OK, that first attempt was useless. But after a little debugging here's one that seems to be doing the trick. If there are filenames that I haven't seen yet it's easily extended. It's also not so brute force as to toss out all zip attachments -- only ones with the "poisoned" filenames:
:0 B
* ^ *Content-Disposition: attachment;
* filename="(message|body|document|doc|data|readme|t ext)\.zip"
...yet. "spyware" is something that phones home. This just refers you to http://rulesforuse.org and refuses to print more than one inch of the currency printout. However (as was pointed out on BugTraq), the next version of the printer's drivers could easily be upgraded to the special spyware edition.
I'd like to add that I think Davies has come up with a good idea, but it needs one thing - property rights.
It's already decided and agreed that there are *no* property rights in the Solar System other than on planet Earth. This is, in my opinion, a very good thing. Ownership disputes are prevented by preventing ownership.
Here are the relevent parts of the 1979 Moon Treaty:
ARTICLE 1
1. The provisions of this Agreement relating to the moon shall also apply to other celestial bodies within the solar system, other than the earth, except in so far as specific legal norms enter into force with respect to any of these celestial bodies.
ARTICLE 11
The moon and its natural resources are the common heritage of mankind, which finds its expression in the provisions of this Agreement, in particular in paragraph 5 of this ARTICLE.
The moon is not subject to national appropriation by any claim of sovereignty, by means of use or occupation, or byany other means.
Neither the surface nor the subsurface of the moon, nor any part thereof or natural resources in place, shall become property of any State, international intergovernmental or non-governmental organization, national organization or non-governmental entity or of any natural person. The placement of personnel, space vehicles, equipment, facilities, stations and installations on or below the surface of the moon, including structures connected with its surface or subsurface, shall not create a right of ownership over the surface or the subsurface of the moon or any areas thereof. The foregoing provisions are without prejudice to the international regime referred to in paragraph 5 of this ARTICLE.
States Parties have the right to exploration and use of the moon without discrimination of any kind, on the basis of equality and in accordance with international law and the provisions of this Agreement.
Answer me this: why must every Linux distribution be about infinite choice?
This is a point I've long believed in. With so many distributions favoring GNOME, is it time for some other distribution (Slackware, maybe?) to drop GNOME and focus on KDE?
My immediate concern is that a huge company like Microsoft that owns patents on all kinds of trivial concepts will next be telling us, "Hey, we found the following Microsoft patented technologies in there while we were poking around! But don't worry, we're a nice company. Just get rid of the infringing code and we'll let it slide. Oh wait, that's 97.5% of your kernel by our estimates."
Hard to say though, as they haven't been that agressive before, and indeed came up on the short end of the stick in a recent patent dispute.
> And once you learn the language it is far more "user friendly" than any amount of icons for those tasks it's good at.
That's like saying, flying a jet is easier than buying a plane ticket once you go through flight school. Duh, of course it is.
And arguing that everything must be "user-friendly" is like saying that since not everyone can handle flight school, no one should be allowed to go. Well, count me as not in favor of dumbing everything down to the least common denominator.
There's a definate place for expert oriented operating systems. Just because grandma can't use it doesn't mean it's poorly designed. There's nothing easier than a command-line once you learn to use it. That's the key.
So in your opinion, having no nVidia drivers would be better than the current state, which is that there are drivers for the vast majority of systems that need them (which is to say desktop PC's) which are closed-source but mostly working.
In my opinion, yes. Like in the old days of Diamond, people would avoid nVidia hardware and wouldn't expect it to work. As a result, distro maintainers wouldn't have to deal with people using these crappy modules and demanding support for them when they don't work right.
I buy ATI. I wouldn't touch nVidia's hardware (or their "free" drivers) with a ten foot pole. I'm also not a "whiner" -- I've never written to nVidia to try to ask them to change their licensing scheme or to open source their drivers. They can do whatever they want as far as I'm concerned, including following a path straight to hell.
