of my mod points to bump you up...which is too bad, because you deserve a +5 for your post more than I do:-)
BTW, thanks for the hack in question, I got years more use out of my TI learning ASM.
Actually, it's not the first time. When Texas Instruments released the TI-92, it only came programmable with a crappy version of BASIC. Then, some hackers figured out that if you used an overly large firmware image with their system restore tool, you could insert instructions into the calculator that let you execute arbitrary code on it. Someone built a hook that let you upload your own assembler instructions, and TI-92 homebrew took off.
The hack was so popular that Texas Instruments ended up releasing an assembler application so that people didn't have to hack their calculators to run their own custom code.
With the exception of my machine at work, I do not use it on any machine I did not configure myself. All the machines however, are used exclusively by me.
As for keyloggers, the apps both dump the password into the clipboard, bypassing the keyboard. The master password I actually made a string with letters, numbers, capital and lowercase, that happens to be a common string typed on any particular machine I use. It's not a perfect solution, but I'm willing to take acceptable risks to get around the fact that I need over 40 passwords for my job/personal life.
The most unobvious but important risk mitigation suggestion I can recommend is keep your work password database separate from your personal password database. There's no good reason to keep them together, and very good reasons to keep them separate.
There would have to be some method of proving that you really did share a piece of a file with another user. There's no way I can think of doing that without trusting the client (or, ironically, trusted computing.) There would be little incentive for a client to report correct information in the case where there is not negative or positive repercussions for failing to do so. I could see your model working for single-download paid content. Everyone would have a unique ID. Upon finishing download, the client would report what other clients it got each piece from. This information would be cross-referenced with your send information. If there is a match, you get credit. The incentive to not lie is, everyone is paying for content, so if you lie, you are undermining the system, which puts you at risk as well. Subject the user to the Prisoner's Dilemma, and anyone smart enough to try to undermine the system is going to be smart enough to see that it impacts them negatively to do so.
Re:IT requiring password changes
on
Too Many Passwords
·
· Score: 2, Interesting
Where I work (which shall remain nameless) people get around this password restriction by making their password "SOME STRING"1, then when they have to change it in a few weeks, "SOME STRING"2, and so on. I can't believe this is any sort of superior "security", badgering people into choosing terribly predictable passwords.
I use Password Safe on a USB pen drive. It has a master password that it uses to encrypt all my other passwords in a tidy MFC application. In x86 Linux I access it using Wine, which works fine. For my OS X machine, I use pwsafe, a console app that lets you access Password Safe databases, and dumps the password directly into the X clipboard buffer. (Use the CVS version, the latest regular build can't access the latest Password Safe database format.) I found other unix password safe compatible workalikes to be extremely poor.
This solution works well for me. Just make sure you back up your pen drive.
As long as you're up front about this in effect being a line-item-veto for the Supreme Court (assuming you mean that the court could strike down only a portion of the law.) That's EXTREMELY risky imo, the potential for constant interference by the courts would be very high. By invalidating and eliminating only a part of a bill, they are de-facto legislating.
The other alternative is that the court would strike down the whole thing. In that case, the worst that could happen is that in the case of a violation, the courts would either not risk invalidating the entire package, in effect making their power to do this worthless in any case where the potential good of a law even slightly outweighs the potential bad of the bill rider. The alternative would be invalidating the entire bill over trivial riders, which would be extremely unpopular.
I'm not saying you are an idiot or anything, an amendment like you are saying could do a lot of good in many cases. I am just trying to point out some (imo) significant mischief potential.
I think the analogy is apt. Spam clogs inboxes, worthless blogs clog search engine results. Reading is not the point. You don't have to actually _read_ either one for it to interfere with your productivity, the sheer volume losing other content in the noise is the problem.
I wish there was a meta tag or something that all blogs used indicating that it is in fact a blog, so that search engines could easily filter the results. If I could filter the crap blogs from my search results, I would agree with you that they are not being shoved down my throat.
I don't necessarily disagree with your position, but who gets to decide what the "spirit" of a bill is? Under any other circumstance, Slashdot would be outraged at the vagueness of a statement like this. For example, see Slashdot's group opinion on terms like "community standards", "obscene", etc.
