As a review of the sordid history of the election from some reputable source such as This One will remind you, the recounts were stopped by order of the US Supreme Court in response to legal action sponsored by Bush et al, and Florida selected it's electors based on the original, suspect totals.
The remaining thousands of votes were thus never actually recounted properly. If they had been, it could easily have been either candidate's race.
In my opinion, when the margin of victory in any state is less than the margin of error in your polling, it is negligent in the extreme to claim that either side is a valid victor. Of course, if more states followed a process of proportionally selecting electors, rather than the prevalent all-or-nothing system, this wouldn't be nearly as much of an issue...
The RPM from Sun installs the JVM in all the Mozilla browser's
It didn't make the link automagically for me, but simply performing:
# ln -s/usr/java/j2re1.4.2/plugin/i386/ns610-gcc32/libjav aplugin_oji.so/usr/lib/mozilla/plugins
(as described in the Mozilla release notes) resulted in a fully functional Java Plugin for me on an otherwise pristine Fedora installation.
I -did- run into a strange compile error trying to build an ltmodem module, but a small tweak to the code solved that (and I plan to bring it up with the ltmodem folks to get it properly resolved).
I also discovered that the default settings in/etc/sysconfig/rhn/sources are incorrect, but changing them to the ones referenced on the fedora download page worked fine.
So far no real errors, although I still need to figure out how to make metacity raise windows when I click in them, and I'm still often befuddled by the subtle differences between Preferences, System Settings, System Tools, and the "More..." subdirectories of each.
More like RAIFLT (redundant array of inexpensive fiddly little tags), but the analogy breaks down when the 'redundant' items are merely Read-Only devices with fixed, unique numbers.
To stretch it as far as we can, aggregation is a form of RAIFLT-1, like a mirror, where any tag in the aggregate can answer your read request.
RAIFLT-0 is basically the default of having a pile of tags, since you still have to read all of them to identify the contents of the pile.
I don't think there's a useful configuration that would correspond to RAIFLT-4 or RAIFLT-5, unless you introduced special "parity tags", or partial tags that don't uniquely identify an individual item, but only require scanning a subset of tags to uniquely identify the aggregate. Again, not terribly useful.
Please cite your references or evidence to this statement if you wish to be taken seriously.
Several companies are currently working on complex and high-performance designs using asynchronous techniques. It's true that it is currently more difficult, predominantly because current design tools are all geared towards generating and testing "standard" clocked logic, but it is being done and it does not by any stretch "blow".
It will be quite some time before all of the components on a motherboard are asynchronous, but groups -have- designed processors, memory controllers, and other components in asynchronous.
For but the briefest of examples... check out this article or this article.
No, it isn't the answer to everything... but it's much farther along than you seem to realize
"but overall almost any windows program will work on any windows version, and there is no recompiling ever!"
You're kidding (or trolling), right? I have an entire drawer full of old games of which maybe 20% run without serious hacking. Do you not remember how most Win95 games wouldn't run at all, or ran poorly under WinNT and later Win2K?
A lot of the old info isn't around anymore, but check out http://www.ntcompatible.com/ for a modern example (and compatibility is much better now than it was five years ago).
Of course there's no recompiling... there's no source code -to- recompile. If it doesn't work anymore you're just screwed.
Short answer: full integration with Exchange the MAPI-server.
Remember that Microsoft's MTA is -also- a MAPI-server, IMAP-server, addressbook server, calendar server, etc etc. Many (annoying) Exchange functions like return receipts take advantage of this integration.
I can almost guarantee that there is some MS-touted bell or whistle in Outlook or elsewhere that depends on you using the full suite of MS-approved servers. Be prepared to explain why it doesn't work or to offer a suitable alternative.
Problem is that aesthetics are usually misguided attempts at ergonomics that fail...
Most of the failed 'aesthetic attempts' I'm familiar with gave no thought at all to ergonomics, they were simply born from someone's desire to make it "cool" (and often failed even at that).
