Unfortunately, the US export regulations *do* work.
I'm in Europe, using the insecure ('export-grade') version of IE5. At other times, I use insecure Netscape 4.61. So does everybody else - very few people can be bothered to hand-edit the Netscape binary to enable encryption. Heck, most users don't even understand what key length is.
The export regulations make it inconvienient for most users to get strong crypto. And if something is inconvienient, most people won't use it. The laws may not stop those who know what they are doing, and are prepared to take security seriously, but there are still lots of easily-tappable, interesting communications out there.
Instead of buffering 10 measly seconds, buffer the whole song.
Why not use MP3 compression on the sound buffer? You could use a low quality setting to fit a lot of sound into that "10 seconds' worth". I don't think that most listeners would notice if the sound quality dropped a little for just a few seconds.
You could do this in two ways: encode things into low-quality MP3 on the fly and store the most recent minute or so in the buffer, or if you are playing MP3s to start with, use the buffer to hold raw MP3 data, which doesn't require any extra processing power.
However, this doesn't match your suggestion of sucking in an entire song at once. You might be able to save quite a lot of power by buffering 60 seconds at a time, and when the buffer becomes nearly empty, spin up the CD again and read the next bit. But I don't know about how much power a CD drive uses relative to memory, how much it costs to spin it up, and so on. There must be a best compromise between reading from the CD all the time (requires lots of power to keep the motor turning) and slurping the entire CD (requires lots of power for 650MB of RAM!). But I don't know where the optimum point is.
Certain circumstances will cause your M2 to be disregarded. This is to prevent abuses. I'm not going to release the specifics as that would defeat the purpose
Err... isn't this 'security through obscurity', the fallacy that Slashdot readers are so quick to berate Microsoft and others for? And how does this fit in with continuing to release Slash source code?
Surely it shouldn't matter if people know when M2 is being disregarded. And people would be able to agree or disagree with the policy, and make suggestions. Hang on a minute - maybe that's what Rob is afraid of:-(
gtk shouldn't get any more covereage then qt, and redhat shouldn't get anymore then whatever else is out there..
Yeah, and Mozilla shouldn't get any more coverage than Internet Explorer, and computers shouldn't get any more coverage than bicycles, and half the articles should be posted in French, and...
Slashdot has always been about what Rob finds interesting. Fortunately, what he finds interesting is interesting to a lot of other people too - hence the huge popularity of Slashdot. This does mean that you have to promote some things above others.
As for the particular complaints that you make, GTK is getting coverage right now because a book has just been released. That's why this story is under 'Book Reviews'. When the book Programming with Qt was released, there was a review of that too. And to many people, Red Hat's 100% free status makes it more 'interesting' than proprietary distributions like SuSE or Caldera.
I wish they would make them shorter. 45 minutes is far too long for any amount of action they manage to fit into the typical episode. It would be much more pleasant to cut out most of the cheesy 'personality' bits and make snappy 25-minute episodes, with maybe the occasional hour-long special where the plot really justifies it.
For my CS course, we learned Haskell (http://www.haskell.org) as our first programming language. I can't help feeling that if you're going to teach functional programming, do it 'properly' (ie, use a pure functional language). I wouldn't mind using ML, but I would miss lazy evaluation.
It seems to me that academics are quite keen on strongly typed languages (and I like compile-time checking too). If there were some way to give type declarations in Python (on an optional basis, or maybe with a 'deductive' type system as in Haskell), it would probably be more popular.
(I don't know much Python; I'm reading Learning Python ATM. So what I said about 'lack of type declarations' may not be 100% correct.)
I think they should give the whole thing a rest, at least for another twenty years. And they could stop gratuitously hopping between centuries for each new series (DS9 excepted).
But a prequel might be quite cool - I've always been interested in the 21st century portrayed in Encounter At Farpoint or First Contact.
Increasing voter turnout by making it even easier than it is now to vote merely floods the votes of those who care (that is, they care enough to drop by at the voting booth on the way to work) with those who care so little they can't be bothered to do even that.
