One area I'd like to see would be strength of a password in terms of randomness, requireing use of characters, etc. vs length. Is an 8 character password with a punctuation mark better than a 10 character pasword with all lower case characters? If so, by how much?
Then we can determine a good password policy that fits with the security model at the facility.
Okay, so most of us agree that this is a bad thing- it places more regulation on the Internet and protocals (taxes are just one step, wiretapping, etc. are of course going to follow and be required in all VOIP protocals (yes we know the reality is something else, nonetheless this is what I fear will happen).
But this does bring up an interesting point. Phone companies are regulated in what they are and aren't allowed to do with the phone conversations. They can't, for example, monitor your calls for marketing ala Gmail "Oh, you asked your wife to bring home some milk- well there's a deal at the local Megamart".
So can we as consumers now require that if VOIP providers are telephone companies, that ISPs be regulated in how they can and can't monitor us, and stop practices like purposefully slowing down connections from rivals? (Time Warner Cable vs Disney.com, etc.)
I would rather none of this existed, but maybe we can force the legal arm to swing in our favor as consumers.
Look at the success of SPF... The big sites want to implement it if the others do. They *don't* want to be locked in by proprietary solutions. The sites want something that they think will work, and yes, there will be a push by each provider to go with something they've invented and want to sell, but in the end, it's the most popular thing that wins, and the most popular thing is usually the one that's the most Free.
A hard drive can be broken into- a user's key stolen.
A smart card gives a number of big advantages over storing your key either on your own computer or on your person.
If you store the keys on the machine, your machine can be compromised.
If you store the key on your person, the key can be stolen.
With a smart card- you'd need the physical token (the card) and the passphrase. Eventually you *may* be able to break it but many of these keys have anti-tampering built in.
Also, with a smart card, you don't need to trust the system you're on since the encryption is done on the card itself allowing it to be used in places like internet cafes.
People in the geek community have been pushing for use of OpenPGP as a mechanism for sorting mail for years.
You don't want to restrict mail that's not signed, but you can assign non-signed mail a lower "trust" value than signed mail. There will be a dis-incentive to digitally sign mail as a spammer since spammer signatures will soon be found out.
If they sign mail with a new key- the value will be similarly neutral.
PGP web of trust isn't about value of the person, but is the person who we think they are. If they have no signatures, we don't know who they are. If they have signatures of people we know are baddies or even good people- we can have more assurance that they're baddies.
Then it becomes a matter of overlaying another layer on top of PGP such as FoaF or something. Then you could have accurate trust values for people you don't know.
Of course spammers will invariably try to fool such systems with broken signatures and whatnot (they break MIME now for example). Failure to comply to the standards is already a red flag- but a failed signature will make things more evident.
The problem with this technique is that the public never adopts it. And as discussed in Usenix Security 2003- maybe it's our (the security community's) fault for making these things too difficult.
I could go on and talk about how smart cards may be our savior, but I've ranted long enough for one Slashdot post.
No. Limited copyrights might be allright. That wasn't the point of the original poster (the one before my post on this).
We don't really know yet what's the best thing to do.
But the original poster was saying "Copyright GOOD and copyright BAD."- It's neither. Saying things are GOOD and BAD is intellectually lazy.
I don't know millions of people. I state again, no one I know who uses those services thinks the musicians shouldn't get paid.
Maybe CD sales aren't the only way for musicians to get paid?
Well, the artist changed his art license on Saturday, 4/24/04 - just under three business days ago, and there's nothing indicating what his license was before then. So, in actuality, there were no known restrictions before then, thus nothing to negotiate.
In this case, then it's plain and simple copyright infringement, so there's indeed something to negotiate- Linspire will likely have to settle with the original author to avoid a copyright infringement suit.
Copyright is generally a neutral thing. It's neither good nor bad.
Music is generally considered something people want to share and is good. The problem is how expensive and restrictive the music has been and worse, how the RIAA has chosen to go about enforcing the copyright. Instead of addressing people's concerns, they've decided to sue people and create technology which limits freedom.
But no one that I know is against artists getting compensated.
Here, we have someone who is giving his art away, but with the restiction that if you use it to make money- you have to negotiate something with him. A company has decided to use his work for just that purpose. So now people are upset.
I've seen Star Trek Next Generation- I know what happens now... we all have oh so much fun with the game, as it starts to control our minds and we become enslaved.
Luckily Wil Wheaton read Slashdot and hopefully will remember the blinking light sequence that saves us all.
No, I'm not a Windows user. I don't use proprietary software.
