So it looks like I'll have to replace my cell phone every month and a half if it uses one of these displays. Doesn't seem that useful to me. Maybe they could have a red "screen saver" mode that would just use the red display elements unless you needed full color. That would at least give it a little better lifetime, since then their assumption that a cell phone is only "in use" 200 hours a year would be a little more valid.
Well, if its cheap enough (and it sounds like a screen on this technology, when in full production, should be pennies per 6.3cm screen), design a phone whose screen can be replaced just by popping the old one off and slapping the new one on.
paper thin TVs - How many hours of TV do *you* watch a day? More than 3? Then this display is dead in less than a year.
Same goes for this, for $20, pop a new screen on the tv. Makes the display area itself cheap, so the major cost of the tv becomes the internal electronics.
digital wallpaper - Do you really want to re-wallpaper your house every month and a half?
Okay, now this would suck. You'd have to really like decorating in red:) Give the technology a few more years though to settle itself, and maybe this will be a reality.
The article wasn't clear here as to whether the 'unencrypted passwords' were unencrypted at the storage or transfer point. I think everyone's using the article to jump on the ssh bandwagon when the article (as written by someone interpreting the other person's speech) is indicating that people are using stupid web server setups. How the user gets to the system seems to be irrelevant, as far as the article is concerned. Its just saying that once they get there, they can get to these sensitive log files. Ssh won't help them here.
Regarding the article on Tuesday, June 27, 2000 by Florence Olson, I must disagree with Simson L. Garfinkel's conclusion. Telnet and File Transfer Protocol have been pivotal in the advancement of the internet, and these programs or variations thereof will continue to be essential. The article states:
Log files, for example, are created on Web servers whenever users click on the "search" button. Mr. Garfinkel asked, Who has access to those log files? What computers are capturing those log files? What policies do institutions have for automatically deleting those files on a regular basis?
This quote says nothing about Telnet or FTP, and in fact implies that web servers are a problem. It also doesn't properly state what the log files record. The standard log file is configured to record every download of every document on the server, and from which ip the download was initiated, as well as every attempted download that triggered an internal error. Typically, these files are stored in a directory which normal users don't have access to.
The article also quotes Mr. Garfinkel as saying, "We're moving into a regime in which far, far more information is going to be collected -- and frequently, that's going to be done over some sort of campus network." As quoted, he implies that the campus network will be actively involved in the collection of this information. The problem here is that the vast majority of information collection will happen when a user connects to a remote site not affiliated with the campus. The campus' role here is limited to providing a wire connecting the user's computer to the outside world. The campus has no control over what information is collected and how it is used.
Telnet is a program used to connect the local client machine to the destination server via a text-based window. Such a connection is, for many operating systems, essential for remotely executing commands on the server or performing other tasks. FTP servers allow for the transfer of files, such as assignments or sample code, to and from the local client machine. While it may be true that the World Wide Web has significantly reduced reliance on this type of file transfer, FTP is still the most common choice of methods for password protected transfers.
The danger which Mr. Garfinkel seems to address is the fact that the log files of an improperly configured web server may be accessed via Telnet or FTP, and therefore these services should be halted. The real solution to the web server issue is to be certain that the web server is properly configured and that the log files it generates are only visible to accounts assigned to work with them.
The only indication of problems that might be related to Telnet or FTP is in the last paragraph, where he is quoted as urging "the more than 300 residential-network managers and student-coordinators attending the conference to stop the common practice of using unencrypted passwords to secure network-user accounts." I'm not quite sure just what passwords he's implying are stored in an unencrypted format, since most telnet servers run on Unix, which stores its passwords in an encrypted format, and most ftp servers either use the Unix password file or an encrypted file of their own format. This argument may refer to CGI scripts which, being written by the user who wrote the webpage, can use whatever form of data storage the user desires.
In summary, Telnet and FTP are not the culprits here. Poorly configured web servers are the problem. The possible remedies are as follows:
1) Shut down the web server. A drastic and undesirable action, as you might expect.
2) Protect the log files. This isn't difficult. In fact, on most of the systems web servers run on, log files are protected by default from unauthorized viewing.
3) Turn of CGI. Web servers can be configured to not run CGI scripts that aren't in a specified location. Thus, the possibility that an uninspected user-written CGI script can be executed is completely eliminated.
