restraining orders, which have worked well for decades without anyone having a valid problem.
I beg to differ. Restraining orders in my part of the US are obtainable without any evidence about the person to whom they apply, only the state of mind of the person requesting them.
If evidence were available as to wrongdoing a restraining order would not be required, the person could be prosecuted. (This would take court time.)
The existance of the restraining order criminalizes a lot of behaviour that would otherwise not be criminal.
Violation of a domestic restraining order results in jail time, and this actually occurs for people doing such nasty things as sending birthday cards to their children.
The irony is, of course, that anyone who has the intention of doing serious damage to another person is very unlikely to be deterred by a restraining order.
I'm sad that we imprison such a high proportion of our population, and for such ridiculous things.
I doubt that most of these you refer to should be in prison at all, but certainly no case could be made for needing to track them after release.
I was more referencing the people who, upon release, might be a threat to society, and therefore there might be some valid reason to want to identify them. I was also trying to make the point that such 'chipping' is a penalty under law (btw I think that 'Civil Commitment' is unconstitutional), and that it should only be done as part of a sentence for a crime where the law permits it.
All you people who think we need to build better clients are crazy. It is the mail servers that need to do the job.
Making the mailservers enforce authentication of messages has its appeal but I disagree, I don't want the mailservers restricting in that way what I can send.
What is needed is for mail clients to authenticate sent mail, and filter out unauthenticated incoming mail BY DEFAULT.
Provide a traceable starter key with every operating system installation, allow the user to opt out of using it if they wish, or change it.
There are free traceable keys available from several reputable sources, and it would be difficult for spammers to obtain them in bulk.
Online databases could easily list spam source keys, and one could chose a database to use depending upon what you want treated as spam.
A key would rapidly become useless as it is listed in such databases.
It would certainly still be possible to send spam, but it would become much less economic to do it. The volume would collapse.
This can all be done within the current state of technology, and with minimum pain to Joe Public. People are getting used to fase positives in their email filtering, and they would soon be telling their friends "Sign the thing and it will get through'.
I'm also a legal immigrant from the UK (and an employer). I felt that I was treated like a criminal at the US port of entry (including fingerprinting). I doubt that I would have come if I had to be chipped to do it.
Back then I had a perception of the US as a 'land of the free'. It is becoming less so, OTOH so is the UK.
Counteless patriots have died to defend the freedoms we now so happily fritter away.
Now chipping ex cons (provided that it is the law at the time they commit their crime, and that it is part of the sentence) seem altogether more reasonable to me.
doesn't each hop need to at least decrypt the header to get the routing informaiton?
No. The header is not encrypted, only the payload.
It is unlikely that without huge resources that an intermediary could decrypt an otherwise intact communication (i.e. no man-in-the-middle attack took place).
A while ago I received an email from American Express, it contained redirected links, including some purporting to be secure (https) but redirecting through another (http) address.
After some effort phoning Amex I received advice from their employees including (paraphrased) "yes we send emails like that, just click on the links, all is OK".
In the end I was convinced that the email was in fact genuine *(whois on all of the domains in the links etc.)
Given these conditions it is not surprising that people fall for the cleverer phishing scams.
This ad hoc approach seems to fit in well with the whole open source approach, for areas where a smaller amount of expert support is required. It seems to be a welcome addition to the employee or consultant roles.
The myth that you can easily maintain the code is rebutted very quickly in the mind of anyone actually trying to do it.
Improving or adapting code can often be done, particularly on the smaller projects, depending on the architecture of the code base you are trying to do it to, and quite frequently if an improvement is made it can be offered to and adopted by the main project.
When Intel first decided to abandon conventional chip numbering, 8086 . 80186 . 80286 . 80386 . 80486 and then magically 'Pentium', based on the Latin for 5, I was convinced that there next one would be 'Sexium', based on the Latin for 6.
i.e It purported to be a secure link, but actually was not. It piped the request through another (insecure) URL.
I sent it on to the American Expresses Phishing people, and got only an automatic reply.