Even before I saw a few sample questions, I had a hunch, but that's got to be the test the NSA it using. I've taken it myself, and anyone who has taken it will immediately recognize it... a bunch of questions like "I am afraid of doorknobs".
You'd wonder what they could possibly learn from this. Well, a lot. The full name of the test is the Minnesota Multiphasic Personality Inventory. The test was originally developed in the '30, and has been continually refined since. It even scales to what degree you're attempting to fake the results, and whether you were trying to fake "good, bad, or neutral".
It wouldn't surprise me if a favorable MMPI result was the single most important factor in getting a security clearance.
Forced password changes
on
Real Security?
·
· Score: 5, Insightful
Forcing users to change passwords is one example of something that doesn't help security. If there's anything that's going to make the common user write their password on a post-it note and stick it to their monitor, it's being forced to change it at random intervals.
If you've done a dictionary search when the password was originally set, or at least ensured that the password contained a couple numbers and symbols, then it's a good password and you have no reason to assume the user can't keep it secret. Plus, people might not be able to keep coming up with unique passwords once a month.
I went to a real engineering school to learn Computer Engineering (a 4 year EEE + CS program), and every time I see a company create a certification program that takes less than a month to become an "engineer", well... it makes me cringe. I know in other parts of the world that it's not legal to abuse terminology like that, and wish the US would adopt some similar standards. This dilutes the prestige associated with earning an actual engineering degree (really, there is some!).
I know the difference between a real engineer and a fake one, but I'm not so sure the average guy on the street understands the distinction. I also suspect people in hiring positions give a lot more weight to a certification that pretends to be an engineering degree than they really should.
I think it would be much more dangerous if the product you purchased contained an unlicensed copy of Windows CE. MS sues for real money.
Well, I do think the GPL needs to become more dangerous, and that will take money and lawyers.
On the other hand (and just to play devil's advocate for the sake of good debate), if the GPL did have a heavily funded legal team going after violations, I wonder whether companies whose most valuable asset is proprietary IP would be more worried about having to settle a licensing dispute with Microsoft or about the possibility of accidental use of GPLed code causing them to have to open their entire codebase under the GPL.
There have been a lot of cases of far-east engineering firms including GPL code in products, and selling those products to other companies that are not made aware of the licenses they have to comply with.
The really unfortunate thing is that the GPL FUDsters may find this to be great fodder. I've often heard the "you never know if one of your employees will download something off the net, add it to your proprietary codebase, and inadvertantly cause all of your IP to fall under the GPL" argument. Now this can be joined by the "You never know if something you bought has hidden GPL code..." argument.
On the other hand, maybe it's helpful. At least when you base your products on a GPLed codebase you know where you stand, rather than getting a surprise later.
aspell removed for "license problems"?
on
Debian 3.0r2 Released
·
· Score: 2, Insightful
Aspell is GNU software, available from ftp.gnu.org, and licensed under the LGPL. Is LGPL no longer free enough? Or is this about the use of the GFDL for some of the documentation?
In any case, removing important GNU software seems a bit over the top.
Here's my question (which is not fully answered in their FAQ): if they (music company executives) are currently using the algorithm to screen submissions for their "hitability", can we (people who listen to music) use the same algorithm to reject recycled tunes and encourage originality?
Yes, we can. Unfortunately if it can detect "recycled tunes" it will probably be more likely to be used by the recording industry to sue artists for infinging on previous songs (and used in court as evidence).
it's really not nice to aim your death threats at secretaries and customer service people.
I wasn't aware that penis enlargement spammers actually had secretaries or customer service people. I'd think that any emails I would send back (silly thing to do) would be read by the head honcho, if they were read at all.
Other formats that China has backed in the past include things like VCD, SVCD, CVD (China Video Disc, an SVCD-like format in NTSC resolution), and others. These tend to be no-nonsense unencrypted formats that are easier to write software to produce (look how much more free software exists to burn VCD/SVCD/CVD than DVD), and are supported by most Chinese DVD players (APEX, for example).
