While I agree that the original CNN article is horribly misguided, I also have a huge problem with your "blame the victim" mentality. When you (or a library) loan out a book, or sell a used copy, no new copy is made. There's an inherent limit on the number of other people who can read it, since they're all reading the same physical copy.
That's very different from posting an unlocked copy on the 'net, for anyone to download
Unfortunately, the alternate reality of Sherman Alexie (and Matt Frisch, the CNN hack who quoted him) intersects "real" reality via the mainstream media (as illustrated in this case). IMO educating the general public about the benefits of Open Source, and the fact that Open Source != Piracy, may be the answer to this sort of nonsense.
I'm sure I'm preaching to the choir here, but there really needs to be a higher profile public education campaign to teach the masses that Open Source isn't about piracy (i.e. taking someone's IP without permission); it is about IP that is freely given. The very foundation of the GPL (and other Open Source licenses) is copyright law, and the fact that the legal owner of that IP can give it away (possibly with strings attached).
The rise of Open Source is completely orthogonal to the piracy issue.
Whether or not the user-created content is high quality has little to do with whether there's infringement going on. It really looks to me like Vimeo has stepped over the line in terms of the safe harbor provisions -- they're trying to have their cake and eat it too. With the DMCA in its present form, that just isn't going to fly.
Hard drives die all the time, even without assistance from a trigger-happy border guard. Laptops get stolen. If the data was as valuable as she claims, not having a backup was very stupid.
If we take the blog post at face value, everyone involved behaved rather stupidly. Both the border police (for shooting up the laptop), and the student (for not having a backup copy of her "years of work"). Meh.
It's not exactly big news that a system based on MD5 hashes is susceptible to dictionary-style attacks; this should be obvious to anyone who understands how hashes work. In order for this particular attack to work, the attacker already has to have some reasonable guesses as to what your e-mail address is; the Gravatar trick only confirms the address. So it seems to me that the amount of additional data leaked is fairly small.
OTOH, I suppose I'm somewhat desensitized to this sort of thing, since I've had the same primary e-mail address for something like 15 years (going back to the days when I was rather active on Usenet). My e-mail address is already in every spammer database on the planet, so I don't see how a few more people knowing it could make things any worse!
Agreed. If he doesn't want to host it at home for whatever reason (I imagine being gone for a year he may be having his Internet service turned off), he should find a friend or relative who is willing to host the box for him. Provided he uses a modern CPU with decent power management features (or a low-power CPU like Atom), idle power usage should not be a concern.
Once you've got an always-on *NIX server you can connect to, it is a simple matter to use SSH's built-in SOCKS capability to securely tunnel your TCP traffic. This is precisely what I do when I travel.
Point taken on the power usage and noise level. But if you're worried that running at 100% load will damage the fans, you need to either A) stop worrying so much; or B) stop buying crappy fans!
If you use something with decent power management, and boot it off of a thumbdrive instead of a mechanical hard drive, you should be able to get the power usage down to where it is tolerable (though I agree you won't be able to get down to the level of a typical consumer router). Alternatively, if you're into any of the distributed computing projects (e.g. Folding@home), run a distributed computing client on it; that way at least you're doing something with the extra watts.
Developing and releasing security patches and updates, operating the activation servers, and paying the droids in the call center has to cost them something; so their costs aren't zero. You're implicitly paying for these things when you buy a Windows license. (We're putting aside for the moment the fact that only one of those things actually adds value for the end user, but that's a separate debate...)
Umm... OEM copies of XP are still for sale; Microsoft only halted sales of the retail version. Furthermore, it is 8 years old only if you completely ignore Service Packs. A better yardstick would be the time since SP3 was released, which would make it less than 2 years old.
A DIY system build with the Open Source OS of your choice is by far the best route to avoid the Microsoft Tax. I put trying to get a refund for Windows after the fact right up there with mail-in rebates and free upgrade coupons -- in other words, I would not take it into consideration when making a purchasing decision, because I am not going to count on actually getting it. As often as not the vendor (or their hired-gun fulfillment company) will try to screw you, and you're left trying to explain the situation to the Nice Man in India who has no incentive to actually help you.