Finally I phoned American Express Customer service who assured me that it was real, on the basis that they did actually send out emails like that. (!!!!)
It showed all the hallmarks of a phishing email, and yet ultimately was genuine.
How I am ever going to explain to Aunt Mary what signs to look out for in phishing emails, while the real financial institutions send out stuff like this, I don't know.
The article refers to millimeter waves (40-60GHz), this is true line of sight stuff. Several hundred meters if an order of magnitude more range than I would expect it to be disigned for.
This short range is an advantage, and a disadvantage. The network would have to be 'cellular' in nature. There would need to be several base stations per area, even someone standing between you and the base station would block the signal.
On the other hand the re-use distance for a given channel would be fairly small, the band is of no use for any longer range stuff, and may therefore be available.
They were not joking when they said that the cost of all these millimeter wave transmitters and receivers was a challenge! A key issue will be reducing the cost of the components.
I thought the most interesting phrase in the article was: Let's skip some technical details....
rather, they are trying to make a point regarding aspects of the 1998 Child Online Protection Act, which the ACLU has successfully blocked in court. the government wants figures to support it's position in that case, but those figures don't exist, so they're demanding that google *give* them the raw data they need to make the argument they want to make
Given enough sources of random data it will always be possible to find one which makes the case that you wish to make. So then present that one and dispose of all the rest, and voila! you have evidence to support your case.
Java is a language which benefits more than most from performance profiling, in that it is very easy to write inefficient code, because the mapping from code to actual execution is not always very clear.
This is a strength, and a weakness. The degree of abstraction from the underlying machine is high. This results in quite intelligible code, and an ease of coding complex and abstract tasks. It also results in it being quite possible to write apparently simple looking code which ends up executing in a very complex way.
Profiling will expose the gross inefficiencies, and allow them to be corrected.
It will never be possible to write as efficiently (execution time), as in a more direct language, but the coding efficiency (programming time) is quite good, and for a lot of applications that matters a lot more. It also has a lot of cross platform capabilities (not perfect I concede).
I prefer writing code where I can see the bits and bytes (i.e. not Java), but to put down Java in such an off hand way is unjustified.
Slashdot Mirror
restraining orders, which have worked well for decades without anyone having a valid problem.
I beg to differ. Restraining orders in my part of the US are obtainable without any evidence about
the person to whom they apply, only the state of mind of the person requesting them.
If evidence were available as to wrongdoing a restraining order would not be required, the person could
be prosecuted. (This would take court time.)
The existance of the restraining order criminalizes a lot of behaviour that would otherwise not be criminal.
Violation of a domestic restraining order results in jail time, and this actually occurs for people doing
such nasty things as sending birthday cards to their children.
The irony is, of course, that anyone who has the intention of doing serious damage to another person is
very unlikely to be deterred by a restraining order.
Well, Im really confused. ........ since lighting is a very high frequency ac current.
Lightning is a (relatively) short duration event, but it is not high frequency ac current, it
is the discharge of a large static accumulation (dc).
If I had mod points I'd mod your comment up.
I'm sad that we imprison such a high proportion of our population, and for such ridiculous things.
I doubt that most of these you refer to should be in prison at all, but certainly no case could be
made for needing to track them after release.
I was more referencing the people who, upon release, might be a threat to society, and therefore
there might be some valid reason to want to identify them. I was also trying to make the point that
such 'chipping' is a penalty under law (btw I think that 'Civil Commitment' is unconstitutional),
and that it should only be done as part of a sentence for a crime where the law permits it.
All you people who think we need to build better clients are crazy. It is the mail servers that need to do the job.
Making the mailservers enforce authentication of messages has its appeal but
I disagree, I don't want the mailservers restricting in that way what I can send.
What is needed is for mail clients to authenticate sent mail, and filter out
unauthenticated incoming mail BY DEFAULT.
Provide a traceable starter key with every operating system installation,
allow the user to opt out of using it if they wish, or change it.