While working at a supercomputing center in the mid 90s, some of my co-workers expressed dismay at the insanely expensive front panels that Intel put on their parallel system. The intricate patterns of LEDs were allegedly useful for monitoring the state of the machine, yet there were no indicators for most of the useful information, and there was no reason why the communication indicators needed to have little chase patterns. The lights were someone's idea to make it look cool and futuristic.
It was observed that, for far less than what they spent on those blinky-light panels, they could have flown in hand-carved wooden screens from Indonesia instead. We all agreed that doing so would have improved the aesthetics immeasurably.
There's been substantial research on what sorts of materials and textures people find comforting and enjoyable. Generally we like 'natural' things like brushed metal, wood, leather and ceramic, with plastics, neon lights, excessive html, and overblown skins rating far far further down the aesthetic scale.
Some day (possibly soon) computers will be built into our walls like electricity and HVAC and we won't have to worry about their aesthetics any more...
"Personally, I would rather wait for the Sony Ericsson P900"
Which features of the P900 d oyou find to be more compelling? I'm mostly just curious...
Personally for me, what would make me really happy is a smallish device with a keyboard, SSH client, and 80-character wide display. With just that I could do most of my job from anywhere on-network.
The Treo still isn't quite there, but if it'll do decent web browsing and IMAP it'll be the closest thing so far that I know of. (It's unclear if it supports Palm VersaMail...)
I realize that most 'normal' consumers just want pretty pictures and fancier ring-tones, but I'm patient.
1) SSH is available for PalmOS devices through various places, for example: http://staff.deltatee.com/~angusa/TuSSH.html http ://online.offshore.com.ai/~iang/TGssh/
Unfortunately, none of them appear to support SSHv2 yet, but we can hope or (even better) help.
2) Well, they definately have VPN for Palm. Example: http://www.mergic.com/ As for VNC, it sounds like you're looking for something like: http://www.btinternet.com/~harakan/PalmVNC/
3) I'm pretty sure 'push' email is one of those things that's being restricted by various company's patents. Now, if you could just write an SMTP server for PalmOS...
(Or, I'm willing to argue that it is music and it is an image simultaneously.)
That's my point. The content is an artistic presentation that, like a music video, contains both aural and visual content. The choice of encoding is not the art, it's just a way to try to get the art to people.
Like I said, it's just data until interpreted.
Well, yes and no. The bits in and of themselves are indeed meaningless until properly interpreted (which is why improperly interpreting them is also meaningless), but they do still contain (in an obfuscated form) the means to recreate the intended content. That's why they are data and not just entropy.
"I think most of the artists who record straight to digital might have something to say about this."
I don't think so. Their music, even while sitting on a hard drive frozen in bits, is an inherently analog experience. I defy you to listen to music, or view a picture, without it being transferred to an analog form. Unless you've had a USB port wired into your cerebral cortex, it's not possible.
"Data is data, not music, not images, not anything."
I disagree rather strongly. It's the music or the image that matters, the specific pattern of bits that a particular tool can use to recreate that music or image is just a byproduct, and has no inherent meaning or value of it's own, even if you choose to pretend it does.
That's why three files of the same song encoded into.ogg,.wav and.mp3 all represent the same content, even though their bits are completely different.
Indeed, media type is (and should be) defined by content, not by encoding. The type reflects the manner in which the author intends the content to be enjoyed, and the manner in which the consumer intends to enjoy it.
If I take a photograph of a tree and encode it into bits, those bits will always represent the content of an image, even if some stupid Baudio-like program presents those bits as though they were some other sort of media. Even if I'm the one pretending it's a.wav file, I intended it to be an image, and you probably intend to view it as an image. If you honestly intend to listen to my image file (which I suspect don't even follow the appropriate standards of the file formats they purport), then maybe we can talk about it's merits as music/line noise.
This is crucially different from some of the examples he gives, which don't really apply to his "codec" at all.
