The EFF is comprised of (at least some) lawyers and many of them do the work themselves or convince other lawyers to represent their interests pro bono. And that's only if they think the cause is just and they have the resources to take it on. They don't just pick up the tab for legal fees and they definitely can't take on any small-time case that reaches their inbox. They're trying to fight bigger problems than "oh noes, somebody copy-pasta'd my stuff!"
I'm led to understand, however, that they do give good non-legally-binding advice on these kinds of issues for free.
I'd wager they've already had their fair share of beatings. It's one of the heavy burdens one must live with to be a true devotee to the wisdom and forward thinking of the world's greatest science fiction and fantasy authors...
For example, I have an old laptop with an ATI Mobility 7500 on which I installed Centos 5.5. Normally I'd just grab the FGLRX installer from ATI and remake a module, but in this case, the modules don't work properly.
Have you tried a different Linux distribution? Hardware support and other kernel features come a lot slower to CentOS/RHEL than other distros because they have to backport everything to the older kernel. CentOS is great for servers but when it comes to desktop/laptop hardware support, Fedora and Ubuntu are a better bet.
The Linux kernel is open source. Anyone who thinks they can do better can just clone it in git and start their own fork. You don't have to replace Linus, you can just be your own kernel maintainer. There's no part of the mainline Linux kernel development that takes place in private, so you can even "play Linus" and just merge only the patches that you like from the kernel mailing list into your own personal tree.
The kernel that Linus releases is not meant to be used directly by end users. Distributions are responsible for integrating the kernel into their operating systems as they see fit. They can choose to track Linus' tree closely or not at all. Red Hat, for example, rolls their own kernel that bears little resemblance to any of Linus'.
Linus' tree is widely regarded as the official Linux kernel mainly because he invented it and has stuck to his vision of how the kernel should be developed over the past 18 years or so. Most of the top developers and open source companies trust Linus and his management over the mainline kernel. Many have been around from the very beginning. Suggesting that they would "dump" Linus as the core maintainer is outright laughable. \
Probably because sound is already a lot easier generate, sample, cut, filter, mangle, and in general work with. Anyone who wants an electronic version of a high-end piano just needs to buy a CD with a sample (or few) of each key being struck and bingo. Sure, you'll always miss out on some flexibility and fidelity compared to the real thing but with today's technology, not too much.
None of this harms Skype's existing security in any way. Encryption, if properly implemented, is secure even when all of the mechanisms are known. This is why you can have software like GPG and the zillion open source AES implementations and still use them to reliably protect data from interception.
What would weaken Skype's security was if someone found a shortcut (by way of a bug or design flaw) to decrypting the data without knowledge of the keys being used. According to TFA, this is what the O'Neill is working on now.
That said, the source material that O'Neill provided mentions only symmetric ciphers, which means that the keys might be buried in the Skype binaries somewhere. If that's the case, then finding those would break Skype's encryption wide open. But I rather doubt that will happen. We're only seeing part of the story here and I'd bet dollars to donuts that they're using one or more asymmetric ciphers somewhere to transmit keys for the symmetric ciphers.
I did the same thing 5 years ago. I wanted a persistent IRC terminal next to my workstation because I was way to cool to just have an XChat window open all the time.
I put it together out of a Wyse 160 terminal that I pulled out of a dumpster (the box had never been opened so it was effectively brand-new) and a Pentium 90 netbook-like computer that someone gave me.
The releases made by kernel.org are intended for software distribution maintainers, developers, and the odd crazy DIYer. Not end users. If you get your operating system from Red Hat or Canonical, it's their job to tell you that there is a security issue and by the way here is the patch.
Unlike previous versions of the HTML recommendations, HTML 5 will become a recommendation when at least two independent web browsers fully support the draft. Although there are obviously people writing the draft and making constant improvements to it, most (all?) of these people are also web browser developers. The draft is not being held up by some committee of random bigwigs in a dark smoky room.
That means if you're so impatient to see HTML 5 go from draft to recommendation, the proper course of action is to write your own HTML5-compliant browser or contribute to the development of one or more open source browsers.