Quite. What most people haven't grasped is that it is necessary, in a democracy, for the government to not represent the wishes of the people. Yes, we should freely vote for representatives, but there needs to be a certain amount of 'friction' and detachment between popular opinion and the decisions made by government. In other words, governments need to make decisions that are unpopular. Otherwise, we would just decide all laws (and maybe all judicial verdicts) by referendum.
The amount of 'unfairness' in the current system may be very useful in producing a workable government. A system which better reflected the desires of voters might produce unstable coalition governments, or populist whoring administrations which just go along with 'mob rule'. (Or at least, even more so than we have already...)
This seems a stupid example of stuffing more and more features into a product, even when they are totally unsuited to it. What happened to 'do one thing and do it well'?
Better to make a good flat-screen touch display. Then, people can stick them on their fridges, or anywhere else they want.
I don't think that the QPL makes any sense for a Linux installer. It's quite specific to libraries such as Qt. Look at these two clauses which claim to control what you are allowed to use the software for:
5. You may use the original or modified versions of the Software to compile, link and run application programs legally developed by you or by others.
6. You may develop application programs, reusable components and other software items that link with the original or modified versions of the Software. These items, when distributed, are subject to the following requirements...
But this is total nonsense. You don't use an installer program to 'compile, link and run' programs, and you don't use it to develop software with either. You use it to install Linux - but seemingly, this isn't permitted by the licence.
What you need is a scripting language for games such as Railroad Tycoon. Or Civilization. Or Dune 2 / Command and Conquer / etc.
I've often been frustrated, playing Civ, at the stupidity of the 'go' command, which seems to wilfully ignore roads and take the most difficult route possible, across mountains. It would be cool if I could write my own procedure in some high-level language (Guile, Python, Perl, Elisp?) and tell a unit to 'run' it.
There's no reason why this should allow cheating, if the code is run in a secure environment, and cannot see or do anything that a human player couldn't.
While we're on the subject of banner ads, I think that Slashdot could break new ground by having _text_ advertisements, rather than animated GIFs. I think they would be well suited to this site, as it is heavily based on reading, rather than pictures, animations, or any of that 'rich multimedia experience' crap.
What I'm thinking of is a paragraph immediately after the story on each comments page, that says, 'ADVERTISEMENT: Fongrel Inc. have just launched a new range of dual-Athlon Fongrix Linux-based workstations.', with links as appropriate. For things like job adverts, this could work really well. And Lynx users would be able to see them.
no real financial incentive to sell the
Read the rest of this comment...
But 'the rest of this comment' adds just two words, 'cheap versions'!
I can see that truncating long comments to save bandwidth is a good idea, but really, it's not worth it just to save two words. Of course, the line must be drawn somewhere. I would suggest that long comments be split in half, rather than truncated at some arbitrary point. Then at least the 'Read the rest' link actually does something.
So you have to use filtering software - but what's to stop you from turning it onto 'filter nothing'?
Furthermore, no filtering software is perfect, whether it be based on manual blocking of web pages, or automatic detection of naughty words. You could simply do all your browsing through a 'web anonymizer' or gateway, and if that gets blocked, create another. Or you could run a web proxy like DeleGate on your own machine, and do all your browsing through that. I doubt that filtering software has any blocking rules for 'localhost':-)
I believe, that if the authentication technique for Root is set to One Time Passwords, that you would have to edit pwd.db itself to revert to normal passwords, as I do not think that pwd_mkdb will make that change.
So just use your own version of pwd_mkdb that is a little more obliging.
If someone has physical access to the box it is not secure.
There are two kinds of 'physical access' - access to the keyboard and floppy drive, and full access to the machine, including removing the case.
In many environments such as schools, users have the first but not the second. You can assume that they won't open the case of the machine or steal it, but they will try booting from floppy, CTRL-ALT-DEL or 'linux single'. In these cases, a BIOS password and LILO boot password, combined with a secure operating system, should suffice.
