Nope, Honesty is what it is all about.

Some people steal (yes, pirating is stealing and let's not quibble over the definition) what they can't have. Some people don't have the cranial capacity to understand that downloading stuff off the web is theft. The more that happens, the less money publishers and writers don't make.

Here is a side effect of pirating books. Publishers are prone to market conditions too. When the market goes south, publishers tighten up and stop taking on new writers. They also start knocking off low performing writers (low performing compared to others in the stable.) Every book that is pirated, and to the same degree where a book is swapped on an internet site, means one less sale to the author which means less money in their pocket, 6-8% of the cover price AND one less sale in their numbers column. Under performers are cut.

Pirating is NOT new, but the SCALE at which it can occur on the Internet is new. Back when vinyl was copied to cassettes, I bet the total impact was less than 1% of album sales because there really wasn't a big distribution channel, at least not in the US for illegal album copies.

But you know as well as I that with electronic copies, the barriers are completely removed.

That is why publishers want DRM. And, I think what killed the music industry and put Apple on top was NOT DRM, but the stakeholders--labels, distributors, and sellers--to come up with an *interoperable* format and method so that any song could be played on any device while still enforcing DRM.

The solution to this problem is simple, and I'm surprised browsers don't do this already: add fake '/' character isn't in the IDN blacklist. In Firefox, network.IDN.blacklist_chars already contains plenty of things that look like '/'. Maybe other browsers need to follow its example.

Do you know if FF will detect blacklist characters for all TLD's or just the non-IDN TLD's like .com and .net?

SSL is NOT broken. It is still an effective way to encrypt network traffic.

The attack breaks down two ways. Proxying web traffic between a user and a sensitive site like a bank and/or repsenting a URL to a user that looks legitimate but isn't.

The indicators that you are on an SSL site are varied. A lock in the lower right of the window (FF3), to the right of an address bar (IE 6 and below), or a green address bar (IE7 EV cert) or a green indicator to the left of the address bar (FF3). All except the EV SSL certs are pretty subtle. The success relies on the fact that there are so many varied ways that SSL protection is presented to the user, can you keep track of it all. Quick, which sites use EV certs? You don't know so you don't know what to expect.

So, the attack does a couple of things to fool you. First it proxies your web traffic to secure sites re-writing urls that start with HTTPS to HTTP. The only indicator in browsers is no lock. If you are not looking for it, then you probably won't miss it. But wait, since we are rewriting URL's, why not replace the favicon with a lock. Yummy.

The second type of attack is to proxy HTTPS to HTTPS, but this time the SSL session between you and the proxy is enabled with a valid and trusted SSL certificate. No SSL dialog boxes. Here is how it works. IDN is used so that countries can represent URL in their native character sets. Some non-ascii characters look like characters. So use them to fool the user. These are called homographs. Browsers will convert some IDN based on the TLD. But other TLD, like country codes TLD, the browser won't. The assumption being a .com hostname should be ASCII while a TLD for China should be IDN. Knowing that, get a hostname in a CC TLD. Get a certificate for your hostname. Then create a really long hostname using IDN so that the TLD portion will be pushed off the end of the address bar. You can forge any legitimate web site this way and the only indicator is either examining the certificate or looking at the TLD in the URL. There are IDN that look like slashes, so making a "path" is easy.

Moxies video is pretty clear.

Apparently this only affects those who don't pay attention...nothing to see here.

Can you make the claim you are 100% vigilant 100% of the time?

It's more subtle than that. It takes away one of the biggest indicators that there is an SSL problem--the dialogs. Watch the presentation video. It's pretty cool. What Moxie shows is that often the indicators of SSL enabled and not enabled are practically non-existent. It's easy to see how most users, even tech savvy ones, could be fooled.

No

Why? Because this doesn't allow victims to harass their abusive partners anonymously?

spoken like a true 'tard. Is that the only reason you can see for wanting to hide your number? so that you can harass someone?

never been abused or threatened, have you? Maybe a case is made because someone wants to call a person who is abusive and you don't want them to call you back? Say, you have an abusive spouse but you have to share custody. You need to call them but don't want them calling you and abusing you? Hrm, maybe that's a good idea.

Abusive people will go along way to make others lives miserable.

Good for you junior. I lived it. sheesh. Is anyone over 20 on /. any more?

There are many commonly known ones. Some even made it into 688(I) Hunter/Killer. There were a few scenarios where you had to hunt a corridor. Pretty cool stuff.

Russians used to do what were called "Crazy Ivans." If you are running at high speed, you can't hear squat, so to check for chasers, they'd do a 180 course change and run back down their track. You can't get precise position using passive means--there is always room for error, so the chasing sub would move out of the way, quickly and often noisily telling the Russian sub it was being followed.

If the Russian didn't detect the follower, the evasion tactic was enough to make the following captain cautious.

good times, good times.

Maybe if you read two sentenced into the deck, you would have seen this little gem "The three-app rule includes applications running in the background but excludes antivirus," [emphasis mine]

while a million Ubuntu licenses running Wine where Windows apps are really needed = $0.

hahahahahahahaha. Wait let me stop laughing long enough to respond. hahahahahaha, nope can't do it. hahahahahahah

I am not affiliated with these guys, but from the faq and the site, here is what I get.

Memory in all computers is mapped to address space.

Right, but you, the programmer, don't worry about memory allocation or de-allocation in the same way. You don't do pointer math or any of that shit. The OS does it for you (which is what an OS should do). Think how Java manages memory is different than now C does. Hopefully, the OS manages memory well.

Nobody needs files? How, exactly, can I retrieve a document then? This FA is damned short on details.

Well, yes, there are "files" managed by the OS, but not directly reachable by a program. You treat a file like an object and just use it. No open, no close, no worrying about the proggie crashing and losing the unwritten data. The OS handles it.

Same with processes. It seems cool. Not sure it has legs, but seems cool indeed.

It doesn't even take into account WHAT Windows 7 installs and WHAT Ubuntu installs.

This is a very interesting point. An Unbuntu install has just about everything you need for most common desktop tasks installed and ready to roll. The time it would take to install similar software in Windows--any version--would be hours (I know, I have rebuilt my laptop a few times.)

Now it's down to how things are "inconsistent" or how it's not easy to get software in the manner of your choosing (rather than using the method provided by the OS).

I hope you are joking. Let's see, Unbuntu has two package managers? What, one is not enough? There must be two? A default install takes 4 GB of drive space? 4GB with no easy options to trim that down?

Oh, yeah, and that pesky install and dependency issues that all Linux distros suffer from.

I have been a Linux user since 1994 and they all suck on one way or another. The desktop versions of Unbuntu and Fedora have come a long, long way and the people who have worked on them should be proud of what they have accomplished. But there is still much more work to do.

here ya go