So you're saying we need to build a giant [finger speech marks] Laser [finger speech marks] on the Moon? Hmm..... I'm sure I've heard that somewhere before!
Seriously, though, how do you actually convert that energy to some usable form once you've beamt it down? {I'm guessing electricity or compressed air as they are both handy for motive power and small amounts can be stored for short terms.} And how do you make sure you don't zap anybody as the "Laser" passes overhead?
Wouldn't altering the mass of the moon alter its gravitational attraction to the Earth, and therefore its orbit and also the tides on Earth? You'd have the greens up in arms if you even suggested lunar mining.
Now, space is pretty much unpollutable by human standards {there just is not enough junk on this planet} but actually going around transporting bits of rock from one lump of rock to another is asking for trouble. Anything mined on the moon, should stay on the moon. Alright..... I know it's big..... but even a few gigagrammes could make a difference, especially if they were transported to Earth.
"Bit inflammable looking, this building. Good job my colleague and I are in the fire insurance trade. Hey, careful with that ciggie, Clem! Don't want this place to burn down. Go up like a torch, this would."
"Now, you see, these streets are a bit dangerous, you see. Lot of undesirable people around. Course, we could keep 'em away from you, for a Small Favour, you understand. Makes sense..... you look out for us and we'll look out for you."
"BUY OUR SOFTWARE!!! and you'll NEVER!!! repeat NEVER!!! be bothered by any more of those annoying POP-UP ADS again!!! GO ON!!! BUY TODAY!!!"
What the hell is the difference anyway? This is an out and out protection racket, whichever way you look at it, and the perpetrators deserve the same treatment as any other protection racketeer.
If I lay a cable between my neighbours' house and mine, and connect my switch to their switch, and neither of us are connected to any other computer, how do you think anybody is going to tap into that? Only by physically compromising the cable is how. They would have to cut it, crimp on some new connectors and plug each one into their own switch. They would have 10 nanoseconds to perform this whole operation between successive data bits. Good luck to 'em trying, I say.
All the discussion I have seen so far assumes that Eve has some way of just passively "listening in" on what Alice is sending Bob. I think one of the replies to my original post made the point that the bits Eve can determine correctly are the ones Alice and Bob will reject, and the ones they use are the ones Eve doesn't know, so while Eve has a key, it's not the same one as Alice and Bob are using. Well, that much makes sense.
But what if Eve, taking it up a gear, completely severs the link and inserts her own receiver and transmitter? Now, Alice sends quantum data to Eve {thinking she is sending it to Bob}. Eve sends on quantum data to Bob {who thinks it has come from Alice}. Neither party can know about Eve's presence, since the link is one-way and naturally unreliable {in the sense that what Bob receives ain't necessarily the same as what Alice sent; only a bit more so ever since Eve stuck her device in place}.
Alice knows what she sent, but not what "Bob" received. Eve knows what she received from Alice, but not what Alice sent; and she knows what she sent to Bob, but not what Bob received. Bob knows what he received but not what "Alice" sent.
So later, Eve listens in passively when Bob calls Alice {via the non-quantum channel} to compare what he received {from Eve} against what Alice sent {to Eve}. There will obviously be errors from where Eve did not send the same thing Alice sent. However, these errors will be indistinguible from any other error source; they may cancel out anyway if Bob was already expecting the opposite of what Alice sent; and if Eve sees any kind of pattern to the data, she can use this to her advantage as now the probability of her retransmitting correctly is >50%. Assuming Alice and Bob decide that the transmission worked, Eve should have enough information to reconstruct the key for herself.
If you are the sort of player who would need access to this sort of stuff, you have to assume that your adversary is determined enough to do anything.
You're right, to a certain extent. It's not the Linux kernel but the mail client that prevents the execution of unsafe code. The Linux kernel does limit the damage that code can actually do. You can still drop a lit firecracker down your pants, but you're much less likely to blow up anyone else's equipment when you do so. I'll concede that Windows NT has its own {more sophisticated - like VAX/VMS} security model, but that extra sophistication is its very undoing, because too few people understand it well enough to use it properly.
As for signatures. If somehow a piece of malware manages to get my private key, it could do much worse than start signing stuff on my behalf. But think about it: if "I" sent you a signed, binary executable, that you didn't explicitly ask for, would you run it? More likely is that if I wanted to send you a programme, I would send you the source code, tarred, gzipped and signed, and you would compile it your end.
Now, granted, that is entirely a human thing and is in no way OS-dependent. But it seems to me that the current generation of GNU/Linux users are just naturally more security-conscious than the current generation of Windows users.
