Australia has had a long history in space exploration purely because it's an island on the opposite side of the world to the US and most other space age nations. This includes broadcasting the pictures back from the moon and being a hub for a large number of satellites.
Basically, you can't contact a satellite directly very easily from the US if the satellite is on the other side of the world. Australia's always going to have its place.
Sorry but I see a glaring hole in your plan. Who would decide what's intelligent and unintelligent?
I mean, ideally only good Christian neo-conservative republicans would be able to procreate, and the heretic scientists who believe in that evolution bullshit be barred.
Why does being invented later mean that it's harder? Usually it goes the other way around - people find better and easier ways of doing things.
For an example of how hard symmetric key cryptography is consider this: The session key exchange algorithm that is in most common use (Diffie Hellman) was invented in 1976. The public key cryptographic algorithm most commonly in use now (RSA) was invented in 1973. These haven't been broken. The current symmetric algorithm in use was invented in 2000 and the reason is that every previous algorithm was broken. There are dozens of attacks against symmetric algorithms and almost none against public key cryptography. While symmetric cryptography isn't nearly as hard as hashing, it's still pretty damn hard.
(also, RSA can be implemented in about five lines of code. Not quite as easy for AES)
Why does it have to be destructive? It's not so much the urge to abuse the system, it's more the urge to see what it's capable of, even the things not intended by the creator.
Something in a kernel has complete power. It can do *anything*. Userspace can only do the things the kernel supports.
You might not realise at first the full implications of this, so here's a bit of a rundown.
If something in the kernel crashes, then the computer crashes, while the userspace stuff should theoretically never crash the computer (that is, of course, if it doesn't find a way to crash the kernel).
Kernel code can do anything it wants - if there's a security hole in the kernel layer then the entire system is compromised. You can give permissions to userspace code so that a security hole won't be enormously dangerous.
Kernel code doesn't need to go through layers of abstraction and so it's often quite a bit faster and can do quite a bit more, especially when accessing the buses (those are what connects the different sockets on the motherboard). This means it's also a very different style of programming - kernel hackers talk directly with hardware while the upper layers use the kernel abstraction functions. Userspace code will only be allowed to do what the kernel supports, so if the kernel simply doesn't support a function then no amount of userspace code will help.
In the end for Linux those things that are used often and require speed (think hard drive drivers and filesystems), those that require direct access to the bus (PCI cards), and for those parts that simply need to communicate directly with the motherboard (motherboard and cpu code) pretty much automatically go in kernel space.
Any piece of code that doesn't require any of those things are put into userspace. This includes a device you connect through USB including printers.
Germany's taking the noted Ravenous Bugblatter Beast of Traal approach to security. By removing the things that lets you know if you're vulnerable or compromised, you're obviously secure! Screaming "la la la, I can't see you or hear you" is optional.
Oh get off your high horse. He's probably just sensitive to those sorts of things. The main reason why I tend to buy CDs over shopping at iTunes or a similar store is quality - I simply can't stand 128kbps recordings. They simply sound weak and fuzzy. Most other people are fine with it though, it's just that I'm very sensitive to quality of sound, maybe because I played instruments as a child and had musical training. But I almost always can't tell the difference between 256kbps MP3 and CD quality, so your argument breaks down a bit there.
I always get annoyed with many creative commons artists who only release their music in 128kbps without letting me buy full quality versions. I like to talk about buying Jonathan Coulton's CDs - one of the better purchases I've made simply because the quality difference is remarkable, and without a doubt could be heard by pretty much anyone, yet people still seem to like the weak inferior versions!
If I were a cryptographer (I'm a security researcher and consultant, so I know a lot about cryptography as part of my job, but I'm not a cryptographer or cryptanalysist) and caught you using an algorithm that wasn't public then I'd strongly suspect you're not secure. It's an idiocy that's only been known as an idiocy since the post analysis of world war 2 that keeping a cypher secret increases security. Chances are you've made some mistake in the cryptography because cryptography is damned hard. One of my favourite stories to illustrate the topic is from and old Bruce Schneier blog post (you'll probably find that whole post a really interesting read, as you don't seem to know that much about modern security theory)
A cryptographer friend tells the story of an amateur who kept bothering him with the cipher he invented. The cryptographer would break the cipher, the amateur would make a change to "fix" it, and the cryptographer would break it again. This exchange went on a few times until the cryptographer became fed up. When the amateur visited him to hear what the cryptographer thought, the cryptographer put three envelopes face down on the table. "In each of these envelopes is an attack against your cipher. Take one and read it. Don't come back until you've discovered the other two attacks." The amateur was never heard from again.