Bill riders like this broadcast flag crap were one of the reasons for the presidential line-item-veto (which was shot down as unconstitutional. It put power into the hands of the executive branch that was constitutionally delegated to the legislative.)
Since the lines are still there after damages would be awarded, the encroachment would still be ongoing. Is this a loophole in the law? My first thought would be filing an civil lawsuit to get them actually off the property, as opposed to further damages. It would seem to me that this is analogous to someone squatting on a plot of land, paying damages, but then never actually leaving.
The U.S. court system posthumously awarded patents for the invention of radio to Nikola Tesla in the 40's. It's been posited that the reason this was done was because current patent holder Marconi was suing the US Army for infringement. The US Government sidestepped paying out massive royalties to Marconi by ruling that Tesla, dead and unable to collect, was the rightful holder of the patents.
You know what's funny? That's exactly how high school worked when I was there. Not on topic I know, just an interesting observation. Does anyone want the world to be more like high school?
I think he might have been referring to Sergei Korolev, and the captured German scientists who were forced to replicate the V-2. Korelov and Tupelov were both incarcerated and forced to work for the Soviet regime from prison (courtesy of Stalin,) not to speak of the captured Germans. Also, there were at least 15 Gulags that were used for cheap labor for development of nuclear facilities, so I don't have any reason to believe that development of rockets went about in a substantially different way. That the Soviet Union used prison labor is not disputed, and it can be shown that exile cities in Siberia were used to host secret laboratories due to their remoteness and tight control.
Maybe it's a response to this. I don't think you have to be a space-faring nation to engage in space-warfare. Some other nations have been jamming our satellites, so we're deploying a superior response, I guess.
The Army used to use a modified version of DOOM to help train troops. Look at it from the government's persepective. They are promoting games that facilitate socially-acceptable violent ends (working in the army, as a team toward a national goal.) This has two items to it that I can perceive. Firstly, try convincing the government that games don't facilitate violence when they are actively using it for that purpose; and secondly, if you actually play America's Army, it's not an anything-goes deathmatch like Unreal Tournament, you are punished for antisocial behavior, going off mission, intentional friendly fire, etc. Some of the things that are perceived as promoting school shootings and the like, does not exist in America's Army. The government never claimed to be against violence. They are (at least they say...) against games making little kids into antisocial killers.
You can't play both sides of the issue. Do games cause violence or not? If they don't, then the violence aspect of America's army should be no problem. Personally, I don't think there is a contradiction, since a) the government never claimed that they were against all violence and b) America's Army is rated T for TEEN, old enough for 90% of top rated slashdot posters to agree they can cope with violent content. Oh yeah, and the government didn't actually prevent any kid from playing any game as long as their parent bought it, which I still don't understand why anyone thinks this is a problem.
I don't understand the difference. I guess I don't see why a game would by definition have less emotional effect than a movie.
That said, I wonder about the possibility that *some* gamers just plain have lower standards. In high school I knew people who with religious zeal studied the life-stories of Street Fighter characters (I practically was one of them,) and considered Mortal Kombat a top-notch movie. I agree with the blogger. You have to examine what that person considers "eliciting emotion", and why. If you did a poll of my generation of the best movie ever made, "The Highlander" would do really well.
well, "maybe" wasn't a strong endorsement of actuallyputting XML in glibc...but thanks for your agument against it, I buy it. Incidentally, thanks for not being all "stfu dumbass" like too many posts on slashdot tend to be.
If someday there is a ubiquitous, small, stable implementation of a final XML standard, maybe it would be different. Frankly, the original argument that XML is bad for configuration files...that is demonstrable horse shit. If you want a well-defined, flexible and verifiable config format that allows easy merging and modification of content, you've just reimplemented XML anyway.
I really don't get how you take a hardcore RTFM unix manly man, tell him he should be using XML and he turns into a simpering pussy that claims everything is "too hard to read" and "too bloated". Then he goes on to flame someone on usenet who has trouble with sendmail.cf.
He just said why plucking an XML schema out of the air is better--because you can validate against it. Yeah, you can write your own validator for your own config file, but if you use XML, you don't have to waste your time because the code is already written. Common functions are exactly what glibc is for, maybe this is a good idea.
