1st: Never did I intend to imply that individuals should be criminally liable for the actions done by other individuals. But civil/economical liability should apply.
I am inspired by the opinion of Bruce Schneier, but I think he doesn't reflect on the case of open source which would cease to exist if the strict liability applies, that's why I say, if source is provided, user should have enough information to evaluate the product and assume liability.
Liability is the mechanism that will make everyone try to find someone else to point at.
2nd: I don't think that aunt Alice or uncle Bob should have the knowledge to carry out a DDOS attack in order to be held liable. But they should have the knowledge to use the device as instructed in the user's guide, and they should have the knowledge to maintain the device purchased - also if the "device" is a software program - that is keep it updated, and apply any corrections provided by the vendor in reasonable time.
And all this as stated, is fair only if vendors also are liable for their products. I seriously don't get how vendors can get away with disclaiming liability, even for known issues.
Microsoft have their patch-Tuesday, I still don't get it, why can't they release their patches as soon as they are there? People set up their computer to apply patches at the regular interval they find reasonable, say every month or every day... If windows update is run automatically, why should it only run only on the second Tuesday of the month? Sorry about that rant - just had to get it out...
I don't use the car analogy as a functional analogy but analogy of liability. The car analogy becomes absurd as analogy of functionality. You may read my reply to previous poster.
1) Don't be silly: The analogy I wish to draw regards liability, not functional characteristics. Liability has nothing to do with functionality.
2) I'll admit that all the 1's are identical, and all the 0's are identical, but sometimes the order is important:) But again, don't be silly, the analogy is not of functional characteristics.
The point is that the owner of a device is the only one responsible for that device. If my neighbors pc is hacked and attacks mine, I can't interfere, that would be trespassing. All I can do is try to monitor and log the activity. The only one who have the ability to act against the compromise without breaking law is the owner. Therefore, the owner should be responsible for doing so, and liable for any negligence.
As it is now, everyone disclaims all liability: The software vendor, the ISP's, businesses and individual users. All the cost is paid by the victim target. Software vendors even disclaim liability for errors they are aware of - did you ever read one of those EULA's?
If you make people liable for their devices, you introduce an incentive to act: To protect against compromise, to detect compromise, to contain compromise and to repair. People and businesses will have an incentive to reduce risk and buy products according to their security merits and not only functionality, software vendors will then have an incentive to create less insecure products, and product liability should apply to increase that incentive.
It's a cost-benefit calculation, if there are no costs of insecurity there is no reason to act. Most individuals say "why should I care, I have nothing to hide!".
Big corps worry about security because of potential losses. Microsoft works to secure themselves such that source code and business secrets are not disclosed, but the security of the customer is treated as a PR problem - "sales may go down if we screw our customers too much". They have disclaimed all liability for their products. And when liability is disclaimed, vendors see a benefit of market early - better sell buggy products now and correct errors later because otherwise the competitor may come first.
Liability turns that around. Vendors will work to weed out the bugs and test the products properly before release since the cost of releasing buggy products early increases.
Finally, please read my comment again: I don't say aunt Alice should be penalized, and in fact I say that it is not fair to impose liability on individual users while letting vendors disclaim all liability. Software companies currently disclaim all liability for their products. This I think is fair only if they also provide every detail needed to evaluate the product before purchase: The source code! Any company that decides to keep code closed should retain liability for their errors. Disclaiming liability is not fair unless users have full knowledge of the inner workings of the product.
True: Most users don't have the technical knowledge to evaluate a product, but then you purchase a product evaluated such that liability is with the software vendor. So, aunt Alice may purchase closed or open source products, she knows that if it's free and comes with source code she is liable for any dysfunction, so she pays a vendor that test the product and assume liability.
Liability doesn't make products secure by default, but it gives an economic incentive to prioritize security and not just functionality. Companies will make a risk assessment and weigh the cost of breaches and abuse against the cost of making the product more secure. They may insure themselves if they are small or choose to run the risk.
Aunt Alice is liable for her devices, she is the one in power to ensure that the product bought is used following the vendors instructions, and she is the one in power to make sure that vendors corrections are applied. If she fail to follow the instructions, if she does not "patch the breaks" in her system, it's her fault. She can buy an insurance to cover a
I disagree! You buy a computer - you're responsible for it. If you don't have the knowledge to secure it, you pay the professional to do it for you. You may also insure yourself for any damage caused by your system, insurance companies exist for that.