4) Train system administrators in security. A commonly overlooked area of system administration which needs to be addressed.
5) Run the web server on a separate machine. The users web directory can be accessed over the internal network by the web server, but its log files will be written to the machine its running on. With this solution, the directories the log files are stored in aren't even visible by the machine accessed by Telnet or FTP.
Do not look to Telnet and FTP as a solution to these problems, as they are merely a means access the data which should be protected from them to begin with. The real culprit is the web server.
He's not saying that providing remote login and file transfer services is bad; he's saying that telnet and non-anonymous FTP are bad. ssh and scp can completely replace them
Umm... read the whole article. The person writing the article doesn't quote him as actually giving any reason for the no telnet/ftp suggestion other than 'the users can use them to get to private information'. Read it again. The entire article says 'Web servers record private information in log files. users can get to these log files with telnet and ftp. therefore, don't use telnet or ftp.' Now, of course, this is completely nonsensical, as you can put the log files somewhere nobody can see them, and thus the problem no longer exists.
Also, the article never mentiones any alternatives to telnet and ftp. Why? Because *any* method of accessing the machine configured in such a way allows you to get to the improperly configured log files. The problem isn't with the insecurity of the connection method, its a problem with the insecurity of the data on the machine itself!
As for a name, perhaps the Digital Film Awards or Internet Movie Awards (hmmm... the Imas -it almost has a ring to it. Almost.)? I must admit that even though we are moving away from the medium of film, I like the word "film" ever so much more than "movie".
Perhaps the Digital Entertainment Awards would be more fitting. Or even the Internet Digital Entertainment Awards. (IDEA)
This is actually a problem with the GPL, I think. (oh, I can see the flames already) Here's the issue as I understand it.
I write program X under the GPL, but in order for it to work with, say, device D, I have to link in libraries from the company that makes device D. I now can't distribute program X so long as it needs the device D libraries, unless I can get the company to change their license?
This is a little absurd. The GPL is noble and all, but in this case it becomes a 'We won't play with you unless you use our ball' argument, and unfairly restricts the abilities of GNU programmers to accomplish what they wish to accomplish. If the maker of a device won't use the GPL, and we need their libraries to make a product work, we should be able to distribute the library under its original license and still link against it.
I've heard an average number of about 20 meters (versus 100 with SA turned on). This still doesn't match the accuracy of differential GPS (about 10 meters), or does it?
Well, if you think about it, it should make DGPS work even better, since DGPS was telling your receiver how 'off' the signals its receiving are. This should give DGPS an even better accuracy than it had before.
OK, repeat after me: this is not a test of the GPL.... If this is to litigate, it's going to turn on basic contract law principles of license and assignments.... But it isn't the GPL that's stopping them; it's the license.
Umm... excuse me... the GPL IS the license. The phrase GPL (Usually GNU GPL, actually) is short for GNU General Public License. So when you say it isn't the GPL that's stopping them, its the license, you're not really making much sense.
Germany and France used to be the same country at first.
Umm... When? The earliest country-like organisation I know of had Gaul where France is and what's now Germany occupied by the Norse, and before that it was just tribal with only linguistic connections that seem to still favor a separation between the two regions.
I'm sick of the attitude I hear about how bogus the 1-click patent is. It is so easy to say - years after somehing is thought of - that it is obvious. Of course it's obvious - it's there. But it's only there because someone thought of it.
Were you not around when the 1-click was originally patented? The patent was considered bogus even then, since it was a patent of a basic purpose of cookies - user/session tracking & identification. Its what they're for! It was as obvious then as it is now, they just gave it a marketing name and a patent number.
If a piece of information has not been preserved and is now unaccessible, it probably means that it was of minimal value anyway
You didn't read the whole article, did you? Or perhaps the 1960 census resulted in information of "minimal value" that we didn't need lying around anyways? This is data that cannot be recreated, and is irrevocably lost.
