Ah, I read the article, it is for computer-security breaches in which confidential information may have been compromised. That makes a bit more sense. Now I know who you have to notify and why.
You have to notify those who's information may have been leaked. If you don't and they find out later, they will be the ones that care and can sue you.
First of all, who decides what a break-in is? If somebody can access the data who is to say that the admin didn't want it that way? If the admin wanted it accessable, he shouldn't have to report every access to it.
How about for break-ins that the admin didn't know happened? I can't imagine that this law would require reporting of something you don't know about. Any admin could feign ignorance of something to avoid reporting.
Who is going to care if stuff isn't reported? If you don't report something, who is going to sue you? I can see a new type of hacker: "I broke in but you didn't report it, so now you owe me One Million Dollars (bwah hah hah)."
What would the purpose of this law be anyway? For law enforcement to gather data? I didn't read the article or text of the law, so maybe some of my concerns are addressed. I don't see how it would ever work given the Slashdot writeup.
HTML Guardian is not windows only. Their example page works fine in my Mozilla web browser under Linux.
Their system is not as secure as they might lead you to believe. Everything you need to interpret the page and steal the contents is given to you. You just have to run it through the JavaScript program (which is also given to you). It will prevent most users from copying stuff, but it wouldn't stop me if I wanted to.
Spam harvesters probably can't interpret javascript, but it won't be too long before one can or at least knows about this specific program. Then its spam heaven for your email address.
My contact form doesn't send the email address, an obfuscated email address, or even and encrypted email address. It just sends an alias of your choosing.
Being fed up with the amount of spam that I receive, I took preventative measures. I was up to about 150 spam each day. I tried filters, the best I could do was get rid of about half of it. Too many false positives. I lost email from friends. I thought about switching to the new bayesian filters I'd read about on Slashdot, but they don't seem that mature yet and anyway, I thought of a better solution.
First I bought my own domain name. This allows me to enable new email addresses at any point. I have an unlimited supply. I can create a new email address for anything that I want. Anytime I buy something, I enable an email address with some number and the name of the company in it. Anytime I post to usenet or ask somebody for help from somebody I create a new email address for that purpose. I give all my friends a private email address and ask them to be careful with it.
This means that I can also disable email addresses. I send an autoreponse to any disabled email address saying, "You attempted to send deadsea email, but you used an address that gets too much spam". I then can give them a URL for a contact form if they really need to contact me.
The contact form is the best part though. If you go to my website, the contact form lets you send me email but never reveals my address. It uses an alias system. That means that my addresses won't be harvested to begin with. I made the contact form available under the GPL so you can use it too.
So people can email me, but if I start getting spammed, I can disable an address and people can still contact me. Sure its a pain to have to use the contact form, but it doesn't happen that often. When it does happen, I reply with an email address that can actually be used to contact me.
I really don't get why people say loose when they mean lose.
Loose rhymes with goose, moose, noose, and caboose. It fits the following sentences:
The nut came loose from the bolt and fell off.
The hunter set the hounds loose.
Lose rhymes with use. It comes from the root word lose which only has one 'o'. Similarly, lost, the past tense, only has one 'o'. It fits in the following sentences:
We didn't play the game well and we deserved to lose.
Did you lose the nut when it fell off the bolt?
If you are going to mispell 'lose', at least spell it 'luze'. That way it doesn't confuse those of us who see 'loose' and pronounce it properly.
The only word I can think of that is spelled like loose but pronounced like lose, it choose. I'd hardly think that would confuse though.
Any voting machine will not be networked, will have simple interface to voters that does not expose a command line or desktop, and has physical access controlled by poll workers.
It is not likely that a black hat is going to be able to find a flaw that lets them vote more than once, view the votes of others, change the votes of others, or otherwise tamper with the eletction from the voting booth.
The biggest security risk comes from the individuals and corporations that build the voting systems. It is much more plausible that a programmer will put a line of code in that looks like: if (date == 'Nov 2' && party == 'republicats') secretlyrecord vote(candidate);
That one line of code will never be caught by QA testing or practice elections. It may or may not be caught by open source.
What is more important than anything else, is providing an audit trail. A voting machine must cast the vote onto a medium that the person that voted can verify. One way of doing this would be to print the vote, and let the user verify that the printout says the correct thing. A certain number of machines should be checked (randomly) every election to ensure that the vote count the machine spits out matches a hand count of the paper ballots.
New federal standards will require such safeguards. Unfortunatly, most electronic voting machines that are coming out today do not meet these standard and will need to be replaced in a few short years.
Open source may be part of the answer to a good election, but it is not sufficient to ensure one.