As people begin to desert Windows in favour of Linux, we will need to be very careful that they don't bring their sloppy security habits with them. But most of the groundwork is already done, probably thanks to some hard lessons from the past. Paranoia can be just as bad as complacency. A stray paratrooper could crash through your ceiling while you're in bed, but that's barely worth worrying about if you're in the habit of drinking strange fluids from unlabelled bottles, opening ticking parcels or trusting the man from the kebab shop to look after your cat.
And being owned is not the end of the world unless you make it that. Make regular backups, check your distro's home page for security updates, use a hardware firewall {extra points if it boots from read-only media e.g. CD}, make regular backups, don't run anything you didn't compile, make regular backups, watch for suspicious activity, make regular backups, use groups so you don't have to spend so much time as root, and did I mention make regular backups?
Well, it's common sense really, and not specific to any particular OS, so in the end I suppose we're agreeing. But if you're moving from Windows to Linux, it's the right time to get with the plot as regards security.
You don't have to hack into the satellite. Almost any signal you can shove out at ground level will easily be stronger than the satellite signal.
Encrypted, schmypted. Anything you can take apart carefully enough to be able to put it back together again afterward is vulnerable. It's known that even Public Key encryption is trivial to crack, it's just that solving the large batch of simultaneous equations takes a {very} non-zero time. GPS isn't public key; it's broadcast, which kind of excludes that. The trigger signal can't be all that hard to figure out either. You can bet some loon will have a go.
First of all I have to admit it: from where I'm sitting, everything looks like the thin end of a wedge, except the middle of an already-driven-in wedge. But vehicles are just the proving ground. The real target is people. How long do you imagine it will be before every child born is fitted with an implant in their brain, that will beam their location and what they are thinking by satellite to the Government, and allow the Government to remotely administer electric shocks?
You'll be taking a stroll in the country, minding your own business, then see a DMOS*. Your brain chip will zap a signal back to HQ: Impure Thought alert at grid reference SK2715! A sinister black-clad figure spots that you were up to no good. He jabs a small red button with his finger. Bzzzzzzzzzt!
Then they will fit bladder and bowel sensors to everyone, to prevent misuse of public toilets {you won't be allowed into a public toilet unless you actually need to go}. Some nosey git with nothing better to do will be reading through the logs one evening. They will notice that your bladder reading dropped from 500ml. to 50ml. some time earlier while your GPS co-ordinates showed you were nowhere near a bathroom; and next thing you know, you're up on an impropriety charge.
This device does not need a specific ban, as it probably is already illegal to use except in limited circumstances. Think about it. If you turn your traffic lights to green, it stands to reason that you are turning the other road's lights to red. This would almost certainly constitute "interfering with the progress of other road users without due cause" -- the same catch-all that makes it an offence to park too near an intersection. Therefore, using this device probably already contravenes most countries' Highway Codes, and does not need a specific law against it. "Authorised users" would simply mean anyone who has due cause to interfere with other road users, i.e. fire engines, abulances &c. Ting! Next, please.
Use session_register("foo");// note no $ prefix to preserve the value of $foo between successive calls to the page. If REGISTER_GLOBALS is off {as is the default in PHP since 4.2}, you'll need to go $foo = $_SESSION["foo"]; before you access $foo.
If the user refuses the session cookie then, as long as TRANS_SID is on, everything will still work; and if it's off, you'll have to read the session ID and pass it directly in the URL or through a hidden field in the form.
That won't work if they visit another site without keeping yours in a background tab, but think about it..... If you leave a basket of unpaid-for goods in a real store, some assistant will likely return them to the shelves before you get back, so where's the problem?
I like to be notified about cookie-setting attempts. And I don't usually block PHP session ID cookies, precisely because I know what they do.
You don't ever need to exchange your one time pads. All you need is for your two functions to have the property that A'(B(A(x))) == B(x) and B'(A(B(x))) == A(x).
Alice sends Bob A(x). Bob sends Alice B(A(x)). Alice sends Bob A'(B(A(x))) [== B(x)]. Bob evaluates B'(A'(B(A(x))) and gets x. {I think this method is known as Diffie-Hellman key exchange.}
It needs three passes, but an eavesdropper would have to successfully intercept all three transmissions before they could recreate the message. And the use of three passes allows for embedding a seconary challenge-response mechanism.
Yeah, but anybody who feels the need to use stuff like this, probably updates often and checks stuff as a matter of course anyway, and possibly even sandboxes test kernels - so the damage is self-limiting. If you always want the sharpest blades, you have to understand you can cut yourself. Ordinary mortals mostly run stock kernels, from their distributor or kernel.org. Somehow, I can't see such an obvious exploit finding its way into a major distro.
