Mod parent up. Any datacenter worth their salt has a way of blacklisting IPs at the router if a DoS can't be stopped at the server (although it honestly sounds like they didn't try that approach either).
A lot of businesses that I interact with (both business and personal) are still using unencrypted FTP, and very few people use any kind of encryption for email. Most websites are still using unencrypted HTTP.
Not encrypting FTP or email is pretty inexcusable if you're going over the public Internet.
However, most websites use plaintext HTTP most of the time because there's nothing to hide. It's expected that a site will switch into SSL mode when entering a password or displaying personal or financial information, but other than that, there's really not an incentive to encrypt normal web traffic. If someone snooped on my connection and saw spurts of HTTPS traffic coming from IPs assigned to Slashdot and CNN, all they have to do visit those sites themselves to see what I'm reading.
(Although I really do wish Slashdot would at least allow logins and comment submissions over SSL.)
It costs a nonzero amount to get a certificate at all, and a self-signed certificate is barely better than raw http.
Well, the question was about encryption rather than trust. Trust is a whole different topic. Nobody has yet come up with a good trust model for the public Internet. The one that exists right now is next to worthless for two reasons: 1) Criminals who exploit novice Internet users never bother with using SSL on their phishing sites 2) greater than 99% of all Internet users who encounter an SSL certificate problem simply click "Okay, proceed" without bothering to understand what the warning is trying to tell them. In terms of trust alone, SSL on the public Internet is as bad or worse as any security theatre you'll find in an airport.
A self-signed certificate, however, gets you encryption without trust. That in itself is valuable to someone like me. It's incredibly unlikely that anyone would want to target me specifically to pose as my email/web server. I'm mainly concerned about preventing eavesdroppers from picking up the contents of my traffic by sniffing the wifi or compromising a router along the way. And if they did, the chances are pretty high that I would be trying to access my server using a client that already has the certificate saved, so I would likely be warned if the certificate changed in any way.
Finally, a lot of people fail to realize that there are plenty of situations where you can have both encryption and relative trust without needing the services of a public certificate authority. Anyone can set up their own CA and distribute the root certificate to all computers and devices that need them. This works fine for a corporate intranet or VPN, for example.
I find all this perplexing because from what I hear, the people who keep thrusting IE6 on people like a poisoned dagger are IT departments, but aren't IT departments supposed to be staffed by, you know, techies?
This is a common misconception. Generally, the companies which have a policy of requiring IE on the desktop (to the exclusion of anything else) tend to be the same ones staffed by I.T. managers who sign their emails with a long string of certification acronyms after their names. The staff themselves are usually selected by the same criteria.
The education system isn't flawed, just that the standards for these types of positions are _incredibly_ low.
This is a bit of an oxymoron: the system is flawed precisely because of the low standards for faculty and administrators. The only way to turn our public education system around is to invest heavily in it at all levels and weed out those who are just there for the paycheck and power trip. Hold teachers to higher standards than the students. In fact, the profession of "teacher" should be as noble and respected as a doctor or scientist. Allow parents and students to choose schools. Make high school more like college where the student is allowed to pursue (for the most part) their own interests. Don't design the entire curriculum around the lowest common denominator. Place some kind of limit on the importance of school sports. Teamwork, competition, and physical fitness are wonderful values to teach but they are *part* of a well-rounded education, not the majority of it. Dump money not into just school themselves, but education in general rather than occupying foreign countries. We can't fix the world until we fix ourselves first.
Even though there should be no restrictions on usage, companies very often request a different license citing as a valid reason that the creator of such platform has special terms forbidding 'open source software' in the contracts forced upon the developer.
I think they've answered the question for you. If their contract says they can't use open source software, then they are already forbidden from using any already-open code in the project, even if they get a special alternate form of license from you.
Also, if you've ever taken patches from other developers, and didn't have them sign a statement that giving you copyright over the patch, you're probably not legally allowed to relicense their work anyway.
Finally, while I can't speak to your motivations, if I released software under an open source license and someone came along and said, "hey, we need a different license for this, can you help us out?" My response would be, "how much are you paying me for it?"
