Why is this on slashdot?
Your computer will probably crash a lot or at least reboot for no apparent reason but most likely due to some patch you got through an automated update which you are told to do for security reasons because apparently security and stability are incompatible.
Come on... That's like saying, "Something will probably go wrong because someone will mess something up, and it's not my fault, and I can't do anything about it, and in fact, I have no idea what I'm talking about."
As stupid as this lawsuit sounds, it might have some useful consequences - especially if the tribe wins. We like to complain about intellectual property laws, software patents, and how companies are using those to take advantage of us. So maybe, for once, politicians will realize that the laws about intellectual property are flawed?
Spammers put garbage in the message body, subject, other headers, etc. in order to fool the spam filters - and unfortunately, they are often pretty successful.
But one thing they cannot change is their IP addresses. I wrote a script to parse my mail and save the IP addresses (or more precisely, their first two numbers - e.g., 213.186) that appear in spam messages, but not in normal ones. Then, I run another script on my incoming mail - which marks the message as spam if it contains a blacklisted IP address.
I update the list of IPs once in a while, and it works pretty decently. Right now, I have about 4,500 items in the list - each one corresponding to a range of 256^2 IP addresses - so it's about 7% of the whole address space (kinda scary). It blocks about 2/3 of spam, with almost no false positives. Most of my spam is also marked by the SpamAssassin (or whatever the mail server uses) and automatically moved into the spam folder, so I just run the script once in a while, and it "learns" on its own.
Deniable Encryption technology supplements conventional encryption approaches with a crucial feature - a structure which permits the owner (at his/her discretion) to disclose decryption keys for only non-sensitive (or faked replacements of sensitive) information, in such a way as to deprive an attacker or interrogator of any way of determining whether or not the interviewee is fully complying with decryption demands. As such, this technology is valuable in environments where people can be placed under high pressure (legal, military or other) to disclose decryption keys.
Suppose you run Windows in VMWare or some other virtual machine or emulator. Use Linux as a host, and intercept the sound there. Signed device drivers, secure path, etc. don't matter any more, do they?
If you can hear the sound, you can save it. Microsoft cannot do anything to stop you.
(Of course, they can try to detect VMWare and refuse to play any sound. But: 1) that will break lots of legitimate uses of Windows, and 2) you can always make an emulator that looks just like real hardware.)
> Surely it's not too much of a hassle to encrypt the passwords? Are passwords encrypted in the later versions of the beta?
Encrypting passwords would be (almost) pointless. In order to use them, Gaim would have to decrypt them first. Which means either: 1) You would have to give Gaim the decryption key in order to login - which defeats the point of storing passwords in the first place, or 2) Gaim would use its own key - in which case, anyone else could use that key to decrypt your passwords.
The only solution would be to use some kind of a wallet (like KDE's) - but it's still a hassle.
That said, it would be nice to encode the passwords in some way - in hex, whatever. Just imagine that you use some word in your password, and then search for that word in Google Desktop / Beagle / whatever...
I can imagine that in a not-so-distant future, we will have a law that forbids writing programs without authorization. After all, doesn't programming give you too much power - the power to crack DRM, make illegal copies of information, and so on?
So you won't be able to download or buy a compiler anymore. You will only be able to license it, after getting approval for your idea. The executable you create will also have restricted capabilities and will only run on your machine. In order to make a "real" program, you will need yet another approval - for the actual source code. Then, your code will be compiled and signed, and ready to use by other people.
Now, everyone will be happy - no more music stealing and no more hacking...
But they may install to "All Users", so the icon appears in (gasp) the desktop for every user.
Dude... That's the point. Desktop should either not show anything that doesn't belong to the user - meaning, no more "All Users", or, allow the user to hide the icon. That's it.
Also, the freedesktop.org example applies only to the menu, not the destkop.
As far as I know, the desktop is a regular folder that displays only the user's icons, and nothing else. So programs don't install icons there in the first place. Which is a good thing, in my opinion.
The real problem is: the icon belongs to the system, not the user. So the user shouldn't try to delete it, since it will affect other accounts, too.
Of course, that means the user can't get rid of the icon at all, which is a bug in the way desktop displays icons. It should either: 1) display only the user's icons, or 2) allow the user to "hide" system icons.
Same problem with the Start menu, by the way.
