Also, restricting name resolution to host file only does not "defacto limit the webservers that employees may visit" as this file is never consulted if the user decides to access a webserver via its IP address.
"but thats no different in the real world either."
Except it is a lot easier for someone to break in to a PC and steal wallet.dat than it is for someone to raid a real world bank account. In the latter case, the victim also usually has some form of legal recourse available depending on the circumstances of the theft.
eWallets might in time alleviate this problem but at the moment they offer nothing more than their word that your bitcoins are safe. They operate with no regulatory oversight, compliance checks, security audits or even an industry code of conduct. Basically, you are trusting some random dude with a server somewhere to look after your money and have absolutely no guarantee or protection if something goes wrong (e.g. they get hacked or the guy runs off with all the depositors coins).
YMMV but have you tried using a Draytek ADSL router+modem to see if it can hold the connection at 3mbit?
My parents line is 5600 meters from the exchange with an attenuation of 57.6388 dB and very badly wired from the road to the house. The only ADSL router+modem combo that could reliably hold their 1MBit connection was a Draytek.
This is exactly what we do with all our company laptops (minus the bios password as imho it's unnecessary given truecrypt's whole drive encryption already requires a password on boot). For backup we use www.rsync.net but there are many other providers (dropnet, mozy etc.).
I travel quite frequently and often need to subvert the various restrictions of local ISPs (DNS redirection, throttling, censorship etc.). The method that works for me is:
1). Rent a cheap 512MB VPS (I use Linode and highly rate them but there are many other providers) 2). Grab a copy of OpenVPN and set it up in server mode on your VPS (make sure you push "redirect-gateway" to clients so that they send all their internet traffic through the VPN) 3). Install a copy of OpenVPN on the computer you'll be travelling with (set it up in client mode and configure it to point to your VPS).
That's it. All your traffic will now flow encrypted to your VPS where it will then break-out on to the open, unfiltered internet.
Additional tips: - If you are using Windows on the computer you're travelling with, you need to make sure your DNS queries are going through the VPN (see: http://openvpn.net/archive/openvpn-users/2006-09/msg00020.html for what steps you need to take)
- To help obscure the fact you are using a VPN, set the server to use TCP rather than UDP (note: this will increase latency a bit) and set it to listen on a port normally associated with something else (e.g. TCP 993 which is normally used for secure imap or TCP 443 which is normally used for https traffic).
If you haven't got the cash for a VPS (frankly though you should, they are really cheap!), you could always setup the OpenVPN server on your home machine and point your travelling computer to that.....
Why not place an upper limit on the overall fine for multiple counts of infringement, say something like $7500?
It would only take 10 violations to reach this (at $750 per movie) so most seeders are likely going to be liable for the full $7500 but at least the figure is reasonable. The risk of a $7500 fine is probably large enough to deter casual pirates (the bulk of bittorrent users) but avoids utterly ruining the lives of those who continue to share and get caught i.e. the fine is proportionate to the crime.
Of course all of the above assumes one is not financially gaining from piracy i.e. selling copies on the black market. For people that are making a living from piracy, I have no problem at all with them receiving very harsh fines.
If you prefer prepared statements, PHP supports it. Personally, I prefer to avoid PDO and opt instead for finer control (and I've been doing PHP for so long that I have my own classes that I tend to re-use from project to project).
Ok but seriously what we are talking about here is really not that hard. It should be standard procedure to escape user input before it hits the dbms. I mean all we're talking about is casting strings to floats or integers where numbers are expected and escaping string input. In PHP you'd run the input through intval()/floatval() or mysql_real_escape_string() before you shunt it to the db - it isn't rocket science...
From http://www.digitalmars.com/d/ "D is a systems programming language. Its focus is on combining the power and high performance of C and C++ with the programmer productivity of modern languages like Ruby and Python. Special attention is given to the needs of quality assurance, documentation, management, portability and reliability.
The D language is statically typed and compiles directly to machine code. It's multiparadigm, supporting many programming styles: imperative, object oriented, and metaprogramming. It's a member of the C syntax family, and its appearance is very similar to that of C++. "
From reading the letter, it seems one of the key things RMS worries about is that MySQL's GPL2 license did not include the "or later versions" clause. This effectively means that any fork of MySQL is doomed to forever remain licensed under the GPL2 while the majority of free software is expected to transition over to GPLv3 over the next few years. AFAIK, GPL3 and GPL2 code are not compatible. I think RMS worries that Oracle will cut off the commercial support and let the free version slowly rot under an old license. Ergo, MySQL with wither on the vine.
I think if you are intellectually honest with yourself you'll agree that you could substitute the occurrences of the word "fair" with "just" in both mine and the original post to which you replied and the spirit of both posts would be unchanged.
That's a pathetic viewpoint. If we follow it through, why bother with human rights law? Why bother with common law at all in fact? Why bother trying to put systems in place to try and make life fairer? Should we just fuck it all off and go back to the caves?
Slashdot Mirror
I'd hardly call hosts files obscure...
Also, restricting name resolution to host file only does not "defacto limit the webservers that employees may visit" as this file is never consulted if the user decides to access a webserver via its IP address.
You have to be joking. We have massive unfunded pension problems across the board.
"but thats no different in the real world either."
Except it is a lot easier for someone to break in to a PC and steal wallet.dat than it is for someone to raid a real world bank account. In the latter case, the victim also usually has some form of legal recourse available depending on the circumstances of the theft.
eWallets might in time alleviate this problem but at the moment they offer nothing more than their word that your bitcoins are safe. They operate with no regulatory oversight, compliance checks, security audits or even an industry code of conduct. Basically, you are trusting some random dude with a server somewhere to look after your money and have absolutely no guarantee or protection if something goes wrong (e.g. they get hacked or the guy runs off with all the depositors coins).