In steganography, two different works are combined into a single encoding. This does -not- make the resulting file a single work, nor does it make the included image a song, or the included song an image.
The DeCSS song is a little more complicated, depending on whether you believe it is intended to (and can be) enjoyed as pure music, or whether it is merely intended as a vector for code. In any case, there is real audio content that's been provided.
4'33" was meant to be enjoyed as audio content, so it is, even though the 'art' is actually in the lack of audio content. It's not like the silence (or in Baudio's case, noise) is really meant to be pornography.
Hmm... I think a key differentiator might be what -analog- formats the content exists as. We live in an analog world and digital encoding can really only exist as a means of temporarily storing something inherently analog. Content is analog.
This whole argument just seems... stupid. Stupid enough to make me actually post...
My intention was to use the lowest level access possible to just copy whatever bits happen to be sitting on the CD. I'm not sure if any programs currently exist to do that (perhaps cdparanoia -r will suffice, but I get the feeling that cdparanoia tries to do error checking and other 'helpful' things that could get it in trouble with a maliciously constructed CD like we're talking about).
Hmm... looking around it seems disturbingly non-trivial to merely extract bits from an audio CD. That seems strange to me.
Perhaps a high-end CD player with digital out would work...
one set of "encrypted" songs that can be handled by CD players but cannot be ripped
I don't see how this is possible given current CD player technology. If the CD player can read the stream of bits off the CD, and turn it seamlessly into music, then my computer (which is much more sophisticated than my CD player) should also be able to do so.
Bits is bits. "dd if=/dev/cdrom of=/home/rip-cd" will transfer those bits. My choice of friendly utility that translates CD-format music bits into mp3, or ogg, or whatever should then work on those bits.
Having participated in several office renovations and build-outs over the past few years, I found this article quite interesting.
I was particularly impressed by the archtectural solution of angling the offices (requires wasting some space) to effectively get windows on two different walls in every office.
The "cable trough" along the back of the desks is a deceptively simple idea, but one that seldom gets implemented. We put something similar down the center of our conference tables, which made supporting laptop-laden meetings infinitely easier. It's unclear from the photo if there are cutouts to also allow cables to run under the desk. If not, that's the one important modification I'd add, as it is often neccessary to place an electric or electronic device on the floor.
The other thing that was of particular interest was his comments about using straight desktops in order to make it easier for people to collaborate. I've definately noticed the 'squeezing around the corner monitor' problem, but hadn't thought of encouraging a different monitor/desk configuration to address it.
Still, it's always nice to see people/companies actually thinking about their architecture, and fitting technology comfortably into it, when they get the chance.
I did read it, but will admit that I didn't fully understand the scope of your suggestions.
Basically it comes down to somehow requiring that every "perhaps" in my example is SSL'd.
The problem is that it is extremely difficult to do so. Alice has no control over what POP or IMAP software gets used within bob.org, nor should she.
Even if a mailserver requires TLS when accepting mail, you have no assurance that it will require TLS when sending the message on it's next hop. Unless some global agency forced all public mailservers to run a particular set of software configured in a specific way, and had some DRM-like way to ensure that they haven't been changed, this really is impossible to implement or enforce.
It's more implementable, and more in the general Internet spirit, to use something like PGP to handle your security and authentication on the client end, because then you don't have to rely on every sever between you and your destination (most of which will be outside of your control) to do the right thing encryption-wise.
That said, I'd certainly like to see some way to get back to a world where you could trust a mailserver to be who it said it was. Certainly, if everyone had a proper server certificate, and if every server required incoming connections to be from a server with a valid certificate or an authenticated user, we'd be there. I just don't see an easy way to get there from here...
What about SMTP w/ STARTTLS & require authentication?