And really, it's just more evidence that the Open Source model works. There is really nothing wrong with making a mistake, as long as you learn something from it and share what you learned with other people so they don't have to make the same mistake. Pretending you never make mistakes is another matter entirely.....
Yup, that's the dirty little secret of quantum crypto. You need a direct, end-to-end fibre connection for it to work. You also need an alternative, non-quantum, secure communication channel to verify the integrity of the quantum data. If the secondary channel isn't secure, an eavesdropper who listened both to the quantum-encrypted data and the integrity check would be able to reconstruct the data.
It's a bit like having a faster-than-light communicator where you get the message faster than light, but you can only find out what the message meant by calling up the sender on a slower-than-light link.
Quantum Cryptography is a bit like one of the things you see advertised on satellite TV "info-mercials", or in those irritating promotional catalogues that get tucked into magazines. You know the sort of thing I'm talking about: you start out amazed, barely able to believe anyone could invent something as wonderful as that; but if you order one, you'll end up wondering why they even bothered inventing it.
Even so, the fact that it's even just a little bit hard to do {unless the sysadmin is being so clueless they are obviously asking for it} makes it more secure than Windows.
Now, NT, XP and co. are supposed to have a "better" security model than Linux -- it reminds me somewhat of the VAX/VMS security model -- but, in practice, it's such a 'mare to set up that almost nobody does it properly. Another example of over-sophistication becoming counter-productive, IMHO.
And of course, Open Source really does mean there is a greater probability that a "good guy" will be first to see a potential exploit than a "bad guy", simply because good guys outnumber bad.
Drifting vaguely off topic, has anyone thought of creating a bogus rootkit that depends on 'potential victims' running a safe daemon as a honeypot? The server would be widely distributed {perhaps even installed almost by default if a distributor takes the hint}. The client would be posted to various script kiddie sites. Anyone who actually reads and understands the source code will get the joke at once..... anyone who doesn't, well, the joke's on them! Pint and three quarters!
You need to lay off the crack pipe. I am in no way obligated to take the slightest bit of notice of advertisements. Sure, some idiot is paying good money after bad thinking he might get something out of me, but the truth is, he won't. I don't buy products based on advertisements. I actually avoid buying products advertised in an intrusive manner. And I block advertisements when surfing the web. Is that so bad? I, not the advertisers, determine where I spend my money. I figure that when I buy something from a company, I am paying their wages, and I'd rather that my hard-earned was spent on quality control than annoying the daylights out of everyone. If the advertisers would just cotton onto that, we could all get on with our work.
"Eat all you want" you say. Fine. I'm just not going to take the lumps of gristle, thank you.
You really need to get out more if you think advertising is so necesssary. Take a walk in the glorious, billboard-free countryside. Watch the BBC. Luxuriate in the feeling of not having someone trying to sell you something.
By the way, I'll give you a particularly egregious example of intrusive advertising: the hunger site. Actually I don't think it's there anymore. Their premise was "if you don't visit our web site, we won't give food to the starving". Bollox. You can give food to the starving even whether or not I visit your poxy little web site, so don't try to lay a guilt trip on me. And why do you suppose the starving have no food in the first place? Because of money-grasping companies with attitudes like that?
I think this is great. My private screen is not a public billboard. I also have a strict policy that I do not buy products or services if they are advertised to me by intrusive means.
If I want to buy something, I will read about it in books, magazines and/or on the Internet. I will make my decision based upon independent analysis. If there are three different brands of doobrie on the market, all three manufacturers are going to say I should buy theirs, so the adverts are largely irrelevant. Instead, I will try to find out about several other people's experiences of each, taking note of their expectations and requirements, before making a decision. It sounds like a complicated process, but try describing to someone how you catch a cricket ball!
I certainly don't see how it does anyone any harm if I don't see an advertisement for a product I was never going to buy. Advertisers often say they know half of the money they spend on advertising is wasted, but they would like to know which half. Well, I can tell them for free; it's the half that includes whatever they're spending advertising to me.
Any site that sends me an advertisement I don't like, I block in my Squid as a matter of routine; and I avoid popups by having my Konqueror set to prompt me whenever a site tries to open a window using JavaScript.
I feel no compunction for the advertisers. They are parasites, stealing the bandwidth I have paid for. If a mosquito flies harmlessly around me, I have no right to harm it; but the instant it tries to drink my blood, it has indicated to me that I have a right to take any necessary action against it.
I also feel that people might well be willing to pay a small premium for advert-free surfing pre-configured by their ISP. Although I have been offering this service myself for awhile, just for cost-of-call, via my unofficial dialup line!
