Now imagine this: 1. use VoIP from the cellphone (duh!) 2. GPG-encrypt the data stream, without relying on AT&T's proprietary "encryption" which goes directly to whichever government asks for it 3. use the existing GPG web of trust for keys; generate a new key for the phone and sign it with your main key so if the phone is stolen you lose only the phone's secret key
The above makes you imprevious to plain main-in-the-middle snooping. What is left is information whom you talk to.
4. get an account at a company/group of volunteers who provide a number of servers; the more such independent group of this kind the better 5. have the phone connect only to the nearest server of your group; this is all the phone company can find out about you 6. once there, the server will peel the outer onion layer, connecting to the next hop 7. these servers will be usually already connected as conversations can be aggregated into a single connection; if not, random data can be sent through idle links to thwart traffic analysis 8. unless you're paranoid, the next hop will be your interlocutor's privacy company/group. 2 hops should be enough for most cases, but if you value privacy more than latency, toss in full onion routing.
While Tor is WAAAY too slow to allow for usable VoIP, having a network of servers connected with opaque noise-filled pipes should give you decent enough privacy with just two geographically close hops.
Anyway, I measure most things in Smoots. Are you sure your reference artifact has remained exactly the same height after all these years? And is he preserved well enough? What will happen to your definition when he dies? Are you going to pull a Lenin?
Did I say that sticking to your beliefs is bad? I didn't. What is bad, is sticking to them without even considering other arguments. So is being a total flip-flopper: if you can't see which option is better, you should better refrain from choosing one altogether.
In other words: choose an option and stick with it neither too strongly nor too weakly.
And, I didn't say I'm a liberal, too. This word has been hijacked by american Commiecrats, a totally despicable party of corrupt populists who tout their version of socialism. I would dare to say they're more despicable than that lying group of power-mongering christian fascists, which is a huge accomplishment.
That depends on the encoding - either 72 characters in ASCII or UTF-8 or 36 characters if they go for the more multi-lingual friendly UTF-16. UTF-16 more multi-lingual friendly than UTF-8? Er... it has many disadvantages and not a single benefit over UTF-8.
For example, UTF-16 needs a lot of porting effort, while UTF-8 magically works in all 8-bit-clean programs that don't need to count codepoints or tell character properties (and hey, bytes happen to _be_ 8-bit wide so unless you do something strange, you are 8-bit-clean). Most English-speaking developers won't put this effort, so here goes your multi-lingual friendliness.
Or another, more insidious flaw of UTF-16: it gives people a false feeling that they can store an entire character in a single array position. This works... as long as you don't meet any character over U+FFFF (rare Han[1], etc) or characters which need to be written using a base char + combining characters (Indic scripts, etc). UTF-8 makes no such promises, and thus doesn't lead to such non-obvious bugs.
UTF-16 is an abomination that needs to go. Unfortunately, it's entrenched in Windows API: you need to use BlueScreenW() instead of BlueScreenA() everywhere, and this is something people who don't need internationalization don't want to do. Even as of Vista, Microsoft still doesn't allow simply setting the system's code page to UTF-8, something which the whole Unix world[2] did years ago.
[1]. And according to People's Murderous Commiepublic of China's laws, you need to support these (as GB18030) in any product sold in mainland China. Of course, they don't give a damn about that law unless they want to demand a favour from a company so they have a yet another stick of non-compliance).
[2]. All non-toy distros do this by default, and if not for few whiners, non-UTF8 locales would probably be dropped by now.
learn Python (or Perl if you're feeling feisty) and write something that at least has a chance of being reasonably structured. Reasonably structured perl? The mind boggles. In Perl, you can use exactly the same structures as in most other languages, as Perl, just like English, not just borrows constructs from other languages but assaults them in dark alleys to riffle through their syntaxes. You can write near-shell, near-C, near-AWK, near-sed, etc in Perl as much as you like. And unlike Python you can, you know, use indents to mark up the code instead of placating the language's wishes.
The only problem is, Perl allows insanely terse code. One line of Perl can often replace a page of C or five pages of Pascal. This is tempting, and it's easy to get hooked up and produce read-only line-noise. Yet, with a modicum of self-control you can write readable, well-structured Perl code.
Of course, this is just like writing secure code in PHP. It is possible, yet no one practices it...
Repeat after me. TPM isn't DRM! TPM isn't DRM! Got it? Good! TPM which is controlled by anyone else than the machine's owner is quite related to DRM -- except, instead of restricting what you can do with a piece of software it restricts hardware instead. One of key uses for restricting hardware at the moment is making sure DRM is not being circumvented.