The problem with the Archos tablet, if I recall, was that it runs a heavily modified version of Android based on an old release of Android. It uses closed-source Archos software to replace many common Android features. And it doesn't have the Android Market. And it's not as physically large as an iPad. From what I'm to understand, calling it an Android tablet is a stretch, especially if you want to compare it with an iPad, but I'm happy to be corrected by anyone who owns one.
A few years ago I came across a thread on a FreeBSD mailing list where a build of some package was failing and the submitter couldn't tell why because he wasn't a developer. The failure was unusual and no one else could reproduce it. Eventually, the problem was traced back to a character in the source differing from the original. The character was a one-bit difference from the correct character, and it was suggested to the submitter that he reboot and memtest his memory. Sure enough, one single bad bit out of around 512MB.
My kingdom for mod points. This is exactly true and is the single biggest vulnerability of SSL.
Every web browser trusts hundreds of root certificates. Most of them are entities that I've never heard of or wouldn't necessarily *want* to trust anyway. (HongKong Post, anyone?) Any of these CAs can effortlessly forge an SSL certificate for any site on the web. I would find it extremely hard to believe that not a single one of them is secretly cooperating with government agencies, law enforcement, or anyone with a large enough check book.
And the nature of SSL is it's pretty much all-or-none.
The company that I work for has a proxy that filters and caches HTTP, FTP, and HTTPS. The proxy basically does something of a man-in-the-middle attack. When you request an HTTPS website, the proxy establishes a secure connection with the remote site, fetches the data, decrypts it, re-encrypts it with the company's SSL certificate (which is installed by default on all workstations), and sends it to the user's browser.
The most annoying thing is that when this happens, the user has no idea that their traffic is being intercepted, cached, and possibly modified unless they happen to check the certificate and see that the organization is the name of the company they work for rather than, say, Google. But of course even that is easy to spoof when the company has its certificate authority preinstalled on all of the desktops.
Expect this to become more common. Regular users can't spot it because they have been trained to look for the padlock icon and the "https" to determine whether or not a site is "secure." It won't be long until every company does this as automatically as they install firewalls or spam-filtering products. Schools and libraries will have to use it so that they can block inappropriate content coming in via HTTPS. I fully expect that some major national ISPs are already looking into what it would take to force this upon their customer base at some point. I'm afraid hijacking DNS was only the first step, folks.
It's the geek factor. Ideally, every person in IT has some level of geek in them. But when you have someone who swings too far to the geek side of the spectrum, you wind up with an individual who frequently loses sight of the reality of business needs or doesn't quite realise how non-technical people interact with software.
For example, die-hard geeks make excellent programmers, but they rarely make the best application designers. I worked with one guy who was utterly brilliant with any coding task you handed him. But every time the boss would say, "design me an application that does such-and-such," his design process would last weeks and by the end of it, he had basically invented a special-purpose programming language for the task at hand rather than a plan for building a deliverable piece of software.
It will never fly. The cell phone industry is built on the simple notion that most people will pay way, way more than they really need to for their phone service. And a large chunk of those will pay a premium on top of that to have the latest, coolest-looking phone. (90% of iPhone owners, I'm looking at you.)
The days of people taking a critical look at the value they're receiving for their purchases are long gone. It's a shame that there's no such thing as an affordable, reasonable (in my opinion) cell phone plan. But certainly don't want the government telling anybody, even the most crooked phone companies in the world, how they can sell their product.
There's no certainty that all the lobbying and writing campaigns in the world will stop ACTA, but sitting back and just complaining about it on the Internet guarantees the eventual erosion of all your personal rights.
(Including sitting back and complaining about things on the Internet.)
Unless you're a multi-billion dollar corporation, you have no legal way to really influence your own government, let alone influence the internationals deciding treaties in secret behind closed doors.
Which is exactly what they want you to think. The reality is that you can make a difference. Let your legislators know your own personal opinion of the ACTA. They are your government representation and are supposed to be voting in your interest. If you can't take the time to firmly and politely inform them of your interests, then yes, the multi-billion dollar corporations who have the other ear are going to win instead.
You can also donate to organizations (possibly the EFF) who persuade and litigate important legal matters such as this.
There's no certainty that all the lobbying and writing campaigns in the world will stop ACTA, but sitting back and just complaining about it on the Internet guarantees the eventual erosion of all your personal rights.
Slashdot Mirror
Except the ones Apple says you aren't allowed to access, even when doing so is technically possible.