The Chinese need to learn that we will not do business with them until they clean up their human rights issues, implement better protection of IP, and stop being the dishonorable cheaters that they are.
Sure, you go tell them that. And then they'll remind you that our country owes them a few trillion dollars and relies on them for pretty much all of our manufacturing needs and are thus not really under any particular obligation to bend to our will.
If you don't want to U.S. to rely on China economically, you have to:
1) Convince the government to stop asking China for loans to pay for misguided occupations and corporate bailouts. 2) Convince almost every American producer of durable and consumable goods to pay 2 to 3 times more for their manufacturing costs instead of outsourcing the work to China. 3) Convince every American consumer to pay 2 to 3 times as much for everything they currently buy, because that's how much more we'd be paying for everything from food to clothing to computers to cars without cheap foreign labor.
One thing to note about LORAN, vs GPS, however is: GPS is basically owned by the United States. The US government has full control over it.
The U.S. has full control over the LORAN-C transmitters in the U.S. too. Hence their ability to shut them down.
On the other hand, LORAN is an international system, used by many countries... Many countries, the US, Japan, Europe, use LORAN.
And those countries can continue to use LORAN within their own borders. The U.S. has no power to turn those off.
I'm sure the US government can't stand being part of an international system... they've got to turn off their receivers, to tighten their stranglehold on navigation control systems.
What I want to know is why the U.S. didn't shut off LORAN-C as soon as cheap GPS receivers were widely available. All military vessels had GPS receivers not long after the constellation was active. GPS is extremely reliable: You need a minimum of 4 satellites in view to get an accurate position (3 in a pinch) and with 31 satellites currently in service, there are usually at least 8 visible in the sky at any time. The (implicit) argument of LORAN-C as a necessary fallback is bogus.
There can't be an alternative to GPS available, when the US needs to switch it off or block the signal over/around certain areasw in an emergency or time of war...
In the private/commercial sector, LORAN-C was really only used for sea navigation. When's the last time you saw a hiking gadget or car navigation unit that used LORAN-C? Never, because the required antenna is enormous no matter how small the electronics get. And as I already mentioned, the U.S. government certainly has as much capability of turning off LORAN-C transmitters as they do GPS signals.
Simply put, the U.S. will not ever voluntarily turn off GPS signals within U.S. borders. I highly doubt they would even re-enable SA. Too many consumer, commercial, medical, and scientific devices depend on the accuracy of GPS these days. We would have to be facing a full-on armed invasion which I doubt is something I'll ever see in my lifetime.
Android makes it way to easy to build simple apps but makes t more difficult to produce top notch professional apps than the iPhone does.
You must point me to these top-notch professional apps on the iPhone/iPod, because I haven't seen any yet.
I bought an iPod Touch three weeks ago and so far have found that its primary redeeming quality is the excellent web browser. Not much else has really lived up to all of the hype I've been hearing over the past couple years. Even though it carries the iPod name, the UI for navigating and playing audio and video really sucks. Podcast management (the main reason I bought the device) is particularly dismal and there are no downloadable alternatives since Apple forbids it. I've generally found that most applications in the App Store fall into these four categories:
1. Apps which make trivial use of the iPod/iPhone hardware (flashlights, compasses, voice recorders, etc) 2. Content delivery for existing publications, stores and websites (CNN, New York Times, Facebook, etc) 3. Casual games (Tetris, Bejewelled, etc) 4. Personal computation/information software (Tip calculators, notepads, budget apps, currency converters, etc)
I haven't seen a single app yet that I would consider paying actual money for. Maybe it's just because I'm a geek and am therefore difficult to "wow" when it comes to technology, but the point remains. I jailbroke my iPod, but all that really opens up is an adware-supported application installer and shell access to the device. Even many of the jailbreak-only apps seem to be driven by the same "must monetize everything" iPhone development mentality.
The second someone comes out with an iPod Touch equivalent running a full version of Android, I'll be all over it. I'd love to give the N900 a whirl but it costs twice as much as I'd ever pay and the N800 put me off as far as Maemo is concerned.
of course, tons of servers still run the 1.3 and 2.0 branches
these people don't care if they're in active development - and almost all of them are running them because upgrading isn't worth it for their application.