TPM does have a lot of potential beneficial uses, but they all require the owner to have control over the key.
Even though Intel is not going to do this in the foreseable future, at least not in a non-EU release (there's a chance our legislators may wisen up... oh well, whom am I kidding?), yelling loud enough and often enough may at least give Intel a hint that they're doing something wrong.
Not a client language? They put Javascript in every browser
Wrong emphasis. It's Javascript, not Javascript. It has nothing to do with Java except for Sun pushing the Java trademark everywhere,
it's not compatible with Java, doesn't look like Java, doesn't smell like Java and, most important, doesn't require Java.
which is the basis of the Web 2.0, and that is changing everything.
Yeah, I admit, Javascript is the only extant widely-deployed client web language. Lots of folk, me included, boycott anything even
remotely related to Flash, client-side Java is a bad joke, attempts to put Tcl in JavaScript's place are almost forgotten now (except for HTML4 still requiring explicit <script language=javascript> to make validators happy), ActiveX is fortunately on its way out, and SilverLight faces people who by now should recognize crap when they see it
It is obvious you don't know what you're talking about.
It is obvious that Sun's marketing machine managed to confuse you about relations of Java and Javascript. Score 1 for them.
ExCePt ThAt LaTeX Is An OnE-ShOt ExCePtIoN, MaDe BeCaUsE ItS CrEaToRs WaNtEd To UsE A PsEuDo-GrEeK LeTtEr. AnD As WiTh AnY ExCePtIoN, ThEy'Re SoMeThInG YoU DuMp InTo YoUr UsEr DiCtIoNaRy.
I see how much Sun loves Java -- they rename everything to "Java This" or "Java That", like, an ancient version of Gnome they ship suddenly became "Java Desktop", their stock ticker is now JAVA instead of SUNW, but this doesn't mean Java means anything more than another pet language of choice. Python, Tcl, Ruby, etc, etc -- they do have their use, have their own niche following, but neither is well-fit for a client language.
Java tried this, and failed. It's quite rare now to see any client programs written in Java; it's a bad idea to install a huge framework just for a single program (yeah, Azureus, but that's pretty much the only big one), and Sun doesn't have as much clout as Microsoft, so there's no pushing.NET in the core OS. Java is quite widely used as a scripting language for web servers, but this doesn't make it any more important than PHP (bleh), ASP (bleh*2) or anything of the kind -- everyone uses what he feels most comfortable with, and Sun invested quite a lot into pushing Java into schools.
For Solaris, they slept for the last ~10 years, I'm afraid. Having met a couple of Solaris servers then, and having taken a look at their much-hyped gratis mailings, I hardly see any difference. On the other hand, getting used to a new version of a Linux or even BSD distribution makes you feel like the older one is all musty, obsolete and unusable.
Oh, and Sun still didn't put a POSIX-compatible shell as/bin/sh
In fact, there are only two kinds of things to look at:
string literals (not what the poster wanted, but this is what needs spelchekars the most)
identifiers
The former can be done by a simple regexp, the latter... you can do a LALR parser, but why even bother? Just look for _any_ potential identifier; in most languages, that's [a-zA-Z_][a-zA-Z_0-9]+; and simply add the few keywords which are not English words to your dictionary. In fact, this would be nearly programming language agnostic.
When it comes to StudlyCaps, anything identified as an identifier can be split _before_ any uppercase letter. This would produce a lot of single-letter tokens for ALL-CAPS #defines and the like, but as a nearby post said, you're going to ignore one-two letter tokens anyway. The usual conventions say XMLHttpRequest or XML_http_request so I wouldn't bother with XMLhttpRequest (and thus "lhttp").
Most likely, the music will skip under some circumstances on XP, like when you start a new (big) job, or when you download from a (really) fast server. Most likely you either don't even notice, or you don't find it disruptive, since you are at that time focused on whatever other job you asked the computer to do.
I disagree. You need a really, really pathologic load to produce skips if your software tries to avoid them.
Too bad, neither mpg123 nor rhythmbox do this by default, but hey, lookie: mpg123 -b! Try it on, and now:
(local mp3) disk IO: it may be erratic, but even if the read head keeps moving to and fro, any modern OS will deliver at least a non-negligible fraction of the disk's transfer. Don't tell me it can't get that puny 192kbit/s sustained.
(NFSed mp3) network IO: we're talking about 10Gbps network cards in the article
CPU: decoding a mp3 takes roughly an equivalent of a fast 486. With a processor(or -s) hundreds of times faster, you would need more than 100 of CPU-bound processes to starve the sustained rate.
