The article treats RSA and DSA as one entity, and doesn't explain how they differ. I did some research and found that RSA is a cryptographic algorithm based on public and private key pairs, which we already know. So far, so good. Then I searched for DSA and found that it stands for Digital Signature Algorithm. Furthermore, that page says that DSA is only usable for signing, and not actual encryption. This leads on to my question: The article says that SSH1 used the patented RSA key, but SSH2 uses DSA keys to work around the patent. How is it that SSH2 can use a signature algorithm to do real encryption?
OpenSSL is a library, not a set of programs like OpenSSH is. OpenSSH uses the OpenSSL library to do the encryption. You can find API documentation for OpenSSL here.
PGP won't provide you security either if you have a crummy password
As a matter of fact, that's exactly what it is designed to and will do. The whole point of PGP encryption is that it obviates the need for password authentication. The only password (in effect) is your private key. This private key should be kept safe at all times, but if it does not fall into the hands of your enemy, they will not be able to read your messages.
The only place a password comes into play is the protection of your private key, but in all honesty you're already screwed if your private key has fallen into enemy hands. A short password is not going to stop any determined party from cracking your private key once they have access to it. For the better part of a decade, I've not used a password for my private key, because it's stored on removable media and only ever used on a trusted host. This is one misconception I'd like to set straight. PGP provides more security than could ever be provided for by a system that relies on a memorisable password.
Yep, that's right. Common UNIX system accounts (that run daemons and system services) don't even have a password set. This, of cousre, means that they have a password that's shorted than two characters, making them vulnerable to the SSH hole. Once access to these accounts has been gained, using a local root hole is trivial. Seriously, I don't see why anyone should still be running the commercial SSH client when a great and audited alternative like OpenBSD exists and is available freely.
- On Sunday there was conference Def Con. There Dmitry appeared with our presentation eBook Security: Theory and Practice . On Monday in the morning, about nine hours, it(he) and one more our employee, Andrey, left hotel in the airport. On an output(exit) from hotel of them two have stopped. Have presented certificates of agents of FBI. On Dmitry at once give handcuffs. And at once have dissolved them with Andrey on different to rooms. With Andrey had simply a talk - about(near) poluchasa asked, what yes as after that have released(let off). It(he) some times tried to phone to me, but it was impossible. Then it(he) has phoned in the Moscow office, somewhere in the half-tenth, and to us therefrom have thrown a mail with the message on arrest.
- What your lawyers speak?
- Our lawyers know about arrest only to evening when all was already closed. Business occured so: after the message on arrest I have called at once in the Russian consulate. In consulate to me all over again have offered to wait till 12 o'clock in the afternoon - can be, it(him) all the same will plant aboard the plane and will send to Los Angeles, and therefrom already trip of "Aeroflot". But it(he) and has not appeared at the airport. After that the consulate began to make out official inquiry to the American authorities. With it they were taken till two when registration aboard the plane was ended - it became clear, that Dmitry has not departed. Thus we at all did not know, where it(he) in general is. About two consulate has sent inquiry, but up to the end of a working day - till six evenings - we and have not received the answer to him(it). That is on Monday of the information of any at all was not.
On Tuesday in the morning when our Moscow office has opened, wife Dimy there has called. She(it) has told, that to it(her) have called and through a translator have informed, that its(her) husband is arrested. To it(him) to it(her) to talk did not give. It has taken place about 4 o'clock in the morning on Moscow - that is here was about 3 o'clock in the afternoon of Monday. It is received, that they and have not transmitted the information on arrest to consulate till evening.
- What you are going to do(make) now?
- Yesterday it was in general not clear where to access. Now for us eight mornings (Tuesday - red. ), for me here the attorney, we shall understand with it(him) today, that it is possible to make. I have cancelled the further flights - visiting three more conferences was scheduled. It was necessary to hand over ticket and to remain in Las Vegas. My brother Vladimir, managing director our company, has departed to Moscow to complete there different affairs - I it(him) conducted up to the plane to be sure, that with it(him) of nothing happened.
- But you see "having broken open" the book once, it is possible to distribute her(it) then...