This will help keep the ability to produce and distribute content within reach of everyone, instead of just the large media companies.
Apple products are supposed to be the most user-friendly, and as such are held to a higher standard. You shouldn't have RFTM in order to avoid destoying an iPod through what seens like normal use. This is obviously a bug in Windows iTunes, and if it was not possible to make the older iPods work with Windows iTunes then the program should have recognized them and told the user that the program is not able to use that model iPod.
I was going to mention Slackware, but that includes Netscape so it's not 100% open source (if you want to be picky about it). I was under the impression that -no- distribution was 100% open source (even Debian provides "non-free" packages from various FTP sites). Is Mandrake really 100% OSS, or was the submitter mistaken?
From Article II:
"Outer space, including the moon and other celestial bodies, is not subject to national appropriation by claim of sovereignty, by means of use or occupation, or by any other means."
I'll bet they were kicking themselves for signing that treaty in 1969.
Most interesting is the assertion that the decision by Red Hat to end support for its free distribution and Novell's aquisition of SUSE marks not only the death of free software...
Now we know who the AC posting all those "* is dying" trolls is: Bill Gates.
Unless we're missing something... Who's to say that Microsft haven't been doing a little unpublished research, looking for buffer overflows and other vulnerabilities that they're soon going to demonstrate?
[...]
If they like many of us see Linux as the biggest credible threat out there, they might resort to fighting dirty.
The thing is, most OSS developers I know (myself included) welcome public review and full disclosure. If I get advance notice of a security problem, I look at that as a luxury, and have no problem with finding out along with the public. Once problems are pointed out, it's usually easy enough to fix them quickly. Having Microsoft auditing open source code for free would actually be quite beneficial.
The reason full disclosure is so important is that without it, these holes still exist, circulating among the black-hats. Unlike Microsoft who'd rather sweep problems under the rug. Disclosing problems isn't "playing dirty"; it's step one in getting them fixed.
Slashdot Mirror
* ^ *Content-Disposition: attachment;
* filename="(message|body|document|doc|data|readme|
# Fscking Novarg virii!
* ^Content-Type: (application/octet-stream)
* ^.*name=(message|body|document|doc|data)\.zip
...yet. "spyware" is something that phones home. This just refers you to http://rulesforuse.org and refuses to print more than one inch of the currency printout. However (as was pointed out on BugTraq), the next version of the printer's drivers could easily be upgraded to the special spyware edition.
I'd like to add that I think Davies has come up with a good idea, but it needs one thing - property rights.
It's already decided and agreed that there are *no* property rights in the Solar System other than on planet Earth. This is, in my opinion, a very good thing. Ownership disputes are prevented by preventing ownership.
Here are the relevent parts of the 1979 Moon Treaty:
ARTICLE 1
1. The provisions of this Agreement relating to the moon shall also apply to other celestial bodies within the solar system, other than the earth, except in so far as specific legal norms enter into force with respect to any of these celestial bodies.
ARTICLE 11
The moon and its natural resources are the common heritage of mankind, which finds its expression in the provisions of this Agreement, in particular in paragraph 5 of this ARTICLE.
The moon is not subject to national appropriation by any claim of sovereignty, by means of use or occupation, or byany other means.
Neither the surface nor the subsurface of the moon, nor any part thereof or natural resources in place, shall become property of any State, international intergovernmental or non-governmental organization, national organization or non-governmental entity or of any natural person. The placement of personnel, space vehicles, equipment, facilities, stations and installations on or below the surface of the moon, including structures connected with its surface or subsurface, shall not create a right of ownership over the surface or the subsurface of the moon or any areas thereof. The foregoing provisions are without prejudice to the international regime referred to in paragraph 5 of this ARTICLE.
States Parties have the right to exploration and use of the moon without discrimination of any kind, on the basis of equality and in accordance with international law and the provisions of this Agreement.
Answer me this: why must every Linux distribution be about infinite choice?
This is a point I've long believed in. With so many distributions favoring GNOME, is it time for some other distribution (Slackware, maybe?) to drop GNOME and focus on KDE?