Sun's decision to unbundle a compiler from their operating system was lousy, but probably driven by the fact that many people use Sun workstations for non-programming tasks.
So just leave it in! It's not doing any harm there, is it? Apart from a small amount of disk space.
The reason - and it is a good reason - is that Sun could make more money by making people pay twice to get the compiler. This is the problem when deciding what proprietary software to include on your CD: If you leave things out as Sun did, then your customers complain that you are just trying to screw money out of them. But if you include lots of goodies, as Microsoft does, you can be accused of monopolistic practices ('bundling') and forcing people to pay for things they don't want.
Some people consider it 'unfair' that, for example, the C compiler is included as standard, because then 'some people are paying for something they won't use'. Marketing departments would no doubt use this argument when justifying their market segmentation schemes. This is nonsense of course, since the cost of the CD is the same whether it includes the compiler or not. The job of the vendor is simply to get as much money as possible, and you can usually do that by witholding some things, like C compilers, from low-end 'products'. Hopefully, if there is sufficient competition in the marketplace, this won't get too grotesque.
You're right - it's not really what I meant, although I expect it's what some governments would be only too keen to implement.
I meant, have the government keep a list of every individual's public key, and verify this by requiring you to turn up at a registry office with birth certificate, passport or whatever.
Having the government sign people's public keys, as somebody suggested below, is a good way of doing things. Of course, you can get them signed by companies as well if you don't trust the government. But I would expect that any company operating within the law is no more trustworthy than the government it operates under.
I know that most Slashdot readers think the government should stay out of the Internet, but I think there is one useful thing that governments could do - which would also make email more widespread:
Issue every citizen with a PGP public key pair. The problem with current PGP keys is that you have no way of knowing that the 'real' person got the keys in the first place. Your lovingly encrypted / signed communications may be going to an interloper. What's needed is an agency that will require physical authentication, as well as a passport and maybe other ID, before issuing a key, and then provide an easy way to look up the public key of each individual.
I know that there's not a snowball's chance in hell of this happening in countries like France, the US or Britain, but governments of more enlightened countries, who don't want the NSA tapping their citizens' messages, might go in for such a plan.
And before you all complain, I know that you can't trust the government in matters like these. However, I think this would provide a little more security than just looking at a public key server. You could of course do both.
What is it with cracker / warez d00d types and the RAR archive format?
Most warez appear to be in RAR format - er, not that I've downloaded any, I just browsed the FTP site, um...
I thought it was HREF at first. I imagined the HREF gun was a kind of light-gun that you point at links on Web pages.
Unfortunately, the US export regulations *do* work.
I'm in Europe, using the insecure ('export-grade') version of IE5. At other times, I use insecure Netscape 4.61. So does everybody else - very few people can be bothered to hand-edit the Netscape binary to enable encryption. Heck, most users don't even understand what key length is.
The export regulations make it inconvienient for most users to get strong crypto. And if something is inconvienient, most people won't use it. The laws may not stop those who know what they are doing, and are prepared to take security seriously, but there are still lots of easily-tappable, interesting communications out there.
Why not use MP3 compression on the sound buffer? You could use a low quality setting to fit a lot of sound into that "10 seconds' worth". I don't think that most listeners would notice if the sound quality dropped a little for just a few seconds.
You could do this in two ways: encode things into low-quality MP3 on the fly and store the most recent minute or so in the buffer, or if you are playing MP3s to start with, use the buffer to hold raw MP3 data, which doesn't require any extra processing power.
However, this doesn't match your suggestion of sucking in an entire song at once. You might be able to save quite a lot of power by buffering 60 seconds at a time, and when the buffer becomes nearly empty, spin up the CD again and read the next bit. But I don't know about how much power a CD drive uses relative to memory, how much it costs to spin it up, and so on. There must be a best compromise between reading from the CD all the time (requires lots of power to keep the motor turning) and slurping the entire CD (requires lots of power for 650MB of RAM!). But I don't know where the optimum point is.