That has the same issues unless you're only sending mail to other users within the same server. Consider the following:
Alice, of alice.com wants to send a sensitive message to Bob, of bob.org. She composes the message in her MUA and goes to send it. 1) Her MUA contacts smtp.alice.com (perhaps using STARTTLS, perhaps requiring authentication) and the message travels (perhaps securely) to smtp.alice.com. 2) smtp.alice.com contacts smtp.bob.org and sends the message (perhaps with STARTTLS if both it and smtp.bob.org are configured with it). There is no way to verify if the message went from alice.com to bob.org in a secure fashion unless you can be assured that -all- smtp servers in the world both support STARTTLS and have well-known certificates to authenticate against. 3) smtp.bob.org delivers the email within bob.org, perhaps securely. 4) Bob downloads the email from his mailspool, popserver, or imapserver, perhaps securely.
There's a lot of 'perhaps' in there, especially once the message leaves alice.com. There's also little assurance to Bob that the message is truly from Alice.
The answer is that Alice should ude PGP/GPG to encrypt and sign her sensitive email, which will keep the contents secure until Bob uses his favorite PGP/GPG tool to decrypt/verify it.
The PGP product is meant for large enterprises full of Alices, where Alice can't be counted on to be fully encryption-saavy or consistant in her use of it. It handles creating keys for everyone who doesn't have one and making sure that all appropriate emails are signed and/or encrypted. It also offers a web-based mail drop for people who don't have an available public key to receive secure messages.
Anubis looks pretty neat, but they appear to be doing similar yet quite different things (at least from my quick overview of anubis' online documentation).
The primary differences appear to be: * anubis sits as a proxy only between your MUA and MTA, and thus only effects mail you send. * PGPs product proxies not only messages going to your MTA, but also messages being loaded from your POP/IMAP server. * PGPs product handles key generation and management for users without their own keys.
It seems likely that you'd unlock your private key on the server for the duration of a session, much like an ssh-agent, but I don't know for sure. Still, the exceptionally paranoid individual user won't like this product, but the paranoid corporation might.
The STARTTLS option to SMTP simply requests that your SMTP communication be done through an encrypted tunnel. It does nothing to help establish the authenticity or security of a message, which is what PGP's software is primarily about.
If I understand things correctly, using this server a company could set things up so that all outgoing emails are digitally PGP-signed with an appropriate corporate or user key. You could also set it up so that all emails stored on your servers are stored encrypted... the proxy transparently decrypts them for the client.
They talk a lot about "enforcing policy", which might include things like encrypting communications with certain vendors, signing all communications or communications of a certain nature, encrypting all communications against a corporate key as well as the recipient's, etc.
It looks like it provides a very useful function for an enterprise, without forcing your collaborators to purchase the same technology (as the output is normal, standard PGP encrypted and/or signed documents).
This would be true if "defending" was the main occupation of the "defense" department.
You mean the arm of our government formerly known as the "Department of War"? (It was changed during the cabinet restructuring in 1948.)
In a similar move, DARPA for several years went simply by 'ARPA', emphasizing a less militarily-focused goal. Recently, however, they put the 'Defense' back in DARPA.
What does it all mean? Not much. Do they fund pure science? Yes. Do they use some of those results to build better bombs and guns and other devices of death? Yes. Does that make the basic science evil? No.
Good luck. Most (if not all) OEMs will -not- ship you a system without an operating system preloaded. For many of them certain confidential contracts prohibit doing that in the name of "reducing piracy" (obviously the only reason to buy a computer with no OS is because you intend to use a pirated copy...).
If FreeDOS satisfies their contractural obligations, then is absolutely does enable this.
Slashdot Mirror
As a review of the sordid history of the election from some reputable source such as This One will remind you, the recounts were stopped by order of the US Supreme Court in response to legal action sponsored by Bush et al, and Florida selected it's electors based on the original, suspect totals.
The remaining thousands of votes were thus never actually recounted properly. If they had been, it could easily have been either candidate's race.
In my opinion, when the margin of victory in any state is less than the margin of error in your polling, it is negligent in the extreme to claim that either side is a valid victor. Of course, if more states followed a process of proportionally selecting electors, rather than the prevalent all-or-nothing system, this wouldn't be nearly as much of an issue...