It's like having a car: You are liable for the damage caused by the car independent of who drives it. If it is stolen or hijacked, you are still liable. Therefore your are required to have an insurance that can cover the damage, there are safety requirements for the vehicle, and you are responsible to see that your car meet these requirements. If you are not professional you go to the mechanic and have it done. And even if everything is OK, and your car is stolen and involved in an accident, you are liable, your insurance will cover damage, and if the thief is caught the insurance company will seek to get the thief to pay up.
The same should go for the Internet: Once you're on the public network you are liable for any damage caused. If we hold people liable they will make sure that their systems does not inflict any damage, reduce the risk. Currently, people just say:
"Oh sorry, I didn't patch my system, I didn't update my anti-virus and someone broke into my system without my knowledge... but that's not my fault!"
and
"I don't know how to maintain my system, but I just want to use e-mail anyway, so why should I need to care?"
Of course, it is not entirely fair just to blame the user. Software vendors disclaim ALL liability, even for errors they have knowledge of. Schneier's dream is to make software vendors liable for their products. I think that unless the public have full access to the code vendors should not be able to disclaim liability. You can't both disclaim liability and impose restrictions on how the product may be used.
If there is product liability, then it is also fair to hold users liable for inappropriate use and abuse caused by their misconfiguration or negligence and liability cannot be passed onto the vendor.
If this means that uncle Bob and aunt Alice can't use the Internet, because they wont accept responsibility for their systems and won't buy insurance against abuse, fine! Cut the connection!
1) The period of being "child" has become shorter. Previously children would happily play with LEGO till age 15, but now kids loose interest around age 10-12 if not before.
2) Computers take a lot of the attention, which was the reason to launch Mindstorms, make the kid creative with the computer. And when computers don't take the attention then cellphones do. Kids communicate much more (quantity, no word about if this is good or bad) than previously, chat rooms, blogs, sms, social networks etc. None of which involve any bricks.
3) Media take a lot of attention, and there's not much to do about it. Today it is common to find tv sets in childrens room and programs directed towards children get more exposure.
And 3) is part the explanation that childhod has become shorter: Just think about all the boys and girls bands that become the big hit, and kids want to be like them. Say, Britney Spears? (there are certainly others, I'm just not young enough any longer to catch interest).
So, it's no surprise that LEGO looses ground. And they are investigating hugely other ways to get through and catch interests. Which explains the losses.
PS: Don't know if the loss mentioned is actually danish kroner, in which case it's only a 6th.
The term "firewall" in the Great Firewall of China is misleading, they just want to build on the analogy of the great wall of China - it is not a traditional firewall, read the original article. It is based on IDS and deep packet inspection, because they want to do filtering based on content in the application layer and not the network layer.
Statefull firewalls insert an entry in the state table when the connection is established and then does not inspect packets belonging to that state, this increases performance.
But since the tcp-handshake normally does not contain any banned words this won't work, and blocking a connection at that point won't work. They want to filter on the content which comes after the connection has been established.
In the abstract (but read the rest too, it's interesting) of the article (pdf) they write that the firewall will send spoofed RST packets to both ends of the connection, normally the server/client will then tear down the connection. But the packets send by the server are passed unchanged.
According to the article new attempts to connect will be blocked, not by dropping the packets, but by sending a new flod of RST packets - this time without expensive packet content inspection.
Hence, in both cases, if both ends ignore the spoofed RST packets, data exchange can proceed unhindered. The spoofed RST packets can be identified by inspecting TTL and/or sequence number (wonder if packet-filter can do this?). But one can also entirely ignore RST packets and rely on closing a connection on timeout or FIN/ACK packets.
Only well behaving clients would send nice RST packets to prematurely tear down a connection, but we are much more in the oposite situation that clients use keep-alive to keep the connection open even when a request have been completed. So, it seems that ignoring RST is at no cost to the server.
The paper goes on to discuss how to support this and the risks of chinese using such a setup. They argue that if RST packets are ignored by default it will be dificult to argue that the individual intend to access prohibitited material. All we need to do is to make it default behaviour!
Meanwhile, we must also setup freedom servers in our end which will ignore the RST packets.
I think the interesting thing is that by configuring our end to ignore the invalid resets from the Great Firewall of China we can aid the distribution of otherwise censored material.
DDoS attacks against the GFC seems not to be that easy, as the article mentions the GFC is not one giant router at the backbone, but rather smaller machines closer to the end stations - the firewall is distributed accross an unknown number of gateways.
Verification is absolutely important, but much more important is that the theory have the property of falsifiability: That you can setup experiments that would falsify the theory.