But I reiterate the other poster who replied- this level of customization is tiny compared to the absolute control that a GNU/Linux user has.
I'd point out the difference in substance between my post and yours.
I talked about moving whole desktops and aranging them according to rules- having keybindings which make major changes- changing the rules that the window manager uses to set my desktop and the way my applications bahave.
You talked about changing backgrounds and being able to run a few apps like WinAmp, and place icons on your desktop.
This isn't customization with much of any substance. Your applications still act, for the most part, just the way they did out of the box.
To detracts talking about customization as being a problem- while I would agree that interoperability and consistency is a goal, that this should never fly in the face of customization. Having my GNOME key bindings consistent across applications and even across to KDE applications, or KDE themes effecting GNOME applications does not detract from my ability to modify thier behavior.
Nor is GNOME/KDE is hard and fast rule. On my laptop, for instance, I use XFCE4, which is different than GNOME 2, which is what I use most other places.
Customization is about being able to change anything.
Interoperability is not about tieing user's hands.
I think this is a fundamental difference between even the most passionate Microsoft Windows user... In GNU/Linux and Unix in general, the desktop is a person thing. We change it to fit our needs, our key bindings, our window dressing, our themeable widgets.
So what does it matter what someone else's desktop looks like- particularly a non-technical person? They'll likely be using something more "out of the box" than I will. I'm sometimes curious about technical user's desktops to find out tricks about how they've made thier system more productive (such as dedicating each key on the numeric keypad to a screen in X, or using virtual dekstops to represnt connections to a given remote host via SSH, or a desktop where all the windows are automatically tiled so there's no wasted space.
Those are interesting, finding out what Tony Danza uses isn't.
First, a number of large sites are using Baysian filters now, such as AOL and MSN. More will follow soon.
But will gibberish, or even something like Alice in Wonderland really make a difference? No.
The term for that "stuff" is noise.
We have years of research on noise:signal problems. There are plenty of ways to find the noise in a signal, and then apply the filter to that. A lot of that noise is already filtered out when one applies HTML filters on it- dehtmlizing or HTML -> text often does the job of reconstructing the message. Jibberish characters add nothing to the spam score and anything else can be addressed as above.
Even with the gibberish words though, an old version of Bogofilter's still giving me very good spam filtering. I get some 10-20 spam a day, and I see one in my inbox every 2-3 days. I see a false positive in my spam folder maybe once every two or three months.
It doesn't seem to be effective at much. I am not really worried about it breaking our spam filters. Not yet.
Right, like they'll do more "product placement" and more "popup commercials" like they have on Spike TV, FX and E, where right in the middle of a show- there will be a loud noise as some animation appears on the bottom third of the screen.
Again, I feel people should have the power to do things they want with media. I just think that with the rights come social responsibility.
A musician who takes the time to make an albumn, for example Sgt Pepper is trying to tell a story, or give a "big picture". Let's just try to respect that.
Anyway, like I said, a few hours after I posted my initial post, NPR did its story on the subject.
The links are in proprietary formats, but there's nothing I can do about that.
I said, and reiterated several times that this isn't about power.
You should be free to listen to the music any way you like- mix and match, do mashups, whatever.
If you know anything about me (say from reading my posts on/., various lists, reading my blog, or in person) you know I believe in such freedoms to the point where I'm considered extremist in the area of Free Software and free speech.
But that ability do have freedom doesn't negate the fact that the creator of a work is being ignored here. You might not think that's important, but I do. Does is trumph other people's rights? No. But this isn't a fight. This is art, and we have to respect the artist somewhat.
BTW, I posted my comment early in the afternoon but NPR's All Things Considered is apparently doing a story on the same issue (artist control over albums. I'll post a link to the article when it's up.
Slashdot Mirror
One area I'd like to see would be strength of a password in terms of randomness, requireing use of characters, etc. vs length. Is an 8 character password with a punctuation mark better than a 10 character pasword with all lower case characters? If so, by how much?
Then we can determine a good password policy that fits with the security model at the facility.
My question is how the law will deal with non-telco VOIP services. This is tested so often, privacy vs law enforcement.
Okay, so most of us agree that this is a bad thing- it places more regulation on the Internet and protocals (taxes are just one step, wiretapping, etc. are of course going to follow and be required in all VOIP protocals (yes we know the reality is something else, nonetheless this is what I fear will happen).
But this does bring up an interesting point. Phone companies are regulated in what they are and aren't allowed to do with the phone conversations. They can't, for example, monitor your calls for marketing ala Gmail "Oh, you asked your wife to bring home some milk- well there's a deal at the local Megamart".
