In today's glossed over vapid music climate artists like Bob Dylan, Janis Joplin and many others would not be taken seriously by the majors. I can hear it now.. Not marketable. Too nasally. Screams too much. Won't sell enough product. Not worth our investment.
Which is why, in the fullness of time, they are doomed to fail.
If you intentionally make your assets unprotected, and when stolen, you don't report to the police and just get on with the life, would it be illegal?
No, I would say it's more like this. Suppose I built a device that could duplicate any physical item given to it exactly. Further suppose that people started using this device to duplicate cars so they didn't have to pay buy one from a car dealer.
The car dealers, facing the total destruction of their business, decide to lobby Congress to pass laws that makes these duplication devices illegal. This, however, doesn't work. People are still making copies in the black-market.
So again, through the courts and congress they attempt to make putting a car in any public place a crime.
I know this is a bat-shit crazy analogy but to some extent that is because what the music industry is doing is bat-shit crazy.
What really hurts is that Congress and the RIAA have totally missed just how revolutionary the Internet is. You'd expect the RIAA to be blind to this because of their own vested interests but for Congress to so completely miss the point is unforgivable.
Businesses from banks to soccer clubs have been the target of these groups, in each case facing the fury of consumers who feel they have been wronged.
English: Football
Spanish: fútbol
Protuguse: futebol
Romanian: fotbal
Galician: fútbot
Catalan: futbol
French: le football
Russian: futbol
Turkish: futbol
Serbian: fudbal
German: Fußball
Dutch: voetbal
Norweian: fotball
Swedish: fotboll
Danish: fodbold
American: Soccer
The United States, it seems, is the only country in the world that prefers to use the name football to
refer to a game that doesn't actually use the feet.
All we ask is that you please call the biggest sport in the world by its commonly accepted name!:)
Thanks in advance,
Rest of World
PS: Now if only we could get our overpaid under-performing team to win something...
May I be the first to say holy fucking shit. I mean, I knew it was bad. I once counted three hundred or so security
cameras on a trip around Liverpool but I never once suspected that we had it anywhere near this bad.
And these goons want a road-pricing scheme via GPS tracking? Jesus f-ing Christ. Next they'll want to photograph people in
toilets in case they decide to take drugs in them. They really are that bat-shit crazy!
My Grandma died last year of cancer. She was one of the brave women that gunned down German planes over Widnes during World War II.
Their generation's sacrifice, every single last one of them appears to be in vein. For we've become the very thing we fought sixty years ago.
How did this happen? How did we let ourselves be cowed in to this?
The faceless little shits behind this will never be known. Their crimes will never go punished.
Any Canadians willing to sponsor a immigrating Brit?
The patents (or lack thereof) have not had effects on cryptography endorsements before.
Yes they have. In particular the AES competition required that submitters adhere to certain restrictions regarding patents.
One of the more popular AES candidates in use is the 384-bit key-based cipher, Blowfish, which has a public domain specification and is very useful in slow key-rescheduling conditions.
.. Blowfish, which has a public domain specification and is very useful in slow key-rescheduling conditions.
I'm not even sure what you mean here. On the whole, a slow key-schedule is a bad idea. You want your key schedule to be as fast as possible. The reason for this is that a fast key-schedule means you can target more platforms with the cipher (such as smart cards et al).
If you want to slow down dictionary attacks there are better ways to do this. Repeatedly hashing the passphrase is more sensible since the number of hashes can be scaled to the platform speed. Stopping a brute-force of a smart card is a world different to brute-force of a PGP disk.
Blowfish on the whole is a poor design. Now that we have AES I would recommend that over anything else.
Go and talk to a lawyer. Their advice is insured and Slashdotters are on the whole legally ignorant.
Kudos to you, however, for trying to get someone to sponsor GPLed code.
Software, she says, just doesn't understand how to do work in parallel to take advantage of 16, 64, 128 cores on new processors.
But the developers do? When these processors become prevelant, people will design their software to utilise the parallel processing capability. What am I missing here?
How else did they expect it to work? Of course you need the god-damn water in the sponge. Microwaves have a wave length measured in the centimetre. The size of a bacterial spore is a couple of orders of magnitude smaller The size of a bateria is a lot smaller than this again.
This means that if you wanted to destroy the blighters with radiation alone you have to choose a frequency a lot higher than microwaves, otherwise there will be areas in the minima of the standing wave that won't heat sufficently to kill the microbes.