Incidentally, the anti-car-theft act of 1992 made it a federal crime to steal a car (not just if it was taken across a state line.) There is a long history of the Federal government invoking "interstate commerce" for anything that might even _potentially_ cross a state line. There are also federal firearms laws, which frankly have no connection to interstate commerce whatsoever.
I'm pretty sure you're right that there are no federal laws against recieving stolen property, though. But the federal government regulates all kinds of things that have nothing to do directly with the commerce clause.
It wasn't that long ago that there was a big stink over a doctor-run web site that blacklisted malpractice plaintiffs so that doctors could deny them future coverage, regardless of who won the case.
Google cached link
I guess it's not so funny when someone does it to them.
How does this account for other ridiculously strict singapore laws? This was the place that had the thousand dollar fine for chewing bubble gum in a public place, and regularly canes people to the point of bleeding for a wide variety of infractions.
1) You're comparing some independent yahoos with a stance by the government of the world's most populous nation.
2) Wilhelm Reich got shut down by the FDA. If he hadn't had to flee the Nazis, he probably would have had booming sales at home in Europe. His philosophy never set well with most Americans, for obvious reasons.
I make no claims to this junk being scientific orthodoxy in Europe. It just always seems to come from there. That said, Psychic research seems to be bigger in the USA, so maybe it balances out. Anyway, the grandparent is a troll. The USA, China and Europe all have their biases that lead to junk science. I'm not convinced yet that China is going to come out ahead of the USA, at least for a while. In a few more years Dumbo will be out, and there's a good chance that science in the USA will be back on track.
It may take a second to political belief systems, however. How long did China insinuate the moon landings were a hoax? As for Europe, lots of good research comes out of there...but then, so does lots of bullshit like anti-gravity and zero-point energy.
"Let's go production with it now and we can secure it later" - no, you won't. A better question to ask yourself is "If we don't have time to do it correctly now, will we have time to do it over once it's broken?" Sometimes, building a system that is in constant need of repair means you will spend years investing in turd polish because you were unwilling to spend days getting the job done right in the first place.
This will never change as long as the market rewards timeliness over quality. Also, in many businesses, you have a contractual obligation to be running by a certain date. Hell or high water, you are going to ship on that date.
Choosing to ship before something is finished isn't usually decided by software teams, but by the business owner. IMO, they are preaching to the choir on this one.
Slashdot Mirror
Since I commented in this article, the system won't let me use any of my mod points to bump you up...which is too bad, because you deserve a +5 for your post more than I do :-)
BTW, thanks for the hack in question, I got years more use out of my TI learning ASM.
Actually, it's not the first time. When Texas Instruments released the TI-92, it only came programmable with a crappy version of BASIC. Then, some hackers figured out that if you used an overly large firmware image with their system restore tool, you could insert instructions into the calculator that let you execute arbitrary code on it. Someone built a hook that let you upload your own assembler instructions, and TI-92 homebrew took off.
The hack was so popular that Texas Instruments ended up releasing an assembler application so that people didn't have to hack their calculators to run their own custom code.
With the exception of my machine at work, I do not use it on any machine I did not configure myself. All the machines however, are used exclusively by me.
As for keyloggers, the apps both dump the password into the clipboard, bypassing the keyboard. The master password I actually made a string with letters, numbers, capital and lowercase, that happens to be a common string typed on any particular machine I use. It's not a perfect solution, but I'm willing to take acceptable risks to get around the fact that I need over 40 passwords for my job/personal life.
The most unobvious but important risk mitigation suggestion I can recommend is keep your work password database separate from your personal password database. There's no good reason to keep them together, and very good reasons to keep them separate.
There would have to be some method of proving that you really did share a piece of a file with another user. There's no way I can think of doing that without trusting the client (or, ironically, trusted computing.) There would be little incentive for a client to report correct information in the case where there is not negative or positive repercussions for failing to do so. I could see your model working for single-download paid content. Everyone would have a unique ID. Upon finishing download, the client would report what other clients it got each piece from. This information would be cross-referenced with your send information. If there is a match, you get credit. The incentive to not lie is, everyone is paying for content, so if you lie, you are undermining the system, which puts you at risk as well. Subject the user to the Prisoner's Dilemma, and anyone smart enough to try to undermine the system is going to be smart enough to see that it impacts them negatively to do so.