The school of Karl Popper asserts that science progress by trying to falsify it's own theories. Much has been argued against this, in particular that there are so many ways to keep on doing that that this is not very progressive, so people argue that scientists should try verify their theory with observation.
Yet, I think, this should not discard the criteria of falsifiability as a fundamental criteria of science, and scientists must be prepared to be proven wrong. This is what distinguish science from all the pseudo-science and crackpot.
Secondly, theories should be kept as simple as possible - I think this originates from Albert Einstein, but I have forgotten the original quote - if you can describe something in a simple manner then it is likely to be that way, while a complex theory may obscure the simplicity while describing correctly the world as we see it.
If ST fails on these then ST should be discarded as crackpot.
It *is* ready for the desktop. I have been using FreeBSD on my notebook for three years as my primary desktop computer. Because: FreeBSD Just Works(TM).
You didn't read the article. The article talks about MS getting Windows Vista out the door and it talks about why innovation at MS is so slow: They waste tons of time just to keep all the legacy stuff working.
The point of the article is that the code base have grown hugely complex and dificult to maintain and MS refuses to rip out legacy code to get a leaner code base that will enable them to move forward and innovate.
"Christine Monaco, a spokeswoman for the FBI in New York, said Monday that all FBI agents can communicate with each other via a secure internal e-mail system, and about 75 percent of the New York office's employees have outside e-mail accounts."
US forcing pornographic sites to move to.xxx would be like China and Iran requirering US sites to move to.us such that they can protect their citizens from harmful freedom.
1) As suggested in other post(s), a.kids domain or similar for minors, it is almost imposible to force established sites around the world to move, but with a dedicated new tld for kids you can control who gets in.
2) Agree on an open standard for web content labeling that makes it easy to filter, the W3C could standardize an meta-tag with content classification. It wont eradicate porn but will seem less intrusive for porn-businesses so they are more likely to comply on their own.
3) Agree on an extention to the http protocol, like prefered languages can be specified in the request a maximum acceptable rating say R15 or similar could be sent with the request, and the server would respond with an error 403 or similar if rating is exceeded.
This is really a neat solution because it would be simpler to configure than a filter and cause less traffic. Also, the privacy of the user is better protected since no content is retreived and posibly cached in a proxy or log entries kept on filtering events, there will be no evidence of what was blocked, only that rating exeeded the acceptable.
Paranoid parrents could block sites that does not support the extension, that would make support grow.
Both 2) and 3) allow for eg. public libraries to create users with different settings according to their age. With 3) search engines could easily addopt results such as not to display inappropriate results.
On single user systems such as Windows (yes I know, you _can_ have multiple users, but people don't use that feature) browsers should have password protected configurations such that parents could configure their browser without their kids messing up afterwards.
And, then the obvious question: why would porn industry support such standards?
They have no business to do with minors who can't even hold a credit card, so they would prefer to support these initiatives in order not to loose business with real customers.
Police agents can monitor music exchange Web sites and trace back the email address of beneficiaries by asking the Internet service provider for it through a court order.
Presumably they meant they can ask the ISP for the billing information of the customer who was using a particular IP address (not e-mail address), which the police agents obtained through monitoring P2P services (not Web sites).
Given the recent data retention directive passed by the European Commision and parlairment and required to be ratified in national laws by mid 2007, police will have access to far more data than just billing information.
a) Nanotubes made of carbon are quite harmless, actually research is done on how these can be used for medical treatment for example to encapsulate vira.
True, nano and micro particles in the air can be harmfull, but this is not the case for the nanotubes in a closed container. When the ultracapasitor is disposed it contains less harmful chemicals than a Li-Ion battery.
b) You have a point, but this is mostly an engineering problem to make it charge correctly. Wether they would melt is a completely unfounded claim. They could catch fire too, since they consist of carbon.
c) Again, if this is a significant problem, it seems to be one that can be handled.
d) Here you refer to the current capacity and this is not yet convincing, but the OP was about future development.
So, if you want to give critics, then read the article and correct my error (too late now): I confused power and energy density. They claim a power density 1000 that of bateries is possible and an energy density comparable to Li-Ion.
This is still very interesting I think due to the positive impact on environment and faster recharge. The fact that you can recharge faster will give you more independence and mobility.
Ultra capacitors now can hols 6Wh/kg which is only a fraction of conventional Li-Ion batteries but according to MIT this can be boosed to 1000 battery capasity by using nanotubes.