1 Being that the foundation of a free society is based on the free flow of information, and being that various elements have attempted to restrict the free flow of constitutionally protected information, it is prohibited for any state funded organisation to restrict the use of computing devices to view constitutionally protected speech through the application of filtering software. 1.1 In order for filtering software to be used at a public computer terminal, it must not prevent the end user from viewing any speech which is constitutionally protected. 1.2 Should an organisation receive a complaint that filtering software in use on the terminal has blocked constitutionally protected speech, the provider of said software must reveal to an investigatory committee the criteria with which it blocks content so that the committee may determine whether the software does, in fact, use criteria that may block constitutionally protected speech. 1.2.1 The analysis of this criteria shall be performed by a committee containing no less than two individuals serving for the state, two individuals from the private sector drawn from local technological companies, and two individuals of any background from the private sector. 1.3 Should the software block consitutionally protected speech, the committee shall notify the organisation controlling the terminal of its violation. At this time, the organisation shall be required to upgrade the software so that it comes into compliance with this law, or remove the software from all public computer terminals. 1.4 Should the organisiation still be in violation more than two weeks after notification, state funding will be withdrawn.
Thus, the library can put censorware in place, but if it blocks out any 'protected speech', the software needs to be removed. It would look like it was granting the right to use censorware explicitly, however since I don't know of any censorware that actually does what it promises, none of it would be valid.
Then again, I don't know the politics of Michigan.
I just had a thought, and call me crazy, but can't we fight fire with fire? Why not get some Michigan/.'ers together and write a law banning the use of internet filters statewide in Michigan?
Obviously, the major proponents of censorware are attempting to bring the requirement of censorware in public libraries to the state level, and at some point probably to the federal level. If we were to put together legislation to ban the use of filtering software in publicly funded libraries, it would either:
Fail, but this would require the proponents to spend a large quantity of cash, hopefully degrading their ability to push pro-censorware legislation elsewhere.
Pass, in which case a monumental step for free speech has been taken.
The only real failure here is if it fails so dramatically that censorware proponents can immediately use support they've garnered to pass their own legislation, and I give this a rather slim likelyhood.
But no one can make it. The reasearch has been mostly abandoned, at this point
Quality diamonds of larger size and quality than any that are mined can be made, but the diamond mining industry struck a deal with the manufacturers of industrial diamonds so that these would be shelved and never come to market. The diamond industry is very strictly controlled, lest they have the same problems that the amethyst industry did. (Amethyst was as expensive as diamond, until a major vein was found in Brazil. The market got glutted, and the price crashed.) The issue is a matter of economics, not technical ability.
They would never have done something this stupid a year ago...
Are you kidding? Only recently have they been emerging from an era of stupidity. This was a flashback to that era, though from the reaction they got I would hope they won't make many more for a while.
Slashdot Mirror
Except that HushMail is located in the U.S., and therefore subject to the Carnivore wiretap.
So it looks like I'll have to replace my cell phone every month and a half if it uses one of these displays. Doesn't seem that useful to me. Maybe they could have a red "screen saver" mode that would just use the red display elements unless you needed full color. That would at least give it a little better lifetime, since then their assumption that a cell phone is only "in use" 200 hours a year would be a little more valid.
Well, if its cheap enough (and it sounds like a screen on this technology, when in full production, should be pennies per 6.3cm screen), design a phone whose screen can be replaced just by popping the old one off and slapping the new one on.
paper thin TVs - How many hours of TV do *you* watch a day? More than 3? Then this display is dead in less than a year.
Same goes for this, for $20, pop a new screen on the tv. Makes the display area itself cheap, so the major cost of the tv becomes the internal electronics.
digital wallpaper - Do you really want to re-wallpaper your house every month and a half?
Okay, now this would suck. You'd have to really like decorating in red :) Give the technology a few more years though to settle itself, and maybe this will be a reality.
The article wasn't clear here as to whether the 'unencrypted passwords' were unencrypted at the storage or transfer point. I think everyone's using the article to jump on the ssh bandwagon when the article (as written by someone interpreting the other person's speech) is indicating that people are using stupid web server setups. How the user gets to the system seems to be irrelevant, as far as the article is concerned. Its just saying that once they get there, they can get to these sensitive log files. Ssh won't help them here.