So can we as consumers now require that if VOIP providers are telephone companies, that ISPs be regulated in how they can and can't monitor us, and stop practices like purposefully slowing down connections from rivals? (Time Warner Cable vs Disney.com, etc.)
I would rather none of this existed, but maybe we can force the legal arm to swing in our favor as consumers.
What are you basing your opinion on?
Look at the success of SPF... The big sites want to implement it if the others do. They *don't* want to be locked in by proprietary solutions. The sites want something that they think will work, and yes, there will be a push by each provider to go with something they've invented and want to sell, but in the end, it's the most popular thing that wins, and the most popular thing is usually the one that's the most Free.
So?
A hard drive can be broken into- a user's key stolen.
A smart card gives a number of big advantages over storing your key either on your own computer or on your person.
If you store the keys on the machine, your machine can be compromised.
If you store the key on your person, the key can be stolen.
With a smart card- you'd need the physical token (the card) and the passphrase. Eventually you *may* be able to break it but many of these keys have anti-tampering built in.
Also, with a smart card, you don't need to trust the system you're on since the encryption is done on the card itself allowing it to be used in places like internet cafes.
People in the geek community have been pushing for use of OpenPGP as a mechanism for sorting mail for years.
You don't want to restrict mail that's not signed, but you can assign non-signed mail a lower "trust" value than signed mail. There will be a dis-incentive to digitally sign mail as a spammer since spammer signatures will soon be found out.
If they sign mail with a new key- the value will be similarly neutral.
PGP web of trust isn't about value of the person, but is the person who we think they are. If they have no signatures, we don't know who they are. If they have signatures of people we know are baddies or even good people- we can have more assurance that they're baddies.
Then it becomes a matter of overlaying another layer on top of PGP such as FoaF or something. Then you could have accurate trust values for people you don't know.
Of course spammers will invariably try to fool such systems with broken signatures and whatnot (they break MIME now for example). Failure to comply to the standards is already a red flag- but a failed signature will make things more evident.
The problem with this technique is that the public never adopts it. And as discussed in Usenix Security 2003- maybe it's our (the security community's) fault for making these things too difficult.
I could go on and talk about how smart cards may be our savior, but I've ranted long enough for one Slashdot post.
- Serge
How long until people claim to see the Virgin Mary or some other figure in pings?
They call it telework because you spend so much time in front of the telly?
"I telework on a reclining chair with a beer in one hand?"
I wonder if NBC will have a "teleworking" primetime.
It takes a lot of resouces to keep people shackled.
That's BS.
An example where no one's privacy is violated:
Grants
An artist proposes to an organization (a government, company, foundation...) to produce a project they have in mind.
The foundation pays for it and then lets it out with, say an advertisement clause or something similar. People would be free to copy it.
There- a single example is what you wanted, and a single example is what I've given.
No. Limited copyrights might be allright. That wasn't the point of the original poster (the one before my post on this).
We don't really know yet what's the best thing to do.
But the original poster was saying "Copyright GOOD and copyright BAD."- It's neither. Saying things are GOOD and BAD is intellectually lazy.
I don't know millions of people. I state again, no one I know who uses those services thinks the musicians shouldn't get paid.
Maybe CD sales aren't the only way for musicians to get paid?
Well, the artist changed his art license on Saturday, 4/24/04 - just under three business days ago, and there's nothing indicating what his license was before then. So, in actuality, there were no known restrictions before then, thus nothing to negotiate.
In this case, then it's plain and simple copyright infringement, so there's indeed something to negotiate- Linspire will likely have to settle with the original author to avoid a copyright infringement suit.
There's no hypocracy here at all...
Copyright is generally a neutral thing. It's neither good nor bad.
Music is generally considered something people want to share and is good. The problem is how expensive and restrictive the music has been and worse, how the RIAA has chosen to go about enforcing the copyright. Instead of addressing people's concerns, they've decided to sue people and create technology which limits freedom.
But no one that I know is against artists getting compensated.
Here, we have someone who is giving his art away, but with the restiction that if you use it to make money- you have to negotiate something with him. A company has decided to use his work for just that purpose. So now people are upset.
Actually there was a parody of The Matrix called "The Meatrix" about the issue of factory farms, staring "Moophius", a cow.
http://www.themeatrix.com/
Linspire Loffice?
or for the hard core gamer
Lake 2
How about a mobius strip
How will the hard drive log on?
I wrote about this in my blog yesterday before the story came out:
http://www.tux.org/~serge/archives/permalinks/2004 -03-26T07_44_37.html
I've seen Star Trek Next Generation- I know what happens now... we all have oh so much fun with the game, as it starts to control our minds and we become enslaved.