I'm going to go out on a limb here and say the real reason they don't upgrade is because they don't know which version of Apache they're using, and/or don't care.
I work for a web hosting company and lots of our customers are still running 1.3 and 2.0 because that's what they were originally set up with. If we asked them to upgrade to 2.2, almost all of them would say, "What for? My site runs perfectly fine, don't touch it." As a courtesy, we offer to migrate our customers' data from their old web host if they sign up with us, and a lot of our competitors are really fly-by-night operations running a stock version of cPanel from 5 years ago. Working in web hosting, you come to realize that for every web site maintained by a competent administrator, there are 100 more that are just slapped on a server by some Dreamweaver amateur and not touched for years.
This is something that is far more unlikely to happen on the iPhone because of Apple's strict control and testing of all apps. Even the "jailbreak" stores will reject things that aren't as advertised.
There's nothing preventing a developer from slipping something nasty into an iPhone application. There are plenty of apps in the App Store that security and privacy advocates would describe as "malware." E.g., applications that forward your personal details, online behavior, location, etc to their servers or someone else's. Apple's approval process does not "vet" the code in terms of security, quality, or otherwise. The approval process is there only to enforce Apple's artificial limitations on what functions the software can perform.
Allow open development, and you've basically got a platform that the bad guys can target. There's already standards for signing code to prove that an app came from who you thought it did.
The bad guys can target you regardless of whether the platform is open or closed. The trusted source thing is no guarantee that you're getting an application that doesn't pull something sneaky. It's the same "weakness" that SSL has: Just because a website has an SSL certificate doesn't mean it's automatically a-okay to give them your personal information or run their software. It's perfectly possible for a determined individual to set up a legit-looking company and website, write a website password storage application, and get it through Apple's approval process. Nobody would know until too late that the program waits for a particular date and then sends all of its collected passwords to server hosted in a foreign country.
It's mind warping to imagine that the whole of our existence necessarily depends on encodings that are 2-dimensional in nature. If this is the case, what a world it would be. Philosophers and religious folk will argue over what that might mean.
My take on it has been this: If a larger key length doesn't incur a significant performance or storage penalty, use it. There's always the outward chance that a weakness in the algorithm (or more likely, the implementation that you're using) will contain a flaw that reduces the effective key length. For example, it is believed that brute-forcing AES 128-bit symmetric encryption would take more energy than exists in the known universe. Yet, almost all implementations offer a 256-bit key length. If a shortcut is found that reduces the effective key length of AES by 128 bits, then anyone using a 256-bit key is still fully protected. On modern hardware, the performance difference between the two is completely negligible so there's not really a good argument against using a 256-bit key except that it's probably overkill from a theoretical standpoint.
(Disclaimer to the greater Slashdot audience: I'm an amateur at encryption but I'm always willing to learn more, so if I've got something wrong please correct me rather than insulting me.)
From a power-user's point of view, multithreading is the most obvious way to get a speed boost if you have multiple cores. Most any app that isn't multithreading can only use one core. That's where the conflation comes from. They don't know (or don't care) that multithreading has advantages beyond performance.
More on-topic, it's becoming increasingly rare to go into a Best Buy and find a computer that hasn't been "optimized" with a nice little $20-$40 markup.
Here's betting that their controlled, censored, monitored, restricted, "Big Brother" network dies on the drawing board, as the majority seek to protect their thoughts and opinions.
More specialized devices that only play music (ipod) or GPS navigate (tom tom) or display email (blackberry) or let you write down notes (newton) or take pictures (compact digital camera) are rapidly becoming obsolete.
As they well should. All of the devices you mention are basically the same (architecture-wise) as general-purpose computers, just smaller.
I just bought myself an iPod Touch for christmas (my first Apple purchase) and have experienced equal parts of both fascination and frustration while using the device. The fact that they've managed to give such a small device a very capable web browser is nothing short of amazing, nevermind the zillion other cool things the device does.