The mechanism for steralisation is through the formation of steam that kills the majority of the nasties - not the microwave energy itself.
The amount of research done in to hash functions is nothing like the amount that goes in to ciphers. I'm not really sure why this is the case because hashes are much more important than ciphers. Hashes are used in MACs to protect the integrity and authenticity of a message.
Ask yourself this, is it more important that somebody can read your SSH connection or that somebody can hijack the channel?
The reasons for wanting a good hash function suddenly become very clear.
It's true that hashes are becoming less important as a result of AEAD modes. But they have uses far beyond MACs and it's good to see a competition from NIST to stoke research in to those primitives.
That sounds suspicious, especially coming from wikipedia. Something with a density that low could not likely bend light enough to keep it from escaping, even if very large.
It's nice to see a skeptic; It's a virtue to be a skeptic and not a sin. However, in this case your skepticism is misplaced.
The simplest black hole solution to the equations that govern General Relativity is Schwarzschild's solution. In this he shows that the radius of a black hole is directly proportional to its mass. Elementary geometry tells us that the volume of a sphere is proportional to the cube of the radius. Therefore, the density, which is just mass over volume, that is required to create a blackhole decreases the more mass you have.
I find the figure fairly reasonable for the amount of mass these super-massive black-holes contain.
He's lucky too because he's got this free ticket in before the much expected hyperinflation in the air-miles currency.
This surprises some people but in fact, air-miles are a form of currency. They can be exchanged for real world goods and services and therefore have an intrinsic real world value. The problem is that the vast majority of air-miles go unspent. Since a constantly increasing amount of currency is chasing a limited amount of goods the value of the currency is constantly falling.
The fact that this guy was able to accrue two million air-miles doing a normal job tells you that inflation has already crippled the currency. I soon expect air-miles to be practically worthless.
Of course, like most on here, I will relish the day that the LZW patent expires. But look at how long that took to expire. Every day someone patents yet another obvious invention and it holds everybody back.
Take the Certicom 'Patents' on Eliptic Curve cryptography (ECC). Certicom act as if they own ECC - the write it on practically everything they publish.
Yet on close analysis their patents give them almost no real control of ECC. The long and short of it that anything that operates on GF(p) is not covered.
The consequences of this is that NOBODY is using ECC, despite the fact that it's faster and has shorter keys. The whole field is held back for 20 years and nobody can make any progress.
It's not even used in Europe where these patents don't exist. Let me repeat this: The fact that some jerk of a company says it's theirs means the *whole* world doesn't use me.
I really wonder what goes through the minds of these poeple. Nobody wants to pay a fucktard like Certicom (tm) for a license for their mathematics. Nobody in the history of cryptography has made any serious amount of money from selling a security scheme. Why bother?
The better question to ask is: "Are random searches effective in keeping everyone safe?"
There's two seperate questions here:
Are random searches effective, full stop?
Are random searches better than profile-driven searches?
If 'enough' random searches are done then I expect they would be effective. Clearly, it is unresonable to search everybody so it's a trade-off
between cost, time and hastle. The exact number of searches you conduct will depend precisely on how you way up these trade-offs. It will also
depend on how much training your provide to the people conducting the searches.
I believe that profile-driven searches are flawed. The flaw is that the attacker can always avoid the profile you're trying to detect.
For example, if I profile for young Muslim men with turbans the attacker can simply pick disaffected white middle-class women. Sure, such people
are hard to come by but it is fool-hardy to suggest that they do not exist.
Profiling by race and religion flies in the face of everything we've struggled to achieve in the last century. I think it was Martin Luther King who said:
I have a dream that my four little children will one day live in a nation where they will not be judged by the color of their skin but by the content
of their character.
Those words transcend race, religion and colour. We should not judge because a man reads the Koran any more than we should judge because he is Black.
Muslims are not terrorists. To quote another great mind, master Yoda:
Fear is the path of the dark side. Fear leads to anger, anger leads to hate, hate leads to suffering.
There's already a dark cloud gathering. The question is how dark can it get?
Is there a good way, beyond memos and emails, to inform the partnership that the water in which they tread could quickly become dangerous?
You're only paid to do your job and you did your job. If they don't listen to your advice that's their problem. Just make sure you keep copies of the e-mail you sent on the topic. If something "really bad" happens, then you can say you recommended X, Y, Z and they did absolutely nothing about it.