Now all this is illustrating is that cryptography is damned hard - a mistake is likely. Cryptanalysis is a lot easier. So if your protocol hasn't withstood public cracking then it's almost definitely insecure.
Now on to the number of cyphertexts mattering. Modern cryptographic protocols are designed to be indistinguishable from random noise. In fact, the first break of RC4 was that you could distinguish it from random noise with an unfeasable amount of encrypted data. (Unfeasable meaning I'm pretty sure for WEP you would need 2^125 bits to just tell that it's RC4, though don't quote me on that). For a secure protocol (which RC4 is not), the amount of cyphertexts you have simply doesn't matter because you won't even be able to tell that it's not just some guy with a random number generator trying to fool you!
You're too focused on algorithms of 60 years ago, but modern cryptography is just completely different.
You're thinking of DES, which had its key length shortened by the export protocols. AES256 is pretty much unbreakable using any technology at the moment (even with NSA's supercomputers) and any technology of the near future.
For a while it's been pretty much a myth that the NSA has some super crypto protocols. I know it sounds good to say that the NSA has something "stronger than AES" but it's pretty definitely wrong. AES is the standard because it's the best we have.
What on earth are you talking about? The NSA use AES256 for encryption. You could have just googled AES NSA to find out, but to save you time, here's the first link that will come up. AES is considered secure because it's been tried and tested in the real world. The number of cyphertexts to analyse doesn't make a difference, hell I can create a billion cyphertexts for AES in a few hours.
Hiding the algorithm simply doesn't work. It never has. You need encryption to talk to pretty much everyone who has sensitive information and if just one of them is compromised then the algorithm's not hidden anymore. If you're relying on the secret of a secure algorithm then as soon as one of your agents is compromised then not only can the enemy read all your messages but you don't even know that!
The irony being that the "more sensible website" has a less informative, more sensationalist and not as well written or as clear version of what's in the daily mail.
The restrictions for open source include Free Redistribution and allowing derived works. You seem to be implying that Shared Source is an open source license, which is wrong. You should really read the Open Source Definition if that is what you're implying.
Actually in my (short) experience as a security researcher and pen tester with a programming background it's usually more that the programmers or web developers simply aren't aware of the security risks. You can go on about client pressures and such, and they're valid, but for all input based attacks on web applications these attacks can usually be simply avoided by using standard functions or by taking the fifteen seconds it would take to validate the input.
The problem is that the developers don't know that they have to or that they should. They don't know about injection vulnerabilities, or that even if it's a drop down list some attacker can send whatever they want to the server. They never learned about security issues at university or when teaching themselves programming, and they've never been caught out on security issues.
I'd say above 90% of security issues aren't caused by accidentally forgetting to validate an input or because the developers are too busy to do it or even that the developers haven't been up with the latest security research and it's a really new attack being used, but just because the developers aren't security aware.
I think that post 9 days ago was bullshit. Yesterday I received CDs of Jonathan Coulton music and began listening to them. I was sort of interested to see if I could see any differences and while listening to it I wasn't so impressed until I went back to the original 128Kb/s mp3s. The original mp3s sounded fuzzy, flat, plain and there were even instruments that couldn't be picked out! I've totally deleted them. Code Monkey was the main obvious infringer (maybe just cause I like the song so much) - if anyone want me to upload the.flac of this song then I will, it's well worth replacing the mp3. With the strumming guitar at 128Kb/s it's really hard to hear the dynamics of the sound especially the drums. With When You Go at 128Kb/s it's really hard to hear the absence of sound, in several parts the song is totally mute in the cd version. The songs with harmonics are especially affected - Tom Cruise Crazy and Famous Blue Raincoat very notably.
Maybe I have just good ears and I have been musically trained but I can pick almost every time the better recording between 128Kb/s and the cd version.
(yes I'm biting a troll, but sometimes I find it fun to join in.)
Of course it's not a replacement to Mac OS X. Macs do just what a lot of people want. Linux does what I want.
I think it's an idiot who believes that everyone is in the one category and everyone is exactly the same. Someday you may realise that not everyone in the world is exactly like you, and different people require different things. Even though Linux has all the tools required to do exactly what I want with absolute ease, and Mac OS X has huge deficiencies in the area that I work in so I simply can't do exactly what I want with absolute ease, I understand that for a lot of people Mac OS X does everything they need and Linux is the OS with huge deficiencies.