It's a shame, however, that Apple has such a strong hold on what I'm able to do with the device after I've bought it. It's ludicrous that there's no access to the filesystem and absolutely no way to put data of any kind on the device without the approval of iTunes. I'd love to develop for it, but I'm not slapping down $99 plus whatever the lowest-end Mac costs just to tinker around. The most worrisome thing, however, is that Apple appears to be more anti-open-source than Microsoft at the same time that they directly benefit from a large number of open source frameworks and libraries in virtually all of their software.
I know, I can always jailbreak the iPod and get most of the functionality I'm asking for (and I probably will eventually), but it would be nice for a change if a company could engineer a device without going through so much trouble to lock it down to one or two functions. And/or perceived their more technical customers to be assets rather than enemies.
Slashdot Mirror
Mod parent up. Any datacenter worth their salt has a way of blacklisting IPs at the router if a DoS can't be stopped at the server (although it honestly sounds like they didn't try that approach either).
Not encrypting FTP or email is pretty inexcusable if you're going over the public Internet.
However, most websites use plaintext HTTP most of the time because there's nothing to hide. It's expected that a site will switch into SSL mode when entering a password or displaying personal or financial information, but other than that, there's really not an incentive to encrypt normal web traffic. If someone snooped on my connection and saw spurts of HTTPS traffic coming from IPs assigned to Slashdot and CNN, all they have to do visit those sites themselves to see what I'm reading.
(Although I really do wish Slashdot would at least allow logins and comment submissions over SSL.)
Well, the question was about encryption rather than trust. Trust is a whole different topic. Nobody has yet come up with a good trust model for the public Internet. The one that exists right now is next to worthless for two reasons: 1) Criminals who exploit novice Internet users never bother with using SSL on their phishing sites 2) greater than 99% of all Internet users who encounter an SSL certificate problem simply click "Okay, proceed" without bothering to understand what the warning is trying to tell them. In terms of trust alone, SSL on the public Internet is as bad or worse as any security theatre you'll find in an airport.
A self-signed certificate, however, gets you encryption without trust. That in itself is valuable to someone like me. It's incredibly unlikely that anyone would want to target me specifically to pose as my email/web server. I'm mainly concerned about preventing eavesdroppers from picking up the contents of my traffic by sniffing the wifi or compromising a router along the way. And if they did, the chances are pretty high that I would be trying to access my server using a client that already has the certificate saved, so I would likely be warned if the certificate changed in any way.
Finally, a lot of people fail to realize that there are plenty of situations where you can have both encryption and relative trust without needing the services of a public certificate authority. Anyone can set up their own CA and distribute the root certificate to all computers and devices that need them. This works fine for a corporate intranet or VPN, for example.
This is a common misconception. Generally, the companies which have a policy of requiring IE on the desktop (to the exclusion of anything else) tend to be the same ones staffed by I.T. managers who sign their emails with a long string of certification acronyms after their names. The staff themselves are usually selected by the same criteria.
Does you netbook by chance have a Turbo button?
They certainly can. And when they look down that road, what they see are enormous legal fees, raises, and at least promotion or two.
Apple and Nokia should just get a hotel room and "argue" it all out.
This is a bit of an oxymoron: the system is flawed precisely because of the low standards for faculty and administrators. The only way to turn our public education system around is to invest heavily in it at all levels and weed out those who are just there for the paycheck and power trip. Hold teachers to higher standards than the students. In fact, the profession of "teacher" should be as noble and respected as a doctor or scientist. Allow parents and students to choose schools. Make high school more like college where the student is allowed to pursue (for the most part) their own interests. Don't design the entire curriculum around the lowest common denominator. Place some kind of limit on the importance of school sports. Teamwork, competition, and physical fitness are wonderful values to teach but they are *part* of a well-rounded education, not the majority of it. Dump money not into just school themselves, but education in general rather than occupying foreign countries. We can't fix the world until we fix ourselves first.
</cranky old geezer rant>
I think they've answered the question for you. If their contract says they can't use open source software, then they are already forbidden from using any already-open code in the project, even if they get a special alternate form of license from you.
Also, if you've ever taken patches from other developers, and didn't have them sign a statement that giving you copyright over the patch, you're probably not legally allowed to relicense their work anyway.