Luckily Wil Wheaton read Slashdot and hopefully will remember the blinking light sequence that saves us all.
I thought the article was going to be about AT&T/Sys5 culture vs BSD...
- Serge
No, I'm not a Windows user. I don't use proprietary software.
But I reiterate the other poster who replied- this level of customization is tiny compared to the absolute control that a GNU/Linux user has.
I'd point out the difference in substance between my post and yours.
I talked about moving whole desktops and aranging them according to rules- having keybindings which make major changes- changing the rules that the window manager uses to set my desktop and the way my applications bahave.
You talked about changing backgrounds and being able to run a few apps like WinAmp, and place icons on your desktop.
This isn't customization with much of any substance. Your applications still act, for the most part, just the way they did out of the box.
To detracts talking about customization as being a problem- while I would agree that interoperability and consistency is a goal, that this should never fly in the face of customization. Having my GNOME key bindings consistent across applications and even across to KDE applications, or KDE themes effecting GNOME applications does not detract from my ability to modify thier behavior.
Nor is GNOME/KDE is hard and fast rule. On my laptop, for instance, I use XFCE4, which is different than GNOME 2, which is what I use most other places.
Customization is about being able to change anything.
Interoperability is not about tieing user's hands.
- Serge
I think this is a fundamental difference between even the most passionate Microsoft Windows user... In GNU/Linux and Unix in general, the desktop is a person thing. We change it to fit our needs, our key bindings, our window dressing, our themeable widgets.
So what does it matter what someone else's desktop looks like- particularly a non-technical person? They'll likely be using something more "out of the box" than I will. I'm sometimes curious about technical user's desktops to find out tricks about how they've made thier system more productive (such as dedicating each key on the numeric keypad to a screen in X, or using virtual dekstops to represnt connections to a given remote host via SSH, or a desktop where all the windows are automatically tiled so there's no wasted space.
Those are interesting, finding out what Tony Danza uses isn't.
No offense Tony.
- Serge
A number of us were waiting for the answers and haven't gotten them.
Please mod the parent up so there's more visibility on the issue.
- Serge
First, a number of large sites are using Baysian filters now, such as AOL and MSN. More will follow soon.
But will gibberish, or even something like Alice in Wonderland really make a difference? No.
The term for that "stuff" is noise.
We have years of research on noise:signal problems. There are plenty of ways to find the noise in a signal, and then apply the filter to that. A lot of that noise is already filtered out when one applies HTML filters on it- dehtmlizing or HTML -> text often does the job of reconstructing the message. Jibberish characters add nothing to the spam score and anything else can be addressed as above.
Even with the gibberish words though, an old version of Bogofilter's still giving me very good spam filtering. I get some 10-20 spam a day, and I see one in my inbox every 2-3 days. I see a false positive in my spam folder maybe once every two or three months.
It doesn't seem to be effective at much. I am not really worried about it breaking our spam filters. Not yet.
- Serge
Right, like they'll do more "product placement" and more "popup commercials" like they have on Spike TV, FX and E, where right in the middle of a show- there will be a loud noise as some animation appears on the bottom third of the screen.
- Serge
Thanks for the clarification.
p rg Date=12/19/2003&prgId=2
w fI d=1554633
Again, I feel people should have the power to do things they want with media. I just think that with the rights come social responsibility.
A musician who takes the time to make an albumn, for example Sgt Pepper is trying to tell a story, or give a "big picture". Let's just try to respect that.
Anyway, like I said, a few hours after I posted my initial post, NPR did its story on the subject.
The links are in proprietary formats, but there's nothing I can do about that.
The program page is:
http://discover.npr.org/rundowns/rundown.jhtml?
and the audio link is:
http://discover.npr.org/rundowns/segment.jhtml?
- Serge
(whose too lazy to put this in HTML)
Are you trolling?
/., various lists, reading my blog, or in person) you know I believe in such freedoms to the point where I'm considered extremist in the area of Free Software and free speech.
I said, and reiterated several times that this isn't about power.
You should be free to listen to the music any way you like- mix and match, do mashups, whatever.
If you know anything about me (say from reading my posts on
But that ability do have freedom doesn't negate the fact that the creator of a work is being ignored here. You might not think that's important, but I do. Does is trumph other people's rights? No. But this isn't a fight. This is art, and we have to respect the artist somewhat.
BTW, I posted my comment early in the afternoon but NPR's All Things Considered is apparently doing a story on the same issue (artist control over albums. I'll post a link to the article when it's up.
- Serge