It didn't make the link automagically for me, but simply performing: /usr/java/j2re1.4.2/plugin/i386/ns610-gcc32/libjav aplugin_oji.so /usr/lib/mozilla/plugins
# ln -s
(as described in the Mozilla release notes) resulted in a fully functional Java Plugin for me on an otherwise pristine Fedora installation.
I -did- run into a strange compile error trying to build an ltmodem module, but a small tweak to the code solved that (and I plan to bring it up with the ltmodem folks to get it properly resolved).
I also discovered that the default settings in /etc/sysconfig/rhn/sources are incorrect, but changing them to the ones referenced on the fedora download page worked fine.
So far no real errors, although I still need to figure out how to make metacity raise windows when I click in them, and I'm still often befuddled by the subtle differences between Preferences, System Settings, System Tools, and the "More..." subdirectories of each.
More like RAIFLT (redundant array of inexpensive fiddly little tags), but the analogy breaks down when the 'redundant' items are merely Read-Only devices with fixed, unique numbers.
To stretch it as far as we can, aggregation is a form of RAIFLT-1, like a mirror, where any tag in the aggregate can answer your read request.
RAIFLT-0 is basically the default of having a pile of tags, since you still have to read all of them to identify the contents of the pile.
I don't think there's a useful configuration that would correspond to RAIFLT-4 or RAIFLT-5, unless you introduced special "parity tags", or partial tags that don't uniquely identify an individual item, but only require scanning a subset of tags to uniquely identify the aggregate. Again, not terribly useful.
Please cite your references or evidence to this statement if you wish to be taken seriously.
Several companies are currently working on complex and high-performance designs using asynchronous techniques. It's true that it is currently more difficult, predominantly because current design tools are all geared towards generating and testing "standard" clocked logic, but it is being done and it does not by any stretch "blow".
It will be quite some time before all of the components on a motherboard are asynchronous, but groups -have- designed processors, memory controllers, and other components in asynchronous.
For but the briefest of examples... check out this article or this article. No, it isn't the answer to everything... but it's much farther along than you seem to realize
I've been quite pleasantly surprised by it.
"but overall almost any windows program will work on any windows version, and there is no recompiling ever!"
You're kidding (or trolling), right?
I have an entire drawer full of old games of which maybe 20% run without serious hacking. Do you not remember how most Win95 games wouldn't run at all, or ran poorly under WinNT and later Win2K?
A lot of the old info isn't around anymore, but check out http://www.ntcompatible.com/ for a modern example (and compatibility is much better now than it was five years ago).
Of course there's no recompiling... there's no source code -to- recompile. If it doesn't work anymore you're just screwed.
Short answer: full integration with Exchange the MAPI-server.
Remember that Microsoft's MTA is -also- a MAPI-server, IMAP-server, addressbook server, calendar server, etc etc. Many (annoying) Exchange functions like return receipts take advantage of this integration.
I can almost guarantee that there is some MS-touted bell or whistle in Outlook or elsewhere that depends on you using the full suite of MS-approved servers. Be prepared to explain why it doesn't work or to offer a suitable alternative.
Problem is that aesthetics are usually misguided attempts at ergonomics that fail...
Most of the failed 'aesthetic attempts' I'm familiar with gave no thought at all to ergonomics, they were simply born from someone's desire to make it "cool" (and often failed even at that).
While working at a supercomputing center in the mid 90s, some of my co-workers expressed dismay at the insanely expensive front panels that Intel put on their parallel system. The intricate patterns of LEDs were allegedly useful for monitoring the state of the machine, yet there were no indicators for most of the useful information, and there was no reason why the communication indicators needed to have little chase patterns. The lights were someone's idea to make it look cool and futuristic.
It was observed that, for far less than what they spent on those blinky-light panels, they could have flown in hand-carved wooden screens from Indonesia instead. We all agreed that doing so would have improved the aesthetics immeasurably.