Finally, while I can't speak to your motivations, if I released software under an open source license and someone came along and said, "hey, we need a different license for this, can you help us out?" My response would be, "how much are you paying me for it?"
Anyone else find it amusing that Google has its very own web browser yet IE6 is apparently still widely deployed on their desktops?
Can I use drunkenness as an excuse?
And therein lies the problem, particularly when almost every shred of evidence was made up.
One question... who do you work for?
</sarcasm>
Just because you can read the code doesn't mean it's not closed-source.
Sure, you go tell them that. And then they'll remind you that our country owes them a few trillion dollars and relies on them for pretty much all of our manufacturing needs and are thus not really under any particular obligation to bend to our will.
If you don't want to U.S. to rely on China economically, you have to:
1) Convince the government to stop asking China for loans to pay for misguided occupations and corporate bailouts.
2) Convince almost every American producer of durable and consumable goods to pay 2 to 3 times more for their manufacturing costs instead of outsourcing the work to China.
3) Convince every American consumer to pay 2 to 3 times as much for everything they currently buy, because that's how much more we'd be paying for everything from food to clothing to computers to cars without cheap foreign labor.
The U.S. has full control over the LORAN-C transmitters in the U.S. too. Hence their ability to shut them down.
And those countries can continue to use LORAN within their own borders. The U.S. has no power to turn those off.
What I want to know is why the U.S. didn't shut off LORAN-C as soon as cheap GPS receivers were widely available. All military vessels had GPS receivers not long after the constellation was active. GPS is extremely reliable: You need a minimum of 4 satellites in view to get an accurate position (3 in a pinch) and with 31 satellites currently in service, there are usually at least 8 visible in the sky at any time. The (implicit) argument of LORAN-C as a necessary fallback is bogus.
In the private/commercial sector, LORAN-C was really only used for sea navigation. When's the last time you saw a hiking gadget or car navigation unit that used LORAN-C? Never, because the required antenna is enormous no matter how small the electronics get. And as I already mentioned, the U.S. government certainly has as much capability of turning off LORAN-C transmitters as they do GPS signals.
Simply put, the U.S. will not ever voluntarily turn off GPS signals within U.S. borders. I highly doubt they would even re-enable SA. Too many consumer, commercial, medical, and scientific devices depend on the accuracy of GPS these days. We would have to be facing a full-on armed invasion which I doubt is something I'll ever see in my lifetime.
You must point me to these top-notch professional apps on the iPhone/iPod, because I haven't seen any yet.
I bought an iPod Touch three weeks ago and so far have found that its primary redeeming quality is the excellent web browser. Not much else has really lived up to all of the hype I've been hearing over the past couple years. Even though it carries the iPod name, the UI for navigating and playing audio and video really sucks. Podcast management (the main reason I bought the device) is particularly dismal and there are no downloadable alternatives since Apple forbids it. I've generally found that most applications in the App Store fall into these four categories:
1. Apps which make trivial use of the iPod/iPhone hardware (flashlights, compasses, voice recorders, etc)
2. Content delivery for existing publications, stores and websites (CNN, New York Times, Facebook, etc)
3. Casual games (Tetris, Bejewelled, etc)
4. Personal computation/information software (Tip calculators, notepads, budget apps, currency converters, etc)
I haven't seen a single app yet that I would consider paying actual money for. Maybe it's just because I'm a geek and am therefore difficult to "wow" when it comes to technology, but the point remains. I jailbroke my iPod, but all that really opens up is an adware-supported application installer and shell access to the device. Even many of the jailbreak-only apps seem to be driven by the same "must monetize everything" iPhone development mentality.
The second someone comes out with an iPod Touch equivalent running a full version of Android, I'll be all over it. I'd love to give the N900 a whirl but it costs twice as much as I'd ever pay and the N800 put me off as far as Maemo is concerned.
I'm going to go out on a limb here and say the real reason they don't upgrade is because they don't know which version of Apache they're using, and/or don't care.