In short, stop being an idiot.
Re:when are you distributing software?
on
GPLv2 Vs. GPLv3
·
· Score: 1
What you're talking about is copyright and isn't specific to the GPL, and so it will vary between jurisdictions. I am not a lawyer in any of those jurisdictions, but I believe in most jurisdictions that simply putting it on a chip that can't be read out would still be considered making copies and distributing. Think of it this way: even if you put a book in a locked box where only someone with a set of lockpicks or a jackhammer could open it, you're still distributing the book.
The line is simple, there can't be any gpled software or derivative of GPL software, even encrypted, on what you're distributing without it being covered by the GPL.
Re:The next "One major danger"...
on
GPLv2 Vs. GPLv3
·
· Score: 4, Insightful
Let me rephrase quickly what I meant about "users don't agree to the GPL". This is the most often misinterpreted part of the GPL.
The GPL is a copyright license not an end user license agreement. As such, it only covers distribution of software. When you get a piece of GPL software, you do not need to agree to the GPL, and you're under no obligation to abide by its terms. You only need to agree to it when you distribute GPL software.
As such when you modify software in-house, or you put the software on a web server, you are under no obligation to obey the GPL since you're not actually distributing the software. Since the GPL purposely doesn't restrict you on running the software there's no obligation to distribute the code.
Re:The next "One major danger"...
on
GPLv2 Vs. GPLv3
·
· Score: 2, Insightful
I'm not sure why your post is seen as relevant. None of it applies to the GPL:
Web Services isn't even a loophole - you don't distribute the software so it doesn't come under copyright distribution and so the GPL wouldn't apply here. Same for "in-houseation" and reimplementation. You really need to have a look at copyright law if you think that the GPL (a copyright distribution license not a EULA) can restrict this. Users don't agree to the GPL.
I'm not sure how your "networkisation" is actually feasable under open source software so I don't think anyone really cares.
Blob's are already disallowed under the GPL 2. The FSF have already said this several times.
"Artisation" directly contradicts the first and primary freedom of Free Software. From gnu.org/philosophy/free-sw.html:
Free software is a matter of the users' freedom to run, copy, distribute, study, change and improve the software. More precisely, it refers to four kinds of freedom, for the users of the software:
The freedom to run the program, for any purpose (freedom 0).
The freedom to study how the program works, and adapt it to your needs (freedom 1). Access to the source code is a precondition for this.
The freedom to redistribute copies so you can help your neighbor (freedom 2).
The freedom to improve the program, and release your improvements to the public, so that the whole community benefits (freedom 3). Access to the source code is a precondition for this.
Your "artisation" runs directly against freedom 0.
GPL 3 is designed pretty well to close off the loopholes that have been exploited to prevent the freedoms that the original GPL was designed to grant. What you propose directly contradicts the spirit of the GPL.
Slashdot Mirror
Because MKV and MP4 are containers, whereas VP8 is a codec... I'm more than half convinced that you're just trolling.
Really? Did someone pick it up and move it since the last time I was there?
So, serious answer to a stupid question:
Australia has had a long history in space exploration purely because it's an island on the opposite side of the world to the US and most other space age nations. This includes broadcasting the pictures back from the moon and being a hub for a large number of satellites.
Basically, you can't contact a satellite directly very easily from the US if the satellite is on the other side of the world. Australia's always going to have its place.
This is in Australian dollars (approx. $330 USD) and includes a maintenance contract.
Since Google Android has a web site and has had for at least a year ... I'd say no.
Of course they're not actually working on a phone, just software for phones.
You pretty much want Twin View. Xinerama is sort of buggy.
Definitely, though, if you have any problems then http://www.nvnews.net/vbulletin/forumdisplay.php?f=14&order=desc is the place to ask.
Sorry but I see a glaring hole in your plan. Who would decide what's intelligent and unintelligent?
I mean, ideally only good Christian neo-conservative republicans would be able to procreate, and the heretic scientists who believe in that evolution bullshit be barred.
Why does being invented later mean that it's harder? Usually it goes the other way around - people find better and easier ways of doing things.
For an example of how hard symmetric key cryptography is consider this: The session key exchange algorithm that is in most common use (Diffie Hellman) was invented in 1976. The public key cryptographic algorithm most commonly in use now (RSA) was invented in 1973. These haven't been broken. The current symmetric algorithm in use was invented in 2000 and the reason is that every previous algorithm was broken. There are dozens of attacks against symmetric algorithms and almost none against public key cryptography. While symmetric cryptography isn't nearly as hard as hashing, it's still pretty damn hard.