PCI transfer: again, the decoded stream is, at the usual 44100 16bit stereo, mere 1378KB/s. You would need a broken OS or a broken driver to fail to deliver that much.
The IT department??? Or perhaps anyone who actually owns the hardware (ie, the company for corporate machines or you in your home)? No goddamn way.
I somehow cannot see our friends at Microsoft relinquishing such a juicy opportunity for control. And you mentioned this as something to give an immunity to BSA/RIAA/MPAA... The latter two are in good relations with MS, the first for all practical reasons is MS.
Also, I would be surprised if a future version of Windows didn't require the TPM. It's signed by Intel, a member of the Trusted Computing Consortium, and you, the owner of the machine, have no way to get the key. Forget about running Windows in a virtual machine, unless that virtual machine contains a rootkit belonging to the Trusted Computing Consortium. Oh, and they will gladly provide you with something to interoperate with^W^Wcontrol Free Software OSes, so you won't even be able to claim anything about unfair business practices from a court's point of view.
Without you, the owner, having access to the key, this whole idea is a DRM wet dream. And I'm freaking damn sure the consortium won't ever let your grubby hands onto it.
In the lack of such a data set, you can make it up on the spot. Factorizing numbers for one. In fact, any http://en.wikipedia.org/wiki/Hash_function will work. I named ASCII codes and Doom2 levels because they're something I know by heart; I suck at factorizing so it would take me longer. And I don't want to ever spend more than 10 seconds trying to remember a password I didn't use for a while. This is not an issue for ones you type in frequently as they'll be "cached" in your fingers' memory, though.
Producing the input for your hash function can be trickier, though. In some cases like ASCII codes it's trivial -- take 3rd and 5th letter of the hostname, turn them to their ASCII codes, mangle the numbers somewhat and you're done -- like: hostname="flame" => 97, 101 => "!97a101a". The final rule was: prepend with '!'s to get three digits, add "a" for odd codes, "b" for even ones.
This particular scheme isn't too secure; it resembles one of my early ones. The weakness here is that someone who intercepts one or two of these can guess what to brute force, needing only 16-18 bits of work; it's obvious how to close this hole.
Now, while my passwords are not the ones you get from "pwgen -s", at least I can actually "remember" all of them without being superhuman.
Well, how many people use 10 different passwords anyway ?
I use... lemme estimate the count... somewhere around 50 different passwords, with little to remember.
All you need is any mapping you remember anyway. For me, that's ASCII codes, names of Doom2 levels, etc, but for you it could be for example episode names of Star Trek (bleh), or even, horrors, results of 1976 baseball league. Everyone has something of this kind.
Next, pick a scheme of turning account/host names into the domain of your mapping. Then, do the same for turning the mapping's codomain into short strings.
This does have a potential vulnerability of letting an attacker guess the scheme if he intercepts several of your passwords and the scheme itself is very obvious, but hey, that's a whole world harder than learning a single password and using it to get a good part of your accounts. And I don't use the main scheme for accounts I don't give a damn about.
Department, Commissariat (as in KGB) of Homeland Security -- what's the difference? The concept is the same, the purpose as well. There are still some details in implementation, but let's cut them some slack, they started just in 2002 so there's still much to be ironed out.
The real question is, does the population really believe any agency of this sort has a place in a democratic country?
Now imagine this:
1. use VoIP from the cellphone (duh!)
2. GPG-encrypt the data stream, without relying on AT&T's proprietary "encryption" which goes directly to whichever government asks for it
3. use the existing GPG web of trust for keys; generate a new key for the phone and sign it with your main key so if the phone is stolen you lose only the phone's secret key
The above makes you imprevious to plain main-in-the-middle snooping. What is left is information whom you talk to.
4. get an account at a company/group of volunteers who provide a number of servers; the more such independent group of this kind the better
5. have the phone connect only to the nearest server of your group; this is all the phone company can find out about you
6. once there, the server will peel the outer onion layer, connecting to the next hop
7. these servers will be usually already connected as conversations can be aggregated into a single connection; if not, random data can be sent through idle links to thwart traffic analysis
8. unless you're paranoid, the next hop will be your interlocutor's privacy company/group. 2 hops should be enough for most cases, but if you value privacy more than latency, toss in full onion routing.
While Tor is WAAAY too slow to allow for usable VoIP, having a network of servers connected with opaque noise-filled pipes should give you decent enough privacy with just two geographically close hops.
And is he preserved well enough? What will happen to your definition when he dies? Are you going to pull a Lenin?