Get in touch with your MP or foreign equivalent right now and point out the need for archival copies of normally-DRM'ed works to be made in some unencumbered form. As a disincentive against the misuse of DRM, the provision of an unprotected version for archival should be a precondition to validate any law which would make it an offence to bypass said DRM restrictions. So if you haven't deposited an unprotected copy of your work at your own expense with your National Library, then any anti-circumvention laws could not be used against anyone having a go at your protection {their circumvention efforts may be regarded simply as a reasonable-force effort to bypass the protection for the benefit of future generations}.
The Domesday Project was rescued just in time, but should stand as an example to everyone of just why it is important to have copies made of works in a format that will be readable in the future - even if this means using a different medium and eschewing technological copy-prevention measures for archive copies. This is our duty: to preserve this material so it can enter the public domain when its copyright expires.
The format was not actually too hard to hack into, as the video discs were CAV analogue with modified analogue audio {one of the two channels was used for data, by means of custom high-speed modem; the other channel was fed to both speaker outputs} and the low-speed serial comms between the computer and the player were easy to work out.
It could so easily have been worse. What if a descendant of the format was still in use by a manufacturing cartel who refused to release its specs for fear of compromising their dirty secrets? That hardly bears thinking about.....
Being "owned" only lasts as long as it takes you to notice that all is not well and disconnect from the internet, as far as other people are concerned. You still have to reboot from CD, restore your/usr hierarchy and change your root password, of course, before you're properly good to go. The problem for a cracker is that they need a user's login and password, not just the root password; and even then that user has to be allowed to use the su command. Actually getting a shell through a remote buffer overflow exploit is not a certainty - and a number of unsuccessful attempts are likely to bring the machine down, or at least get noticed. Only machines on the "outside" of your firewall are vulnerable to remote attacks, so you can always make your backups of non-executable code from the "inside" in safety.
Outlook viruses propagate through the inherently unsafe practice of executing unknown binaries without the user's knowledge or consent. If you're going to run any binary you did not compile, of course it should be signed.
If you trust your favourite distributor's ISOs and MD5sums, you can install from CD, and as security patches appear, save patched versions on multi-session CDs. The truly paranoid can use a second HDD, normally kept electrically disconnected from the motherboard, for a backup. Depower, connect its IDE cable, boot from CD-ROM, mount the 'main' drive read-only and check its integrity. If satisfactory, mount 'slave' drive read-write and back up main drive. Depower, disconnect IDE cable from slave drive. It doesn't do much for your uptime records if you have to shut down every time you want to backup this way, but it does make for a quick restore if/when the worst happens: all you have to do is depower, connect second drive, mount it read-only, mount 'main' drive read-write, restore important stuff from HDD, set new root password, depower, disconnect second drive and reboot from 'main' HDD; maybe even before your script kiddie even gets as far as reading his logfiles and launching an attack. And maybe you think a quick restore process {which you know is real} is more important than a long uptime {which could be faked as far as anyone knows}.
If someone is bothered enough, they can force their way into almost anything, but most of the time it's a hell of an effort for little reward. Over time, as vulnerabilities are discovered and repaired, the probability of compromise is decreasing towards a minimum not proven to be non-zero. If you really want to take liberties with a Linux box, the easiest and surest way is still to break into the building and shove in a boot CD.
My point is that people are morally obligated to share the source code - and anything else that would not be diminished by the act of sharing - that they create.
Not sharing is a form of theft. Our obligations to help our fellow human beings take precedence over any claimed right to exploit one another for financial gain. It would help you and not harm me to give you a copy of a work I have already created. It would not help you if I refused. I am obliged to help you as far as I can do without harming myself, therefore I must honour your request.
See also here {choice quote: "Software hoarding is one form of our general willingness to disregard the welfare of society for personal gain"} and here {choice quote: "A choice of masters is not freedom".}
None of the "good work" he is doing excuses him for not sharing his source code with the rest of the world. He has no right to keep it to himself. The benefits of all human endeavour belong to all humanity. Closed source software is the modern-day equivalent of slavery. Users are held over a barrel and yet being made to feel grateful for the shafting they get.
How does looking at an advert support anything? The advertiser has already paid their money whether or not I take any notice. Frankly, I have no intention of purchasing most of the products they advertise. In fact, an intrusive advertisement makes me less likely to buy the product advertised, because when I'm paying the company's wages, I'd rather see my hard-earned spent on quality control than on advertising. Good wine needs no bush.
So you're saying we need to build a giant [finger speech marks] Laser [finger speech marks] on the Moon? Hmm ..... I'm sure I've heard that somewhere before!