- Our program "does not break open" the book: the one who has purchased her(it) can produce the second copy of the book. If the person has made a copy and itself began to sell her(it) on piracy disks - it(he) infringes that it the law, instead of our program. And manufacture of copies for own needs - is valid. In general, under the Russian legislation, software Adobe which does not give illegal& to use the purchased product there where that is wanted by the buyer without delay. This violation of rights of a customer. Besides during a purchase of books in Adobe format the customer is not notified at all on these limitations.
Is it just me, or is there something extremely patronising about:
Your age: (Click here if you are under 13.)
on the NYtimes login page? If a kid is interested in science, why should he be redirected to the kiddies page? Science should be for everyone, and if there is some inappropriate material in the article it should say so rather than redirecting them to the kiddies page.
NuSphere is completely within their right to produce proprietary extensions for GPL'd software provided it is not in breach of the GPL. However, it is not great 'netiquette'.
Looking at mysql.org, there is a notice pointing to MySQL AB at the bottom of the front page. However, it is written thus:
If you are looking for the MySQL AB company, click here. If you came here looking for NuSphere, click here.
The W3C suggests that "click here" as Web pages will increasingly be accessed by devices without mice or things that can be clicked (touch displays, text readers etc.) By making "click here" a hyperlink to MySQL AB rather than the text "MySQL AB" itself, it could be argued that they're trying to confuse the visitor. Of course this is only conjecture and it may just be that the Webmaster was not aware of Web standards.
I'm running FOLK now, mainly for the suspend to disk feature and for some low-latency stuff I'm doing. The features listed here are integrated, compile cleanly and produce a kernel that miraculously runs. Eventually, I'd like to see some of these patches moved into Linus' kernel as they seem very stable and complete.
My one gripe with them is that it'd be nice if they could release each of the patches separately as many of the patch writes have stopped maintaining them. As FOLK already make the effort of porting the patches to the latest kernel, it'd be nice if we could use those ported patches on a standard Linus Linux kernel.
I hate this. The whole point of the article is that Pine is NOT Free Software and it is NOT Open Source. It does not meet either the Free Software definition, nor the Open Source definition. It is classified as "Proprietary with source available". That is why you should switch to mutt. Please RTFA in the future.
Also, POP has no place in a MUA. That is the job of fetchmail, which is adept at fetching mail from half a dozen types of mail servers.
Legally, the definition of Internet functionality is completely clear. http (Web) and other services are merely provided over the Internet -- "Internet functionality" itself mearly implies a fully functional TCP/IP stack which, of course, QNX, which Netpliance's I-opener uses/used. I think what the FTC meant to say was "complete Windows functionality" and I don't recall Netpliance ever claiming that the I-opener had the complete functionality of a Windows system.
I now happily boot Linux off the i-opener EEPROM and get it to mount a root filesystem over the network. However, Netpliance started charging me their monthly fee despite that I'd signed up before they had introduced the mandatory fee. I called them and they were very good about refunding the $60 or so they had already charged me. However, they continued to charge the credit card after that rather scrupulously, and I couldn't even get through to them that time. In the end they got another $60 which I never claimed back, after which they stopped charging me. Even though this was about 60% of the cost of the i-opener itself I decided to let it go as I realised they needed all the cash they could get and I was already getting more value out of the device than the amount they had charged me in whole. However, now that the opportunity has arisen I might do something about it and get my money back. Does anyone have any contact numbers?
Is there any information on whether they will be using Loki Games' SDL library or whether they will be keeping to standard OpenGL? I still wouldn't buy proprietary software and I don't have many friends who would, but it's always good to see more platforms gaining support from companies.
Browsing seems even faster than with 0.9.1, and the release notes claim that 25 segfault bugs have been crushed since the previous version - not that I ever hit these bugs. The drop-down history bar which was dismally slow to update in 0.9.1 also seems a little more responsive, though I think that feature is going a little towards the bloat side of things.
2 or 3 years ago, Linux users had every right to be concerned with the general direction of Web browsers in Linux versus The Competition. But if Mozilla development continues at this rate, we have nothing to worry about, and there is a fine alternative, Konqueror, if for some reason Netscape/AOL/Time-Warner is prevented from continuing development of Mozilla due to the new anti-GPL/viral clauses in their EULAs.
