I can barely remember my phone number. It is only 10 digits, and the first three are a gimme. I'm supposed to remember "iDclyWnIxwaJcSOWNLcj" or some junk?
And this has no real impact on the trust issue. What prevents the webserver admin from having the webmail software log all incoming passphrases?
I harp on this becasue if I can trust my mail admin (and you trust yours) half the battle is already won.
Encrypted webmail is a tricky issue. In the final analysis you basically have to use a passphrase that is so good that you don't mind having your (encrypted) private key publicly available.
Consider that the webserver admin(s) will have access to the encrypted private key. Also consider that the webserver (process) has read access to the key. The upshot is that if anyone gets root access to the box, gets a shell under the webserver's UID, or convinces the webserver to serve up a file that it is supposed to have read access to, the only thing between your private key and an attacker is your passphrase.
I find all this unsettling to the point of believing that it can't be safely done.
Re:Asimov was wrong, if he meant 'in English'
on
Human-Mouse Hybrids?
·
· Score: 2
Well, it wasn't a quote. I took pretty significant liberties . ..
I was alluding to Martin's suit for freedom in "The Bicentennial Man" where the judge says that anything that can desire freedom deserves it.
1. He didn't actually say it had to ask in English. ('course I didn't either). 2. I actually was using a reciprocal "law" that he almost certainly wouldn't have agreed with.
I found an academic perspective that seemed to indicate that open source projects do not reach the mainstream because the developers tend to listen only to their smartest customers.
You have interpreted "if you want it" in a far more general sense than it means. The following quote (which BTW is part of the body of the license, not the preamble) says:
Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does.
The GPL can not force anyone to make changes to any GPLed program public, since it doesn't even apply to you unless you redistribute the program.
When the license is taken as a whole "if you want it" clearly only refers to people who have received a binary derived from a GPLed work.
Any restriction or burden on the use of a a GPLed program (to include modification, which is freedom 1) is at odds with the spirit of the license and the GNU, and is clearly not the intent of the license.
I am afraid you are spreading FUD about the GPL. To paraphrase, "If you use GPLed code you have to release all your code under the GPL." I don't believe that you are doing it intentionally, but you are spreading this falsehood.
Okay, but QuietKey keyboards have objectively have poor feedback (i.e. they are about as mushy as any keyboard I have used), and the statement was in made in the context of how good the feedback is.
So, I guess that in some cosmic sense "it all boils down to personal preference," but in the context of the actuall conversation, or the context of your original post, or the story, personal preference isn't really relevant.
You working under that companies name. Giggles & Co. wouldn't have access to the same sort of contracts.
The company finding work for you. This is big. If you are anything like me (wich you may well not be) you are great at what you do, and great at maintaining clients, but can't cultivate them worth a damn.
Dealing with client BS. How do you feel about hiring a lawyer and having your personal resources on the line (unless you form an LLC) when a client decides to sue? Do you have a strong desire to develop a working relationship with a collections company? What's your plan for getting a piece of the pie when a company goes out of business and liqudates while owing you for services rendered?
I'm not saying don't do it, or that contracting companies are saints, but you are getting something for that comission.
Feedback is key (if you'll forgive the pun). That's why clicky-keyboards are so good. It is also why "roll up" keyboards will only ever catch on for special applications, where portablity or durablity are far more important than useablity.
The same goes for any "virtual" keyboard that senses keystrokes in the air. The only workable solution might be force-feedback gloves.
Dude, Dell Quiet key keyboards SUCK. (At least when compared to a good clicky-keyboard.) Now, the old Dell "full size footprint" keyboards are pretty darn good.
The worst thing that could happen under the GPL (which you brought into the discussion) is that we have to separate the wheat of their contributions from the chaff and fork.
The same isn't true with the Apache license, but the trump card with people playing games with Free Software is to fork.
Open Source projects should be managed and developed by an unbiased group of developers.
Do you mean unbiased, or biased the same way you are? While your biases (and mine) may be diametrically opposed to Covalent's, that doesn't make you (us) unbiased.
Bus RAM made sense on my 286 running windows 3.0. Real-mode paging was a real step up from the 1M memory limit.
Today it doesn't make any sense.
OTOH, the ram drive you mentioned might make sense (except that it is pretty expensive) if you used it for a swap partition.
I think that a better overall plan would be:
1. Don't buy a RAMBUS based system. 2. Buy one that supports an unreasonable amount of RAM, with only one slot populated with the largest module it supports. In a few years it won't seem like so much. 3. Reconsider buying a Dell. If you know how many DIMM sockets it has you aren't the target customer.