Freedesktop.org's menu standard is much better. (At least, the way KDE works - I assume that other DEs support this, too). The user can create a local shortcut with the same name, and it will override the system icon. The shortcut can be marked as "hidden", which will effectively delete the system one for the current user.
You'd think that since BSD comes from Berkeley, it should be a popular OS on campus... Think again. Everyone's #1 choice is: Windows XP.
You go to a (non-CS) computer lab. You login with your SID and password. A new Administrator account is created for you. Go ahead, do whatever you want - when you logout, all your files will be deleted, and everything will be restored to the original state. Completely secure, until you realize... "Duh. I have an administrator account. Why can't I just prevent the computer from restoring everything on logout?".
I reported this to one of the lab workers, and even demonstrated: she logged into her own account, but the desktop background picture said in big red letters, "Caution: This system has been haxx0red". She was pretty shocked, and said she would inform the system administrators.
This was half a year ago... Nothing has changed.
The CS labs are different, though. They run Solaris 9. Security shouldn't be a problem here. Usability is, though. How many of you guys remember what Gnome 2.0 looks like? How about Acrobat Reader 4? I do, unfortunately. And the Slashdot jokes about "^H" suddenly made so much sense...
This is called a default-allow policy. It's not going to work. You can't enumerate every possible way of executing a shell on a UNIX system.
If you want a really secure system, enumerate the "safe" commands, and allow them to be executed. Of course, it's going to be a pain - but you decide whether you want security or convenience. It's hard to have both.
Slashdot Mirror
I, for one, welcome our new incompatible non-existing overlords.
Come on... That's like saying, "Something will probably go wrong because someone will mess something up, and it's not my fault, and I can't do anything about it, and in fact, I have no idea what I'm talking about."
Exactly.
I'm not sure if that was the tribe's motive... But, I'm really hoping that politicians will realize how ridiculous IP laws have become.
As stupid as this lawsuit sounds, it might have some useful consequences - especially if the tribe wins. We like to complain about intellectual property laws, software patents, and how companies are using those to take advantage of us. So maybe, for once, politicians will realize that the laws about intellectual property are flawed?
Spammers put garbage in the message body, subject, other headers, etc. in order to fool the spam filters - and unfortunately, they are often pretty successful.
But one thing they cannot change is their IP addresses. I wrote a script to parse my mail and save the IP addresses (or more precisely, their first two numbers - e.g., 213.186) that appear in spam messages, but not in normal ones. Then, I run another script on my incoming mail - which marks the message as spam if it contains a blacklisted IP address.
I update the list of IPs once in a while, and it works pretty decently. Right now, I have about 4,500 items in the list - each one corresponding to a range of 256^2 IP addresses - so it's about 7% of the whole address space (kinda scary). It blocks about 2/3 of spam, with almost no false positives. Most of my spam is also marked by the SpamAssassin (or whatever the mail server uses) and automatically moved into the spam folder, so I just run the script once in a while, and it "learns" on its own.
Suppose you run Windows in VMWare or some other virtual machine or emulator. Use Linux as a host, and intercept the sound there. Signed device drivers, secure path, etc. don't matter any more, do they?
If you can hear the sound, you can save it. Microsoft cannot do anything to stop you.
(Of course, they can try to detect VMWare and refuse to play any sound. But: 1) that will break lots of legitimate uses of Windows, and 2) you can always make an emulator that looks just like real hardware.)
> Surely it's not too much of a hassle to encrypt the passwords? Are passwords encrypted in the later versions of the beta?
Encrypting passwords would be (almost) pointless. In order to use them, Gaim would have to decrypt them first. Which means either:
1) You would have to give Gaim the decryption key in order to login - which defeats the point of storing passwords in the first place, or
2) Gaim would use its own key - in which case, anyone else could use that key to decrypt your passwords.
The only solution would be to use some kind of a wallet (like KDE's) - but it's still a hassle.
That said, it would be nice to encode the passwords in some way - in hex, whatever. Just imagine that you use some word in your password, and then search for that word in Google Desktop / Beagle / whatever...
I don't buy MP3s because there's no freaking way to just buy the files - not stream them, not download DRMed crap, but just buy the plain old MP3s.
Rhapsody? iTunes? Can't do that.
Only independent websites (e.g. magnatune.com) have the decency to give you something worth paying money for.
I can imagine that in a not-so-distant future, we will have a law that forbids writing programs without authorization. After all, doesn't programming give you too much power - the power to crack DRM, make illegal copies of information, and so on?