Mozilla may never have swept away the competition, but I strongly believe that it has saved us from a much more terrible state of affairs just by existing. There are two types of Open Source success: Apache, Perl: The instant hits. Linux, Mozilla: those that steadily improve over several years, rise to prominence, and eventually vanquish the competition. Although the entrepreneurs with capital obviously want to fund the former, companies like IBM, HP and Compaq know that the latter is what will lead to eventual World Domination.
Despite what all the naysayers say, I believe we are seeing a shift in Microsoft's support of open standards towards the better. Recently, we saw them embrace the new P3P W3C privacy standard, for example.
As long as they use continue to use open standards (http/html, xml, ogg) to distribute their music, the competitive commercial environment will take care of the rest. If someone believes that Microsoft is distributing money at too high a cost, they can use the same tools to sell music themselves, as any company would do in an open market. The only risk is that Microsoft might try to replace say, html, with their own proprietary system that only runs on Windows. Only then do competitors like AOL and you and me face a serious risk.
I don't use any of their software, but -- who knows -- their services might be good stuff. We all know that most of their endeavours outside software are pretty good (hardware like optical mice, force feedback joysticks, Xbox). Kudos to Microsoft and shame on you if you revert to your proprietary tactics of yesteryear!
It's a sad fact that in the world of mainstream computing (Microsoft Windows), everything is made a succsess or failure depending on how mainstream it is. In the area of mainstream computing, the trend is towards complete, graphical interfaces over which the user has little control which has its roots in the media industry rather than the traditional computational history of computing.
Although the notion of a monochrome display is noble (why do I need more than one colour to read text?), the problem remains that more people are likely to go for devices like the all-singing proprietary NVidia GeForce cards. It's all because people don't understand that there is an application of computers beyond that which has been popularised by the mainstream press and "EasyPC" initiatives that aim to reduce the computer to the level of other consumer devices like the TV or washing machine. As long as there are geeks around, the true importance of computers will not be forgotten, but as time progresses we will find it more difficult to find hardware that meets are needs without exceeding our needs, or our budget.
All in all, of course, mainstream computing has done more to bring down the cost of hardware for geeks who are actually interested in the technology, and for this we must be thankful. But the simple, one-purpose devices analogous to the *NIX tools designed to do one thing right, will be the casualties of this new trend. Our best hope is to get over it and enjoy cheap, powerful computers while they last before embedded devices take over the world and put the PC back where it was two decades ago.
You said in one of your previous speeches that Microsoft is opposed to governments releasing source code under the GNU GPL Free Software license. I beg to differ.
Surely if the government has been funded by the taxpayer to develop this software, then it should be placed under a license that requires that it remains free to the funders? If the source code is placed under a less restrictive license such as the BSD license where the code can be integrated into proprietary products such as Microsoft Windows, then the customer will be forced to pay the vendor of the proprietary software for something they have in fact already paid for when they paid their tax to the government. Do you think that this secondary "Microsoft tax" is fair on customers?
Some of you will have noticed that the TiVo article about ExtractStream for the TiVo was updated to explain that the thread was pulled from the message board.
However, I noticed that all source code was removed from the page of the developer. Does anyone know why the source was pulled? A mirror of the file ExtractStream-0.1.tgz is available at http://www.stampede.org/~skibum/tivo/ I't be a great pity if such an amazing hack were to be lost forever or for development to stop. What I want to know is, was the author threatened by TiVo or some other party? I'm not sure if they'd have any legal ground but it seems very unfair to threaten this man legally for his great hack.
the users pay you *and* for the bandwidth to share the songs they already bought
I can understand that the customer might want to share their bandwidth so that more money can go to their favourite artists, but why should there be a mandatory charge to use Napster on top of the service you already provide?
Also, why should the customer have to pay the Recording Industry Association of America twice: once to download a file from Napster, and then again to buy recordable audio CDs to burn it on to? Surely if you've paid for one, the other should no longer be required.
It all looks a bit silly from the viewpoint of a foreigner. Sorry if I've stated the obvious.
One other weird thing, Linus's prononciation is generally quite good, but he says "project" like prowwject which gets really annoying. I will be making and ogg of the interview and posting a followup to this message for those who don't want to install proprietary realplayer.