Whirlpool is a good choice these days. It's longer than most of the hashes out there, but I don't believe there have been any attacks yet demonstrated against it.
For those pythoners out there I wrote a quick wrapper for it that should get you started. Excuse any site errors and just hit refresh
Seconded. Whirpool uses similiar mathematics to AES so an attack that breaks Whirpool is likely (although not certain by any stretch of the imagination) to also break AES.
I think much like it is harder to design a cipher that resists attack when you use an LFSR as your base primitive it is hard to design a hash that is secure that uses an Unbalanced Fiestel Network (UFN).
This is why I do not advocate moving to the higher SHAs. I believe that some weakness will be discovered and it will be found the UFN made it worse.
If you're going to use AES, you've already thrown all your eggs in the Wide-trail design basket. If you're going to do that for the cipher, you might aswell do the same for the hash too.
In fact, in most cases you will use the hash has part of an authentication primitive anyway. In this case, there's a good argument for dumping a new hash and using an encrypt-authenticate mode of operation instead of something like HMAC. That way, you reduce the number of assumptions which have to be true for the system to be secure, which can only be a good thing.
In short, if you need to authenticate use your favourite encrypt-authenticate mode. If you need a hash for some other purpose, use Whirlpool.
When Noether proved in 1918 that every conservation law must have a paired symmetry, physics was transformed for-ever. From then on whenever you saw a conserved quantity it implied there was a symmetry that could be seen in space-time.
A lot of physics courses focus on the conserved quality and not the symmetry. Perhaps it's because the maths is a lot neater with conserved quantities than with symmetries. But I argue that the real understanding of the physics is to be had in making sense of the symmetries.
Conservation of energy implies that the laws of physics are constant over time. This is why breaking the law of energy conservation is important. If even one pico-joule of energy is created from nothing in the universe, it destroys the constancy of physical law.
The theory of electromagnetism has been verified to factor of 10**-20. I find it highly unlikely they've found something new in theory to allow this.
The fact they've issued a press release rather than a research paper suggests they're cranks. Nothing to see here, move along.
Why can't users just install Firefox and NoScript extension for it. Then Javascript will be disabled by default, but user can whitelist the sites where Javascript should be enabled. Problem solved.
Not quite, you see that means you have to trust the web-sites you use to not allow any XSS attacks. For example, I imagine that most people would not have second thoughts about trusting altavista.com, however, clicking on a crafty link[1] to this site could result in serious trouble.
The only solution that is guaranteed to work is to disable Javascript completely. Why do we, as consumers, always find ourselves in the shit? We should demand better security than this.
Since the copyright to each post is owned by the posters and the editors quoted entire posts verbatim, I doubt that their use qualifies as fair under US Copyright law.
It is ironic then that the editors are trying to stoke up discussion on what represents a reasonable limit to copyright while unintentionally demonstrating why the law as it currently stands is horribly broken.
That's a good point. My brother is a lawyer and I asked his opinion on it. His area of expertise is far removed from intellectual property but I suspect his opinion is still many times that of your average Slashdotter. Here's what he said:
As far as I understand it, the contract is made in Russia between allofmp3 and the consumer. In such circumstances obtaining a successful judgment is one thing, there's still the question of mutual assistance and enforcement.
From a political point of view, our courts have continuously refused to extradite Yukos linked Russians back home to face the music, so I see no reason why the Kremlin would suddenly lean on the Russian courts to assist in protecting our interests. It's not as if we already have a great tradition of mutual assistance. Besides, from what I understand, AllOfMp3 isn't breaking any laws in Russia, which makes enforcement even less likely.
In any event, as I've learned the hard way on numerous occasions, being granted permission to proceed by no means indicates that you'll be successful in the full hearing. Very often a case is granted permission to proceed simply to provide an early opportunity to close the door on a potential cause of action. Don't be surprised if the court lays down a precedent indicating that allofmp3 is actually legal.
The BPI have a lot of money but cases like this are nothing like OJ. There's no jury in cases like this in the United Kingdom. The law is applied as it is written and this means that even if you have all the money in the world, you can't buy a judgement. There's a good chance they will lose.
Due to Iraq and George Bush , most people in Western Europe have a little distain for the American Government. In fact, where I live, people often break in to an American accent when they do something stupid. I imagine this is because everyone sees Channel 4 news where we see the "Answers from Genesis museum" and thinks: "Only the stupid could indulge such nonsense."