(also, RSA can be implemented in about five lines of code. Not quite as easy for AES)
Why does it have to be destructive? It's not so much the urge to abuse the system, it's more the urge to see what it's capable of, even the things not intended by the creator.
He did blowfish, which is one of a MILLION symmetric crypto systems, which btw, is totally easier than public key crypto
Don't comment when you obviously with that statement showed you have only a little bit of an idea about cryptography.
It all rounds down to this:
Something in a kernel has complete power. It can do *anything*. Userspace can only do the things the kernel supports.
You might not realise at first the full implications of this, so here's a bit of a rundown.
If something in the kernel crashes, then the computer crashes, while the userspace stuff should theoretically never crash the computer (that is, of course, if it doesn't find a way to crash the kernel).
Kernel code can do anything it wants - if there's a security hole in the kernel layer then the entire system is compromised. You can give permissions to userspace code so that a security hole won't be enormously dangerous.
Kernel code doesn't need to go through layers of abstraction and so it's often quite a bit faster and can do quite a bit more, especially when accessing the buses (those are what connects the different sockets on the motherboard). This means it's also a very different style of programming - kernel hackers talk directly with hardware while the upper layers use the kernel abstraction functions. Userspace code will only be allowed to do what the kernel supports, so if the kernel simply doesn't support a function then no amount of userspace code will help.
In the end for Linux those things that are used often and require speed (think hard drive drivers and filesystems), those that require direct access to the bus (PCI cards), and for those parts that simply need to communicate directly with the motherboard (motherboard and cpu code) pretty much automatically go in kernel space.
Any piece of code that doesn't require any of those things are put into userspace. This includes a device you connect through USB including printers.
Germany's taking the noted Ravenous Bugblatter Beast of Traal approach to security. By removing the things that lets you know if you're vulnerable or compromised, you're obviously secure! Screaming "la la la, I can't see you or hear you" is optional.
Oh get off your high horse. He's probably just sensitive to those sorts of things. The main reason why I tend to buy CDs over shopping at iTunes or a similar store is quality - I simply can't stand 128kbps recordings. They simply sound weak and fuzzy. Most other people are fine with it though, it's just that I'm very sensitive to quality of sound, maybe because I played instruments as a child and had musical training. But I almost always can't tell the difference between 256kbps MP3 and CD quality, so your argument breaks down a bit there.
I always get annoyed with many creative commons artists who only release their music in 128kbps without letting me buy full quality versions. I like to talk about buying Jonathan Coulton's CDs - one of the better purchases I've made simply because the quality difference is remarkable, and without a doubt could be heard by pretty much anyone, yet people still seem to like the weak inferior versions!
Now on to the number of cyphertexts mattering. Modern cryptographic protocols are designed to be indistinguishable from random noise. In fact, the first break of RC4 was that you could distinguish it from random noise with an unfeasable amount of encrypted data. (Unfeasable meaning I'm pretty sure for WEP you would need 2^125 bits to just tell that it's RC4, though don't quote me on that). For a secure protocol (which RC4 is not), the amount of cyphertexts you have simply doesn't matter because you won't even be able to tell that it's not just some guy with a random number generator trying to fool you!
You're too focused on algorithms of 60 years ago, but modern cryptography is just completely different.
You're thinking of DES, which had its key length shortened by the export protocols. AES256 is pretty much unbreakable using any technology at the moment (even with NSA's supercomputers) and any technology of the near future.
For a while it's been pretty much a myth that the NSA has some super crypto protocols. I know it sounds good to say that the NSA has something "stronger than AES" but it's pretty definitely wrong. AES is the standard because it's the best we have.
What on earth are you talking about? The NSA use AES256 for encryption. You could have just googled AES NSA to find out, but to save you time, here's the first link that will come up. AES is considered secure because it's been tried and tested in the real world. The number of cyphertexts to analyse doesn't make a difference, hell I can create a billion cyphertexts for AES in a few hours.
Hiding the algorithm simply doesn't work. It never has. You need encryption to talk to pretty much everyone who has sensitive information and if just one of them is compromised then the algorithm's not hidden anymore. If you're relying on the secret of a secure algorithm then as soon as one of your agents is compromised then not only can the enemy read all your messages but you don't even know that!
The irony being that the "more sensible website" has a less informative, more sensationalist and not as well written or as clear version of what's in the daily mail.