Slashdot Mirror
Wonder if the makers of the official Tron game will go after the developers of these games for trademark infringement. It's a crazy world.
The article treats RSA and DSA as one entity, and doesn't explain how they differ. I did some research and found that RSA is a cryptographic algorithm based on public and private key pairs, which we already know. So far, so good. Then I searched for DSA and found that it stands for Digital Signature Algorithm. Furthermore, that page says that DSA is only usable for signing, and not actual encryption.
This leads on to my question: The article says that SSH1 used the patented RSA key, but SSH2 uses DSA keys to work around the patent. How is it that SSH2 can use a signature algorithm to do real encryption?
OpenSSL is a library, not a set of programs like OpenSSH is. OpenSSH uses the OpenSSL library to do the encryption. You can find API documentation for OpenSSL here.
Or perhaps even better:
gv MS_complaint.pdf
GhostScript has supported pdf in addition to postscript natively for years. xpdf is also a decend pdf viewer though it's a bit less capable than gs.
As a matter of fact, that's exactly what it is designed to and will do. The whole point of PGP encryption is that it obviates the need for password authentication. The only password (in effect) is your private key. This private key should be kept safe at all times, but if it does not fall into the hands of your enemy, they will not be able to read your messages.
The only place a password comes into play is the protection of your private key, but in all honesty you're already screwed if your private key has fallen into enemy hands. A short password is not going to stop any determined party from cracking your private key once they have access to it. For the better part of a decade, I've not used a password for my private key, because it's stored on removable media and only ever used on a trusted host. This is one misconception I'd like to set straight. PGP provides more security than could ever be provided for by a system that relies on a memorisable password.
So let me get this straight. . . this bug only occurs if someone uses a TWO CHARACTER password (or shorter)?!?
/etc/shadow:
You obviously don't know much about how UNIX works. Excerpting from my
daemon:*:11447:0:99999:7:::
adm:*:11447:0:99999:7:::
lp:*:11447:0:99999:7:::
sync:*:11447:0:99999:7:::
Yep, that's right. Common UNIX system accounts (that run daemons and system services) don't even have a password set. This, of cousre, means that they have a password that's shorted than two characters, making them vulnerable to the SSH hole. Once access to these accounts has been gained, using a local root hole is trivial. Seriously, I don't see why anyone should still be running the commercial SSH client when a great and audited alternative like OpenBSD exists and is available freely.
Alexander how there was Dmitry's arrest?
- On Sunday there was conference Def Con. There Dmitry appeared with our presentation eBook Security: Theory and Practice . On Monday in the morning, about nine hours, it(he) and one more our employee, Andrey, left hotel in the airport. On an output(exit) from hotel of them two have stopped. Have presented certificates of agents of FBI. On Dmitry at once give handcuffs. And at once have dissolved them with Andrey on different to rooms. With Andrey had simply a talk - about(near) poluchasa asked, what yes as after that have released(let off). It(he) some times tried to phone to me, but it was impossible. Then it(he) has phoned in the Moscow office, somewhere in the half-tenth, and to us therefrom have thrown a mail with the message on arrest.
- What your lawyers speak?
- Our lawyers know about arrest only to evening when all was already closed. Business occured so: after the message on arrest I have called at once in the Russian consulate. In consulate to me all over again have offered to wait till 12 o'clock in the afternoon - can be, it(him) all the same will plant aboard the plane and will send to Los Angeles, and therefrom already trip of "Aeroflot". But it(he) and has not appeared at the airport. After that the consulate began to make out official inquiry to the American authorities. With it they were taken till two when registration aboard the plane was ended - it became clear, that Dmitry has not departed. Thus we at all did not know, where it(he) in general is. About two consulate has sent inquiry, but up to the end of a working day - till six evenings - we and have not received the answer to him(it). That is on Monday of the information of any at all was not.
On Tuesday in the morning when our Moscow office has opened, wife Dimy there has called. She(it) has told, that to it(her) have called and through a translator have informed, that its(her) husband is arrested. To it(him) to it(her) to talk did not give. It has taken place about 4 o'clock in the morning on Moscow - that is here was about 3 o'clock in the afternoon of Monday. It is received, that they and have not transmitted the information on arrest to consulate till evening.
- What you are going to do(make) now?