The joke of it is, this mistake/negligence probably has a higher risk of leading to someone getting killed than the wikileaks release does.
Jesus... you actually appear to be being serious
YMMV but have you tried using a Draytek ADSL router+modem to see if it can hold the connection at 3mbit?
My parents line is 5600 meters from the exchange with an attenuation of 57.6388 dB and very badly wired from the road to the house. The only ADSL router+modem combo that could reliably hold their 1MBit connection was a Draytek.
That's what he meant (i hope)
If the drive is fully encrypted, there's nothing to subvert. The worst they could do is format it but then you have a remote off site backup anyway.
This is exactly what we do with all our company laptops (minus the bios password as imho it's unnecessary given truecrypt's whole drive encryption already requires a password on boot). For backup we use www.rsync.net but there are many other providers (dropnet, mozy etc.).
I travel quite frequently and often need to subvert the various restrictions of local ISPs (DNS redirection, throttling, censorship etc.). The method that works for me is:
1). Rent a cheap 512MB VPS (I use Linode and highly rate them but there are many other providers)
2). Grab a copy of OpenVPN and set it up in server mode on your VPS (make sure you push "redirect-gateway" to clients so that they send all their internet traffic through the VPN)
3). Install a copy of OpenVPN on the computer you'll be travelling with (set it up in client mode and configure it to point to your VPS).
That's it. All your traffic will now flow encrypted to your VPS where it will then break-out on to the open, unfiltered internet.
Additional tips:
- If you are using Windows on the computer you're travelling with, you need to make sure your DNS queries are going through the VPN (see: http://openvpn.net/archive/openvpn-users/2006-09/msg00020.html for what steps you need to take)
- To help obscure the fact you are using a VPN, set the server to use TCP rather than UDP (note: this will increase latency a bit) and set it to listen on a port normally associated with something else (e.g. TCP 993 which is normally used for secure imap or TCP 443 which is normally used for https traffic).
If you haven't got the cash for a VPS (frankly though you should, they are really cheap!), you could always setup the OpenVPN server on your home machine and point your travelling computer to that.....
Good luck!
Very eloquently put. Wish I had some mod points left.
Ars had a very nice article up a couple of months ago covering sector sizes in detail and the problem of the " 512-byte leaden albatross". Link: http://arstechnica.com/microsoft/news/2010/03/why-new-hard-disks-might-not-be-much-fun-for-xp-users.ars
Why not place an upper limit on the overall fine for multiple counts of infringement, say something like $7500?
It would only take 10 violations to reach this (at $750 per movie) so most seeders are likely going to be liable for the full $7500 but at least the figure is reasonable. The risk of a $7500 fine is probably large enough to deter casual pirates (the bulk of bittorrent users) but avoids utterly ruining the lives of those who continue to share and get caught i.e. the fine is proportionate to the crime.
Of course all of the above assumes one is not financially gaining from piracy i.e. selling copies on the black market. For people that are making a living from piracy, I have no problem at all with them receiving very harsh fines.
If you prefer prepared statements, PHP supports it. Personally, I prefer to avoid PDO and opt instead for finer control (and I've been doing PHP for so long that I have my own classes that I tend to re-use from project to project).
Ok but seriously what we are talking about here is really not that hard. It should be standard procedure to escape user input before it hits the dbms. I mean all we're talking about is casting strings to floats or integers where numbers are expected and escaping string input. In PHP you'd run the input through intval()/floatval() or mysql_real_escape_string() before you shunt it to the db - it isn't rocket science...
Thanks for the tips guys. /wanders off to do some brisk trade with amazon...
IIRC, the python name is a homage to Monty Python and has nothing to do with the snake. Perhaps a knight sans arms would have been more fitting...
If not this book, care to share an alternative recommendation or two?
That was beautiful!
Have you considered the D Programming language?
From http://www.digitalmars.com/d/ "D is a systems programming language. Its focus is on combining the power and high performance of C and C++ with the programmer productivity of modern languages like Ruby and Python. Special attention is given to the needs of quality assurance, documentation, management, portability and reliability.
The D language is statically typed and compiles directly to machine code. It's multiparadigm, supporting many programming styles: imperative, object oriented, and metaprogramming. It's a member of the C syntax family, and its appearance is very similar to that of C++. "
You ARE bound to a license if you wish to resell or distribute the book though. The GPL is exactly the same. From a previous poster:
From section 9 (GPLv3):
"You are not required to accept this License in order to receive or run a copy of the Program."
From where I'm sitting, it works the same as a book...
>So what exactly are you losing?
From reading the letter, it seems one of the key things RMS worries about is that MySQL's GPL2 license did not include the "or later versions" clause. This effectively means that any fork of MySQL is doomed to forever remain licensed under the GPL2 while the majority of free software is expected to transition over to GPLv3 over the next few years. AFAIK, GPL3 and GPL2 code are not compatible. I think RMS worries that Oracle will cut off the commercial support and let the free version slowly rot under an old license. Ergo, MySQL with wither on the vine.
I think if you are intellectually honest with yourself you'll agree that you could substitute the occurrences of the word "fair" with "just" in both mine and the original post to which you replied and the spirit of both posts would be unchanged.
That's a pathetic viewpoint. If we follow it through, why bother with human rights law? Why bother with common law at all in fact? Why bother trying to put systems in place to try and make life fairer? Should we just fuck it all off and go back to the caves?
No right is required, your work simply wouldn't be used.