And ultra capacitors have a large number of advantages: no dangerous components, recharge in a matter of minutes, better temperature tolerance, longer durability...
I don't know why people bother to talk about fuelcells...
Just to comment on one issue: One reason that people put the volume so loud is that the earbuds do not keep out external noice. So, said earbuds should actually have the effect that you will not turn up the volume as much - not that you can't of course.
Also, classic earphones are better keeping external noice out and for this reason not claimed responsible for the same extent of hearing loss.
Anyway, I'm surprised that this comes up in the first place, but maybe this guy didn't listen to - or couldn't hear - the warnings...
Whenever someone posts about climate change and global warming people flock to deny it and to mention previos periods of warmth and cold that are more extreme than the current, so what's the problem with 0.1C or 1C average?
This is true indeed and I don't think life on our planet is going to become extinct because of global warming.
But there is one thing that is interesting to note: In all the known climatical periods of the earth, none has been more stable than the past 10.000 years. Coincidencially, in these 10.000 years the human civilisation arouse.
I think it is not just a question of evolution reaching a critical point if not that this point coincides with stable climate.
We may believe our technological know how can now cope with the changes... at least on our side of the globe, but there is a whole world, more than 6 billion people out there. If you care about other people, then so should you care about climate change.
I don't know if it is easily hackable, but with a 1m accuracy for the free version I have difficult to find the ones who see a market in hacking this. Of course it's a question of price of the commercial grade version also, but still.
As you read the article, the first thing you note is really that this "trusted" person may still be able to authenticate after he leaves his job. The problem is not that the password never expires, but that his account never expires or there is just one shared account.
Any system that requires authentication should also require identification, and each account should expire at some time. It should be posible to lock individuals out without imposing change of password on all other authorized users.
In fact never expiring passwords may increase security in everyday systems: When people are regularly required to change their passwords chances are that they will choose even worse passwords, simply because it takes time to find and learn a good password.
Repeated change of password gives no protection against brute force attack simply because you have no idea wether the hacker will go sequentially through all posibilities or if the new password has already been tried and hence has low probability of being tried again.
Instead, system administrators should make sure that chosen passwords has sufficiently high entropy before they are accepted in the first place and continuously try to crack user passwords - if a password is cracked, it is weak and must be changed.
As much as I support the idea of indexing all books, these two arguments claimed by Eric Smith just don't hold. The problem is that there are good reasons that "fair use" differs depending on how you initially made the information available:
1. It is ok to record an entire tv program for personal use - it was broad cast to the public. However, it is not acceptable to broad cast the recorded program again, this is not for personal use.
2. While webpages are not broad cast as a tv programs they are published to be freely accessible. The web builds on linking accross pages and sites from the very birth, so it is reasonable to argue that you should have known before hand.
However, one thing is linking another is copying entire sites or pages. To provide the context in which a keyword appears in a given page, google must actually have the entire page stored. That may not constitute fair use - in particular because the copying is not for personal use but for commercial use.
For books, these are not made freely available anywhere in any form. Copying entire books for any use - even if only an extract is shown to the user - does not constitute fair use. In fact, at least in Europe, it is not considered fair use to borrow and copy a book for personal use, just as you are not allowed to copy a music cd. It is only within fair use if you restrict to copying a limited extract of the book.
Giving opt-out for tampering with others rights is never acceptable - as much as we dislike sites that require you to opt-out of their commercial e-mails - google should not require authors to opt-out. They should opt-in.
Now Googles strong arguments are the benefit for the general public, in particular for the advancement of science and education, and in particular in 3rd world countries where access to litterature is limited and expensive. And the fact that by making litterature findable, otherwise lost works that constitutes part of our cultural heritage would remain lost.
If Google can argue for the benefit of the general public at the minimal cost of the copyright holders, then Google may be able to make it through.
Since everyone - except for advertisers - agrees that popups are bad, and firefox do a pretty good job of blocking popups, new methods have come. Check this code I found at www.dooyoo.es:
They double hide a script with a document.write which writes the tag '<scr' and appends 'ipt' to obscure the script, the true script doing stuff is found at a different location including a random number to fool blacklists.