With that necessary rant taken well and truly aside, I want to thank American for doing what no-one else can afford to do: put real science equipment in to space. It's your taxes that pay for the Hubble Space Telescope. This is a project that has furthered science in a very unique way. It is project that Galileo would have dreamed of. It is a marvel, a temple,even, to science.....
With all the gratitude in my heart, I still feel America confuses me. To paraphrase the film Contact: "It is capable of such beautiful dreams and such horrible nightmares." It is a land of contradiction; of promise and of despair. It is of science,and religion, of the smart and the idiot. It's is so huge that it contradicts and astounds. It is the country where opposites can be equally true.
As a British man, I love America and I hope the feeling is mutual. I raise this glass to the future of Science and hope you will raise your glass too! To Science!
Open source means you can read the source, much like an "open book exam" means you can read the book. The
correct term for software that belongs to the community is Free Software. With Free Software, you are guarenteed
to have the four fundamental software freedoms. With "Open Source", there is no such guarentee.
By my definition, even Windows is Open Source. In principle, I can view the source code to Windows. It's difficult and
I have to sign a whole bunch of documents but I could do it with sufficient patience. This is why I don't like Open Source as a term; it
is far too misleading. In fact, it doesn't actually mean anything other than the fact there is a mechanism by which you can see the source code
that doesn't involve getting a court-order.
In contrast, the term Free Software has a very precise meaning and really should be trade-marked by the FSF. Then the FSF could only issue licenses to se the trade-mark where the software is licensed that protects the four freedoms. This way, companies couldn't profit from the name unless they labelled their products correctly.
I found that everything I use seems to take hours and hours to compress, encrypt and shred. Not to mention decompressing, decrypting and deleting on the other end.
XOR against a repeated key would be ultra-fast but woefully insecure. When will people learn that it takes CPU cycles to encrypt that much plain-text? In just about every other field you don't get something for nothing; why should Cryptography be any different?
Okay, go to the "resource centre link", provided herehere for your convenience.
What do you notice? I'll give a hint:
Download the Windows Vista Product Guide
Available in Microsoft Word format (60 MB) or the new Windows Vista XPS document format (12 MB). (emph mine)
Where the hell is the PDF? Aside from the fact that this is really fucking annoying it has some really worrying implications. They're
trying to boot out the PDF format, which is nice, open and ubiquitous with their own format - and they're using their monopoly on the desktop operating system
market to achieve this.
Let me be the first to call "Antitrust. Thanks for playing Microsoft! Please give the EU another 600 million euros.
For me, this little bit of text says it all. There's no PDF, they're pushing their own format that they know nobody uses. This shows that even after multiple multi-million dollar settlements and huge fines from the EU the company has not changed one bit. They seem to be acting much like a heroine addict, in that they're moving from one crime to the next, getting bigger and bigger fines but
no matter how much you fine the company it is still pathologically anti-competitive.
I do have to say that the longer Microsoft remains on this path, and refuses to comply with the law, the more likely that it will meet
it's end equally as sticky as the heroine addict. Is it a rule that all big companies go the way of AT&T eventually?
Latex with CVS. This is what I use for my documents. It's simple (yes it is simple.. markup languages are not hard to understand) and with CVS it's far more feature complete than Word in version control.
There's plenty of WYSIWYG tools for Latex. Let Google be your guide.
Slashdot Mirror
Which is why, in the fullness of time, they are doomed to fail.
Simon
No, I would say it's more like this. Suppose I built a device that could duplicate any physical item given to it exactly. Further suppose that people started using this device to duplicate cars so they didn't have to pay buy one from a car dealer.
The car dealers, facing the total destruction of their business, decide to lobby Congress to pass laws that makes these duplication devices illegal. This, however, doesn't work. People are still making copies in the black-market.
So again, through the courts and congress they attempt to make putting a car in any public place a crime.
I know this is a bat-shit crazy analogy but to some extent that is because what the music industry is doing is bat-shit crazy.
What really hurts is that Congress and the RIAA have totally missed just how revolutionary the Internet is. You'd expect the RIAA to be blind to this because of their own vested interests but for Congress to so completely miss the point is unforgivable.
