I wish there was a windows remote desktop equivalent. Yeah! I can forward X11 apps over SSH! Network transparency! Cool! But over the internet - usually painful...high latency? oops. Connection dropped? App exits. Hope it autosaves.
Ok, so let's use VNC. A lot better to be sure. Or NX, with its shockingly awesome speed and responsiveness.
But how do I get at the apps I already have running? Nifty, I can ssh in to my desktop machine at home. I know I'm logged in to a gnome/kde/whatever session. Screen locked. What if I have Eclipse open and want to pick up where I left off? -Start a vncserver? That's fantastic. I just bypassed the display manager, so no warning about concurrent sessions. Let's hope that _all_ of my apps are careful about this weird case and don't barf all over my data. -Forward just eclipse? Maybe if I kill it first from my shell it won't complain. -Use x11vnc (hoping my session is on display:0, and setting environment variables appropriately)? Oh, look at that! Screen's locked. I'll just type in my password and get going. Works fine, except for the fact that my _monitor woke up_ and _everyone can see what I'm doing or hijack my session_ (keyboard and mouse working). Maybe I'll just quickly logout so I can start something in VNC...
It's ugly, all of it.
On the windows side, as most everyone here has seen, a) a session started locally can be connected remotely b) a session started remotely can be connected to remotely c) in either case, a "locked" screen is displayed as appropriate and nobody gets to see a haunted cursor and d) none of this breaks 3D acceleration or video overlays when switching back to local display. It's _incredibly_ useful. This is something you'd expect Linux to be _better_ at, a big selling point of desktop Linux...afraid not.
I tried to pick some brains once about even the simplest hacks - like being able to poll X for display updates when it doesn't have a VT. And from that, I don't get the impression Linux will catch up in this department anytime soon.
If you vote for a candidate other than the two 'Real Ones'
Your opinion effectively doesn't count
You can complain until breathless, but the same thing will happen next time
You'll have several years to wonder why you voted
If you pick the 'lesser of two evils' (the argument by which so many I've talked to validate their choice)
Your opinion _might_ count
You can complain until breathless, which you'll do regardless of which of the big two get elected
You'll have several years to wonder how fifty percent plus one represents the views of a nation
Smile and dance about it all you want. We don't have a real voting system here. In various races, certain individuals count more than others (and dead people count too). Some employ trickery like "vote pairing" in the hopes of actually existing. Boxes of votes appear when most convenient. e-Voting machines don't know how to add. People vote strategically to keep out the 'other guy' because an honest vote would clearly be wasted. Every informed vote is balanced out by some knuckledragger that votes by haircut and smile. And for that reason, the game is to look as pretty and nonthreatening as possible - can fix _everything_ with no consequences, and look damn sharp while doing it. But at least we get a good show out of it right? It's such a straightforward and simple concept that we've come to _expect_ an entire night of speculation, flashing colors, and screamingly corrupt shenanigans.
None of this leads me to believe that we're coming together to agree or compromise on some form of actual issues.
Get back to me when we scrap the whole thing and start over.
Funny I think that people are so cautious to trust computers here, but they're fine for everything else. Just make it open. We can gain some advantages.
-Immediately before voting, you are handed a number. How we generate these numbers is up for debate. Perhaps they are centrally generated and serial. Perhaps a hash of name + DOB + other stuff. Each choice here opens different doors.
-Barcode equivalent to said number must be scanned at the machine. Number must also be entered on an onscreen key pad.
- Number + voting choices + timestamp + voting machine id are stored in a central database. Immediately. Nothing local.
-You get a receipt with your Number + voting choices + timestamp + machine ID. It also has these other handy value on there. A digital signature, created by said central authority with its private key. The public key is well known long in advance.
-After the election, the entire result set is made available for download. Yeah, a recount is a big fucking deal. We have these neat machines that are good at math. The bigger deal here is that if you check the database after you voted and the entry for your number doesn't match, you scream bloody murder. If you don't trust the machine, any party can verify the central authority's signature.
-But in addition to 'any' party, it is critical to have a non-networked verification appliance, which does nothing but verify the central signature for you before you physically leave. If you scream bloody murder at this point, we can consider the plain-text part of the receipt trusted. You obviously couldn't have faked the entire receipt while being watched by everyone. More on this soon.