Seriously, though, how do you actually convert that energy to some usable form once you've beamt it down? {I'm guessing electricity or compressed air as they are both handy for motive power and small amounts can be stored for short terms.} And how do you make sure you don't zap anybody as the "Laser" passes overhead?
Wouldn't altering the mass of the moon alter its gravitational attraction to the Earth, and therefore its orbit and also the tides on Earth? You'd have the greens up in arms if you even suggested lunar mining.
..... I know it's big ..... but even a few gigagrammes could make a difference, especially if they were transported to Earth.
Now, space is pretty much unpollutable by human standards {there just is not enough junk on this planet} but actually going around transporting bits of rock from one lump of rock to another is asking for trouble. Anything mined on the moon, should stay on the moon. Alright
.....is well put at this website.
"Bit inflammable looking, this building. Good job my colleague and I are in the fire insurance trade. Hey, careful with that ciggie, Clem! Don't want this place to burn down. Go up like a torch, this would."
..... you look out for us and we'll look out for you."
"Now, you see, these streets are a bit dangerous, you see. Lot of undesirable people around. Course, we could keep 'em away from you, for a Small Favour, you understand. Makes sense
"BUY OUR SOFTWARE!!! and you'll NEVER!!! repeat NEVER!!! be bothered by any more of those annoying POP-UP ADS again!!! GO ON!!! BUY TODAY!!!"
What the hell is the difference anyway? This is an out and out protection racket, whichever way you look at it, and the perpetrators deserve the same treatment as any other protection racketeer.
If I lay a cable between my neighbours' house and mine, and connect my switch to their switch, and neither of us are connected to any other computer, how do you think anybody is going to tap into that? Only by physically compromising the cable is how. They would have to cut it, crimp on some new connectors and plug each one into their own switch. They would have 10 nanoseconds to perform this whole operation between successive data bits. Good luck to 'em trying, I say.
All the discussion I have seen so far assumes that Eve has some way of just passively "listening in" on what Alice is sending Bob. I think one of the replies to my original post made the point that the bits Eve can determine correctly are the ones Alice and Bob will reject, and the ones they use are the ones Eve doesn't know, so while Eve has a key, it's not the same one as Alice and Bob are using. Well, that much makes sense.
But what if Eve, taking it up a gear, completely severs the link and inserts her own receiver and transmitter? Now, Alice sends quantum data to Eve {thinking she is sending it to Bob}. Eve sends on quantum data to Bob {who thinks it has come from Alice}. Neither party can know about Eve's presence, since the link is one-way and naturally unreliable {in the sense that what Bob receives ain't necessarily the same as what Alice sent; only a bit more so ever since Eve stuck her device in place}.
Alice knows what she sent, but not what "Bob" received. Eve knows what she received from Alice, but not what Alice sent; and she knows what she sent to Bob, but not what Bob received. Bob knows what he received but not what "Alice" sent.
So later, Eve listens in passively when Bob calls Alice {via the non-quantum channel} to compare what he received {from Eve} against what Alice sent {to Eve}. There will obviously be errors from where Eve did not send the same thing Alice sent. However, these errors will be indistinguible from any other error source; they may cancel out anyway if Bob was already expecting the opposite of what Alice sent; and if Eve sees any kind of pattern to the data, she can use this to her advantage as now the probability of her retransmitting correctly is >50%. Assuming Alice and Bob decide that the transmission worked, Eve should have enough information to reconstruct the key for herself.
If you are the sort of player who would need access to this sort of stuff, you have to assume that your adversary is determined enough to do anything.
You're right, to a certain extent. It's not the Linux kernel but the mail client that prevents the execution of unsafe code. The Linux kernel does limit the damage that code can actually do. You can still drop a lit firecracker down your pants, but you're much less likely to blow up anyone else's equipment when you do so. I'll concede that Windows NT has its own {more sophisticated - like VAX/VMS} security model, but that extra sophistication is its very undoing, because too few people understand it well enough to use it properly.
As for signatures. If somehow a piece of malware manages to get my private key, it could do much worse than start signing stuff on my behalf. But think about it: if "I" sent you a signed, binary executable, that you didn't explicitly ask for, would you run it? More likely is that if I wanted to send you a programme, I would send you the source code, tarred, gzipped and signed, and you would compile it your end.
Now, granted, that is entirely a human thing and is in no way OS-dependent. But it seems to me that the current generation of GNU/Linux users are just naturally more security-conscious than the current generation of Windows users.