By comparison, there is another method of transmitting data called IP which is unreliable.
[snip]
Here's the magic part: TCP is built on top of IP. In other words, TCP is obliged to somehow send data reliably using only an unreliable tool.
Wah? Is this serious? Does he mean UDP?
Imagine that we had a way of sending actors from Broadway to Hollywood that involved putting them in cars and driving them across the country. Some of these cars crashed, killing the poor actors.
[snip]
Now imagine a new service called Hollywood Express, which delivered actors to Hollywood, guaranteeing that they would (a) arrive (b) in order (c) in perfect condition. The magic part is that Hollywood Express doesn't have any method of delivering the actors, other than the unreliable method of putting them in cars and driving them across the country.
Huh? You can't retransmit cabbages or actors or hard copies of badly researched essays . . . but you can retransmit freaking TCP packets!
While his point may be valid (and I'm not conceding the point) the essay is crap.
-Peter
Re:Planned or measured?
on
Landshark
·
· Score: 3, Informative
RTFA. It lowers the mud guards into the water and acts as a hydrofoil.
I'm no expert, but I thought that part of the idea was that people sign the keys of people they actually know. This forms an interlocking verification -- a web of trust.
It sounds like you are trying to build a "monolith of trust." Maybe you are having trouble because your idea goes against the grain.
First, realize that if every able bodied man (the militia) maintained a firearm we would be "unoccupyable." Imagine the kind of manpower it would take to "clear" every house in America of firearms. Take one town, and you have to worry about the surrounding towns routing you.
Second, recall that the British colonies in America had no standing army. What amounted to a bunch of guys with their squirrel guns defeated the greatest standing army of the time (and their Hessian mercenaries).
Third, don't discount the huge number of people who have had Basic Combat Training. Everyone who ever served in the US Military, to include Guardsmen and Reservists have had this training.
Finally, a few years back it was popular to mock men who trained for combat outside of the auspices of the US Armed Forces. If we ever are invaded, local militia men are your last and best hope of retaining your freedoms. I hope for you sake you have some.
-Peter
PS: You said "Out of all the people that I know, there are very, very few that I would want to go to war with, and even less that I would trust in a foxhole." While I agree with the sentiment, this is a very naive statement. Let me put it to you like this: If the war came to your doorstep, would you rather trust your neighbor in the foxhole, or would you rather learn Chinese?
Slashdot Mirror
Are you serious?
I can barely remember my phone number. It is only 10 digits, and the first three are a gimme. I'm supposed to remember "iDclyWnIxwaJcSOWNLcj" or some junk?
And this has no real impact on the trust issue. What prevents the webserver admin from having the webmail software log all incoming passphrases?
I harp on this becasue if I can trust my mail admin (and you trust yours) half the battle is already won.
-Peter
Encrypted webmail is a tricky issue. In the final analysis you basically have to use a passphrase that is so good that you don't mind having your (encrypted) private key publicly available.
Consider that the webserver admin(s) will have access to the encrypted private key. Also consider that the webserver (process) has read access to the key. The upshot is that if anyone gets root access to the box, gets a shell under the webserver's UID, or convinces the webserver to serve up a file that it is supposed to have read access to, the only thing between your private key and an attacker is your passphrase.
I find all this unsettling to the point of believing that it can't be safely done.
If anyone knows any better, please fill me in.
-Peter
Moderation Totals: Funny=3, Total=3.
Way to miss the point, dumbass.
-Peter
Well, it wasn't a quote. I took pretty significant liberties . . .
I was alluding to Martin's suit for freedom in "The Bicentennial Man" where the judge says that anything that can desire freedom deserves it.
1. He didn't actually say it had to ask in English. ('course I didn't either).
2. I actually was using a reciprocal "law" that he almost certainly wouldn't have agreed with.
So dis me, not Issac.
-Peter
Wow. There's a recipie for failure.
-Peter
We can experiment on it (treat it as property) until it asks us to stop.
-Peter
The GPL can not force anyone to make changes to any GPLed program public, since it doesn't even apply to you unless you redistribute the program.
When the license is taken as a whole "if you want it" clearly only refers to people who have received a binary derived from a GPLed work.
Any restriction or burden on the use of a a GPLed program (to include modification, which is freedom 1) is at odds with the spirit of the license and the GNU, and is clearly not the intent of the license.
I am afraid you are spreading FUD about the GPL. To paraphrase, "If you use GPLed code you have to release all your code under the GPL." I don't believe that you are doing it intentionally, but you are spreading this falsehood.
-Peter
Please read the GPL.
There is no requirement to make any code "publicly available" ever.