Actually another 10,224 of those 65,159 were marked as INVALID which I believe is another way of saying "not a bug". So take those stats down a bit more.
26.3% (52,618) of the 200,000 have been marked as duplicates of other bugs.
11.6% (23,370) of the 200,000 have been marked as not reproducable (not a bug, it works for me)
2.6% (5267) of the 200,000 have not yet been confirmed (likely to be dups on not reproducable
Only 65159 unique, verifiable bugs have been reported against the browser (as opposed to bugzilla, mail/news, and other components that bugzilla tracks).
2.8% (1851) of those 65159 bugs are/were blockers
8.4% (5528) of those 65159 bugs are/were critical
10.2% (6711) of those 65159 bugs are/were major
64.1% (41803) of those 65159 bugs are/were normal
4.9% (3256) of those 65159 bugs are/were minor
2.2% (1401) of those 65159 bugs are/were trivial
7.1% (4609) of those 65159 bugs are/were enhancment
If I recall correctly, this protocol would handle both discovery and drivers. The basic idea is that each type of device would have some industry agreed upon interface. For example a printer would support and interface with a "public static Status print(Document d) throws IOException" interface. There is a way to ask for devices near you that support such an interface. The devices that do, would respond with an Object (or driver) that implements that interface and you would be good to go.
Microsoft didn't support it so hardware vendors don't support it, so it is fairly dead at this point. However, it would have been kewl.
In the old days of slashdot before journals, anybody could comment on any story, whether or not it existed. The comments on fake stories would like for several weeks and then drop off into the ether. There were semi-official fake topics for meta issues: moderationmetamoderation, etc. Today it seems that these have been disabled. Journals probably did a good job of replacing most of this conversation, but not really the meta discussion.
The problem is that there are currently no virtual machines or class libraries available under the GPL. This means that many Linux distros don't have Java installed. That means that even though my software runs on Linux, it isn't widely used. I welcome any initiative that will bring Java to Linux more readily.
This move just means that open source implementations of Java are officially legal. It doesn't really bring them closer to being here now. Some of the interesting projects in this area are the GNU native compiler for Java and the GNU Classpath project. Neither are anywhere near being fully functional yet, but I'll give them time.
I bought my own domain name. This allows me to have unlimited email addresses and to change addresses at will.
Put a contact form on your website. I couldn't find one that did everything that I wanted so I wrote one. It works on an alias system so it never reveals the email addresses that it uses. To use it, just edit the aliases to include your address and plunk it on your server. To prevent unwanted spam and automated submissions you can set regular expressions (server side with client side optional) to validate the form.
When an email address starts getting spam, disable it. I send an autoreply saying "You emailed me at an address that gets too much spam you can contact me at http://ostermiller.org/contact.pl"
Change contact info you have in public places such as your website to point to the form, rather than to an email address. That way the email addresses you use won't get spammed in the first place.
Encourage your friends not give your email address out to greeting card sites, somebody thinks you are cute sites, and email a friend this page sites. But even if they do, don't be afraid to change your address. If your friends email you at a disabled address, they will get a response to go to the form.
I've been using this system for several weeks. I now send out about 100 autoreplies each day (all those used to be spam in my inbox). I now get about 5 spam a day and I'm working to disable some of those addresses. (I still have to find a way to deal with bugzilla since it requires a public email address)
Along the same vein, a couple weeks ago I coded Tic-Tac-Toe in JavaScript complete with an alpha-beta search such that the when it is in expert mode, you cannot beat your web browser. Solving the whole game on my computer takes about 5 seconds, so I added an opening book to compute the first move. With that response time is pretty much instantaneous even in expert mode.
This seems like an apropriate time to take a little break and discuss how a programmer would design an application to handle whatever language is thrown at it. I'm primarily a Java programmer, and I like the way that Java handles internationalization. When you program in Java, you just expect it to work. The Java APIs have been designed around internationalization from the start.
There are three levels: bytes, character sets, and glyphs. Your program recieves a stream of bytes and you have to display those bytes to the user as text in the correct langugage. That display is done using glyphs (font characters). A character set maps bytes to glyphs.
There are tens if not hundreds of different character sets. A character set might map each byte to a different glyph (latin 1 and 2), only some bytes to glyphs (ASCII), multiple bytes to a glyph (Unicode), or varying numbers of bytes to glyphs and some bytes to no glyph (UTF-8).
Java APIs handle this by reprensenting all Strings internally in Unicode. Unicode is the granddaddy of all character sets. Almost every glyph has a value in Unicode. When you get a stream of bytes in java you can use a Reader to translate that stream into Unicode. The Reader is constructed with the name of a character set. If no character set is specified, the system's default is used. The character to be used usually comes from meta-data. In html for example, the character set for the page is transmitted by the server in the data that comes before the page itself is delivered (the http header.)