Slashdot Mirror
1st: Never did I intend to imply that individuals should be criminally liable for the actions done by other individuals. But civil/economical liability should apply. I am inspired by the opinion of Bruce Schneier, but I think he doesn't reflect on the case of open source which would cease to exist if the strict liability applies, that's why I say, if source is provided, user should have enough information to evaluate the product and assume liability. Liability is the mechanism that will make everyone try to find someone else to point at. 2nd: I don't think that aunt Alice or uncle Bob should have the knowledge to carry out a DDOS attack in order to be held liable. But they should have the knowledge to use the device as instructed in the user's guide, and they should have the knowledge to maintain the device purchased - also if the "device" is a software program - that is keep it updated, and apply any corrections provided by the vendor in reasonable time. And all this as stated, is fair only if vendors also are liable for their products. I seriously don't get how vendors can get away with disclaiming liability, even for known issues. Microsoft have their patch-Tuesday, I still don't get it, why can't they release their patches as soon as they are there? People set up their computer to apply patches at the regular interval they find reasonable, say every month or every day... If windows update is run automatically, why should it only run only on the second Tuesday of the month? Sorry about that rant - just had to get it out...
I don't use the car analogy as a functional analogy but analogy of liability. The car analogy becomes absurd as analogy of functionality. You may read my reply to previous poster.
1) Don't be silly: The analogy I wish to draw regards liability, not functional characteristics. Liability has nothing to do with functionality.
:) But again, don't be silly, the analogy is not of functional characteristics.
2) I'll admit that all the 1's are identical, and all the 0's are identical, but sometimes the order is important
The point is that the owner of a device is the only one responsible for that device. If my neighbors pc is hacked and attacks mine, I can't interfere, that would be trespassing. All I can do is try to monitor and log the activity. The only one who have the ability to act against the compromise without breaking law is the owner. Therefore, the owner should be responsible for doing so, and liable for any negligence.
As it is now, everyone disclaims all liability: The software vendor, the ISP's, businesses and individual users. All the cost is paid by the victim target. Software vendors even disclaim liability for errors they are aware of - did you ever read one of those EULA's?
If you make people liable for their devices, you introduce an incentive to act: To protect against compromise, to detect compromise, to contain compromise and to repair. People and businesses will have an incentive to reduce risk and buy products according to their security merits and not only functionality, software vendors will then have an incentive to create less insecure products, and product liability should apply to increase that incentive.
It's a cost-benefit calculation, if there are no costs of insecurity there is no reason to act. Most individuals say "why should I care, I have nothing to hide!".
Big corps worry about security because of potential losses. Microsoft works to secure themselves such that source code and business secrets are not disclosed, but the security of the customer is treated as a PR problem - "sales may go down if we screw our customers too much". They have disclaimed all liability for their products. And when liability is disclaimed, vendors see a benefit of market early - better sell buggy products now and correct errors later because otherwise the competitor may come first.
Liability turns that around. Vendors will work to weed out the bugs and test the products properly before release since the cost of releasing buggy products early increases.
Finally, please read my comment again: I don't say aunt Alice should be penalized, and in fact I say that it is not fair to impose liability on individual users while letting vendors disclaim all liability. Software companies currently disclaim all liability for their products. This I think is fair only if they also provide every detail needed to evaluate the product before purchase: The source code! Any company that decides to keep code closed should retain liability for their errors. Disclaiming liability is not fair unless users have full knowledge of the inner workings of the product.
True: Most users don't have the technical knowledge to evaluate a product, but then you purchase a product evaluated such that liability is with the software vendor. So, aunt Alice may purchase closed or open source products, she knows that if it's free and comes with source code she is liable for any dysfunction, so she pays a vendor that test the product and assume liability.
Liability doesn't make products secure by default, but it gives an economic incentive to prioritize security and not just functionality. Companies will make a risk assessment and weigh the cost of breaches and abuse against the cost of making the product more secure. They may insure themselves if they are small or choose to run the risk.
Aunt Alice is liable for her devices, she is the one in power to ensure that the product bought is used following the vendors instructions, and she is the one in power to make sure that vendors corrections are applied. If she fail to follow the instructions, if she does not "patch the breaks" in her system, it's her fault. She can buy an insurance to cover a
I disagree! You buy a computer - you're responsible for it. If you don't have the knowledge to secure it, you pay the professional to do it for you. You may also insure yourself for any damage caused by your system, insurance companies exist for that.
It's like having a car: You are liable for the damage caused by the car independent of who drives it. If it is stolen or hijacked, you are still liable. Therefore your are required to have an insurance that can cover the damage, there are safety requirements for the vehicle, and you are responsible to see that your car meet these requirements. If you are not professional you go to the mechanic and have it done. And even if everything is OK, and your car is stolen and involved in an accident, you are liable, your insurance will cover damage, and if the thief is caught the insurance company will seek to get the thief to pay up.