Nice huh? Let's recap some advantages here: -You can verify that your vote was counted and correctly -You can't determine who voted for whom, except yourself. -The receipt actually means something
Let's elaborate on that third point. There are several means of lying to you, which can't easily be solved without adding machines into the mix
-What if the receipt says you voted for X but the machine recorded you as voting for Y? This is as good as pressing the wrong button. The signatures will both be valid. But if the plain-text portion shows the wrong candidate, you'll notice and scream. If the plain-text portion doesn't match the the central signature (the one most directly relevant to proper recording) you will catch this at the non-networked verifier. The receipt can still be trusted having not left the polling place, so you will be allowed to vote on another machine, as meanwhile the machine you previously used is marked for a serious investigation...
-What if the central authority records whatever it wants but produces a normal signature? The receipt will be considered entirely valid and endorsed. People will notice quickly as they check the database from home. You have a paper trail that can be trusted. What if the signature is bogus? People notice before they leave the polling place.
Up to this point? Criminal negligence bordering on treason. Open source needs to step up.
We know that the java security features can handle this - but the browser plugin is simple retarded. You can't really request just the permissions you want, and the user cant fine-tune this if they feel like it. (And it's really, really slow)
Go ahead, try running an applet which pops a security warning. You can press ok, which gives it _full permissions_, or you can press _cancel_, in which it _loads anyway, sandboxed_. How does this make any sense? I can't believe we haven't seen more attacks using applets these days...
Static huh. Interesting. I'm concerned how long the list of scandals grows.
We all know this is easy to get right. It's funny how much, much more complicated systems get implemented correctly - you know, the ones that people have a vested interest in getting right. It may well be the opposite in the case of eVoting. Or just voting, for that matter.
Anyway, I'll quote myself to provide an example. Open source evoting with central authority and some voter-doable verification... -------------------
Funny I think that people are so cautious to trust computers here, but they're fine for everything else. Just make it open. We can gain some advantages.
-Immediately before voting, you are handed a number. How we generate these numbers is up for debate. Perhaps they are centrally generated and serial. Perhaps a hash of name + DOB + other stuff. Each choice here opens different doors.
-Barcode equivalent to said number must be scanned at the machine. Number must also be entered on an onscreen key pad.
- Number + voting choices + timestamp + voting machine id are stored in a central database. Immediately. Nothing local.
-You get a receipt with your Number + voting choices + timestamp + machine ID. It also has these other handy value on there. A digital signature, created by said central authority with its private key. The public key is well known long in advance.
-After the election, the entire result set is made available for download. Yeah, a recount is a big fucking deal. We have these neat machines that are good at math. The bigger deal here is that if you check the database after you voted and the entry for your number doesn't match, you scream bloody murder. If you don't trust the machine, any party can verify the central authority's signature.
-But in addition to 'any' party, it is critical to have a non-networked verification appliance, which does nothing but verify the central signature for you before you physically leave. If you scream bloody murder at this point, we can consider the plain-text part of the receipt trusted. You obviously couldn't have faked the entire receipt while being watched by everyone. More on this soon.
Nice huh? Let's recap some advantages here: -You can verify that your vote was counted and correctly -You can't determine who voted for whom, except yourself. -The receipt actually means something
Let's elaborate on that third point. There are several means of lying to you, which can't easily be solved without adding machines into the mix
-What if the receipt says you voted for X but the machine recorded you as voting for Y? This is as good as pressing the wrong button. The signatures will both be valid. But if the plain-text portion shows the wrong candidate, you'll notice and scream. If the plain-text portion doesn't match the the central signature (the one most directly relevant to proper recording) you will catch this at the non-networked verifier. The receipt can still be trusted having not left the polling place, so you will be allowed to vote on another machine, as meanwhile the machine you previously used is marked for a serious investigation...
-What if the central authority records whatever it wants but produces a normal signature? The receipt will be considered entirely valid and endorsed. People will notice quickly as they check the database from home. You have a paper trail that can be trusted. What if the signature is bogus? People notice before they leave the polling place.
Up to this point? Criminal negligence bordering on treason. Open source needs to step up.