Simon
English: Football
Spanish: fútbol
Protuguse: futebol
Romanian: fotbal
Galician: fútbot
Catalan: futbol
French: le football
Russian: futbol
Turkish: futbol
Serbian: fudbal
German: Fußball
Dutch: voetbal
Norweian: fotball
Swedish: fotboll
Danish: fodbold
American: Soccer
The United States, it seems, is the only country in the world that prefers to use the name football to refer to a game that doesn't actually use the feet.
All we ask is that you please call the biggest sport in the world by its commonly accepted name! :)
Thanks in advance,
Rest of World
PS: Now if only we could get our overpaid under-performing team to win something...
May I be the first to say holy fucking shit. I mean, I knew it was bad. I once counted three hundred or so security cameras on a trip around Liverpool but I never once suspected that we had it anywhere near this bad.
And these goons want a road-pricing scheme via GPS tracking? Jesus f-ing Christ. Next they'll want to photograph people in toilets in case they decide to take drugs in them. They really are that bat-shit crazy!
My Grandma died last year of cancer. She was one of the brave women that gunned down German planes over Widnes during World War II. Their generation's sacrifice, every single last one of them appears to be in vein. For we've become the very thing we fought sixty years ago. How did this happen? How did we let ourselves be cowed in to this?
The faceless little shits behind this will never be known. Their crimes will never go punished.
Any Canadians willing to sponsor a immigrating Brit?
Simon
Yes they have. In particular the AES competition required that submitters adhere to certain restrictions regarding patents.
Blowfish was never an AES candiate
I'm not even sure what you mean here. On the whole, a slow key-schedule is a bad idea. You want your key schedule to be as fast as possible. The reason for this is that a fast key-schedule means you can target more platforms with the cipher (such as smart cards et al).
If you want to slow down dictionary attacks there are better ways to do this. Repeatedly hashing the passphrase is more sensible since the number of hashes can be scaled to the platform speed. Stopping a brute-force of a smart card is a world different to brute-force of a PGP disk.
Blowfish on the whole is a poor design. Now that we have AES I would recommend that over anything else.
Simon
Go and talk to a lawyer. Their advice is insured and Slashdotters are on the whole legally ignorant. Kudos to you, however, for trying to get someone to sponsor GPLed code.
Simon.
But the developers do? When these processors become prevelant, people will design their software to utilise the parallel processing capability. What am I missing here?
Simon
How else did they expect it to work? Of course you need the god-damn water in the sponge. Microwaves have a wave length measured in the centimetre. The size of a bacterial spore is a couple of orders of magnitude smaller The size of a bateria is a lot smaller than this again.
This means that if you wanted to destroy the blighters with radiation alone you have to choose a frequency a lot higher than microwaves, otherwise there will be areas in the minima of the standing wave that won't heat sufficently to kill the microbes.
The mechanism for steralisation is through the formation of steam that kills the majority of the nasties - not the microwave energy itself.
Simon
The amount of research done in to hash functions is nothing like the amount that goes in to ciphers. I'm not really sure why this is the case because hashes are much more important than ciphers. Hashes are used in MACs to protect the integrity and authenticity of a message.
Ask yourself this, is it more important that somebody can read your SSH connection or that somebody can hijack the channel? The reasons for wanting a good hash function suddenly become very clear.
It's true that hashes are becoming less important as a result of AEAD modes. But they have uses far beyond MACs and it's good to see a competition from NIST to stoke research in to those primitives.
Simon.
This reminds me a lot of the fundamental principle of politics:
In software, people with their feet so I bet this principle applies equally to this field.
Simon.
It's nice to see a skeptic; It's a virtue to be a skeptic and not a sin. However, in this case your skepticism is misplaced.
The simplest black hole solution to the equations that govern General Relativity is Schwarzschild's solution. In this he shows that the radius of a black hole is directly proportional to its mass. Elementary geometry tells us that the volume of a sphere is proportional to the cube of the radius. Therefore, the density, which is just mass over volume, that is required to create a blackhole decreases the more mass you have.
I find the figure fairly reasonable for the amount of mass these super-massive black-holes contain.
Simon
He's lucky too because he's got this free ticket in before the much expected hyperinflation in the air-miles currency.
This surprises some people but in fact, air-miles are a form of currency. They can be exchanged for real world goods and services and therefore have an intrinsic real world value. The problem is that the vast majority of air-miles go unspent. Since a constantly increasing amount of currency is chasing a limited amount of goods the value of the currency is constantly falling.
The fact that this guy was able to accrue two million air-miles doing a normal job tells you that inflation has already crippled the currency. I soon expect air-miles to be practically worthless.