Regarding the article on Tuesday, June 27, 2000 by Florence Olson, I must
disagree with Simson L. Garfinkel's conclusion. Telnet and File Transfer
Protocol have been pivotal in the advancement of the internet, and these
programs or variations thereof will continue to be essential. The article
states:
Log files, for example, are created on Web
servers whenever users click on the "search"
button. Mr. Garfinkel asked, Who has access
to those log files? What computers are
capturing those log files? What policies do
institutions have for automatically deleting
those files on a regular basis?
This quote says nothing about Telnet or FTP, and in fact implies that web
servers are a problem. It also doesn't properly state what the log files
record. The standard log file is configured to record every download of
every document on the server, and from which ip the download was initiated,
as well as every attempted download that triggered an internal error.
Typically, these files are stored in a directory which normal users don't
have access to.
The article also quotes Mr. Garfinkel as saying, "We're moving into a regime
in which far, far more information is going to be collected -- and
frequently, that's going to be done over some sort of campus network." As
quoted, he implies that the campus network will be actively involved in the
collection of this information. The problem here is that the vast majority
of information collection will happen when a user connects to a remote site
not affiliated with the campus. The campus' role here is limited to
providing a wire connecting the user's computer to the outside world. The
campus has no control over what information is collected and how it is used.
Telnet is a program used to connect the local client machine to the
destination server via a text-based window. Such a connection is, for many
operating systems, essential for remotely executing commands on the server
or performing other tasks. FTP servers allow for the transfer of files,
such as assignments or sample code, to and from the local client machine.
While it may be true that the World Wide Web has significantly reduced
reliance on this type of file transfer, FTP is still the most common choice
of methods for password protected transfers.
The danger which Mr. Garfinkel seems to address is the fact that the log
files of an improperly configured web server may be accessed via Telnet or
FTP, and therefore these services should be halted. The real solution to
the web server issue is to be certain that the web server is properly
configured and that the log files it generates are only visible to accounts
assigned to work with them.
The only indication of problems that might be related to Telnet or FTP is in
the last paragraph, where he is quoted as urging "the more than 300
residential-network managers and student-coordinators attending the
conference to stop the common practice of using unencrypted passwords to
secure network-user accounts." I'm not quite sure just what passwords he's
implying are stored in an unencrypted format, since most telnet servers run
on Unix, which stores its passwords in an encrypted format, and most ftp
servers either use the Unix password file or an encrypted file of their own
format. This argument may refer to CGI scripts which, being written by the
user who wrote the webpage, can use whatever form of data storage the user
desires.
In summary, Telnet and FTP are not the culprits here. Poorly configured web
servers are the problem. The possible remedies are as follows:
1) Shut down the web server.
A drastic and undesirable action, as you might expect.
2) Protect the log files.
This isn't difficult. In fact, on most of the systems web servers run on,
log files are protected by default from unauthorized viewing.
3) Turn of CGI.
Web servers can be configured to not run CGI scripts that aren't in a
specified location. Thus, the possibility that an uninspected user-written
CGI script can be executed is completely eliminated.
4) Train system administrators in security.
A commonly overlooked area of system administration which needs to be
addressed.
5) Run the web server on a separate machine.
The users web directory can be accessed over the internal network by the web
server, but its log files will be written to the machine its running on.
With this solution, the directories the log files are stored in aren't even
visible by the machine accessed by Telnet or FTP.
Do not look to Telnet and FTP as a solution to these problems, as they are
merely a means access the data which should be protected from them to begin
with. The real culprit is the web server.
ssh and scp can completely replace them
Umm... read the whole article. The person writing the article doesn't quote him as actually giving any reason for the no telnet/ftp suggestion other than 'the users can use them to get to private information'. Read it again. The entire article says 'Web servers record private information in log files. users can get to these log files with telnet and ftp. therefore, don't use telnet or ftp.' Now, of course, this is completely nonsensical, as you can put the log files somewhere nobody can see them, and thus the problem no longer exists.
Also, the article never mentiones any alternatives to telnet and ftp. Why? Because *any* method of accessing the machine configured in such a way allows you to get to the improperly configured log files. The problem isn't with the insecurity of the connection method, its a problem with the insecurity of the data on the machine itself!
Perhaps the Digital Entertainment Awards would be more fitting. Or even the Internet Digital Entertainment Awards. (IDEA)
This is actually a problem with the GPL, I think. (oh, I can see the flames already) Here's the issue as I understand it.