I work for a web hosting company and lots of our customers are still running 1.3 and 2.0 because that's what they were originally set up with. If we asked them to upgrade to 2.2, almost all of them would say, "What for? My site runs perfectly fine, don't touch it." As a courtesy, we offer to migrate our customers' data from their old web host if they sign up with us, and a lot of our competitors are really fly-by-night operations running a stock version of cPanel from 5 years ago. Working in web hosting, you come to realize that for every web site maintained by a competent administrator, there are 100 more that are just slapped on a server by some Dreamweaver amateur and not touched for years.
There's nothing preventing a developer from slipping something nasty into an iPhone application. There are plenty of apps in the App Store that security and privacy advocates would describe as "malware." E.g., applications that forward your personal details, online behavior, location, etc to their servers or someone else's. Apple's approval process does not "vet" the code in terms of security, quality, or otherwise. The approval process is there only to enforce Apple's artificial limitations on what functions the software can perform.
The bad guys can target you regardless of whether the platform is open or closed. The trusted source thing is no guarantee that you're getting an application that doesn't pull something sneaky. It's the same "weakness" that SSL has: Just because a website has an SSL certificate doesn't mean it's automatically a-okay to give them your personal information or run their software. It's perfectly possible for a determined individual to set up a legit-looking company and website, write a website password storage application, and get it through Apple's approval process. Nobody would know until too late that the program waits for a particular date and then sends all of its collected passwords to server hosted in a foreign country.
Time to upgrade the universe's video card?
My take on it has been this: If a larger key length doesn't incur a significant performance or storage penalty, use it. There's always the outward chance that a weakness in the algorithm (or more likely, the implementation that you're using) will contain a flaw that reduces the effective key length. For example, it is believed that brute-forcing AES 128-bit symmetric encryption would take more energy than exists in the known universe. Yet, almost all implementations offer a 256-bit key length. If a shortcut is found that reduces the effective key length of AES by 128 bits, then anyone using a 256-bit key is still fully protected. On modern hardware, the performance difference between the two is completely negligible so there's not really a good argument against using a 256-bit key except that it's probably overkill from a theoretical standpoint.
(Disclaimer to the greater Slashdot audience: I'm an amateur at encryption but I'm always willing to learn more, so if I've got something wrong please correct me rather than insulting me.)
From a power-user's point of view, multithreading is the most obvious way to get a speed boost if you have multiple cores. Most any app that isn't multithreading can only use one core. That's where the conflation comes from. They don't know (or don't care) that multithreading has advantages beyond performance.
While true, the thrust of TFA is that friends don't let friends buy their computers from Best Buy.
If you follow consumerist, you'd know that Best Buy is all-around one of the worst companies in the world, right up there with AT&T, Comcast, and AIG. Best Buy is also famous for lying on the phone about their inventory, holding holiday orders hostage, not honoring extended warranties, overcharging for items they don't have and refusing to cancel the order, even entering your house without permission. And that's just in the last month.
More on-topic, it's becoming increasingly rare to go into a Best Buy and find a computer that hasn't been "optimized" with a nice little $20-$40 markup.
Haven't spent much time on this planet, have you?
As they well should. All of the devices you mention are basically the same (architecture-wise) as general-purpose computers, just smaller.
I just bought myself an iPod Touch for christmas (my first Apple purchase) and have experienced equal parts of both fascination and frustration while using the device. The fact that they've managed to give such a small device a very capable web browser is nothing short of amazing, nevermind the zillion other cool things the device does.
It's a shame, however, that Apple has such a strong hold on what I'm able to do with the device after I've bought it. It's ludicrous that there's no access to the filesystem and absolutely no way to put data of any kind on the device without the approval of iTunes. I'd love to develop for it, but I'm not slapping down $99 plus whatever the lowest-end Mac costs just to tinker around. The most worrisome thing, however, is that Apple appears to be more anti-open-source than Microsoft at the same time that they directly benefit from a large number of open source frameworks and libraries in virtually all of their software.
I know, I can always jailbreak the iPod and get most of the functionality I'm asking for (and I probably will eventually), but it would be nice for a change if a company could engineer a device without going through so much trouble to lock it down to one or two functions. And/or perceived their more technical customers to be assets rather than enemies.