Had every router shipped since 3 or so years ago been required to have a) IPv6 support w/ stateful firewall on by default for internal hosts and b) a "turn on 6to4" button, we would have been near done already. That simple. You can do it with current routers with firmware mods and a lot of work.
Google Android...a platform for "mobile phones" huh. The Dalvik virtual machine sounds kinda like Dalek to me. Coincidence? Or killer robot defense force that also doubles as WiFi hotspots?
I hear they're launching stuff into space now too.
Because drug traffickers are people, and it is easy for said people to determine that what they are selling is illegal.
There's not a a special kind of bit with "COPYRIGHTED" written on it that is easy to distinguish from the trillions of others.
I'll also point out that IsoHunt doesn't even _see_ the possibly copyrighted data. Keeping with your silly argument for a bit... The drug traffickers are listing themselves in the phone book, and some bright people such as yourself want to sue the publisher.
I'd like to point out that the moronic part is that running a program can be dangerous. It's a shitty idea that's been floating around for decades. Multi-user systems like UNIX (and more recently, Windows) have long been designed with the idea that a program run by a user _is_ the user effectively, and can do anything the user can do.
This idea doesn't work now.
Like on the OLPC, we need to realize that a program's permissions are merely a _subset_ of the owning user's permissions. We see countless higher-level workarounds for this, such as the security mechanisms in Java and.NET - move it down a bit farther and we'd have a lot less problems.
gedit shouldn't be able to delete my home directory. Solitaire shouldn't be able to spy on me with my mic.
Untrusted executable code should still be safe to run, barring explicit permission for dangerous things. Anything else is a failure of US on the behalf of EVERYONE ELSE.
If you visit a website with either an expired or a self-signed SSL certificate, Firefox 3 will prevent the page from loading, to protect your secure cookies and personal info from what may be a malicious page. Instead it will display a warning... To get past this warning page, users have to go through four different steps before they can be understood to have declared intent to accept the possible consequences, which from a usability standpoint is far from ideal - the users are much more accustomed to signing their death warrants by pressing a single 'Allow' button, so multiple steps for an extremely rare security warning is heretical. This way of handling websites with expired or self-signed SSL certificates is bound to scare away a lot of inexperienced users, who, with their extensive knowledge of cryptography and public key infrastructure, really need not be intimidated with facts and scary words.
This is quite obviously a debate among morons. I'm glad firefox is doing it right.
Mutually exclusive. Steam is an implementation of DRM. Moreso than requiring a CD in the drive, to be sure. It might be a good implementation. Okay, maybe instead acceptable
Let's not mistake Steam as merely some tool of our own convenience. It is a means of access control as well as distribution and handy middleware features. Yes, the community features, automatic updates, achievements, and ease of getting your games (both buying and redownloading) are delightful. To a large degree, it fills a niche similar to that of Xbox Live, for the PC.
But Steam is the gatekeeper. By some effort you can play offline, but for the most part you are dependent on Valve to not take away your pretties or otherwise poof out of existence. You know that familiar delay before you are deemed worthy to launch the game? It's the same issue that we bitch about near daily here on slashdot, but it's damn convenient in this case.
Do we *really* object to DRM on moral grounds? Or only the kind that gets in the way? Steam does work for you most of the time - your 'rights' being 'managed' in this case in such a way that redownload anywhere is permissible. I think we do object. We're praising Steam now because it's many steps up from our other options - just ignoring for the moment all the times my game list is empty for no apparent reason.
I think what you meant to say was to lose the annoying implementations of copy protection. The kind that inexplicably fails on certain configurations, requires you to download CD-cracks from unofficial channels to keep your sanity, and type in the CD key that you lost 4 years ago when reinstalling.
Slashdot Mirror
I wish there was a windows remote desktop equivalent. Yeah! I can forward X11 apps over SSH! Network transparency! Cool! But over the internet - usually painful...high latency? oops. Connection dropped? App exits. Hope it autosaves.
Ok, so let's use VNC. A lot better to be sure. Or NX, with its shockingly awesome speed and responsiveness.