The EFF is comprised of (at least some) lawyers and many of them do the work themselves or convince other lawyers to represent their interests pro bono. And that's only if they think the cause is just and they have the resources to take it on. They don't just pick up the tab for legal fees and they definitely can't take on any small-time case that reaches their inbox. They're trying to fight bigger problems than "oh noes, somebody copy-pasta'd my stuff!"
I'm led to understand, however, that they do give good non-legally-binding advice on these kinds of issues for free.
I'd wager they've already had their fair share of beatings. It's one of the heavy burdens one must live with to be a true devotee to the wisdom and forward thinking of the world's greatest science fiction and fantasy authors...
Er, wait, were you talking about the cult?
Have you tried a different Linux distribution? Hardware support and other kernel features come a lot slower to CentOS/RHEL than other distros because they have to backport everything to the older kernel. CentOS is great for servers but when it comes to desktop/laptop hardware support, Fedora and Ubuntu are a better bet.
A couple of quick points:
The Linux kernel is open source. Anyone who thinks they can do better can just clone it in git and start their own fork. You don't have to replace Linus, you can just be your own kernel maintainer. There's no part of the mainline Linux kernel development that takes place in private, so you can even "play Linus" and just merge only the patches that you like from the kernel mailing list into your own personal tree.
The kernel that Linus releases is not meant to be used directly by end users. Distributions are responsible for integrating the kernel into their operating systems as they see fit. They can choose to track Linus' tree closely or not at all. Red Hat, for example, rolls their own kernel that bears little resemblance to any of Linus'.
Linus' tree is widely regarded as the official Linux kernel mainly because he invented it and has stuck to his vision of how the kernel should be developed over the past 18 years or so. Most of the top developers and open source companies trust Linus and his management over the mainline kernel. Many have been around from the very beginning. Suggesting that they would "dump" Linus as the core maintainer is outright laughable.
\
Just wanted to point out to everyone that there is a handy-dandy animatey feedback link on the page as well. :)
Probably because sound is already a lot easier generate, sample, cut, filter, mangle, and in general work with. Anyone who wants an electronic version of a high-end piano just needs to buy a CD with a sample (or few) of each key being struck and bingo. Sure, you'll always miss out on some flexibility and fidelity compared to the real thing but with today's technology, not too much.
You're absolutely right. I say we should still be blaming Bush for this kind of crap.
None of this harms Skype's existing security in any way. Encryption, if properly implemented, is secure even when all of the mechanisms are known. This is why you can have software like GPG and the zillion open source AES implementations and still use them to reliably protect data from interception.
What would weaken Skype's security was if someone found a shortcut (by way of a bug or design flaw) to decrypting the data without knowledge of the keys being used. According to TFA, this is what the O'Neill is working on now.
That said, the source material that O'Neill provided mentions only symmetric ciphers, which means that the keys might be buried in the Skype binaries somewhere. If that's the case, then finding those would break Skype's encryption wide open. But I rather doubt that will happen. We're only seeing part of the story here and I'd bet dollars to donuts that they're using one or more asymmetric ciphers somewhere to transmit keys for the symmetric ciphers.
I did the same thing 5 years ago. I wanted a persistent IRC terminal next to my workstation because I was way to cool to just have an XChat window open all the time.
I put it together out of a Wyse 160 terminal that I pulled out of a dumpster (the box had never been opened so it was effectively brand-new) and a Pentium 90 netbook-like computer that someone gave me.
The releases made by kernel.org are intended for software distribution maintainers, developers, and the odd crazy DIYer. Not end users. If you get your operating system from Red Hat or Canonical, it's their job to tell you that there is a security issue and by the way here is the patch.
Unlike previous versions of the HTML recommendations, HTML 5 will become a recommendation when at least two independent web browsers fully support the draft. Although there are obviously people writing the draft and making constant improvements to it, most (all?) of these people are also web browser developers. The draft is not being held up by some committee of random bigwigs in a dark smoky room.
That means if you're so impatient to see HTML 5 go from draft to recommendation, the proper course of action is to write your own HTML5-compliant browser or contribute to the development of one or more open source browsers.