ClickMe.sh You forgot:
chmod a+x ClickMe.sh
Even the GUI version of the above requires at least 5 clicks in Gnome, and I guess about as much in KDE.
Did I say that sticking to your beliefs is bad? I didn't.
What is bad, is sticking to them without even considering other arguments. So is being a total flip-flopper: if you can't see which option is better, you should better refrain from choosing one altogether.
In other words: choose an option and stick with it neither too strongly nor too weakly.
And, I didn't say I'm a liberal, too. This word has been hijacked by american Commiecrats, a totally despicable party of corrupt populists who tout their version of socialism. I would dare to say they're more despicable than that lying group of power-mongering christian fascists, which is a huge accomplishment.
Don't forget this quote:
"An open mind is like a fortress with its gates unbarred and unguarded."
So yeah, you can flame them as much as you want, they're not going to change that easily.
For example, UTF-16 needs a lot of porting effort, while UTF-8 magically works in all 8-bit-clean programs that don't need to count codepoints or tell character properties (and hey, bytes happen to _be_ 8-bit wide so unless you do something strange, you are 8-bit-clean). Most English-speaking developers won't put this effort, so here goes your multi-lingual friendliness.
Or another, more insidious flaw of UTF-16: it gives people a false feeling that they can store an entire character in a single array position. This works... as long as you don't meet any character over U+FFFF (rare Han[1], etc) or characters which need to be written using a base char + combining characters (Indic scripts, etc). UTF-8 makes no such promises, and thus doesn't lead to such non-obvious bugs.
UTF-16 is an abomination that needs to go. Unfortunately, it's entrenched in Windows API: you need to use BlueScreenW() instead of BlueScreenA() everywhere, and this is something people who don't need internationalization don't want to do. Even as of Vista, Microsoft still doesn't allow simply setting the system's code page to UTF-8, something which the whole Unix world[2] did years ago.
[1]. And according to People's Murderous Commiepublic of China's laws, you need to support these (as GB18030) in any product sold in mainland China. Of course, they don't give a damn about that law unless they want to demand a favour from a company so they have a yet another stick of non-compliance).
[2]. All non-toy distros do this by default, and if not for few whiners, non-UTF8 locales would probably be dropped by now.
The only problem is, Perl allows insanely terse code. One line of Perl can often replace a page of C or five pages of Pascal. This is tempting, and it's easy to get hooked up and produce read-only line-noise. Yet, with a modicum of self-control you can write readable, well-structured Perl code.
Of course, this is just like writing secure code in PHP. It is possible, yet no one practices it...
TPM does have a lot of potential beneficial uses, but they all require the owner to have control over the key.
Drop the Treacherous Computing chip?
Even though Intel is not going to do this in the foreseable future, at least not in a non-EU release (there's a chance our legislators may wisen up... oh well, whom am I kidding?), yelling loud enough and often enough may at least give Intel a hint that they're doing something wrong.
Except, chemistry is nothing but a certain application of physics (-> full quote).
ExCePt ThAt LaTeX Is An OnE-ShOt ExCePtIoN, MaDe BeCaUsE ItS CrEaToRs WaNtEd To UsE A PsEuDo-GrEeK LeTtEr. AnD As WiTh AnY ExCePtIoN, ThEy'Re SoMeThInG YoU DuMp InTo YoUr UsEr DiCtIoNaRy.
Java? Wide uptake? Surely, you jest.
.NET in the core OS. Java is quite widely used as a scripting language for web servers, but this doesn't make it any more important than PHP (bleh), ASP (bleh*2) or anything of the kind -- everyone uses what he feels most comfortable with, and Sun invested quite a lot into pushing Java into schools.
/bin/sh
I see how much Sun loves Java -- they rename everything to "Java This" or "Java That", like, an ancient version of Gnome they ship suddenly became "Java Desktop", their stock ticker is now JAVA instead of SUNW, but this doesn't mean Java means anything more than another pet language of choice. Python, Tcl, Ruby, etc, etc -- they do have their use, have their own niche following, but neither is well-fit for a client language.
Java tried this, and failed. It's quite rare now to see any client programs written in Java; it's a bad idea to install a huge framework just for a single program (yeah, Azureus, but that's pretty much the only big one), and Sun doesn't have as much clout as Microsoft, so there's no pushing
For Solaris, they slept for the last ~10 years, I'm afraid. Having met a couple of Solaris servers then, and having taken a look at their much-hyped gratis mailings, I hardly see any difference. On the other hand, getting used to a new version of a Linux or even BSD distribution makes you feel like the older one is all musty, obsolete and unusable.