My immediate concern is that a huge company like Microsoft that owns patents on all kinds of trivial concepts will next be telling us, "Hey, we found the following Microsoft patented technologies in there while we were poking around! But don't worry, we're a nice company. Just get rid of the infringing code and we'll let it slide. Oh wait, that's 97.5% of your kernel by our estimates."
Hard to say though, as they haven't been that agressive before, and indeed came up on the short end of the stick in a recent patent dispute.
You can't start off as a purist.
I think you mean you can't. Obviously someone could, or we wouldn't have Linux at all.
> And once you learn the language it is far more "user friendly" than any amount of icons for those tasks it's good at.
That's like saying, flying a jet is easier than buying a plane ticket once you go through flight school. Duh, of course it is.
And arguing that everything must be "user-friendly" is like saying that since not everyone can handle flight school, no one should be allowed to go. Well, count me as not in favor of dumbing everything down to the least common denominator.
There's a definate place for expert oriented operating systems. Just because grandma can't use it doesn't mean it's poorly designed. There's nothing easier than a command-line once you learn to use it. That's the key.
Closed-source: it's about money
Open-source: it's about ego
Interesting point. So how much do you think Microsoft would have to pay to fork all the major OSS projects to death?
So in your opinion, having no nVidia drivers would be better than the current state, which is that there are drivers for the vast majority of systems that need them (which is to say desktop PC's) which are closed-source but mostly working.
In my opinion, yes. Like in the old days of Diamond, people would avoid nVidia hardware and wouldn't expect it to work. As a result, distro maintainers wouldn't have to deal with people using these crappy modules and demanding support for them when they don't work right.
I buy ATI. I wouldn't touch nVidia's hardware (or their "free" drivers) with a ten foot pole. I'm also not a "whiner" -- I've never written to nVidia to try to ask them to change their licensing scheme or to open source their drivers. They can do whatever they want as far as I'm concerned, including following a path straight to hell.
Even before I saw a few sample questions, I had a hunch, but that's got to be the test the NSA it using. I've taken it myself, and anyone who has taken it will immediately recognize it... a bunch of questions like "I am afraid of doorknobs".
You'd wonder what they could possibly learn from this. Well, a lot. The full name of the test is the Minnesota Multiphasic Personality Inventory. The test was originally developed in the '30, and has been continually refined since. It even scales to what degree you're attempting to fake the results, and whether you were trying to fake "good, bad, or neutral".
It wouldn't surprise me if a favorable MMPI result was the single most important factor in getting a security clearance.
Forcing users to change passwords is one example of something that doesn't help security. If there's anything that's going to make the common user write their password on a post-it note and stick it to their monitor, it's being forced to change it at random intervals.
If you've done a dictionary search when the password was originally set, or at least ensured that the password contained a couple numbers and symbols, then it's a good password and you have no reason to assume the user can't keep it secret. Plus, people might not be able to keep coming up with unique passwords once a month.
No it wasn't. SLS was the first linux distro.
Not even close. The first Linux distribution was H.J. Lu's boot/root floppy combo, and I think even MCC+ came before SLS.
I went to a real engineering school to learn Computer Engineering (a 4 year EEE + CS program), and every time I see a company create a certification program that takes less than a month to become an "engineer", well... it makes me cringe. I know in other parts of the world that it's not legal to abuse terminology like that, and wish the US would adopt some similar standards. This dilutes the prestige associated with earning an actual engineering degree (really, there is some!).
I know the difference between a real engineer and a fake one, but I'm not so sure the average guy on the street understands the distinction. I also suspect people in hiring positions give a lot more weight to a certification that pretends to be an engineering degree than they really should.
I think it would be much more dangerous if the product you purchased contained an unlicensed copy of Windows CE. MS sues for real money.
Well, I do think the GPL needs to become more dangerous, and that will take money and lawyers.