There's been substantial research on what sorts of materials and textures people find comforting and enjoyable. Generally we like 'natural' things like brushed metal, wood, leather and ceramic, with plastics, neon lights, excessive html, and overblown skins rating far far further down the aesthetic scale.
Some day (possibly soon) computers will be built into our walls like electricity and HVAC and we won't have to worry about their aesthetics any more...
A friendly poster on my other thread offered this Palm based SSH link:
http://www.mochasoft.dk/palm.html
They charge 25USD, and it looks like it always provides a virtual window onto a 24x80 area, but it -does- do SSHv2.
M - thanks for the specifics, I can see how those could make your portable experience more enjoyable.
"Personally, I would rather wait for the Sony Ericsson P900"
Which features of the P900 d oyou find to be more compelling? I'm mostly just curious...
Personally for me, what would make me really happy is a smallish device with a keyboard, SSH client, and 80-character wide display. With just that I could do most of my job from anywhere on-network.
The Treo still isn't quite there, but if it'll do decent web browsing and IMAP it'll be the closest thing so far that I know of. (It's unclear if it supports Palm VersaMail...)
I realize that most 'normal' consumers just want pretty pictures and fancier ring-tones, but I'm patient.
1) SSH is available for PalmOS devices through various places, for example: http://staff.deltatee.com/~angusa/TuSSH.htmlp ://online.offshore.com.ai/~iang/TGssh/
/
htt
Unfortunately, none of them appear to support SSHv2 yet, but we can hope or (even better) help.
2) Well, they definately have VPN for Palm. Example:
http://www.mergic.com/
As for VNC, it sounds like you're looking for something like:
http://www.btinternet.com/~harakan/PalmVNC
3) I'm pretty sure 'push' email is one of those things that's being restricted by various company's patents. Now, if you could just write an SMTP server for PalmOS...
Haven't they already done this with other forms of blank media through recent years? If those laws passed, and survived, is there any hope for CDs?
a t_tax.htm l
Example: 1992 DAT-tax
http://www.brouhaha.com/~eric/bad_laws/d
(Or, I'm willing to argue that it is music and it is an image simultaneously.)
That's my point. The content is an artistic presentation that, like a music video, contains both aural and visual content. The choice of encoding is not the art, it's just a way to try to get the art to people.
Like I said, it's just data until interpreted.
Well, yes and no. The bits in and of themselves are indeed meaningless until properly interpreted (which is why improperly interpreting them is also meaningless), but they do still contain (in an obfuscated form) the means to recreate the intended content. That's why they are data and not just entropy.
Mmmmmm, entropy.
"I think most of the artists who record straight to digital might have something to say about this."
.ogg, .wav and .mp3 all represent the same content, even though their bits are completely different.
I don't think so. Their music, even while sitting on a hard drive frozen in bits, is an inherently analog experience. I defy you to listen to music, or view a picture, without it being transferred to an analog form. Unless you've had a USB port wired into your cerebral cortex, it's not possible.
"Data is data, not music, not images, not anything."
I disagree rather strongly. It's the music or the image that matters, the specific pattern of bits that a particular tool can use to recreate that music or image is just a byproduct, and has no inherent meaning or value of it's own, even if you choose to pretend it does.
That's why three files of the same song encoded into
I believe the official expansion is "Santa Cruz Operation".
I also believe that you probably already know that and are instead fishing for more humorous versions.
Here are some obvious first attempts to get people going.
Suing Companies Online
Stock (manipulation) Capitalization Operation
Stupid Corporate Officers
Indeed, media type is (and should be) defined by content, not by encoding. The type reflects the manner in which the author intends the content to be enjoyed, and the manner in which the consumer intends to enjoy it.
.wav file, I intended it to be an image, and you probably intend to view it as an image. If you honestly intend to listen to my image file (which I suspect don't even follow the appropriate standards of the file formats they purport), then maybe we can talk about it's merits as music/line noise.