But how do I get at the apps I already have running? Nifty, I can ssh in to my desktop machine at home. I know I'm logged in to a gnome/kde/whatever session. Screen locked. What if I have Eclipse open and want to pick up where I left off? :0, and setting environment variables appropriately)? Oh, look at that! Screen's locked. I'll just type in my password and get going. Works fine, except for the fact that my _monitor woke up_ and _everyone can see what I'm doing or hijack my session_ (keyboard and mouse working). Maybe I'll just quickly logout so I can start something in VNC...
-Start a vncserver? That's fantastic. I just bypassed the display manager, so no warning about concurrent sessions. Let's hope that _all_ of my apps are careful about this weird case and don't barf all over my data.
-Forward just eclipse? Maybe if I kill it first from my shell it won't complain.
-Use x11vnc (hoping my session is on display
It's ugly, all of it.
On the windows side, as most everyone here has seen, a) a session started locally can be connected remotely b) a session started remotely can be connected to remotely c) in either case, a "locked" screen is displayed as appropriate and nobody gets to see a haunted cursor and d) none of this breaks 3D acceleration or video overlays when switching back to local display. It's _incredibly_ useful. This is something you'd expect Linux to be _better_ at, a big selling point of desktop Linux...afraid not.
I tried to pick some brains once about even the simplest hacks - like being able to poll X for display updates when it doesn't have a VT. And from that, I don't get the impression Linux will catch up in this department anytime soon.
Three engines, for the closest browse yet...
If only we had some way to _clone_ people for the purpose...oh well
Typo? You bring up a good point, sir.
I say we mandate proper use of copy and paste by all cloning technicians.
I can see it now.
"Hi there gorgeous, I'm HIV-immune. You _must_ have sex with me! It's to save humanity, after all!"
If you vote for a candidate other than the two 'Real Ones'
If you pick the 'lesser of two evils' (the argument by which so many I've talked to validate their choice)
Smile and dance about it all you want. We don't have a real voting system here.
In various races, certain individuals count more than others (and dead people count too). Some employ trickery like "vote pairing" in the hopes of actually existing. Boxes of votes appear when most convenient. e-Voting machines don't know how to add.
People vote strategically to keep out the 'other guy' because an honest vote would clearly be wasted. Every informed vote is balanced out by some knuckledragger that votes by haircut and smile. And for that reason, the game is to look as pretty and nonthreatening as possible - can fix _everything_ with no consequences, and look damn sharp while doing it. But at least we get a good show out of it right? It's such a straightforward and simple concept that we've come to _expect_ an entire night of speculation, flashing colors, and screamingly corrupt shenanigans.
None of this leads me to believe that we're coming together to agree or compromise on some form of actual issues.
Get back to me when we scrap the whole thing and start over.
Funny I think that people are so cautious to trust computers here, but they're fine for everything else. Just make it open. We can gain some advantages.
-Immediately before voting, you are handed a number. How we generate these numbers is up for debate. Perhaps they are centrally generated and serial. Perhaps a hash of name + DOB + other stuff. Each choice here opens different doors.
-Barcode equivalent to said number must be scanned at the machine. Number must also be entered on an onscreen key pad.
- Number + voting choices + timestamp + voting machine id are stored in a central database. Immediately. Nothing local.
-You get a receipt with your Number + voting choices + timestamp + machine ID. It also has these other handy value on there. A digital signature, created by said central authority with its private key. The public key is well known long in advance.
-After the election, the entire result set is made available for download. Yeah, a recount is a big fucking deal. We have these neat machines that are good at math. The bigger deal here is that if you check the database after you voted and the entry for your number doesn't match, you scream bloody murder. If you don't trust the machine, any party can verify the central authority's signature.
-But in addition to 'any' party, it is critical to have a non-networked verification appliance, which does nothing but verify the central signature for you before you physically leave. If you scream bloody murder at this point, we can consider the plain-text part of the receipt trusted. You obviously couldn't have faked the entire receipt while being watched by everyone. More on this soon.
Nice huh? Let's recap some advantages here:
-You can verify that your vote was counted and correctly
-You can't determine who voted for whom, except yourself.
-The receipt actually means something
Let's elaborate on that third point.
There are several means of lying to you, which can't easily be solved without adding machines into the mix
-What if the receipt says you voted for X but the machine recorded you as voting for Y? This is as good as pressing the wrong button. The signatures will both be valid. But if the plain-text portion shows the wrong candidate, you'll notice and scream. If the plain-text portion doesn't match the the central signature (the one most directly relevant to proper recording) you will catch this at the non-networked verifier. The receipt can still be trusted having not left the polling place, so you will be allowed to vote on another machine, as meanwhile the machine you previously used is marked for a serious investigation...