The same should go for the Internet: Once you're on the public network you are liable for any damage caused. If we hold people liable they will make sure that their systems does not inflict any damage, reduce the risk. Currently, people just say:
"Oh sorry, I didn't patch my system, I didn't update my anti-virus and someone broke into my system without my knowledge... but that's not my fault!"
and
"I don't know how to maintain my system, but I just want to use e-mail anyway, so why should I need to care?"
Of course, it is not entirely fair just to blame the user. Software vendors disclaim ALL liability, even for errors they have knowledge of. Schneier's dream is to make software vendors liable for their products. I think that unless the public have full access to the code vendors should not be able to disclaim liability. You can't both disclaim liability and impose restrictions on how the product may be used.
If there is product liability, then it is also fair to hold users liable for inappropriate use and abuse caused by their misconfiguration or negligence and liability cannot be passed onto the vendor.
If this means that uncle Bob and aunt Alice can't use the Internet, because they wont accept responsibility for their systems and won't buy insurance against abuse, fine! Cut the connection!
There is a number of explanations:
1) The period of being "child" has become shorter. Previously children would happily play with LEGO till age 15, but now kids loose interest around age 10-12 if not before.
2) Computers take a lot of the attention, which was the reason to launch Mindstorms, make the kid creative with the computer. And when computers don't take the attention then cellphones do. Kids communicate much more (quantity, no word about if this is good or bad) than previously, chat rooms, blogs, sms, social networks etc. None of which involve any bricks.
3) Media take a lot of attention, and there's not much to do about it. Today it is common to find tv sets in childrens room and programs directed towards children get more exposure.
And 3) is part the explanation that childhod has become shorter: Just think about all the boys and girls bands that become the big hit, and kids want to be like them. Say, Britney Spears? (there are certainly others, I'm just not young enough any longer to catch interest).
So, it's no surprise that LEGO looses ground. And they are investigating hugely other ways to get through and catch interests. Which explains the losses.
PS: Don't know if the loss mentioned is actually danish kroner, in which case it's only a 6th.
The term "firewall" in the Great Firewall of China is misleading, they just want to build on the analogy of the great wall of China - it is not a traditional firewall, read the original article. It is based on IDS and deep packet inspection, because they want to do filtering based on content in the application layer and not the network layer.
Statefull firewalls insert an entry in the state table when the connection is established and then does not
inspect packets belonging to that state, this increases performance.
But since the tcp-handshake normally does not contain any banned words this won't work, and blocking a connection at that point won't work. They want to filter on the content which comes after the connection has been established.
In the abstract (but read the rest too, it's interesting) of the article (pdf) they write that the firewall will send spoofed RST packets to both ends of the connection, normally the server/client will then tear down the connection. But the packets send by the server are passed unchanged.
According to the article new attempts to connect will be blocked, not by dropping the packets, but by sending a new flod of RST packets - this time without expensive packet content inspection.
Hence, in both cases, if both ends ignore the spoofed RST packets, data exchange can proceed unhindered. The spoofed RST packets can be identified by inspecting TTL and/or sequence number (wonder if packet-filter can do this?). But one can also entirely ignore RST packets and rely on closing a connection on timeout or FIN/ACK packets.
Only well behaving clients would send nice RST packets to prematurely tear down a connection, but we are much more in the oposite situation that clients use keep-alive to keep the connection open even when a request have been completed. So, it seems that ignoring RST is at no cost to the server.
The paper goes on to discuss how to support this and the risks of chinese using such a setup. They argue that if RST packets are ignored by default it will be dificult to argue that the individual intend to access prohibitited material. All we need to do is to make it default behaviour!
Meanwhile, we must also setup freedom servers in our end which will ignore the RST packets.
It appears the link to the source is missing - I first read about it last week on Schneiers blog, linking ot the original blog post found here:
o ring-the-great-firewall-of-china/
http://www.lightbluetouchpaper.org/2006/06/27/ign
And for all the details, the paper to be presented is here:
http://www.cl.cam.ac.uk/~rnc1/ignoring.pdf
I think the interesting thing is that by configuring our end to ignore the invalid resets from the Great Firewall of China we can aid the distribution of otherwise censored material.
DDoS attacks against the GFC seems not to be that easy, as the article mentions the GFC is not one giant router at the backbone, but rather smaller machines closer to the end stations - the firewall is distributed accross an unknown number of gateways.
Verification is absolutely important, but much more important is that the theory have the property of falsifiability: That you can setup experiments that would falsify the theory.