Simply modifying GPLed code doesn't even require that you agree to any license.
Please try to resist the urge to talk out of your ass in the future.
-Peter
Well, it all boils down to personal preference.
Okay, but QuietKey keyboards have objectively have poor feedback (i.e. they are about as mushy as any keyboard I have used), and the statement was in made in the context of how good the feedback is.
So, I guess that in some cosmic sense "it all boils down to personal preference," but in the context of the actuall conversation, or the context of your original post, or the story, personal preference isn't really relevant.
-Peter
You clearly have never been married.
-Peter
I'm not saying don't do it, or that contracting companies are saints, but you are getting something for that comission.
-Peter
Feedback is key (if you'll forgive the pun). That's why clicky-keyboards are so good. It is also why "roll up" keyboards will only ever catch on for special applications, where portablity or durablity are far more important than useablity.
The same goes for any "virtual" keyboard that senses keystrokes in the air. The only workable solution might be force-feedback gloves.
-Peter
Dude, Dell Quiet key keyboards SUCK. (At least when compared to a good clicky-keyboard.) Now, the old Dell "full size footprint" keyboards are pretty darn good.
-Peter
I contend that building a couch fort is bad for any marrige.
-Peter
He doesn't speak slowly, he speaks haltinly.
-Peter
The worst thing that could happen under the GPL (which you brought into the discussion) is that we have to separate the wheat of their contributions from the chaff and fork.
The same isn't true with the Apache license, but the trump card with people playing games with Free Software is to fork.
Open Source projects should be managed and developed by an unbiased group of developers.
Do you mean unbiased, or biased the same way you are? While your biases (and mine) may be diametrically opposed to Covalent's, that doesn't make you (us) unbiased.
-Peter
Bus RAM made sense on my 286 running windows 3.0. Real-mode paging was a real step up from the 1M memory limit.
Today it doesn't make any sense.
OTOH, the ram drive you mentioned might make sense (except that it is pretty expensive) if you used it for a swap partition.
I think that a better overall plan would be:
1. Don't buy a RAMBUS based system.
2. Buy one that supports an unreasonable amount of RAM, with only one slot populated with the largest module it supports. In a few years it won't seem like so much.
3. Reconsider buying a Dell. If you know how many DIMM sockets it has you aren't the target customer.
-Peter
PDF doesn't really compete with TeX or XML, but with PS and DVI.
-Peter
So, the metaphor is fundamentally broken, but it is intuitive, which is more important.
-Peter
Wah? Is this serious? Does he mean UDP?
Huh? You can't retransmit cabbages or actors or hard copies of badly researched essays . . . but you can retransmit freaking TCP packets!
While his point may be valid (and I'm not conceding the point) the essay is crap.
-Peter
RTFA. It lowers the mud guards into the water and acts as a hydrofoil.
-Peter
I agree with him. According to netcraft "The site www.scopeware.com is running Microsoft-IIS/5.0 on Windows 2000"
.
I think Win2k is an irrelevant OS . .
-Peter
I'm no expert, but I thought that part of the idea was that people sign the keys of people they actually know. This forms an interlocking verification -- a web of trust.
It sounds like you are trying to build a "monolith of trust." Maybe you are having trouble because your idea goes against the grain.
-Peter
You couldn't be more wrong.
First, realize that if every able bodied man (the militia) maintained a firearm we would be "unoccupyable." Imagine the kind of manpower it would take to "clear" every house in America of firearms. Take one town, and you have to worry about the surrounding towns routing you.
Second, recall that the British colonies in America had no standing army. What amounted to a bunch of guys with their squirrel guns defeated the greatest standing army of the time (and their Hessian mercenaries).
Third, don't discount the huge number of people who have had Basic Combat Training. Everyone who ever served in the US Military, to include Guardsmen and Reservists have had this training.
Finally, a few years back it was popular to mock men who trained for combat outside of the auspices of the US Armed Forces. If we ever are invaded, local militia men are your last and best hope of retaining your freedoms. I hope for you sake you have some.
-Peter
PS: You said "Out of all the people that I know, there are very, very few that I would want to go to war with, and even less that I would trust in a foxhole." While I agree with the sentiment, this is a very naive statement. Let me put it to you like this: If the war came to your doorstep, would you rather trust your neighbor in the foxhole, or would you rather learn Chinese?
-P
One of us is confused.
As I understand it, RTSP only sets up and controls a connection over another protocol (typically RTP).
So, by using HTTP instead you lose pause/rewind/ff capabilities, but you still need RTP to actually receive the data.
Oh, and none of this seems relevant to the handshake issue.
-Peter