-What if the central authority records whatever it wants but produces a normal signature? The receipt will be considered entirely valid and endorsed. People will notice quickly as they check the database from home. You have a paper trail that can be trusted. What if the signature is bogus? People notice before they leave the polling place.
Up to this point? Criminal negligence bordering on treason. Open source needs to step up.
I lol'd
Ah. So you appreciate Cameron for her intelligence huh?
Me too. Exactly.
(Model T-6969 I think right?)
Why did they have to break applet security?
We know that the java security features can handle this - but the browser plugin is simple retarded. You can't really request just the permissions you want, and the user cant fine-tune this if they feel like it. (And it's really, really slow)
Go ahead, try running an applet which pops a security warning. You can press ok, which gives it _full permissions_, or you can press _cancel_, in which it _loads anyway, sandboxed_. How does this make any sense? I can't believe we haven't seen more attacks using applets these days...
Yep. Just a bunch of hamstards, how much can you really ask?
Static huh. Interesting. I'm concerned how long the list of scandals grows.
We all know this is easy to get right. It's funny how much, much more complicated systems get implemented correctly - you know, the ones that people have a vested interest in getting right. It may well be the opposite in the case of eVoting. Or just voting, for that matter.
Anyway, I'll quote myself to provide an example. Open source evoting with central authority and some voter-doable verification...
-------------------
Funny I think that people are so cautious to trust computers here, but they're fine for everything else. Just make it open. We can gain some advantages.
-Immediately before voting, you are handed a number. How we generate these numbers is up for debate. Perhaps they are centrally generated and serial. Perhaps a hash of name + DOB + other stuff. Each choice here opens different doors.
-Barcode equivalent to said number must be scanned at the machine. Number must also be entered on an onscreen key pad.
- Number + voting choices + timestamp + voting machine id are stored in a central database. Immediately. Nothing local.
-You get a receipt with your Number + voting choices + timestamp + machine ID. It also has these other handy value on there. A digital signature, created by said central authority with its private key. The public key is well known long in advance.
-After the election, the entire result set is made available for download. Yeah, a recount is a big fucking deal. We have these neat machines that are good at math. The bigger deal here is that if you check the database after you voted and the entry for your number doesn't match, you scream bloody murder. If you don't trust the machine, any party can verify the central authority's signature.
-But in addition to 'any' party, it is critical to have a non-networked verification appliance, which does nothing but verify the central signature for you before you physically leave. If you scream bloody murder at this point, we can consider the plain-text part of the receipt trusted. You obviously couldn't have faked the entire receipt while being watched by everyone. More on this soon.
Nice huh? Let's recap some advantages here:
-You can verify that your vote was counted and correctly
-You can't determine who voted for whom, except yourself.
-The receipt actually means something
Let's elaborate on that third point.
There are several means of lying to you, which can't easily be solved without adding machines into the mix
-What if the receipt says you voted for X but the machine recorded you as voting for Y? This is as good as pressing the wrong button. The signatures will both be valid. But if the plain-text portion shows the wrong candidate, you'll notice and scream. If the plain-text portion doesn't match the the central signature (the one most directly relevant to proper recording) you will catch this at the non-networked verifier. The receipt can still be trusted having not left the polling place, so you will be allowed to vote on another machine, as meanwhile the machine you previously used is marked for a serious investigation...
-What if the central authority records whatever it wants but produces a normal signature? The receipt will be considered entirely valid and endorsed. People will notice quickly as they check the database from home. You have a paper trail that can be trusted. What if the signature is bogus? People notice before they leave the polling place.
Up to this point? Criminal negligence bordering on treason. Open source needs to step up.
A few months ago, I put a mostly working microwave on the curb (the only button on the keypad that worked was start...)
I looked out the window a (very) short time later and it had vanished.
I didn't know there were so many goddamn ninjas in my neighborhood!
Had every router shipped since 3 or so years ago been required to have a) IPv6 support w/ stateful firewall on by default for internal hosts and b) a "turn on 6to4" button, we would have been near done already. That simple. You can do it with current routers with firmware mods and a lot of work.