Err... isn't this 'security through obscurity', the fallacy that Slashdot readers are so quick to berate Microsoft and others for? And how does this fit in with continuing to release Slash source code?
Surely it shouldn't matter if people know when M2 is being disregarded. And people would be able to agree or disagree with the policy, and make suggestions. Hang on a minute - maybe that's what Rob is afraid of :-(
Yeah, and Mozilla shouldn't get any more coverage than Internet Explorer, and computers shouldn't get any more coverage than bicycles, and half the articles should be posted in French, and...
Slashdot has always been about what Rob finds interesting. Fortunately, what he finds interesting is interesting to a lot of other people too - hence the huge popularity of Slashdot. This does mean that you have to promote some things above others.
As for the particular complaints that you make, GTK is getting coverage right now because a book has just been released. That's why this story is under 'Book Reviews'. When the book Programming with Qt was released, there was a review of that too. And to many people, Red Hat's 100% free status makes it more 'interesting' than proprietary distributions like SuSE or Caldera.
I wish they would make them shorter. 45 minutes is far too long for any amount of action they manage to fit into the typical episode. It would be much more pleasant to cut out most of the cheesy 'personality' bits and make snappy 25-minute episodes, with maybe the occasional hour-long special where the plot really justifies it.
For my CS course, we learned Haskell (http://www.haskell.org) as our first programming language. I can't help feeling that if you're going to teach functional programming, do it 'properly' (ie, use a pure functional language). I wouldn't mind using ML, but I would miss lazy evaluation.
It seems to me that academics are quite keen on strongly typed languages (and I like compile-time checking too). If there were some way to give type declarations in Python (on an optional basis, or maybe with a 'deductive' type system as in Haskell), it would probably be more popular.
(I don't know much Python; I'm reading Learning Python ATM. So what I said about 'lack of type declarations' may not be 100% correct.)
That would be Star Dreck, I suppose.
I think they should give the whole thing a rest, at least for another twenty years. And they could stop gratuitously hopping between centuries for each new series (DS9 excepted).
But a prequel might be quite cool - I've always been interested in the 21st century portrayed in Encounter At Farpoint or First Contact.
Quite. What most people haven't grasped is that it is necessary, in a democracy, for the government to not represent the wishes of the people. Yes, we should freely vote for representatives, but there needs to be a certain amount of 'friction' and detachment between popular opinion and the decisions made by government. In other words, governments need to make decisions that are unpopular. Otherwise, we would just decide all laws (and maybe all judicial verdicts) by referendum.
The amount of 'unfairness' in the current system may be very useful in producing a workable government. A system which better reflected the desires of voters might produce unstable coalition governments, or populist whoring administrations which just go along with 'mob rule'. (Or at least, even more so than we have already...)
This seems a stupid example of stuffing more and more features into a product, even when they are totally unsuited to it. What happened to 'do one thing and do it well'?
Better to make a good flat-screen touch display. Then, people can stick them on their fridges, or anywhere else they want.
I don't think that the QPL makes any sense for a Linux installer. It's quite specific to libraries such as Qt. Look at these two clauses which claim to control what you are allowed to use the software for:
But this is total nonsense. You don't use an installer program to 'compile, link and run' programs, and you don't use it to develop software with either. You use it to install Linux - but seemingly, this isn't permitted by the licence.
What you need is a scripting language for games such as Railroad Tycoon. Or Civilization. Or Dune 2 / Command and Conquer / etc.
I've often been frustrated, playing Civ, at the stupidity of the 'go' command, which seems to wilfully ignore roads and take the most difficult route possible, across mountains. It would be cool if I could write my own procedure in some high-level language (Guile, Python, Perl, Elisp?) and tell a unit to 'run' it.
There's no reason why this should allow cheating, if the code is run in a secure environment, and cannot see or do anything that a human player couldn't.
While we're on the subject of banner ads, I think that Slashdot could break new ground by having _text_ advertisements, rather than animated GIFs. I think they would be well suited to this site, as it is heavily based on reading, rather than pictures, animations, or any of that 'rich multimedia experience' crap.