- Yesterday it was in general not clear where to access. Now for us eight mornings (Tuesday - red. ), for me here the attorney, we shall understand with it(him) today, that it is possible to make. I have cancelled the further flights - visiting three more conferences was scheduled. It was necessary to hand over ticket and to remain in Las Vegas. My brother Vladimir, managing director our company, has departed to Moscow to complete there different affairs - I it(him) conducted up to the plane to be sure, that with it(him) of nothing happened.
- But you see "having broken open" the book once, it is possible to distribute her(it) then...
- Our program "does not break open" the book: the one who has purchased her(it) can produce the second copy of the book. If the person has made a copy and itself began to sell her(it) on piracy disks - it(he) infringes that it the law, instead of our program. And manufacture of copies for own needs - is valid. In general, under the Russian legislation, software Adobe which does not give illegal& to use the purchased product there where that is wanted by the buyer without delay. This violation of rights of a customer. Besides during a purchase of books in Adobe format the customer is not notified at all on these limitations.
Perhaps this is why the patch is not on windows update. Fixed now though.
Is it just me, or is there something extremely patronising about:
Your age: (Click here if you are under 13.)
on the NYtimes login page? If a kid is interested in science, why should he be redirected to the kiddies page? Science should be for everyone, and if there is some inappropriate material in the article it should say so rather than redirecting them to the kiddies page.
NuSphere is completely within their right to produce proprietary extensions for GPL'd software provided it is not in breach of the GPL. However, it is not great 'netiquette'.
Looking at mysql.org, there is a notice pointing to MySQL AB at the bottom of the front page. However, it is written thus:
If you are looking for the MySQL AB company, click here. If you came here looking for NuSphere, click here.
The W3C suggests that "click here" as Web pages will increasingly be accessed by devices without mice or things that can be clicked (touch displays, text readers etc.) By making "click here" a hyperlink to MySQL AB rather than the text "MySQL AB" itself, it could be argued that they're trying to confuse the visitor. Of course this is only conjecture and it may just be that the Webmaster was not aware of Web standards.
My one gripe with them is that it'd be nice if they could release each of the patches separately as many of the patch writes have stopped maintaining them. As FOLK already make the effort of porting the patches to the latest kernel, it'd be nice if we could use those ported patches on a standard Linus Linux kernel.
They call it humour.
Also, POP has no place in a MUA. That is the job of fetchmail, which is adept at fetching mail from half a dozen types of mail servers.
Legally, the definition of Internet functionality is completely clear. http (Web) and other services are merely provided over the Internet -- "Internet functionality" itself mearly implies a fully functional TCP/IP stack which, of course, QNX, which Netpliance's I-opener uses/used. I think what the FTC meant to say was "complete Windows functionality" and I don't recall Netpliance ever claiming that the I-opener had the complete functionality of a Windows system.
I now happily boot Linux off the i-opener EEPROM and get it to mount a root filesystem over the network. However, Netpliance started charging me their monthly fee despite that I'd signed up before they had introduced the mandatory fee. I called them and they were very good about refunding the $60 or so they had already charged me. However, they continued to charge the credit card after that rather scrupulously, and I couldn't even get through to them that time. In the end they got another $60 which I never claimed back, after which they stopped charging me. Even though this was about 60% of the cost of the i-opener itself I decided to let it go as I realised they needed all the cash they could get and I was already getting more value out of the device than the amount they had charged me in whole. However, now that the opportunity has arisen I might do something about it and get my money back. Does anyone have any contact numbers?
Is there any information on whether they will be using Loki Games' SDL library or whether they will be keeping to standard OpenGL? I still wouldn't buy proprietary software and I don't have many friends who would, but it's always good to see more platforms gaining support from companies.
Browsing seems even faster than with 0.9.1, and the release notes claim that 25 segfault bugs have been crushed since the previous version - not that I ever hit these bugs. The drop-down history bar which was dismally slow to update in 0.9.1 also seems a little more responsive, though I think that feature is going a little towards the bloat side of things.
2 or 3 years ago, Linux users had every right to be concerned with the general direction of Web browsers in Linux versus The Competition. But if Mozilla development continues at this rate, we have nothing to worry about, and there is a fine alternative, Konqueror, if for some reason Netscape/AOL/Time-Warner is prevented from continuing development of Mozilla due to the new anti-GPL/viral clauses in their EULAs.