Simon
Of course, like most on here, I will relish the day that the LZW patent expires. But look at how long that took to expire. Every day someone patents yet another obvious invention and it holds everybody back.
Take the Certicom 'Patents' on Eliptic Curve cryptography (ECC). Certicom act as if they own ECC - the write it on practically everything they publish.
Yet on close analysis their patents give them almost no real control of ECC. The long and short of it that anything that operates on GF(p) is not covered.
The consequences of this is that NOBODY is using ECC, despite the fact that it's faster and has shorter keys. The whole field is held back for 20 years and nobody can make any progress.
It's not even used in Europe where these patents don't exist. Let me repeat this: The fact that some jerk of a company says it's theirs means the *whole* world doesn't use me.
I really wonder what goes through the minds of these poeple. Nobody wants to pay a fucktard like Certicom (tm) for a license for their mathematics. Nobody in the history of cryptography has made any serious amount of money from selling a security scheme. Why bother?
Simon
There's two seperate questions here:
If 'enough' random searches are done then I expect they would be effective. Clearly, it is unresonable to search everybody so it's a trade-off between cost, time and hastle. The exact number of searches you conduct will depend precisely on how you way up these trade-offs. It will also depend on how much training your provide to the people conducting the searches.
I believe that profile-driven searches are flawed. The flaw is that the attacker can always avoid the profile you're trying to detect. For example, if I profile for young Muslim men with turbans the attacker can simply pick disaffected white middle-class women. Sure, such people are hard to come by but it is fool-hardy to suggest that they do not exist.
Profiling by race and religion flies in the face of everything we've struggled to achieve in the last century. I think it was Martin Luther King who said:
Those words transcend race, religion and colour. We should not judge because a man reads the Koran any more than we should judge because he is Black. Muslims are not terrorists. To quote another great mind, master Yoda:
There's already a dark cloud gathering. The question is how dark can it get?
Simon.
You're only paid to do your job and you did your job. If they don't listen to your advice that's their problem. Just make sure you keep copies of the e-mail you sent on the topic. If something "really bad" happens, then you can say you recommended X, Y, Z and they did absolutely nothing about it.
Simon
Seconded. Whirpool uses similiar mathematics to AES so an attack that breaks Whirpool is likely (although not certain by any stretch of the imagination) to also break AES.
I think much like it is harder to design a cipher that resists attack when you use an LFSR as your base primitive it is hard to design a hash that is secure that uses an Unbalanced Fiestel Network (UFN).
This is why I do not advocate moving to the higher SHAs. I believe that some weakness will be discovered and it will be found the UFN made it worse.
If you're going to use AES, you've already thrown all your eggs in the Wide-trail design basket. If you're going to do that for the cipher, you might aswell do the same for the hash too.
In fact, in most cases you will use the hash has part of an authentication primitive anyway. In this case, there's a good argument for dumping a new hash and using an encrypt-authenticate mode of operation instead of something like HMAC. That way, you reduce the number of assumptions which have to be true for the system to be secure, which can only be a good thing.
In short, if you need to authenticate use your favourite encrypt-authenticate mode. If you need a hash for some other purpose, use Whirlpool.
Simon
When Noether proved in 1918 that every conservation law must have a paired symmetry, physics was transformed for-ever. From then on whenever you saw a conserved quantity it implied there was a symmetry that could be seen in space-time.
A lot of physics courses focus on the conserved quality and not the symmetry. Perhaps it's because the maths is a lot neater with conserved quantities than with symmetries. But I argue that the real understanding of the physics is to be had in making sense of the symmetries.
Conservation of energy implies that the laws of physics are constant over time. This is why breaking the law of energy conservation is important. If even one pico-joule of energy is created from nothing in the universe, it destroys the constancy of physical law.
The theory of electromagnetism has been verified to factor of 10**-20. I find it highly unlikely they've found something new in theory to allow this.
The fact they've issued a press release rather than a research paper suggests they're cranks. Nothing to see here, move along.
Simon
Why can't users just install Firefox and NoScript extension for it. Then Javascript will be disabled by default, but user can whitelist the sites where Javascript should be enabled. Problem solved.
Not quite, you see that means you have to trust the web-sites you use to not allow any XSS attacks. For example, I imagine that most people would not have second thoughts about trusting altavista.com, however, clicking on a crafty link[1] to this site could result in serious trouble.