What I'm thinking of is a paragraph immediately after the story on each comments page, that says, 'ADVERTISEMENT: Fongrel Inc. have just launched a new range of dual-Athlon Fongrix Linux-based workstations.', with links as appropriate. For things like job adverts, this could work really well. And Lynx users would be able to see them.
Well, you can look at Dave Cutler's fan club - it's not quite the same, though. A bit scary, in fact.
But 'the rest of this comment' adds just two words, 'cheap versions'!
I can see that truncating long comments to save bandwidth is a good idea, but really, it's not worth it just to save two words. Of course, the line must be drawn somewhere. I would suggest that long comments be split in half, rather than truncated at some arbitrary point. Then at least the 'Read the rest' link actually does something.
I think the whole 'Amiga revival' is a conspiracy by CmdrTaco to keep Slashdot supplied with stories.
So you have to use filtering software - but what's to stop you from turning it onto 'filter nothing'?
Furthermore, no filtering software is perfect, whether it be based on manual blocking of web pages, or automatic detection of naughty words. You could simply do all your browsing through a 'web anonymizer' or gateway, and if that gets blocked, create another. Or you could run a web proxy like DeleGate on your own machine, and do all your browsing through that. I doubt that filtering software has any blocking rules for 'localhost' :-)
So just use your own version of pwd_mkdb that is a little more obliging.
There are two kinds of 'physical access' - access to the keyboard and floppy drive, and full access to the machine, including removing the case.
In many environments such as schools, users have the first but not the second. You can assume that they won't open the case of the machine or steal it, but they will try booting from floppy, CTRL-ALT-DEL or 'linux single'. In these cases, a BIOS password and LILO boot password, combined with a secure operating system, should suffice.
So just leave it in! It's not doing any harm there, is it? Apart from a small amount of disk space.
The reason - and it is a good reason - is that Sun could make more money by making people pay twice to get the compiler. This is the problem when deciding what proprietary software to include on your CD: If you leave things out as Sun did, then your customers complain that you are just trying to screw money out of them. But if you include lots of goodies, as Microsoft does, you can be accused of monopolistic practices ('bundling') and forcing people to pay for things they don't want.
Some people consider it 'unfair' that, for example, the C compiler is included as standard, because then 'some people are paying for something they won't use'. Marketing departments would no doubt use this argument when justifying their market segmentation schemes. This is nonsense of course, since the cost of the CD is the same whether it includes the compiler or not. The job of the vendor is simply to get as much money as possible, and you can usually do that by witholding some things, like C compilers, from low-end 'products'. Hopefully, if there is sufficient competition in the marketplace, this won't get too grotesque.
You're right - it's not really what I meant, although I expect it's what some governments would be only too keen to implement.
I meant, have the government keep a list of every individual's public key, and verify this by requiring you to turn up at a registry office with birth certificate, passport or whatever.
Having the government sign people's public keys, as somebody suggested below, is a good way of doing things. Of course, you can get them signed by companies as well if you don't trust the government. But I would expect that any company operating within the law is no more trustworthy than the government it operates under.
I know that most Slashdot readers think the government should stay out of the Internet, but I think there is one useful thing that governments could do - which would also make email more widespread:
Issue every citizen with a PGP public key pair. The problem with current PGP keys is that you have no way of knowing that the 'real' person got the keys in the first place. Your lovingly encrypted / signed communications may be going to an interloper. What's needed is an agency that will require physical authentication, as well as a passport and maybe other ID, before issuing a key, and then provide an easy way to look up the public key of each individual.
I know that there's not a snowball's chance in hell of this happening in countries like France, the US or Britain, but governments of more enlightened countries, who don't want the NSA tapping their citizens' messages, might go in for such a plan.
And before you all complain, I know that you can't trust the government in matters like these. However, I think this would provide a little more security than just looking at a public key server. You could of course do both.