Where I work (which shall remain nameless) people get around this password restriction by making their password "SOME STRING"1, then when they have to change it in a few weeks, "SOME STRING"2, and so on. I can't believe this is any sort of superior "security", badgering people into choosing terribly predictable passwords.
I use Password Safe on a USB pen drive. It has a master password that it uses to encrypt all my other passwords in a tidy MFC application. In x86 Linux I access it using Wine, which works fine. For my OS X machine, I use pwsafe, a console app that lets you access Password Safe databases, and dumps the password directly into the X clipboard buffer. (Use the CVS version, the latest regular build can't access the latest Password Safe database format.) I found other unix password safe compatible workalikes to be extremely poor.
This solution works well for me. Just make sure you back up your pen drive.
As long as you're up front about this in effect being a line-item-veto for the Supreme Court (assuming you mean that the court could strike down only a portion of the law.) That's EXTREMELY risky imo, the potential for constant interference by the courts would be very high. By invalidating and eliminating only a part of a bill, they are de-facto legislating.
The other alternative is that the court would strike down the whole thing. In that case, the worst that could happen is that in the case of a violation, the courts would either not risk invalidating the entire package, in effect making their power to do this worthless in any case where the potential good of a law even slightly outweighs the potential bad of the bill rider. The alternative would be invalidating the entire bill over trivial riders, which would be extremely unpopular.
I'm not saying you are an idiot or anything, an amendment like you are saying could do a lot of good in many cases. I am just trying to point out some (imo) significant mischief potential.
I think the analogy is apt. Spam clogs inboxes, worthless blogs clog search engine results. Reading is not the point. You don't have to actually _read_ either one for it to interfere with your productivity, the sheer volume losing other content in the noise is the problem.
I wish there was a meta tag or something that all blogs used indicating that it is in fact a blog, so that search engines could easily filter the results. If I could filter the crap blogs from my search results, I would agree with you that they are not being shoved down my throat.
I don't necessarily disagree with your position, but who gets to decide what the "spirit" of a bill is? Under any other circumstance, Slashdot would be outraged at the vagueness of a statement like this. For example, see Slashdot's group opinion on terms like "community standards", "obscene", etc.
Bill riders like this broadcast flag crap were one of the reasons for the presidential line-item-veto (which was shot down as unconstitutional. It put power into the hands of the executive branch that was constitutionally delegated to the legislative.)
Since the lines are still there after damages would be awarded, the encroachment would still be ongoing. Is this a loophole in the law? My first thought would be filing an civil lawsuit to get them actually off the property, as opposed to further damages. It would seem to me that this is analogous to someone squatting on a plot of land, paying damages, but then never actually leaving.
The U.S. court system posthumously awarded patents for the invention of radio to Nikola Tesla in the 40's. It's been posited that the reason this was done was because current patent holder Marconi was suing the US Army for infringement. The US Government sidestepped paying out massive royalties to Marconi by ruling that Tesla, dead and unable to collect, was the rightful holder of the patents.
You know what's funny? That's exactly how high school worked when I was there. Not on topic I know, just an interesting observation. Does anyone want the world to be more like high school?
I think he might have been referring to Sergei Korolev, and the captured German scientists who were forced to replicate the V-2. Korelov and Tupelov were both incarcerated and forced to work for the Soviet regime from prison (courtesy of Stalin,) not to speak of the captured Germans. Also, there were at least 15 Gulags that were used for cheap labor for development of nuclear facilities, so I don't have any reason to believe that development of rockets went about in a substantially different way. That the Soviet Union used prison labor is not disputed, and it can be shown that exile cities in Siberia were used to host secret laboratories due to their remoteness and tight control.
Maybe it's a response to this. I don't think you have to be a space-faring nation to engage in space-warfare. Some other nations have been jamming our satellites, so we're deploying a superior response, I guess.
The Army used to use a modified version of DOOM to help train troops. Look at it from the government's persepective. They are promoting games that facilitate socially-acceptable violent ends (working in the army, as a team toward a national goal.) This has two items to it that I can perceive. Firstly, try convincing the government that games don't facilitate violence when they are actively using it for that purpose; and secondly, if you actually play America's Army, it's not an anything-goes deathmatch like Unreal Tournament, you are punished for antisocial behavior, going off mission, intentional friendly fire, etc. Some of the things that are perceived as promoting school shootings and the like, does not exist in America's Army. The government never claimed to be against violence. They are (at least they say...) against games making little kids into antisocial killers.