The only solution that is guaranteed to work is to disable Javascript completely. Why do we, as consumers, always find ourselves in the shit? We should demand better security than this.
Simon
[1] - I certify that this link is safe to click.
At the bottom of most of Slashdot's pages it says:
Since the copyright to each post is owned by the posters and the editors quoted entire posts verbatim, I doubt that their use qualifies as fair under US Copyright law.
It is ironic then that the editors are trying to stoke up discussion on what represents a reasonable limit to copyright while unintentionally demonstrating why the law as it currently stands is horribly broken.
Just a thought for a Tuesday evening!
Simon.
That's a good point. My brother is a lawyer and I asked his opinion on it. His area of expertise is far removed from intellectual property but I suspect his opinion is still many times that of your average Slashdotter. Here's what he said:
The BPI have a lot of money but cases like this are nothing like OJ. There's no jury in cases like this in the United Kingdom. The law is applied as it is written and this means that even if you have all the money in the world, you can't buy a judgement. There's a good chance they will lose.
Simon
Due to Iraq and George Bush , most people in Western Europe have a little distain for the American Government. In fact, where I live, people often break in to an American accent when they do something stupid. I imagine this is because everyone sees Channel 4 news where we see the "Answers from Genesis museum" and thinks: "Only the stupid could indulge such nonsense."
With that necessary rant taken well and truly aside, I want to thank American for doing what no-one else can afford to do: put real science equipment in to space. It's your taxes that pay for the Hubble Space Telescope. This is a project that has furthered science in a very unique way. It is project that Galileo would have dreamed of. It is a marvel, a temple ,even, to science.....
With all the gratitude in my heart, I still feel America confuses me. To paraphrase the film Contact: "It is capable of such beautiful dreams and such horrible nightmares." It is a land of contradiction; of promise and of despair. It is of science,and religion, of the smart and the idiot. It's is so huge that it contradicts and astounds. It is the country where opposites can be equally true.
As a British man, I love America and I hope the feeling is mutual. I raise this glass to the future of Science and hope you will raise your glass too! To Science!
Simon.
Open source means you can read the source, much like an "open book exam" means you can read the book. The correct term for software that belongs to the community is Free Software. With Free Software, you are guarenteed to have the four fundamental software freedoms. With "Open Source", there is no such guarentee.
By my definition, even Windows is Open Source. In principle, I can view the source code to Windows. It's difficult and I have to sign a whole bunch of documents but I could do it with sufficient patience. This is why I don't like Open Source as a term; it is far too misleading. In fact, it doesn't actually mean anything other than the fact there is a mechanism by which you can see the source code that doesn't involve getting a court-order.
In contrast, the term Free Software has a very precise meaning and really should be trade-marked by the FSF. Then the FSF could only issue licenses to se the trade-mark where the software is licensed that protects the four freedoms. This way, companies couldn't profit from the name unless they labelled their products correctly.
Simon
XOR against a repeated key would be ultra-fast but woefully insecure. When will people learn that it takes CPU cycles to encrypt that much plain-text? In just about every other field you don't get something for nothing; why should Cryptography be any different?
Simon
Okay, go to the "resource centre link", provided herehere for your convenience. What do you notice? I'll give a hint:
Where the hell is the PDF? Aside from the fact that this is really fucking annoying it has some really worrying implications. They're trying to boot out the PDF format, which is nice, open and ubiquitous with their own format - and they're using their monopoly on the desktop operating system market to achieve this.
Let me be the first to call "Antitrust. Thanks for playing Microsoft! Please give the EU another 600 million euros.
For me, this little bit of text says it all. There's no PDF, they're pushing their own format that they know nobody uses. This shows that even after multiple multi-million dollar settlements and huge fines from the EU the company has not changed one bit. They seem to be acting much like a heroine addict, in that they're moving from one crime to the next, getting bigger and bigger fines but no matter how much you fine the company it is still pathologically anti-competitive.
I do have to say that the longer Microsoft remains on this path, and refuses to comply with the law, the more likely that it will meet it's end equally as sticky as the heroine addict. Is it a rule that all big companies go the way of AT&T eventually?
Simon
Latex with CVS. This is what I use for my documents. It's simple (yes it is simple.. markup languages are not hard to understand) and with CVS it's far more feature complete than Word in version control.
There's plenty of WYSIWYG tools for Latex. Let Google be your guide.
Simon.