Sites that post customer reviews typically have something in their policies which indicates that they reserve the right to screen the reviews before they go up. As someone else already indicated, as long as they are not editing your review to make it sound more positive and posting the edited version, they're probably not violating any laws. It is certainly borderline from an ethical standpoint though, regardless of what their official policies are.
I've generally found that the quality of customer reviews at online retailers leaves a lot to be desired anyway. Most of the people posting them seem to be clueless, and sometimes it is even obvious that they're never even bought the product in question! I generally ignore customer reviews entirely. Occasionally I may use them to make a final decision between two otherwise very similar products; but if you are relying on them to give you unbiased feedback about a product, IMO you are asking for trouble.
I was assuming that the TSCs are not synchronized tightly enough between host and guest(s) to be correlated, at least not in the low order bits. Perhaps this was a bad assumption. (Though I have to believe that it is still a lot more "random" than most other things accessible to the guest.)
My apologies to #1103839; your post was rude, but I should not have responded in kind.
At least I injected some humor into the thread (if unintended)!
...and if you're worried about someone running a guest VM and using the host TSC value as the basis for some sort of attack on the RNGs of other similar VMs running on the same host, just run the TSC value through a hash function on the host side, before passing it to the VM. As long as the hash function is effectively one-way, you can't glean any information which might be useful in an attack on "sister" VMs.
No, seriously. The TSC counts raw host CPU clock ticks. I/O interrupts and CPU cache misses on the host should effectively de-correlate it with anything going on in the guest VMs. On a host with many guest VMs it only gets better, since the patterns of host I/O interrupts and guest VM timeslices will be even less predictable.
As long as it is not relied on as a continuous source of high quality entropy (i.e. it should be used to seed the pool, just like things like mouse movement etc. are used now), it ought to be a significant improvement.
Either we've had an honest misunderstanding here due to my not being entirely clear (which I'd be more than happy to straighten out), or you're a clueless moron. Unless you're willing to clarify why you consider me a "troll", I have no choice but to assume the latter.
Seems to me this could be solved via the "Guest Additions" module that most virtualization packages recommend you install in the guest OS. Use the GA to inject some entropy from the host system into the guest system's entropy pool. The host CPU's TSC register would probably be an excellent source.
If the original source code was released under the GPL with the consent of the original developers, and you have made your modified source code available to anyone who wants it under the GPL as well, you are in compliance with both the letter and the spirit of the GPL. Period, end of discussion.
Whether or not you charge for the binaries is irrelevant.
Sorry about replying to my own post, but I just wanted to add one more thought on this. I think you would be better off using no RAID at all than doing what you proposed in the OP. Software RAID + FAT32 on an RC OS quite likely increases your odds of data loss, compared to just using a single non-RAID drive.
You say you care about your data, and yet you are contemplating using software RAID with an RC OS, along with FAT32? This is like wearing a bicycle helmet to protect yourself during a round of Russian Roulette. (Motherboard RAID is actually software RAID done in the device driver... I would trust this even less than the OS's software RAID, given that the motherboard vendor's driver may not play nice with the RC OS.)
If you care about your data but must use the Windows 7 RC for some reason, what you really ought to be doing is putting the data on a separate box which is running a mature OS (WinXP, Debian Stable, Ubuntu LTS... take your pick). And for God's sake, don't use FAT32 -- use a journaling file system like NTFS or EXT3.
Whenever I tried to open any of the IRS PDF forms, it would crash back to the desktop. Just *poof*, no error messages or anything. It worked OK with PDFs that didn't have forms in them, but if that was all I needed I would've just used Evince.