If I take a photograph of a tree and encode it into bits, those bits will always represent the content of an image, even if some stupid Baudio-like program presents those bits as though they were some other sort of media. Even if I'm the one pretending it's a
This is crucially different from some of the examples he gives, which don't really apply to his "codec" at all.
In steganography, two different works are combined into a single encoding. This does -not- make the resulting file a single work, nor does it make the included image a song, or the included song an image.
The DeCSS song is a little more complicated, depending on whether you believe it is intended to (and can be) enjoyed as pure music, or whether it is merely intended as a vector for code. In any case, there is real audio content that's been provided.
4'33" was meant to be enjoyed as audio content, so it is, even though the 'art' is actually in the lack of audio content. It's not like the silence (or in Baudio's case, noise) is really meant to be pornography.
Hmm... I think a key differentiator might be what -analog- formats the content exists as. We live in an analog world and digital encoding can really only exist as a means of temporarily storing something inherently analog. Content is analog.
This whole argument just seems... stupid.
Stupid enough to make me actually post...
My intention was to use the lowest level access possible to just copy whatever bits happen to be sitting on the CD. I'm not sure if any programs currently exist to do that (perhaps cdparanoia -r will suffice, but I get the feeling that cdparanoia tries to do error checking and other 'helpful' things that could get it in trouble with a maliciously constructed CD like we're talking about).
Hmm... looking around it seems disturbingly non-trivial to merely extract bits from an audio CD. That seems strange to me.
Perhaps a high-end CD player with digital out would work...
one set of "encrypted" songs that can be handled by CD players but cannot be ripped
I don't see how this is possible given current CD player technology. If the CD player can read the stream of bits off the CD, and turn it seamlessly into music, then my computer (which is much more sophisticated than my CD player) should also be able to do so.
Bits is bits. "dd if=/dev/cdrom of=/home/rip-cd" will transfer those bits. My choice of friendly utility that translates CD-format music bits into mp3, or ogg, or whatever should then work on those bits.
Am I missing something?
Having participated in several office renovations and build-outs over the past few years, I found this article quite interesting.
I was particularly impressed by the archtectural solution of angling the offices (requires wasting some space) to effectively get windows on two different walls in every office.
The "cable trough" along the back of the desks is a deceptively simple idea, but one that seldom gets implemented. We put something similar down the center of our conference tables, which made supporting laptop-laden meetings infinitely easier. It's unclear from the photo if there are cutouts to also allow cables to run under the desk. If not, that's the one important modification I'd add, as it is often neccessary to place an electric or electronic device on the floor.
The other thing that was of particular interest was his comments about using straight desktops in order to make it easier for people to collaborate. I've definately noticed the 'squeezing around the corner monitor' problem, but hadn't thought of encouraging a different monitor/desk configuration to address it.
Still, it's always nice to see people/companies actually thinking about their architecture, and fitting technology comfortably into it, when they get the chance.
I did read it, but will admit that I didn't fully understand the scope of your suggestions.
Basically it comes down to somehow requiring that every "perhaps" in my example is SSL'd.
The problem is that it is extremely difficult to do so. Alice has no control over what POP or IMAP software gets used within bob.org, nor should she.
Even if a mailserver requires TLS when accepting mail, you have no assurance that it will require TLS when sending the message on it's next hop. Unless some global agency forced all public mailservers to run a particular set of software configured in a specific way, and had some DRM-like way to ensure that they haven't been changed, this really is impossible to implement or enforce.
It's more implementable, and more in the general Internet spirit, to use something like PGP to handle your security and authentication on the client end, because then you don't have to rely on every sever between you and your destination (most of which will be outside of your control) to do the right thing encryption-wise.
That said, I'd certainly like to see some way to get back to a world where you could trust a mailserver to be who it said it was. Certainly, if everyone had a proper server certificate, and if every server required incoming connections to be from a server with a valid certificate or an authenticated user, we'd be there. I just don't see an easy way to get there from here...