Once you have a unicode string it is straighforward to find a glyph to display for each character. This all depends on the right fonts being installed, but usually APIs handle it for you.
I18n problems usually occur when a programmer doesn't know to how to translate bytes into unicode characters. The programmer may always use the default character set, ignoring any meta-data. Similarly on sending data, the programmer must tell the other end with which character set the data is sent. Other problems may occur when a needed font is not installed.
Often, a system works with a specific character set that doesn't support all characters (such as latin 1). When more characters are desired in such an instance, escape characters are often used. There are \uXXXX style escape sequences in source code, and &XXX; escape sequences in html. Such escape sequences may be able to retrofit an older system in which a specific non-inclusive character set is assumed.
Slashdot Mirror
You have to notify those who's information may have been leaked. If you don't and they find out later, they will be the ones that care and can sue you.
How about for break-ins that the admin didn't know happened? I can't imagine that this law would require reporting of something you don't know about. Any admin could feign ignorance of something to avoid reporting.
Who is going to care if stuff isn't reported? If you don't report something, who is going to sue you? I can see a new type of hacker: "I broke in but you didn't report it, so now you owe me One Million Dollars (bwah hah hah)."
What would the purpose of this law be anyway? For law enforcement to gather data? I didn't read the article or text of the law, so maybe some of my concerns are addressed. I don't see how it would ever work given the Slashdot writeup.
Hence the second step, disabling the address once it gets spammed.
HTML Guardian does not use Java. It uses JavaScript. There is a difference.
HTML Guardian is not windows only. Their example page works fine in my Mozilla web browser under Linux.
Their system is not as secure as they might lead you to believe. Everything you need to interpret the page and steal the contents is given to you. You just have to run it through the JavaScript program (which is also given to you). It will prevent most users from copying stuff, but it wouldn't stop me if I wanted to.
Spam harvesters probably can't interpret javascript, but it won't be too long before one can or at least knows about this specific program. Then its spam heaven for your email address.
My contact form doesn't send the email address, an obfuscated email address, or even and encrypted email address. It just sends an alias of your choosing.
First I bought my own domain name. This allows me to enable new email addresses at any point. I have an unlimited supply. I can create a new email address for anything that I want. Anytime I buy something, I enable an email address with some number and the name of the company in it. Anytime I post to usenet or ask somebody for help from somebody I create a new email address for that purpose. I give all my friends a private email address and ask them to be careful with it.
This means that I can also disable email addresses. I send an autoreponse to any disabled email address saying, "You attempted to send deadsea email, but you used an address that gets too much spam". I then can give them a URL for a contact form if they really need to contact me.
The contact form is the best part though. If you go to my website, the contact form lets you send me email but never reveals my address. It uses an alias system. That means that my addresses won't be harvested to begin with. I made the contact form available under the GPL so you can use it too.
So people can email me, but if I start getting spammed, I can disable an address and people can still contact me. Sure its a pain to have to use the contact form, but it doesn't happen that often. When it does happen, I reply with an email address that can actually be used to contact me.
Good point.
I probably also shouldn't end an example sentence with a preposition.
I really don't get why people say loose when they mean lose.
Loose rhymes with goose, moose, noose, and caboose. It fits the following sentences:
Lose rhymes with use. It comes from the root word lose which only has one 'o'. Similarly, lost, the past tense, only has one 'o'. It fits in the following sentences:
If you are going to mispell 'lose', at least spell it 'luze'. That way it doesn't confuse those of us who see 'loose' and pronounce it properly.
The only word I can think of that is spelled like loose but pronounced like lose, it choose. I'd hardly think that would confuse though.
I have a rather large endianess, especially in the rear. I wouldn't mind being targetted with Microsoft money.
It is not likely that a black hat is going to be able to find a flaw that lets them vote more than once, view the votes of others, change the votes of others, or otherwise tamper with the eletction from the voting booth.
The biggest security risk comes from the individuals and corporations that build the voting systems. It is much more plausible that a programmer will put a line of code in that looks like:
if (date == 'Nov 2' && party == 'republicats') secretlyrecord vote(candidate);
That one line of code will never be caught by QA testing or practice elections. It may or may not be caught by open source.
What is more important than anything else, is providing an audit trail. A voting machine must cast the vote onto a medium that the person that voted can verify. One way of doing this would be to print the vote, and let the user verify that the printout says the correct thing. A certain number of machines should be checked (randomly) every election to ensure that the vote count the machine spits out matches a hand count of the paper ballots.
New federal standards will require such safeguards. Unfortunatly, most electronic voting machines that are coming out today do not meet these standard and will need to be replaced in a few short years.