There are free traceable keys available from several reputable sources,
and it would be difficult for spammers to obtain them in bulk.
Online databases could easily list spam source keys, and one could chose
a database to use depending upon what you want treated as spam.
A key would rapidly become useless as it is listed in such databases.
It would certainly still be possible to send spam, but it would become much less
economic to do it. The volume would collapse.
This can all be done within the current state of technology, and with minimum
pain to Joe Public. People are getting used to fase positives in their email
filtering, and they would soon be telling their friends "Sign the thing and
it will get through'.
The RIAA are suing for different reasons, they are not interested in collecting damages
from aunt Mabel,
I doubt that they cover their legal costs.
They are suing for the sole purpose of scaring the shit out of aunt Mabel and her like.
I'm also a legal immigrant from the UK (and an employer). I felt that I was treated
like a criminal at the US port of entry (including fingerprinting). I doubt that
I would have come if I had to be chipped to do it.
Back then I had a perception of the US as a 'land of the free'. It is becoming less so,
OTOH so is the UK.
Counteless patriots have died to defend the freedoms we now so happily fritter away.
Now chipping ex cons (provided that it is the law at the time they commit their crime,
and that it is part of the sentence) seem altogether more reasonable to me.
Nice idea, but closer to reality than might be apparent.
How about SSH (Secure Shell) keys, which are routinely recreated every so often?
The software isn't really configured to divulge these keys.
VPNs (Virtual Private Networks) are another case where keys are routinely generated and then discarded, with no mechanism to divulge them.
There are many other examples of the same thing.
doesn't each hop need to at least decrypt the header to get the routing informaiton?
No. The header is not encrypted, only the payload.
It is unlikely that without huge resources that an intermediary could decrypt an otherwise
intact communication (i.e. no man-in-the-middle attack took place).
A while ago I received an email from American Express,
it contained redirected links, including some purporting to be
secure (https) but redirecting through another (http) address.
After some effort phoning Amex I received advice from their
employees including (paraphrased) "yes we send emails like that,
just click on the links, all is OK".
In the end I was convinced that the email was in fact genuine *(whois on
all of the domains in the links etc.)
Given these conditions it is not surprising that people fall for the
cleverer phishing scams.
We really should learn to deal with signed email.
Full time support personnel are mostly employees.
This ad hoc approach seems to fit in well with the whole open source approach,
for areas where a smaller amount of expert support is required. It seems to be
a welcome addition to the employee or consultant roles.
The myth that you can easily maintain the code is rebutted very quickly in
the mind of anyone actually trying to do it.
Improving or adapting code can often be done, particularly on the smaller projects,
depending on the architecture of the code base you are trying to do it to,
and quite frequently if an improvement is made it can be offered to and adopted
by the main project.
When Intel first decided to abandon conventional chip numbering,
8086 . 80186 . 80286 . 80386 . 80486 and then magically 'Pentium',
based on the Latin for 5, I was convinced that there next one
would be 'Sexium', based on the Latin for 6.
And that really would have had 'Sex' appeal.
Ah... I had obviously misheard:
And so, my Ferro-Americans, ask not what your country......
things are becoming clearer to me now.
Therein lies the problem with the infinite monkeys typing Shakespeare.
Undoubtedly they will indeed do so, but the script will buried in an
infinite pile of gibberish and other shorter masterpieces by the time
it happens.
Sifting through the output to find the desired product is a much more
onerous task than producing it in the first place.
The whole issue has been considered, filed, reconsidered, trashed,
untrashed, contemplated and cogitated for some while.
There is a relevant RFC with very cogent arguments as to why it is a bad idea.
http://www.rfc-archive.org/getrfc.php?rfc=3675
It isn't helped by some of the 'genuine' emails one receives from
g ?mid=AnIdentifyingNumber&msrc=ENG-YES&url=https:// www.americanexpress.com/messagecenter
supposedly reputable financial institutions.