The school of Karl Popper asserts that science progress by trying to falsify it's own theories. Much has been argued against this, in particular that there are so many ways to keep on doing that that this is not very progressive, so people argue that scientists should try verify their theory with observation.
Yet, I think, this should not discard the criteria of falsifiability as a fundamental criteria of science, and scientists must be prepared to be proven wrong. This is what distinguish science from all the pseudo-science and crackpot.
Secondly, theories should be kept as simple as possible - I think this originates from Albert Einstein, but I have forgotten the original quote - if you can describe something in a simple manner then it is likely to be that way, while a complex theory may obscure the simplicity while describing correctly the world as we see it.
If ST fails on these then ST should be discarded as crackpot.
It *is* ready for the desktop. I have been using FreeBSD on my notebook for three years as my primary desktop computer. Because: FreeBSD Just Works(TM).
What if it push the moon out of orbit and then the moon crashes into the earth? Are they insane?
You didn't read the article. The article talks about MS getting Windows Vista out the door and it talks about why innovation at MS is so slow: They waste tons of time just to keep all the legacy stuff working.
The point of the article is that the code base have grown hugely complex and dificult to maintain and MS refuses to rip out legacy code to get a leaner code base that will enable them to move forward and innovate.
There is no mention of the OS itself being slow.
Read the article:
"Christine Monaco, a spokeswoman for the FBI in New York, said Monday that all FBI agents can communicate with each other via a secure internal e-mail system, and about 75 percent of the New York office's employees have outside e-mail accounts."
US forcing pornographic sites to move to .xxx would be like China and Iran requirering US sites to move to .us such that they can protect their citizens from harmful freedom.
.kids domain or similar for minors, it is almost imposible to force established sites around the world to move, but with a dedicated new tld for kids you can control who gets in.
1) As suggested in other post(s), a
2) Agree on an open standard for web content labeling that makes it easy to filter, the W3C could standardize an meta-tag with content classification. It wont eradicate porn but will seem less intrusive for porn-businesses so they are more likely to comply on their own.
3) Agree on an extention to the http protocol, like prefered languages can be specified in the request a maximum acceptable rating say R15 or similar could be sent with the request, and the server would respond with an error 403 or similar if rating is exceeded.
This is really a neat solution because it would be simpler to configure than a filter and cause less traffic. Also, the privacy of the user is better protected since no content is retreived and posibly cached in a proxy or log entries kept on filtering events, there will be no evidence of what was blocked, only that rating exeeded the acceptable.
Paranoid parrents could block sites that does not support the extension, that would make support grow.
Both 2) and 3) allow for eg. public libraries to create users with different settings according to their age. With 3) search engines could easily addopt results such as not to display inappropriate results.
On single user systems such as Windows (yes I know, you _can_ have multiple users, but people don't use that feature) browsers should have password protected configurations such that parents could configure their browser without their kids messing up afterwards.
And, then the obvious question: why would porn industry support such standards?
They have no business to do with minors who can't even hold a credit card, so they would prefer to support these initiatives in order not to loose business with real customers.
Given the recent data retention directive passed by the European Commision and parlairment and required to be ratified in national laws by mid 2007, police will have access to far more data than just billing information.
See this link on data retention directive.a) Nanotubes made of carbon are quite harmless, actually research is done on how these can be used for medical treatment for example to encapsulate vira.
True, nano and micro particles in the air can be harmfull, but this is not the case for the nanotubes in a closed container. When the ultracapasitor is disposed it contains less harmful chemicals than a Li-Ion battery.
b) You have a point, but this is mostly an engineering problem to make it charge correctly. Wether they would melt is a completely unfounded claim. They could catch fire too, since they consist of carbon.
c) Again, if this is a significant problem, it seems to be one that can be handled.
d) Here you refer to the current capacity and this is not yet convincing, but the OP was about future development.
So, if you want to give critics, then read the article and correct my error (too late now): I confused power and energy density. They claim a power density 1000 that of bateries is possible and an energy density comparable to Li-Ion.
This is still very interesting I think due to the positive impact on environment and faster recharge. The fact that you can recharge faster will give you more independence and mobility.
I recall there was a post on this somewhere recently, else see this:
o ject.htm
...
http://lees.mit.edu/lees/projects/cnt_ultracap_pr
Ultra capacitors now can hols 6Wh/kg which is only a fraction of conventional Li-Ion batteries but according to MIT this can be boosed to 1000 battery capasity by using nanotubes.