Open source may be part of the answer to a good election, but it is not sufficient to ensure one.
Did you mean "dog eat dog"?
While "doggy-dog" reminds me of a sexual position, "dog eat dog" is a cliche that illustrates competitiveness.
Actually another 10,224 of those 65,159 were marked as INVALID which I believe is another way of saying "not a bug". So take those stats down a bit more.
Yes, you are correct. I couldn't come up with the name for it and JNDI sounded right when I found it.
Well, I did appretiate the comment, even if you did get whacked for it. :-))
Or why don't we look at one of the many articles that don't require registration. Darn NYTimes.
If I recall correctly, this protocol would handle both discovery and drivers. The basic idea is that each type of device would have some industry agreed upon interface. For example a printer would support and interface with a "public static Status print(Document d) throws IOException" interface. There is a way to ask for devices near you that support such an interface. The devices that do, would respond with an Object (or driver) that implements that interface and you would be good to go.
Microsoft didn't support it so hardware vendors don't support it, so it is fairly dead at this point. However, it would have been kewl.
You can submit bugs to almost any project with the unix move command (mv)
- Make a text file with your favorite editor.
- Be sure to name the text file with a good summary
- Edit the text file to include the version of the software you are using, a long description of the bug, and any other relevant information
- Submit the report with the command: mv <file>
/dev/null
See, its all in one place and its easy!I put the boards together with a soldering iron.
I make the chips by melting sand.
And I like it.
In the old days of slashdot before journals, anybody could comment on any story, whether or not it existed. The comments on fake stories would like for several weeks and then drop off into the ether. There were semi-official fake topics for meta issues: moderation metamoderation, etc. Today it seems that these have been disabled. Journals probably did a good job of replacing most of this conversation, but not really the meta discussion.
My favorites too. I found that I could still download and play adventure on modern systems, but not Ladder, so I had to write it.
- Ladder - a game
- Attesoro - a translation edtior
- Utilities - Java Libraries
- TulipChain - A open directory project browser
The problem is that there are currently no virtual machines or class libraries available under the GPL. This means that many Linux distros don't have Java installed. That means that even though my software runs on Linux, it isn't widely used. I welcome any initiative that will bring Java to Linux more readily.This move just means that open source implementations of Java are officially legal. It doesn't really bring them closer to being here now. Some of the interesting projects in this area are the GNU native compiler for Java and the GNU Classpath project. Neither are anywhere near being fully functional yet, but I'll give them time.
I've been using this system for several weeks. I now send out about 100 autoreplies each day (all those used to be spam in my inbox). I now get about 5 spam a day and I'm working to disable some of those addresses. (I still have to find a way to deal with bugzilla since it requires a public email address)
Along the same vein, a couple weeks ago I coded Tic-Tac-Toe in JavaScript complete with an alpha-beta search such that the when it is in expert mode, you cannot beat your web browser. Solving the whole game on my computer takes about 5 seconds, so I added an opening book to compute the first move. With that response time is pretty much instantaneous even in expert mode.
There are three levels: bytes, character sets, and glyphs. Your program recieves a stream of bytes and you have to display those bytes to the user as text in the correct langugage. That display is done using glyphs (font characters). A character set maps bytes to glyphs.
There are tens if not hundreds of different character sets. A character set might map each byte to a different glyph (latin 1 and 2), only some bytes to glyphs (ASCII), multiple bytes to a glyph (Unicode), or varying numbers of bytes to glyphs and some bytes to no glyph (UTF-8).
Java APIs handle this by reprensenting all Strings internally in Unicode. Unicode is the granddaddy of all character sets. Almost every glyph has a value in Unicode. When you get a stream of bytes in java you can use a Reader to translate that stream into Unicode. The Reader is constructed with the name of a character set. If no character set is specified, the system's default is used. The character to be used usually comes from meta-data. In html for example, the character set for the page is transmitted by the server in the data that comes before the page itself is delivered (the http header.)
Once you have a unicode string it is straighforward to find a glyph to display for each character. This all depends on the right fonts being installed, but usually APIs handle it for you.
I18n problems usually occur when a programmer doesn't know to how to translate bytes into unicode characters. The programmer may always use the default character set, ignoring any meta-data. Similarly on sending data, the programmer must tell the other end with which character set the data is sent. Other problems may occur when a needed font is not installed.
Often, a system works with a specific character set that doesn't support all characters (such as latin 1). When more characters are desired in such an instance, escape characters are often used. There are \uXXXX style escape sequences in source code, and &XXX; escape sequences in html. Such escape sequences may be able to retrofit an older system in which a specific non-inclusive character set is assumed.