What about SMTP w/ STARTTLS & require authentication?
l /u niversalfeatures.html#messenger
That has the same issues unless you're only sending mail to other users within the same server. Consider the following:
Alice, of alice.com wants to send a sensitive message to Bob, of bob.org. She composes the message in her MUA and goes to send it.
1) Her MUA contacts smtp.alice.com (perhaps using STARTTLS, perhaps requiring authentication) and the message travels (perhaps securely) to smtp.alice.com.
2) smtp.alice.com contacts smtp.bob.org and sends the message (perhaps with STARTTLS if both it and smtp.bob.org are configured with it). There is no way to verify if the message went from alice.com to bob.org in a secure fashion unless you can be assured that -all- smtp servers in the world both support STARTTLS and have well-known certificates to authenticate against.
3) smtp.bob.org delivers the email within bob.org, perhaps securely.
4) Bob downloads the email from his mailspool, popserver, or imapserver, perhaps securely.
There's a lot of 'perhaps' in there, especially once the message leaves alice.com. There's also little assurance to Bob that the message is truly from Alice.
The answer is that Alice should ude PGP/GPG to encrypt and sign her sensitive email, which will keep the contents secure until Bob uses his favorite PGP/GPG tool to decrypt/verify it.
The PGP product is meant for large enterprises full of Alices, where Alice can't be counted on to be fully encryption-saavy or consistant in her use of it. It handles creating keys for everyone who doesn't have one and making sure that all appropriate emails are signed and/or encrypted. It also offers a web-based mail drop for people who don't have an available public key to receive secure messages.
http://www.pgp.com/products/enterprise/universa
Of course this is all a rather general overview, but the point is that STARTTLS is not sufficient to ensure end-to-end message security.
Anubis looks pretty neat, but they appear to be doing similar yet quite different things (at least from my quick overview of anubis' online documentation).
The primary differences appear to be:
* anubis sits as a proxy only between your MUA and MTA, and thus only effects mail you send.
* PGPs product proxies not only messages going to your MTA, but also messages being loaded from your POP/IMAP server.
* PGPs product handles key generation and management for users without their own keys.
It seems likely that you'd unlock your private key on the server for the duration of a session, much like an ssh-agent, but I don't know for sure. Still, the exceptionally paranoid individual user won't like this product, but the paranoid corporation might.
The STARTTLS option to SMTP simply requests that your SMTP communication be done through an encrypted tunnel. It does nothing to help establish the authenticity or security of a message, which is what PGP's software is primarily about.
If I understand things correctly, using this server a company could set things up so that all outgoing emails are digitally PGP-signed with an appropriate corporate or user key. You could also set it up so that all emails stored on your servers are stored encrypted... the proxy transparently decrypts them for the client.
They talk a lot about "enforcing policy", which might include things like encrypting communications with certain vendors, signing all communications or communications of a certain nature, encrypting all communications against a corporate key as well as the recipient's, etc.
It looks like it provides a very useful function for an enterprise, without forcing your collaborators to purchase the same technology (as the output is normal, standard PGP encrypted and/or signed documents).
This would be true if "defending" was the main occupation of the "defense" department.
You mean the arm of our government formerly known as the "Department of War"? (It was changed during the cabinet restructuring in 1948.)
In a similar move, DARPA for several years went simply by 'ARPA', emphasizing a less militarily-focused goal. Recently, however, they put the 'Defense' back in DARPA.
What does it all mean? Not much.
Do they fund pure science? Yes.
Do they use some of those results to build better bombs and guns and other devices of death? Yes.
Does that make the basic science evil? No.
"Buy a PC with a blank disk"
Good luck. Most (if not all) OEMs will -not- ship you a system without an operating system preloaded. For many of them certain confidential contracts prohibit doing that in the name of "reducing piracy" (obviously the only reason to buy a computer with no OS is because you intend to use a pirated copy...).
If FreeDOS satisfies their contractural obligations, then is absolutely does enable this.