And ultra capacitors have a large number of advantages: no dangerous components, recharge in a matter of minutes, better temperature tolerance, longer durability
I don't know why people bother to talk about fuelcells...
Yes! It WAS called "new brain". A box the size of a phone book with a single line 20 character display should one not have a monitor.
OK, it wasn't mine, it was my father's first computer, but also the first I was introduced to. I think we programmed basic on it.
Just to comment on one issue: One reason that people put the volume so loud is that the earbuds do not keep out external noice. So, said earbuds should actually have the effect that you will not turn up the volume as much - not that you can't of course.
Also, classic earphones are better keeping external noice out and for this reason not claimed responsible for the same extent of hearing loss.
Anyway, I'm surprised that this comes up in the first place, but maybe this guy didn't listen to - or couldn't hear - the warnings...
Whenever someone posts about climate change and global warming people flock to deny it and to mention previos periods of warmth and cold that are more extreme than the current, so what's the problem with 0.1C or 1C average?
... at least on our side of the globe, but there is a whole world, more than 6 billion people out there. If you care about other people, then so should you care about climate change.
This is true indeed and I don't think life on our planet is going to become extinct because of global warming.
But there is one thing that is interesting to note: In all the known climatical periods of the earth, none has been more stable than the past 10.000 years. Coincidencially, in these 10.000 years the human civilisation arouse.
I think it is not just a question of evolution reaching a critical point if not that this point coincides with stable climate.
We may believe our technological know how can now cope with the changes
"A PSU that can run two high end computers."
Yeah, this is great, when the PSU fails, both your computers will be down.
I don't know if it is easily hackable, but with a 1m accuracy for the free version I have difficult to find the ones who see a market in hacking this. Of course it's a question of price of the commercial grade version also, but still.
As you read the article, the first thing you note is really that this "trusted" person may still be able to authenticate after he leaves his job. The problem is not that the password never expires, but that his account never expires or there is just one shared account.
Any system that requires authentication should also require identification, and each account should expire at some time. It should be posible to lock individuals out without imposing change of password on all other authorized users.
In fact never expiring passwords may increase security in everyday systems: When people are regularly required to change their passwords chances are that they will choose even worse passwords, simply because it takes time to find and learn a good password.
Repeated change of password gives no protection against brute force attack simply because you have no idea wether the hacker will go sequentially through all posibilities or if the new password has already been tried and hence has low probability of being tried again.
Instead, system administrators should make sure that chosen passwords has sufficiently high entropy before they are accepted in the first place and continuously try to crack user passwords - if a password is cracked, it is weak and must be changed.
As much as I support the idea of indexing all books, these two arguments claimed by Eric Smith just don't hold. The problem is that there are good reasons that "fair use" differs depending on how you initially made the information available:
1. It is ok to record an entire tv program for personal use - it was broad cast to the public. However, it is not acceptable to broad cast the recorded program again, this is not for personal use.
2. While webpages are not broad cast as a tv programs they are published to be freely accessible. The web builds on linking accross pages and sites from the very birth, so it is reasonable to argue that you should have known before hand.
However, one thing is linking another is copying entire sites or pages. To provide the context in which a keyword appears in a given page, google must actually have the entire page stored. That may not constitute fair use - in particular because the copying is not for personal use but for commercial use.
For books, these are not made freely available anywhere in any form. Copying entire books for any use - even if only an extract is shown to the user - does not constitute fair use. In fact, at least in Europe, it is not considered fair use to borrow and copy a book for personal use, just as you are not allowed to copy a music cd. It is only within fair use if you restrict to copying a limited extract of the book.
Giving opt-out for tampering with others rights is never acceptable - as much as we dislike sites that require you to opt-out of their commercial e-mails - google should not require authors to opt-out. They should opt-in.
Now Googles strong arguments are the benefit for the general public, in particular for the advancement of science and education, and in particular in 3rd world countries where access to litterature is limited and expensive. And the fact that by making litterature findable, otherwise lost works that constitutes part of our cultural heritage would remain lost.
If Google can argue for the benefit of the general public at the minimal cost of the copyright holders, then Google may be able to make it through.
Since everyone - except for advertisers - agrees that popups are bad, and firefox do a pretty good job of blocking popups, new methods have come. Check this code I found at www.dooyoo.es:
if(typeof(adlink_randomnumber)=="undefined"){var adlink_randomnumber=Math.floor(Math.random()*1000They double hide a script with a document.write which writes the tag '<scr' and appends 'ipt' to obscure the script, the true script doing stuff is found at a different location including a random number to fool blacklists.