Forgot your password?

Close
typodupeerror

Comment: Thanks for clarifying -- I should have researched. (Score 3, Informative) 110

by kfogel (#38500180) Attached to: GnuPG Short ID Collision Has Occurred.

I should have done that research before posting -- thank you for clarifying the situation.

There is still a bug here, in that (according to the linked bug ticket) even if one *requests* a key using a longer ID, from a keyserver that can handle the request, GPG transforms it to the short ID and then returns you all the keys that match. That seems like non-optimal behavior, given that the user asked carefully, and the server could have answered, if only GPG would transmit the true request.

However, that's a slightly different problem from what I originally posted, so I'm glad you replied.

Privacy

GnuPG short ID collision has occurred.->

Submitted by
kfogel
kfogel writes "Asheesh Laroia now has two GPG different keys with the same short ID (70096AD1) circulating on keyservers. One of them is an older 1024-bit DSA key, the other is a newer 4096-bit RSA key. Oops. Asheesh argues that GPG's short IDs are too short to be the default anymore — collisions are too easy to create: he did it on purpose and openly, but others could do it on purpose and secretly. More discussion (and a patch by dkg) are in this bug report."
Link to Original Source

Interview with Golan (of Golan v. Holder, US Supre->

Submitted by
kfogel
kfogel writes "Good new interview with conductor Lawrence Golan, lead plaintiff protesting the removal of thousands of works from the public domain (oral argument in Golan v. Holder commenced today at the U.S. Supreme Court). Best fact I didn't know: even all the *composers* Golan talks to are in favor of his side winning — because they arrange, and thus depend on the public domain too. Let's hope SCOTUS does the right thing."
Link to Original Source

Comment: Presumably the CIA, NSA, et al generate own certs? (Score 1) 152

by kfogel (#37310418) Attached to: Rogue SSL Certs Issued For CIA, MI6, Mossad

Presumably the Three Letter Agencies generate their own cert chains themselves, and employees manually confirm the fingerprints and tell their browsers to trust those custom certs? In other words, their internal sensitive data shouldn't be at risk of exposure due to the DigiNotar problems, because they'd be crazy to depend on a cert root that they didn't generate anyway. I can see how this whole fiasco might make a difference for some non-employee accessing a CIA (or whichever) web site, but other than that, it shouldn't be significant for the TLAs... right?

-Karl Fogel

Idle

Best. Geek. Wedding. Invitation. Ever.->

Submitted by
kfogel
kfogel writes "Karen Sandler (a lawyer at the Software Freedom Law Center) and Mike Tarantino (a professional musician) are getting married in May. They've sent out the coolest wedding invitation ever: a beautifully packaged flexidisc record where the invitation itself is the record player. That's right: It's paper! And it plays a record! The song itself was written by Mike, is performed by Karen and Mike together, and FTW is released under a Creative Commons Attribution-ShareAlike license. The person who designed the invitations — a friend of the couple's — has blogged about it. It's also made Make Magazine, Mashable, and Geek.com."
Link to Original Source
Open Source

Apache Subversion to WANdisco, Inc: Get Real.->

Submitted by kfogel
kfogel writes "The Apache Subversion project has just had to remind one of its corporate contributors about the rules of the road. WANdisco, Inc was putting out some very odd press releases and blog posts, implying (among other things) that their company was in some sort of steering position in the open source project. Oops — that's the not the Apache Way :-). The Apache Software Foundation has reminded them of how things work. Meanwhile, one of the founding developers of Subversion, Ben Collins-Sussman, has posted a considerably more caustic take on WANdisco's behavior."
Link to Original Source

Comment: A good way for the students to protest... (Score 1) 421

I just sent this to a freeculture.org mailing list -- thought I'd spread the
idea here too (not having time at the moment to implement it):

---

A good protest method, if anyone has time & a means to contact some
students there:

Students there start deliberately using the software to share completely
legal things (e.g., freely licensed and public domain music and books),
and then when the police come knocking, explain to the police that
sharing culture and information is not inherently illegal. Force the
administration and the police to start making distinctions, instead of
always assuming that something is prohibited until proven permitted.

QuestionCopyright.org might try to organize something like that, if we
can find some spare cycles, but... it would be a *perfect* kind of
action for Free Culture / SFC! Please, please beat us to it! :-)

-Karl

Comment: Use two spaces so sentence motion commands work. (Score 1) 814

by kfogel (#33140952) Attached to: Sentence Spacing — 1 Space or 2?

Some editors have sentence-wise motion commands (for example, M-a and M-e in Emacs). These rely on the "two spaces after a sentence-ending period" rule in order to distinguish sentence ending from abbreviations. Documents that follow the two-spaces convention are more easily editable by people who use those commands.

Personally, I also find it much easier on the eyes -- I can find sentence boundaries with minimal mental effort, which saves those cycles for something else (like, say, understanding what the document is saying :-) ).

It's no longer a question of staying healthy. It's a question of finding a sickness you like. -- Jackie Mason