Slashdot Mirror
While I agree that the original CNN article is horribly misguided, I also have a huge problem with your "blame the victim" mentality. When you (or a library) loan out a book, or sell a used copy, no new copy is made. There's an inherent limit on the number of other people who can read it, since they're all reading the same physical copy.
That's very different from posting an unlocked copy on the 'net, for anyone to download
Oh, and I forgot to mention, I finally registered at cnn.com, just to post a comment to that article!
Unfortunately, the alternate reality of Sherman Alexie (and Matt Frisch, the CNN hack who quoted him) intersects "real" reality via the mainstream media (as illustrated in this case). IMO educating the general public about the benefits of Open Source, and the fact that Open Source != Piracy, may be the answer to this sort of nonsense.
I'm sure I'm preaching to the choir here, but there really needs to be a higher profile public education campaign to teach the masses that Open Source isn't about piracy (i.e. taking someone's IP without permission); it is about IP that is freely given. The very foundation of the GPL (and other Open Source licenses) is copyright law, and the fact that the legal owner of that IP can give it away (possibly with strings attached).
The rise of Open Source is completely orthogonal to the piracy issue.
Whether or not the user-created content is high quality has little to do with whether there's infringement going on. It really looks to me like Vimeo has stepped over the line in terms of the safe harbor provisions -- they're trying to have their cake and eat it too. With the DMCA in its present form, that just isn't going to fly.
Hard drives die all the time, even without assistance from a trigger-happy border guard. Laptops get stolen. If the data was as valuable as she claims, not having a backup was very stupid.
If we take the blog post at face value, everyone involved behaved rather stupidly. Both the border police (for shooting up the laptop), and the student (for not having a backup copy of her "years of work"). Meh.
It's not exactly big news that a system based on MD5 hashes is susceptible to dictionary-style attacks; this should be obvious to anyone who understands how hashes work. In order for this particular attack to work, the attacker already has to have some reasonable guesses as to what your e-mail address is; the Gravatar trick only confirms the address. So it seems to me that the amount of additional data leaked is fairly small.
OTOH, I suppose I'm somewhat desensitized to this sort of thing, since I've had the same primary e-mail address for something like 15 years (going back to the days when I was rather active on Usenet). My e-mail address is already in every spammer database on the planet, so I don't see how a few more people knowing it could make things any worse!
Agreed. If he doesn't want to host it at home for whatever reason (I imagine being gone for a year he may be having his Internet service turned off), he should find a friend or relative who is willing to host the box for him. Provided he uses a modern CPU with decent power management features (or a low-power CPU like Atom), idle power usage should not be a concern.
Once you've got an always-on *NIX server you can connect to, it is a simple matter to use SSH's built-in SOCKS capability to securely tunnel your TCP traffic. This is precisely what I do when I travel.
Point taken on the power usage and noise level. But if you're worried that running at 100% load will damage the fans, you need to either A) stop worrying so much; or B) stop buying crappy fans!
If you use something with decent power management, and boot it off of a thumbdrive instead of a mechanical hard drive, you should be able to get the power usage down to where it is tolerable (though I agree you won't be able to get down to the level of a typical consumer router). Alternatively, if you're into any of the distributed computing projects (e.g. Folding@home), run a distributed computing client on it; that way at least you're doing something with the extra watts.
I wasn't speaking from the OEM's viewpoint, I was speaking from the end users' viewpoint.
Developing and releasing security patches and updates, operating the activation servers, and paying the droids in the call center has to cost them something; so their costs aren't zero. You're implicitly paying for these things when you buy a Windows license. (We're putting aside for the moment the fact that only one of those things actually adds value for the end user, but that's a separate debate...)
Umm... OEM copies of XP are still for sale; Microsoft only halted sales of the retail version. Furthermore, it is 8 years old only if you completely ignore Service Packs. A better yardstick would be the time since SP3 was released, which would make it less than 2 years old.