I write program X under the GPL, but in order for it to work with, say, device D, I have to link in libraries from the company that makes device D. I now can't distribute program X so long as it needs the device D libraries, unless I can get the company to change their license?
This is a little absurd. The GPL is noble and all, but in this case it becomes a 'We won't play with you unless you use our ball' argument, and unfairly restricts the abilities of GNU programmers to accomplish what they wish to accomplish. If the maker of a device won't use the GPL, and we need their libraries to make a product work, we should be able to distribute the library under its original license and still link against it.
Well, if you think about it, it should make DGPS work even better, since DGPS was telling your receiver how 'off' the signals its receiving are. This should give DGPS an even better accuracy than it had before.
Umm... excuse me... the GPL IS the license. The phrase GPL (Usually GNU GPL, actually) is short for GNU General Public License . So when you say it isn't the GPL that's stopping them, its the license, you're not really making much sense.
Umm... When? The earliest country-like organisation I know of had Gaul where France is and what's now Germany occupied by the Norse, and before that it was just tribal with only linguistic connections that seem to still favor a separation between the two regions.
Were you not around when the 1-click was originally patented? The patent was considered bogus even then, since it was a patent of a basic purpose of cookies - user/session tracking & identification. Its what they're for! It was as obvious then as it is now, they just gave it a marketing name and a patent number.
Why, to the people who last took them to a dinner & golf outing in florida, of course!
If a piece of information has not been preserved and is now unaccessible, it probably means that it was of minimal value anyway
You didn't read the whole article, did you? Or perhaps the 1960 census resulted in information of "minimal value" that we didn't need lying around anyways? This is data that cannot be recreated, and is irrevocably lost.
What about something like:
1 Being that the foundation of a free society is based on the free flow of information, and being that various elements have attempted to restrict the free flow of constitutionally protected information, it is prohibited for any state funded organisation to restrict the use of computing devices to view constitutionally protected speech through the application of filtering software.
1.1 In order for filtering software to be used at a public computer terminal, it must not prevent the end user from viewing any speech which is constitutionally protected.
1.2 Should an organisation receive a complaint that filtering software in use on the terminal has blocked constitutionally protected speech, the provider of said software must reveal to an investigatory committee the criteria with which it blocks content so that the committee may determine whether the software does, in fact, use criteria that may block constitutionally protected speech.
1.2.1 The analysis of this criteria shall be performed by a committee containing no less than two individuals serving for the state, two individuals from the private sector drawn from local technological companies, and two individuals of any background from the private sector.
1.3 Should the software block consitutionally protected speech, the committee shall notify the organisation controlling the terminal of its violation. At this time, the organisation shall be required to upgrade the software so that it comes into compliance with this law, or remove the software from all public computer terminals.
1.4 Should the organisiation still be in violation more than two weeks after notification, state funding will be withdrawn.
Thus, the library can put censorware in place, but if it blocks out any 'protected speech', the software needs to be removed. It would look like it was granting the right to use censorware explicitly, however since I don't know of any censorware that actually does what it promises, none of it would be valid.
Then again, I don't know the politics of Michigan.
I just had a thought, and call me crazy, but can't we fight fire with fire? Why not get some Michigan /.'ers together and write a law banning the use of internet filters statewide in Michigan?
Obviously, the major proponents of censorware are attempting to bring the requirement of censorware in public libraries to the state level, and at some point probably to the federal level. If we were to put together legislation to ban the use of filtering software in publicly funded libraries, it would either:
The only real failure here is if it fails so dramatically that censorware proponents can immediately use support they've garnered to pass their own legislation, and I give this a rather slim likelyhood.
So, anyone want to write some legislation?
Quality diamonds of larger size and quality than any that are mined can be made, but the diamond mining industry struck a deal with the manufacturers of industrial diamonds so that these would be shelved and never come to market. The diamond industry is very strictly controlled, lest they have the same problems that the amethyst industry did. (Amethyst was as expensive as diamond, until a major vein was found in Brazil. The market got glutted, and the price crashed.) The issue is a matter of economics, not technical ability.
Are you kidding? Only recently have they been emerging from an era of stupidity. This was a flashback to that era, though from the reaction they got I would hope they won't make many more for a while.