As people begin to desert Windows in favour of Linux, we will need to be very careful that they don't bring their sloppy security habits with them. But most of the groundwork is already done, probably thanks to some hard lessons from the past. Paranoia can be just as bad as complacency. A stray paratrooper could crash through your ceiling while you're in bed, but that's barely worth worrying about if you're in the habit of drinking strange fluids from unlabelled bottles, opening ticking parcels or trusting the man from the kebab shop to look after your cat.
And being owned is not the end of the world unless you make it that. Make regular backups, check your distro's home page for security updates, use a hardware firewall {extra points if it boots from read-only media e.g. CD}, make regular backups, don't run anything you didn't compile, make regular backups, watch for suspicious activity, make regular backups, use groups so you don't have to spend so much time as root, and did I mention make regular backups?
Well, it's common sense really, and not specific to any particular OS, so in the end I suppose we're agreeing. But if you're moving from Windows to Linux, it's the right time to get with the plot as regards security.
You don't have to hack into the satellite. Almost any signal you can shove out at ground level will easily be stronger than the satellite signal.
Encrypted, schmypted. Anything you can take apart carefully enough to be able to put it back together again afterward is vulnerable. It's known that even Public Key encryption is trivial to crack, it's just that solving the large batch of simultaneous equations takes a {very} non-zero time. GPS isn't public key; it's broadcast, which kind of excludes that. The trigger signal can't be all that hard to figure out either. You can bet some loon will have a go.
First of all I have to admit it: from where I'm sitting, everything looks like the thin end of a wedge, except the middle of an already-driven-in wedge. But vehicles are just the proving ground. The real target is people. How long do you imagine it will be before every child born is fitted with an implant in their brain, that will beam their location and what they are thinking by satellite to the Government, and allow the Government to remotely administer electric shocks?
You'll be taking a stroll in the country, minding your own business, then see a DMOS*. Your brain chip will zap a signal back to HQ: Impure Thought alert at grid reference SK2715! A sinister black-clad figure spots that you were up to no good. He jabs a small red button with his finger. Bzzzzzzzzzt!
Then they will fit bladder and bowel sensors to everyone, to prevent misuse of public toilets {you won't be allowed into a public toilet unless you actually need to go}. Some nosey git with nothing better to do will be reading through the logs one evening. They will notice that your bladder reading dropped from 500ml. to 50ml. some time earlier while your GPS co-ordinates showed you were nowhere near a bathroom; and next thing you know, you're up on an impropriety charge.
*DMOS: Desirable Member of the Opposite Sex
..... but what if some l337 h4x0r script kiddie manages to break into the system? It's wireless, therefore it's vulnerable, whatever anyone says.
This device does not need a specific ban, as it probably is already illegal to use except in limited circumstances. Think about it. If you turn your traffic lights to green, it stands to reason that you are turning the other road's lights to red. This would almost certainly constitute "interfering with the progress of other road users without due cause" -- the same catch-all that makes it an offence to park too near an intersection. Therefore, using this device probably already contravenes most countries' Highway Codes, and does not need a specific law against it. "Authorised users" would simply mean anyone who has due cause to interfere with other road users, i.e. fire engines, abulances &c. Ting! Next, please.
Use session_register("foo"); // note no $ prefix to preserve the value of $foo between successive calls to the page. If REGISTER_GLOBALS is off {as is the default in PHP since 4.2}, you'll need to go $foo = $_SESSION["foo"]; before you access $foo.
..... If you leave a basket of unpaid-for goods in a real store, some assistant will likely return them to the shelves before you get back, so where's the problem?
If the user refuses the session cookie then, as long as TRANS_SID is on, everything will still work; and if it's off, you'll have to read the session ID and pass it directly in the URL or through a hidden field in the form.
That won't work if they visit another site without keeping yours in a background tab, but think about it
I like to be notified about cookie-setting attempts. And I don't usually block PHP session ID cookies, precisely because I know what they do.
You don't ever need to exchange your one time pads. All you need is for your two functions to have the property that A'(B(A(x))) == B(x) and B'(A(B(x))) == A(x).
Alice sends Bob A(x). Bob sends Alice B(A(x)). Alice sends Bob A'(B(A(x))) [== B(x)]. Bob evaluates B'(A'(B(A(x))) and gets x. {I think this method is known as Diffie-Hellman key exchange.}
It needs three passes, but an eavesdropper would have to successfully intercept all three transmissions before they could recreate the message. And the use of three passes allows for embedding a seconary challenge-response mechanism.
Yeah, but anybody who feels the need to use stuff like this, probably updates often and checks stuff as a matter of course anyway, and possibly even sandboxes test kernels - so the damage is self-limiting. If you always want the sharpest blades, you have to understand you can cut yourself. Ordinary mortals mostly run stock kernels, from their distributor or kernel.org. Somehow, I can't see such an obvious exploit finding its way into a major distro.