So you won't be able to download or buy a compiler anymore. You will only be able to license it, after getting approval for your idea. The executable you create will also have restricted capabilities and will only run on your machine. In order to make a "real" program, you will need yet another approval - for the actual source code. Then, your code will be compiled and signed, and ready to use by other people.
Now, everyone will be happy - no more music stealing and no more hacking...
Hey hey hey...
I use SysRq and Scroll Lock more often than Caps Lock!
(Seriously... "Magic SysRq" feature in Linux. And pausing/resuming scrolling in the terminal.)
Just ask RIAA or MPAA.
They always tell us how to live. They should have the answer.
But they may install to "All Users", so the icon appears in (gasp) the desktop for every user.
Dude... That's the point. Desktop should either not show anything that doesn't belong to the user - meaning, no more "All Users", or, allow the user to hide the icon. That's it.
Program Manager? I thought we got rid of that thing after 3.11?
No, there are still a lot of them here at Microsoft.
Nah... The last time I tried - in Windows XP - it wouldn't let me. It says that the drive is in use.
Now I'm trying this at work, on Windows Server 2003. I'll see if it's any di
Also, the freedesktop.org example applies only to the menu, not the destkop.
As far as I know, the desktop is a regular folder that displays only the user's icons, and nothing else. So programs don't install icons there in the first place. Which is a good thing, in my opinion.
The real problem is: the icon belongs to the system, not the user. So the user shouldn't try to delete it, since it will affect other accounts, too.
Of course, that means the user can't get rid of the icon at all, which is a bug in the way desktop displays icons. It should either:
1) display only the user's icons, or
2) allow the user to "hide" system icons.
Same problem with the Start menu, by the way.
Freedesktop.org's menu standard is much better. (At least, the way KDE works - I assume that other DEs support this, too). The user can create a local shortcut with the same name, and it will override the system icon. The shortcut can be marked as "hidden", which will effectively delete the system one for the current user.
Should note that most of the EE computer labs are Windows machines, though they're locked up in terms of account permissions.
:)
Yeah. But now that Knoppix has a pretty decent NTFS write support... Well, I'm still trying to do something cool with it
You'd think that since BSD comes from Berkeley, it should be a popular OS on campus... Think again. Everyone's #1 choice is: Windows XP.
You go to a (non-CS) computer lab. You login with your SID and password. A new Administrator account is created for you. Go ahead, do whatever you want - when you logout, all your files will be deleted, and everything will be restored to the original state. Completely secure, until you realize... "Duh. I have an administrator account. Why can't I just prevent the computer from restoring everything on logout?".
I reported this to one of the lab workers, and even demonstrated: she logged into her own account, but the desktop background picture said in big red letters, "Caution: This system has been haxx0red". She was pretty shocked, and said she would inform the system administrators.
This was half a year ago... Nothing has changed.
The CS labs are different, though. They run Solaris 9. Security shouldn't be a problem here. Usability is, though. How many of you guys remember what Gnome 2.0 looks like? How about Acrobat Reader 4? I do, unfortunately. And the Slashdot jokes about "^H" suddenly made so much sense...
Is there a similar workaround for X forwarding? (Short of manually setting $XAUTHORITY, etc.)
With "su -", it just works. With "sudo" - it doesn't, and I don't see any options to turn it on.
Weird... I just tried IE 6 on Gentoo, with Wine 0.9.11 - nothing. When I click the link, it just opens an empty window.
Saying that pine is better than GMail is like saying that beer is better than women...
:)
(But ok, to be fair, I agree that web-based interfaces suck
%usergroup ALL=(ALL) ALL,!SHELLS,!SU,!SHUTDOWN,!HALT
This is called a default-allow policy. It's not going to work. You can't enumerate every possible way of executing a shell on a UNIX system.
If you want a really secure system, enumerate the "safe" commands, and allow them to be executed. Of course, it's going to be a pain - but you decide whether you want security or convenience. It's hard to have both.
And Apple wasn't overly helpful to getting read/write access to HFS+ access in Linux.
:)
So is full read/write HFS+ support available in Linux yet?
If not, then maybe Linux-NTFS developers could trade NTFS code for the HFS+ code?
So what affect does it have on humans?
Wow, guys, this is no joke... It already had an effect on the poster.