Let's hope they re-used some code. Maybe I can wear a shirt from now on with the following robots.txt
User-agent: dalvik
Disallow: /
Latency can be reduced significantly if they begin sending your results a mere moment before you submit your search.
This feature requires you to be signed in I think.
Ha! And you think Google isn't prepared for that?
Google Android...a platform for "mobile phones" huh.
The Dalvik virtual machine sounds kinda like Dalek to me. Coincidence? Or killer robot defense force that also doubles as WiFi hotspots?
I hear they're launching stuff into space now too.
Because drug traffickers are people, and it is easy for said people to determine that what they are selling is illegal.
There's not a a special kind of bit with "COPYRIGHTED" written on it that is easy to distinguish from the trillions of others.
I'll also point out that IsoHunt doesn't even _see_ the possibly copyrighted data.
Keeping with your silly argument for a bit...
The drug traffickers are listing themselves in the phone book, and some bright people such as yourself want to sue the publisher.
I'm going to pretend that you don't mean that. It would otherwise hurt me inside.
I'm taking Improved Daydreaming next patch. They dropped Advanced Sexology from the Codemonkey tree - got to get through the day _somehow_ after all.
NERF!
I'd like to point out that the moronic part is that running a program can be dangerous. It's a shitty idea that's been floating around for decades. Multi-user systems like UNIX (and more recently, Windows) have long been designed with the idea that a program run by a user _is_ the user effectively, and can do anything the user can do.
This idea doesn't work now.
Like on the OLPC, we need to realize that a program's permissions are merely a _subset_ of the owning user's permissions. We see countless higher-level workarounds for this, such as the security mechanisms in Java and .NET - move it down a bit farther and we'd have a lot less problems.
gedit shouldn't be able to delete my home directory. Solitaire shouldn't be able to spy on me with my mic.
Untrusted executable code should still be safe to run, barring explicit permission for dangerous things. Anything else is a failure of US on the behalf of EVERYONE ELSE.
If you visit a website with either an expired or a self-signed SSL certificate, Firefox 3 will prevent the page from loading, to protect your secure cookies and personal info from what may be a malicious page. Instead it will display a warning... To get past this warning page, users have to go through four different steps before they can be understood to have declared intent to accept the possible consequences, which from a usability standpoint is far from ideal - the users are much more accustomed to signing their death warrants by pressing a single 'Allow' button, so multiple steps for an extremely rare security warning is heretical. This way of handling websites with expired or self-signed SSL certificates is bound to scare away a lot of inexperienced users, who, with their extensive knowledge of cryptography and public key infrastructure, really need not be intimidated with facts and scary words.
This is quite obviously a debate among morons. I'm glad firefox is doing it right.
I'm obesiting on my caved in couch right now, you insensitive clod!
Everything is relative. Good luck with that.
Lose the DRM and use Steam huh?
Mutually exclusive. Steam is an implementation of DRM. Moreso than requiring a CD in the drive, to be sure. It might be a good implementation. Okay, maybe instead acceptable
Let's not mistake Steam as merely some tool of our own convenience. It is a means of access control as well as distribution and handy middleware features. Yes, the community features, automatic updates, achievements, and ease of getting your games (both buying and redownloading) are delightful. To a large degree, it fills a niche similar to that of Xbox Live, for the PC.
But Steam is the gatekeeper. By some effort you can play offline, but for the most part you are dependent on Valve to not take away your pretties or otherwise poof out of existence. You know that familiar delay before you are deemed worthy to launch the game? It's the same issue that we bitch about near daily here on slashdot, but it's damn convenient in this case.
Do we *really* object to DRM on moral grounds? Or only the kind that gets in the way? Steam does work for you most of the time - your 'rights' being 'managed' in this case in such a way that redownload anywhere is permissible. I think we do object. We're praising Steam now because it's many steps up from our other options - just ignoring for the moment all the times my game list is empty for no apparent reason.
I think what you meant to say was to lose the annoying implementations of copy protection. The kind that inexplicably fails on certain configurations, requires you to download CD-cracks from unofficial channels to keep your sanity, and type in the CD key that you lost 4 years ago when reinstalling.