.....
And really, it's just more evidence that the Open Source model works. There is really nothing wrong with making a mistake, as long as you learn something from it and share what you learned with other people so they don't have to make the same mistake. Pretending you never make mistakes is another matter entirely
Yup, that's the dirty little secret of quantum crypto. You need a direct, end-to-end fibre connection for it to work. You also need an alternative, non-quantum, secure communication channel to verify the integrity of the quantum data. If the secondary channel isn't secure, an eavesdropper who listened both to the quantum-encrypted data and the integrity check would be able to reconstruct the data.
It's a bit like having a faster-than-light communicator where you get the message faster than light, but you can only find out what the message meant by calling up the sender on a slower-than-light link.
Quantum Cryptography is a bit like one of the things you see advertised on satellite TV "info-mercials", or in those irritating promotional catalogues that get tucked into magazines. You know the sort of thing I'm talking about: you start out amazed, barely able to believe anyone could invent something as wonderful as that; but if you order one, you'll end up wondering why they even bothered inventing it.
Even so, the fact that it's even just a little bit hard to do {unless the sysadmin is being so clueless they are obviously asking for it} makes it more secure than Windows.
..... anyone who doesn't, well, the joke's on them! Pint and three quarters!
Now, NT, XP and co. are supposed to have a "better" security model than Linux -- it reminds me somewhat of the VAX/VMS security model -- but, in practice, it's such a 'mare to set up that almost nobody does it properly. Another example of over-sophistication becoming counter-productive, IMHO.
And of course, Open Source really does mean there is a greater probability that a "good guy" will be first to see a potential exploit than a "bad guy", simply because good guys outnumber bad.
Drifting vaguely off topic, has anyone thought of creating a bogus rootkit that depends on 'potential victims' running a safe daemon as a honeypot? The server would be widely distributed {perhaps even installed almost by default if a distributor takes the hint}. The client would be posted to various script kiddie sites. Anyone who actually reads and understands the source code will get the joke at once
You need to lay off the crack pipe. I am in no way obligated to take the slightest bit of notice of advertisements. Sure, some idiot is paying good money after bad thinking he might get something out of me, but the truth is, he won't. I don't buy products based on advertisements. I actually avoid buying products advertised in an intrusive manner. And I block advertisements when surfing the web. Is that so bad? I, not the advertisers, determine where I spend my money. I figure that when I buy something from a company, I am paying their wages, and I'd rather that my hard-earned was spent on quality control than annoying the daylights out of everyone. If the advertisers would just cotton onto that, we could all get on with our work.
"Eat all you want" you say. Fine. I'm just not going to take the lumps of gristle, thank you.
You really need to get out more if you think advertising is so necesssary. Take a walk in the glorious, billboard-free countryside. Watch the BBC. Luxuriate in the feeling of not having someone trying to sell you something.
By the way, I'll give you a particularly egregious example of intrusive advertising: the hunger site. Actually I don't think it's there anymore. Their premise was "if you don't visit our web site, we won't give food to the starving". Bollox. You can give food to the starving even whether or not I visit your poxy little web site, so don't try to lay a guilt trip on me. And why do you suppose the starving have no food in the first place? Because of money-grasping companies with attitudes like that?
I think this is great. My private screen is not a public billboard. I also have a strict policy that I do not buy products or services if they are advertised to me by intrusive means.
If I want to buy something, I will read about it in books, magazines and/or on the Internet. I will make my decision based upon independent analysis. If there are three different brands of doobrie on the market, all three manufacturers are going to say I should buy theirs, so the adverts are largely irrelevant. Instead, I will try to find out about several other people's experiences of each, taking note of their expectations and requirements, before making a decision. It sounds like a complicated process, but try describing to someone how you catch a cricket ball!
I certainly don't see how it does anyone any harm if I don't see an advertisement for a product I was never going to buy. Advertisers often say they know half of the money they spend on advertising is wasted, but they would like to know which half. Well, I can tell them for free; it's the half that includes whatever they're spending advertising to me.
Any site that sends me an advertisement I don't like, I block in my Squid as a matter of routine; and I avoid popups by having my Konqueror set to prompt me whenever a site tries to open a window using JavaScript.
I feel no compunction for the advertisers. They are parasites, stealing the bandwidth I have paid for. If a mosquito flies harmlessly around me, I have no right to harm it; but the instant it tries to drink my blood, it has indicated to me that I have a right to take any necessary action against it.
I also feel that people might well be willing to pay a small premium for advert-free surfing pre-configured by their ISP. Although I have been offering this service myself for awhile, just for cost-of-call, via my unofficial dialup line!