A DIY system build with the Open Source OS of your choice is by far the best route to avoid the Microsoft Tax. I put trying to get a refund for Windows after the fact right up there with mail-in rebates and free upgrade coupons -- in other words, I would not take it into consideration when making a purchasing decision, because I am not going to count on actually getting it. As often as not the vendor (or their hired-gun fulfillment company) will try to screw you, and you're left trying to explain the situation to the Nice Man in India who has no incentive to actually help you.
Sites that post customer reviews typically have something in their policies which indicates that they reserve the right to screen the reviews before they go up. As someone else already indicated, as long as they are not editing your review to make it sound more positive and posting the edited version, they're probably not violating any laws. It is certainly borderline from an ethical standpoint though, regardless of what their official policies are.
I've generally found that the quality of customer reviews at online retailers leaves a lot to be desired anyway. Most of the people posting them seem to be clueless, and sometimes it is even obvious that they're never even bought the product in question! I generally ignore customer reviews entirely. Occasionally I may use them to make a final decision between two otherwise very similar products; but if you are relying on them to give you unbiased feedback about a product, IMO you are asking for trouble.
I was assuming that the TSCs are not synchronized tightly enough between host and guest(s) to be correlated, at least not in the low order bits. Perhaps this was a bad assumption. (Though I have to believe that it is still a lot more "random" than most other things accessible to the guest.)
My apologies to #1103839; your post was rude, but I should not have responded in kind.
At least I injected some humor into the thread (if unintended)!
...and if you're worried about someone running a guest VM and using the host TSC value as the basis for some sort of attack on the RNGs of other similar VMs running on the same host, just run the TSC value through a hash function on the host side, before passing it to the VM. As long as the hash function is effectively one-way, you can't glean any information which might be useful in an attack on "sister" VMs.
No, seriously. The TSC counts raw host CPU clock ticks. I/O interrupts and CPU cache misses on the host should effectively de-correlate it with anything going on in the guest VMs. On a host with many guest VMs it only gets better, since the patterns of host I/O interrupts and guest VM timeslices will be even less predictable.
As long as it is not relied on as a continuous source of high quality entropy (i.e. it should be used to seed the pool, just like things like mouse movement etc. are used now), it ought to be a significant improvement.
Umm... what?
Either we've had an honest misunderstanding here due to my not being entirely clear (which I'd be more than happy to straighten out), or you're a clueless moron. Unless you're willing to clarify why you consider me a "troll", I have no choice but to assume the latter.
Seems to me this could be solved via the "Guest Additions" module that most virtualization packages recommend you install in the guest OS. Use the GA to inject some entropy from the host system into the guest system's entropy pool. The host CPU's TSC register would probably be an excellent source.
If the original source code was released under the GPL with the consent of the original developers, and you have made your modified source code available to anyone who wants it under the GPL as well, you are in compliance with both the letter and the spirit of the GPL. Period, end of discussion.
Whether or not you charge for the binaries is irrelevant.
Sorry about replying to my own post, but I just wanted to add one more thought on this. I think you would be better off using no RAID at all than doing what you proposed in the OP. Software RAID + FAT32 on an RC OS quite likely increases your odds of data loss, compared to just using a single non-RAID drive.
You say you care about your data, and yet you are contemplating using software RAID with an RC OS, along with FAT32? This is like wearing a bicycle helmet to protect yourself during a round of Russian Roulette. (Motherboard RAID is actually software RAID done in the device driver... I would trust this even less than the OS's software RAID, given that the motherboard vendor's driver may not play nice with the RC OS.)
If you care about your data but must use the Windows 7 RC for some reason, what you really ought to be doing is putting the data on a separate box which is running a mature OS (WinXP, Debian Stable, Ubuntu LTS... take your pick). And for God's sake, don't use FAT32 -- use a journaling file system like NTFS or EXT3.
Whenever I tried to open any of the IRS PDF forms, it would crash back to the desktop. Just *poof*, no error messages or anything. It worked OK with PDFs that didn't have forms in them, but if that was all I needed I would've just used Evince.