The restrictions for open source include Free Redistribution and allowing derived works. You seem to be implying that Shared Source is an open source license, which is wrong. You should really read the Open Source Definition if that is what you're implying.
Actually in my (short) experience as a security researcher and pen tester with a programming background it's usually more that the programmers or web developers simply aren't aware of the security risks. You can go on about client pressures and such, and they're valid, but for all input based attacks on web applications these attacks can usually be simply avoided by using standard functions or by taking the fifteen seconds it would take to validate the input.
The problem is that the developers don't know that they have to or that they should. They don't know about injection vulnerabilities, or that even if it's a drop down list some attacker can send whatever they want to the server. They never learned about security issues at university or when teaching themselves programming, and they've never been caught out on security issues.
I'd say above 90% of security issues aren't caused by accidentally forgetting to validate an input or because the developers are too busy to do it or even that the developers haven't been up with the latest security research and it's a really new attack being used, but just because the developers aren't security aware.
I think that post 9 days ago was bullshit. Yesterday I received CDs of Jonathan Coulton music and began listening to them. I was sort of interested to see if I could see any differences and while listening to it I wasn't so impressed until I went back to the original 128Kb/s mp3s. The original mp3s sounded fuzzy, flat, plain and there were even instruments that couldn't be picked out! I've totally deleted them. Code Monkey was the main obvious infringer (maybe just cause I like the song so much) - if anyone want me to upload the .flac of this song then I will, it's well worth replacing the mp3. With the strumming guitar at 128Kb/s it's really hard to hear the dynamics of the sound especially the drums. With When You Go at 128Kb/s it's really hard to hear the absence of sound, in several parts the song is totally mute in the cd version. The songs with harmonics are especially affected - Tom Cruise Crazy and Famous Blue Raincoat very notably.
Maybe I have just good ears and I have been musically trained but I can pick almost every time the better recording between 128Kb/s and the cd version.
(yes I'm biting a troll, but sometimes I find it fun to join in.)
Of course it's not a replacement to Mac OS X. Macs do just what a lot of people want. Linux does what I want.
I think it's an idiot who believes that everyone is in the one category and everyone is exactly the same. Someday you may realise that not everyone in the world is exactly like you, and different people require different things. Even though Linux has all the tools required to do exactly what I want with absolute ease, and Mac OS X has huge deficiencies in the area that I work in so I simply can't do exactly what I want with absolute ease, I understand that for a lot of people Mac OS X does everything they need and Linux is the OS with huge deficiencies.
In short, stop being an idiot.
What you're talking about is copyright and isn't specific to the GPL, and so it will vary between jurisdictions. I am not a lawyer in any of those jurisdictions, but I believe in most jurisdictions that simply putting it on a chip that can't be read out would still be considered making copies and distributing. Think of it this way: even if you put a book in a locked box where only someone with a set of lockpicks or a jackhammer could open it, you're still distributing the book.
The line is simple, there can't be any gpled software or derivative of GPL software, even encrypted, on what you're distributing without it being covered by the GPL.
Let me rephrase quickly what I meant about "users don't agree to the GPL". This is the most often misinterpreted part of the GPL.
The GPL is a copyright license not an end user license agreement. As such, it only covers distribution of software. When you get a piece of GPL software, you do not need to agree to the GPL, and you're under no obligation to abide by its terms. You only need to agree to it when you distribute GPL software.
As such when you modify software in-house, or you put the software on a web server, you are under no obligation to obey the GPL since you're not actually distributing the software. Since the GPL purposely doesn't restrict you on running the software there's no obligation to distribute the code.
Web Services isn't even a loophole - you don't distribute the software so it doesn't come under copyright distribution and so the GPL wouldn't apply here. Same for "in-houseation" and reimplementation. You really need to have a look at copyright law if you think that the GPL (a copyright distribution license not a EULA) can restrict this. Users don't agree to the GPL.
I'm not sure how your "networkisation" is actually feasable under open source software so I don't think anyone really cares.
Blob's are already disallowed under the GPL 2. The FSF have already said this several times.
"Artisation" directly contradicts the first and primary freedom of Free Software. From gnu.org/philosophy/free-sw.html: Your "artisation" runs directly against freedom 0.
GPL 3 is designed pretty well to close off the loopholes that have been exploited to prevent the freedoms that the original GPL was designed to grant. What you propose directly contradicts the spirit of the GPL.
I get your arguments but this *is* Rob Malda's blog, so you can't really blame him for not putting up a story that obviously doesn't interest him...
(that said, I may be biased because as an Australian this story doesn't really interest me either)