The problem with the Archos tablet, if I recall, was that it runs a heavily modified version of Android based on an old release of Android. It uses closed-source Archos software to replace many common Android features. And it doesn't have the Android Market. And it's not as physically large as an iPad. From what I'm to understand, calling it an Android tablet is a stretch, especially if you want to compare it with an iPad, but I'm happy to be corrected by anyone who owns one.
Okay then. Using that logic: consumers don't pay taxes, they just pass them on to their employer.
A few years ago I came across a thread on a FreeBSD mailing list where a build of some package was failing and the submitter couldn't tell why because he wasn't a developer. The failure was unusual and no one else could reproduce it. Eventually, the problem was traced back to a character in the source differing from the original. The character was a one-bit difference from the correct character, and it was suggested to the submitter that he reboot and memtest his memory. Sure enough, one single bad bit out of around 512MB.
My kingdom for mod points. This is exactly true and is the single biggest vulnerability of SSL.
Every web browser trusts hundreds of root certificates. Most of them are entities that I've never heard of or wouldn't necessarily *want* to trust anyway. (HongKong Post, anyone?) Any of these CAs can effortlessly forge an SSL certificate for any site on the web. I would find it extremely hard to believe that not a single one of them is secretly cooperating with government agencies, law enforcement, or anyone with a large enough check book.
The company that I work for has a proxy that filters and caches HTTP, FTP, and HTTPS. The proxy basically does something of a man-in-the-middle attack. When you request an HTTPS website, the proxy establishes a secure connection with the remote site, fetches the data, decrypts it, re-encrypts it with the company's SSL certificate (which is installed by default on all workstations), and sends it to the user's browser.
The most annoying thing is that when this happens, the user has no idea that their traffic is being intercepted, cached, and possibly modified unless they happen to check the certificate and see that the organization is the name of the company they work for rather than, say, Google. But of course even that is easy to spoof when the company has its certificate authority preinstalled on all of the desktops.
Expect this to become more common. Regular users can't spot it because they have been trained to look for the padlock icon and the "https" to determine whether or not a site is "secure." It won't be long until every company does this as automatically as they install firewalls or spam-filtering products. Schools and libraries will have to use it so that they can block inappropriate content coming in via HTTPS. I fully expect that some major national ISPs are already looking into what it would take to force this upon their customer base at some point. I'm afraid hijacking DNS was only the first step, folks.
It's the geek factor. Ideally, every person in IT has some level of geek in them. But when you have someone who swings too far to the geek side of the spectrum, you wind up with an individual who frequently loses sight of the reality of business needs or doesn't quite realise how non-technical people interact with software.
For example, die-hard geeks make excellent programmers, but they rarely make the best application designers. I worked with one guy who was utterly brilliant with any coding task you handed him. But every time the boss would say, "design me an application that does such-and-such," his design process would last weeks and by the end of it, he had basically invented a special-purpose programming language for the task at hand rather than a plan for building a deliverable piece of software.
It will never fly. The cell phone industry is built on the simple notion that most people will pay way, way more than they really need to for their phone service. And a large chunk of those will pay a premium on top of that to have the latest, coolest-looking phone. (90% of iPhone owners, I'm looking at you.)
The days of people taking a critical look at the value they're receiving for their purchases are long gone. It's a shame that there's no such thing as an affordable, reasonable (in my opinion) cell phone plan. But certainly don't want the government telling anybody, even the most crooked phone companies in the world, how they can sell their product.
The inclusion of PayPal seemed a little odd to me. PayPal already redirects to HTTPS on all of their pages that I've visited.
(Including sitting back and complaining about things on the Internet.)
Which is exactly what they want you to think. The reality is that you can make a difference. Let your legislators know your own personal opinion of the ACTA. They are your government representation and are supposed to be voting in your interest. If you can't take the time to firmly and politely inform them of your interests, then yes, the multi-billion dollar corporations who have the other ear are going to win instead.
You can also donate to organizations (possibly the EFF) who persuade and litigate important legal matters such as this.
There's no certainty that all the lobbying and writing campaigns in the world will stop ACTA, but sitting back and just complaining about it on the Internet guarantees the eventual erosion of all your personal rights.
That's "siren song," you illiterate clod.
If I could cue that way, I wouldn't need the talcum powder
Sales guys are 8x better than engineers at convincing the company to pay them what they think they're worth.