Mozilla may never have swept away the competition, but I strongly believe that it has saved us from a much more terrible state of affairs just by existing. There are two types of Open Source success: Apache, Perl: The instant hits. Linux, Mozilla: those that steadily improve over several years, rise to prominence, and eventually vanquish the competition. Although the entrepreneurs with capital obviously want to fund the former, companies like IBM, HP and Compaq know that the latter is what will lead to eventual World Domination.
Another nail in the coffin ... but we cannot yet be sure whether it is the coffin of Microsoft, or of Free Software.
Despite what all the naysayers say, I believe we are seeing a shift in Microsoft's support of open standards towards the better. Recently, we saw them embrace the new P3P W3C privacy standard, for example.
As long as they use continue to use open standards (http/html, xml, ogg) to distribute their music, the competitive commercial environment will take care of the rest. If someone believes that Microsoft is distributing money at too high a cost, they can use the same tools to sell music themselves, as any company would do in an open market. The only risk is that Microsoft might try to replace say, html, with their own proprietary system that only runs on Windows. Only then do competitors like AOL and you and me face a serious risk.
I don't use any of their software, but -- who knows -- their services might be good stuff. We all know that most of their endeavours outside software are pretty good (hardware like optical mice, force feedback joysticks, Xbox). Kudos to Microsoft and shame on you if you revert to your proprietary tactics of yesteryear!
"Connexion" used to be a word in the English dictionary until the company you speak of, which runs Microsoft's mirror sites, trademarked it.
Although the notion of a monochrome display is noble (why do I need more than one colour to read text?), the problem remains that more people are likely to go for devices like the all-singing proprietary NVidia GeForce cards. It's all because people don't understand that there is an application of computers beyond that which has been popularised by the mainstream press and "EasyPC" initiatives that aim to reduce the computer to the level of other consumer devices like the TV or washing machine. As long as there are geeks around, the true importance of computers will not be forgotten, but as time progresses we will find it more difficult to find hardware that meets are needs without exceeding our needs, or our budget.
All in all, of course, mainstream computing has done more to bring down the cost of hardware for geeks who are actually interested in the technology, and for this we must be thankful. But the simple, one-purpose devices analogous to the *NIX tools designed to do one thing right, will be the casualties of this new trend. Our best hope is to get over it and enjoy cheap, powerful computers while they last before embedded devices take over the world and put the PC back where it was two decades ago.
You said in one of your previous speeches that Microsoft is opposed to governments releasing source code under the GNU GPL Free Software license. I beg to differ.
Surely if the government has been funded by the taxpayer to develop this software, then it should be placed under a license that requires that it remains free to the funders? If the source code is placed under a less restrictive license such as the BSD license where the code can be integrated into proprietary products such as Microsoft Windows, then the customer will be forced to pay the vendor of the proprietary software for something they have in fact already paid for when they paid their tax to the government. Do you think that this secondary "Microsoft tax" is fair on customers?
However, I noticed that all source code was removed from the page of the developer. Does anyone know why the source was pulled? A mirror of the file ExtractStream-0.1.tgz is available at http://www.stampede.org/~skibum/tivo/ I't be a great pity if such an amazing hack were to be lost forever or for development to stop. What I want to know is, was the author threatened by TiVo or some other party? I'm not sure if they'd have any legal ground but it seems very unfair to threaten this man legally for his great hack.
the users pay you *and* for the bandwidth to share the songs they already bought
I can understand that the customer might want to share their bandwidth so that more money can go to their favourite artists, but why should there be a mandatory charge to use Napster on top of the service you already provide?
Also, why should the customer have to pay the Recording Industry Association of America twice: once to download a file from Napster, and then again to buy recordable audio CDs to burn it on to? Surely if you've paid for one, the other should no longer be required.
It all looks a bit silly from the viewpoint of a foreigner. Sorry if I've stated the obvious.
One other weird thing, Linus's prononciation is generally quite good, but he says "project" like prowwject which gets really annoying.
I will be making and ogg of the interview and posting a followup to this message for those who don't want to install proprietary realplayer.