You can't play both sides of the issue. Do games cause violence or not? If they don't, then the violence aspect of America's army should be no problem. Personally, I don't think there is a contradiction, since a) the government never claimed that they were against all violence and b) America's Army is rated T for TEEN, old enough for 90% of top rated slashdot posters to agree they can cope with violent content. Oh yeah, and the government didn't actually prevent any kid from playing any game as long as their parent bought it, which I still don't understand why anyone thinks this is a problem.
I don't understand the difference. I guess I don't see why a game would by definition have less emotional effect than a movie.
That said, I wonder about the possibility that *some* gamers just plain have lower standards. In high school I knew people who with religious zeal studied the life-stories of Street Fighter characters (I practically was one of them,) and considered Mortal Kombat a top-notch movie. I agree with the blogger. You have to examine what that person considers "eliciting emotion", and why. If you did a poll of my generation of the best movie ever made, "The Highlander" would do really well.
well, "maybe" wasn't a strong endorsement of actuallyputting XML in glibc...but thanks for your agument against it, I buy it. Incidentally, thanks for not being all "stfu dumbass" like too many posts on slashdot tend to be.
If someday there is a ubiquitous, small, stable implementation of a final XML standard, maybe it would be different. Frankly, the original argument that XML is bad for configuration files...that is demonstrable horse shit. If you want a well-defined, flexible and verifiable config format that allows easy merging and modification of content, you've just reimplemented XML anyway.
I really don't get how you take a hardcore RTFM unix manly man, tell him he should be using XML and he turns into a simpering pussy that claims everything is "too hard to read" and "too bloated". Then he goes on to flame someone on usenet who has trouble with sendmail.cf.
He just said why plucking an XML schema out of the air is better--because you can validate against it. Yeah, you can write your own validator for your own config file, but if you use XML, you don't have to waste your time because the code is already written. Common functions are exactly what glibc is for, maybe this is a good idea.
Incidentally, the anti-car-theft act of 1992 made it a federal crime to steal a car (not just if it was taken across a state line.) There is a long history of the Federal government invoking "interstate commerce" for anything that might even _potentially_ cross a state line. There are also federal firearms laws, which frankly have no connection to interstate commerce whatsoever. I'm pretty sure you're right that there are no federal laws against recieving stolen property, though. But the federal government regulates all kinds of things that have nothing to do directly with the commerce clause.
It wasn't that long ago that there was a big stink over a doctor-run web site that blacklisted malpractice plaintiffs so that doctors could deny them future coverage, regardless of who won the case. Google cached link I guess it's not so funny when someone does it to them.
How does this account for other ridiculously strict singapore laws? This was the place that had the thousand dollar fine for chewing bubble gum in a public place, and regularly canes people to the point of bleeding for a wide variety of infractions.
1) You're comparing some independent yahoos with a stance by the government of the world's most populous nation.
2) Wilhelm Reich got shut down by the FDA. If he hadn't had to flee the Nazis, he probably would have had booming sales at home in Europe. His philosophy never set well with most Americans, for obvious reasons.
I make no claims to this junk being scientific orthodoxy in Europe. It just always seems to come from there. That said, Psychic research seems to be bigger in the USA, so maybe it balances out. Anyway, the grandparent is a troll. The USA, China and Europe all have their biases that lead to junk science. I'm not convinced yet that China is going to come out ahead of the USA, at least for a while. In a few more years Dumbo will be out, and there's a good chance that science in the USA will be back on track.
It may take a second to political belief systems, however. How long did China insinuate the moon landings were a hoax? As for Europe, lots of good research comes out of there...but then, so does lots of bullshit like anti-gravity and zero-point energy.
It's logo is a penguin, so I just assumed...
This will never change as long as the market rewards timeliness over quality. Also, in many businesses, you have a contractual obligation to be running by a certain date. Hell or high water, you are going to ship on that date.
Choosing to ship before something is finished isn't usually decided by software teams, but by the business owner. IMO, they are preaching to the choir on this one.