On the other hand (and just to play devil's advocate for the sake of good debate), if the GPL did have a heavily funded legal team going after violations, I wonder whether companies whose most valuable asset is proprietary IP would be more worried about having to settle a licensing dispute with Microsoft or about the possibility of accidental use of GPLed code causing them to have to open their entire codebase under the GPL.
There have been a lot of cases of far-east engineering firms including GPL code in products, and selling those products to other companies that are not made aware of the licenses they have to comply with.
The really unfortunate thing is that the GPL FUDsters may find this to be great fodder. I've often heard the "you never know if one of your employees will download something off the net, add it to your proprietary codebase, and inadvertantly cause all of your IP to fall under the GPL" argument. Now this can be joined by the "You never know if something you bought has hidden GPL code..." argument.
On the other hand, maybe it's helpful. At least when you base your products on a GPLed codebase you know where you stand, rather than getting a surprise later.
Aspell is GNU software, available from ftp.gnu.org, and licensed under the LGPL. Is LGPL no longer free enough? Or is this about the use of the GFDL for some of the documentation?
In any case, removing important GNU software seems a bit over the top.
Here's my question (which is not fully answered in their FAQ): if they (music company executives) are currently using the algorithm to screen submissions for their "hitability", can we (people who listen to music) use the same algorithm to reject recycled tunes and encourage originality?
Yes, we can. Unfortunately if it can detect "recycled tunes" it will probably be more likely to be used by the recording industry to sue artists for infinging on previous songs (and used in court as evidence).
it's really not nice to aim your death threats at secretaries and customer service people.
I wasn't aware that penis enlargement spammers actually had secretaries or customer service people. I'd think that any emails I would send back (silly thing to do) would be read by the head honcho, if they were read at all.
Other formats that China has backed in the past include things like VCD, SVCD, CVD (China Video Disc, an SVCD-like format in NTSC resolution), and others. These tend to be no-nonsense unencrypted formats that are easier to write software to produce (look how much more free software exists to burn VCD/SVCD/CVD than DVD), and are supported by most Chinese DVD players (APEX, for example).
This will help keep the ability to produce and distribute content within reach of everyone, instead of just the large media companies.
What part of "not supported" was not understood?
Apple products are supposed to be the most user-friendly, and as such are held to a higher standard. You shouldn't have RFTM in order to avoid destoying an iPod through what seens like normal use. This is obviously a bug in Windows iTunes, and if it was not possible to make the older iPods work with Windows iTunes then the program should have recognized them and told the user that the program is not able to use that model iPod.
100%? Really?
I was going to mention Slackware, but that includes Netscape so it's not 100% open source (if you want to be picky about it). I was under the impression that -no- distribution was 100% open source (even Debian provides "non-free" packages from various FTP sites). Is Mandrake really 100% OSS, or was the submitter mistaken?
From Article II:
"Outer space, including the moon and other celestial bodies, is not subject to national appropriation by claim of sovereignty, by means of use or occupation, or by any other means."
I'll bet they were kicking themselves for signing that treaty in 1969.
Most interesting is the assertion that the decision by Red Hat to end support for its free distribution and Novell's aquisition of SUSE marks not only the death of free software...
Now we know who the AC posting all those "* is dying" trolls is: Bill Gates.
Unless we're missing something... Who's to say that Microsft haven't been doing a little unpublished research, looking for buffer overflows and other vulnerabilities that they're soon going to demonstrate?
[...]
If they like many of us see Linux as the biggest credible threat out there, they might resort to fighting dirty.
The thing is, most OSS developers I know (myself included) welcome public review and full disclosure. If I get advance notice of a security problem, I look at that as a luxury, and have no problem with finding out along with the public. Once problems are pointed out, it's usually easy enough to fix them quickly. Having Microsoft auditing open source code for free would actually be quite beneficial.
The reason full disclosure is so important is that without it, these holes still exist, circulating among the black-hats. Unlike Microsoft who'd rather sweep problems under the rug. Disclosing problems isn't "playing dirty"; it's step one in getting them fixed.