Oh, and Sun still didn't put a POSIX-compatible shell as
- string literals (not what the poster wanted, but this is what needs spelchekars the most)
- identifiers
Ook... and- comments
but I hardly use these anyway"Ya" is clearly intentional and comes from a dialect, so that's ok.I'm not one either, so this means I get to shout at you, right?
Or better, let people add such "words" with a couple of keypresses/clicks.
- string literals (not what the poster wanted, but this is what needs spelchekars the most)
- identifiers
The former can be done by a simple regexp, the latter... you can do a LALR parser, but why even bother? Just look for _any_ potential identifier; in most languages, that's [a-zA-Z_][a-zA-Z_0-9]+; and simply add the few keywords which are not English words to your dictionary. In fact, this would be nearly programming language agnostic.When it comes to StudlyCaps, anything identified as an identifier can be split _before_ any uppercase letter. This would produce a lot of single-letter tokens for ALL-CAPS #defines and the like, but as a nearby post said, you're going to ignore one-two letter tokens anyway. The usual conventions say XMLHttpRequest or XML_http_request so I wouldn't bother with XMLhttpRequest (and thus "lhttp").
Too bad, neither mpg123 nor rhythmbox do this by default, but hey, lookie: mpg123 -b! Try it on, and now:
Slower Network Cards.
Then why exactly XP can handle the music just fine on the very same network card on the very same computer on the very same network?The IT department??? Or perhaps anyone who actually owns the hardware (ie, the company for corporate machines or you in your home)? No goddamn way.
I somehow cannot see our friends at Microsoft relinquishing such a juicy opportunity for control. And you mentioned this as something to give an immunity to BSA/RIAA/MPAA... The latter two are in good relations with MS, the first for all practical reasons is MS.
Also, I would be surprised if a future version of Windows didn't require the TPM. It's signed by Intel, a member of the Trusted Computing Consortium, and you, the owner of the machine, have no way to get the key. Forget about running Windows in a virtual machine, unless that virtual machine contains a rootkit belonging to the Trusted Computing Consortium. Oh, and they will gladly provide you with something to interoperate with^W^Wcontrol Free Software OSes, so you won't even be able to claim anything about unfair business practices from a court's point of view.
Without you, the owner, having access to the key, this whole idea is a DRM wet dream. And I'm freaking damn sure the consortium won't ever let your grubby hands onto it.
ls has a valid reason to read these -- you want to see uids/gids as user names, not numeric values
But Skype?
In the lack of such a data set, you can make it up on the spot. Factorizing numbers for one.
In fact, any http://en.wikipedia.org/wiki/Hash_function will work. I named ASCII codes and Doom2 levels because they're something I know by heart; I suck at factorizing so it would take me longer. And I don't want to ever spend more than 10 seconds trying to remember a password I didn't use for a while. This is not an issue for ones you type in frequently as they'll be "cached" in your fingers' memory, though.
Producing the input for your hash function can be trickier, though. In some cases like ASCII codes it's trivial -- take 3rd and 5th letter of the hostname, turn them to their ASCII codes, mangle the numbers somewhat and you're done -- like: hostname="flame" => 97, 101 => "!97a101a". The final rule was: prepend with '!'s to get three digits, add "a" for odd codes, "b" for even ones.
This particular scheme isn't too secure; it resembles one of my early ones. The weakness here is that someone who intercepts one or two of these can guess what to brute force, needing only 16-18 bits of work; it's obvious how to close this hole.
Now, while my passwords are not the ones you get from "pwgen -s", at least I can actually "remember" all of them without being superhuman.
I use... lemme estimate the count... somewhere around 50 different passwords, with little to remember.
All you need is any mapping you remember anyway. For me, that's ASCII codes, names of Doom2 levels, etc, but for you it could be for example episode names of Star Trek (bleh), or even, horrors, results of 1976 baseball league. Everyone has something of this kind.
Next, pick a scheme of turning account/host names into the domain of your mapping.
Then, do the same for turning the mapping's codomain into short strings.
This does have a potential vulnerability of letting an attacker guess the scheme if he intercepts several of your passwords and the scheme itself is very obvious, but hey, that's a whole world harder than learning a single password and using it to get a good part of your accounts. And I don't use the main scheme for accounts I don't give a damn about.
Department, Commissariat (as in KGB) of Homeland Security -- what's the difference? The concept is the same, the purpose as well. There are still some details in implementation, but let's cut them some slack, they started just in 2002 so there's still much to be ironed out.
The real question is, does the population really believe any agency of this sort has a place in a democratic country?