For example I received an email purporting to be from American Express,
one of the links in it was of the form that showed
https://www.americanexpress.com/messagecenter,
however it actually pointed to
http://www65.americanexpress.com/clicktrk/Trackin
i.e It purported to be a secure link, but actually was not.
It piped the request through another (insecure) URL.
I sent it on to the American Expresses Phishing people, and got only an
automatic reply.
Finally I phoned American Express Customer service who assured me that it was real,
on the basis that they did actually send out emails like that. (!!!!)
It showed all the hallmarks of a phishing email, and yet ultimately was genuine.
How I am ever going to explain to Aunt Mary what signs to look out for
in phishing emails, while the real financial institutions send out
stuff like this, I don't know.
You're right, it is a Herculean task.
It is the individual taxpayers information.
It was not acquired by the voluntary cooperation of the source.
If they want to sell it then they need permission from
the owner of the information, not the IRS's.
I thought that a *nix philosophy was
"do one thing and do it well"
This merging of functions is the path to feature bloat.
On my own boxes I commonly use sudo for installing software,
I do all of the compilation etc. in a user account.
If I log in as root then I have the hassles of all of the
files I create being owned by root unnecesarily,
and then I have to change them all back.
sudo also allows me to get a similar effect to suid, but on
a more restricted basis, via sudoers.
So I dispute your assertion about sudo ONLY being useful
when there are a lot of admins.
I'll bet most of us would like an employer who told us
by the end of the year
to get 2000 email accounts set up.
The article refers to millimeter waves (40-60GHz), this is true line of sight stuff.
....
Several hundred meters if an order of magnitude more range than I would expect
it to be disigned for.
This short range is an advantage, and a disadvantage. The network would have to
be 'cellular' in nature. There would need to be several base stations per area,
even someone standing between you and the base station would block the signal.
On the other hand the re-use distance for a given channel would be fairly small,
the band is of no use for any longer range stuff, and may therefore be available.
They were not joking when they said that the cost of all these millimeter wave
transmitters and receivers was a challenge!
A key issue will be reducing the cost of the components.
I thought the most interesting phrase in the article was:
Let's skip some technical details
I am quite a fan of djbns, but the key here is to separate authoritative and
recursive, which is something that DJB has been preaching for a while.
Consequently djbdns won't do this, but it is quite possible to make bind not
do this also. (In fact Bind now has come round and reccomended this.)
It seems to me like a no-brainer, why is splitting the two such a problem?
SDNS wouldn't hurt either, but that will take a lot more doing.
You're right. I have now downloaded the source, from within the US.
There are prohibitions on export in the (many) terms to which you have to agree.
How long before it's all over the world?
I presume that this will be released outside the US, and allowed to migrate in.
Even then I'm sure that there will be attempts by the US Government to
prevent its use.
This is a significant advance in the search for privacy.
Well Put.
rather, they are trying to make a point regarding aspects of the 1998 Child Online Protection Act, which the ACLU has successfully blocked in court. the government wants figures to support it's position in that case, but those figures don't exist, so they're demanding that google *give* them the raw data they need to make the argument they want to make
Given enough sources of random data it will always be possible to find one
which makes the case that you wish to make. So then present that one and
dispose of all the rest, and voila! you have evidence to support your
case.
That is pure Flamebait.
Java is a language which benefits more than most from performance profiling, in that
it is very easy to write inefficient code, because the mapping from code to actual
execution is not always very clear.
This is a strength, and a weakness. The degree of abstraction from the underlying
machine is high. This results in quite intelligible code, and an ease of coding complex
and abstract tasks. It also results in it being quite possible to write apparently
simple looking code which ends up executing in a very complex way.
Profiling will expose the gross inefficiencies, and allow them to be corrected.
It will never be possible to write as efficiently (execution time), as
in a more direct language, but the coding efficiency (programming time) is quite good,
and for a lot of applications that matters a lot more. It also has a lot of
cross platform capabilities (not perfect I concede).
I prefer writing code where I can see the bits and bytes (i.e. not Java), but
to put down Java in such an off hand way is unjustified.