Get in touch with your MP or foreign equivalent right now and point out the need for archival copies of normally-DRM'ed works to be made in some unencumbered form. As a disincentive against the misuse of DRM, the provision of an unprotected version for archival should be a precondition to validate any law which would make it an offence to bypass said DRM restrictions. So if you haven't deposited an unprotected copy of your work at your own expense with your National Library, then any anti-circumvention laws could not be used against anyone having a go at your protection {their circumvention efforts may be regarded simply as a reasonable-force effort to bypass the protection for the benefit of future generations}.
The Domesday Project was rescued just in time, but should stand as an example to everyone of just why it is important to have copies made of works in a format that will be readable in the future - even if this means using a different medium and eschewing technological copy-prevention measures for archive copies. This is our duty: to preserve this material so it can enter the public domain when its copyright expires.
.....
The format was not actually too hard to hack into, as the video discs were CAV analogue with modified analogue audio {one of the two channels was used for data, by means of custom high-speed modem; the other channel was fed to both speaker outputs} and the low-speed serial comms between the computer and the player were easy to work out.
It could so easily have been worse. What if a descendant of the format was still in use by a manufacturing cartel who refused to release its specs for fear of compromising their dirty secrets? That hardly bears thinking about
Factory-fitting an alarm and immobiliser is what they haven't done properly if they recommend their customer get a car alarm.
Being "owned" only lasts as long as it takes you to notice that all is not well and disconnect from the internet, as far as other people are concerned. You still have to reboot from CD, restore your /usr hierarchy and change your root password, of course, before you're properly good to go. The problem for a cracker is that they need a user's login and password, not just the root password; and even then that user has to be allowed to use the su command. Actually getting a shell through a remote buffer overflow exploit is not a certainty - and a number of unsuccessful attempts are likely to bring the machine down, or at least get noticed. Only machines on the "outside" of your firewall are vulnerable to remote attacks, so you can always make your backups of non-executable code from the "inside" in safety.
Outlook viruses propagate through the inherently unsafe practice of executing unknown binaries without the user's knowledge or consent. If you're going to run any binary you did not compile, of course it should be signed.
If you trust your favourite distributor's ISOs and MD5sums, you can install from CD, and as security patches appear, save patched versions on multi-session CDs. The truly paranoid can use a second HDD, normally kept electrically disconnected from the motherboard, for a backup. Depower, connect its IDE cable, boot from CD-ROM, mount the 'main' drive read-only and check its integrity. If satisfactory, mount 'slave' drive read-write and back up main drive. Depower, disconnect IDE cable from slave drive. It doesn't do much for your uptime records if you have to shut down every time you want to backup this way, but it does make for a quick restore if/when the worst happens: all you have to do is depower, connect second drive, mount it read-only, mount 'main' drive read-write, restore important stuff from HDD, set new root password, depower, disconnect second drive and reboot from 'main' HDD; maybe even before your script kiddie even gets as far as reading his logfiles and launching an attack. And maybe you think a quick restore process {which you know is real} is more important than a long uptime {which could be faked as far as anyone knows}.
If someone is bothered enough, they can force their way into almost anything, but most of the time it's a hell of an effort for little reward. Over time, as vulnerabilities are discovered and repaired, the probability of compromise is decreasing towards a minimum not proven to be non-zero. If you really want to take liberties with a Linux box, the easiest and surest way is still to break into the building and shove in a boot CD.
My point is that people are morally obligated to share the source code - and anything else that would not be diminished by the act of sharing - that they create.
Not sharing is a form of theft. Our obligations to help our fellow human beings take precedence over any claimed right to exploit one another for financial gain. It would help you and not harm me to give you a copy of a work I have already created. It would not help you if I refused. I am obliged to help you as far as I can do without harming myself, therefore I must honour your request.
See also here {choice quote: "Software hoarding is one form of our general willingness to disregard the welfare of society for personal gain"} and here {choice quote: "A choice of masters is not freedom".}
None of the "good work" he is doing excuses him for not sharing his source code with the rest of the world. He has no right to keep it to himself. The benefits of all human endeavour belong to all humanity. Closed source software is the modern-day equivalent of slavery. Users are held over a barrel and yet being made to feel grateful for the shafting they get.
How does looking at an advert support anything? The advertiser has already paid their money whether or not I take any notice. Frankly, I have no intention of purchasing most of the products they advertise. In fact, an intrusive advertisement makes me less likely to buy the product advertised, because when I'm paying the company's wages, I'd rather see my hard-earned spent on quality control than on advertising. Good wine needs no bush.