Slashback: Toner, Zimmerman, Languages 56
Sheesh! All the guy ever promised was pretty good security! :) zenith744 writes: " Now available here is PGP v6.5.8, which appearently "...corrects a security-related bug with Additional Decryption Keys (ADKs) that may allow sophisticated attackers to add unauthorized ADK key IDs to the unhashed areas of PGP public keys...". This bug was previously brought to light about a week ago and reported on slashdot. A little more security, a little less stress. A happily balanced equation."
And an unnamed reader points to a story on Network Fusion about Zimmerman's response to the hubbub. Paraphrased: "It was a bug. We're embarrassed about it. Now it's fixed." In an imperfect world, you gotta admit that PGP is one of the bright spots.
It's always "wait a minute," isn't it? Tjisana M. Lewis, Product Manager, Emerging Products World-wide Business Management at Hewlett Packard (and who hopefully doesn't have many middle names to remember) wrote in response to the article on Slashdot recently about HP's new print server which runs Linux internally but does not support LDP client printing: "I've read some of the responses and (understandably) there is much speculation on WHY we did not support LPD client printing in the product's first release." She sent the following response, which strongly hints at better Linux support in the future for this product.
"The JetDirect 4000 Print Appliance can send print jobs to any LPD enabled destination whether such destination is a Linux box, JetDirect print server, or any other vendor's print server. Currently the JetDirect 4000 does not receive LPD print jobs, however in a few months, this [and other features] will be available in a free firmware upgrade.As a vendor with a Linux based product, HP is extremely committed to supporting the Open Source community. We support developers in the Samba team including Jeremy Allison and Andrew Tridgell by contracting with both VA Linux and Linuxcare to develop features for the print appliance. These features are part of the Samba project and will be available to everyone under the GPL. An example is NT Printing functionality that will enable the use of native NT tools and features such as "point and print." Point and print enables automatic downloading of a print driver to a Windows client when the client adds a printer.
Furthermore, HP, in working with SAMBA, adds testing resources during the development process of the release thereby increasing the final quality of the release."
Care for some salt with your wound, Mr. Valenti? Master of Kode Fu writes: "The New York Times has an article quoting MPAA President Jack Valenti saying this: "[it] is to the American film producer and the American public as the Boston Strangler is to the woman alone." He wasn't talking about DeCSS, Napster, Scour, FreeNet or Gnutella -- he said it in 1982 and he was talking about VCRs. He didn't see that VCRs would eventually become as important an income stream for films as box-office sales. Will the MPAA (and similarly, the RIAA) learn from historical precedent, or is file sharing over the 'Net a completely different case with different circumstances?"
Isn't it funny how the fight to prevent consumer taping went away when the companies involved realized that what VCRs really represented was a whole new way to make money? Hmmm. Extend, project, extrapolate ... I smell money here, too. Don't they?
Contribute to the death of excuses! The excuses not to at least try Free software keep dwindling, and it's nicer than strangling dodo birds. Remember when "But there aren't any books!" was a valid complaint about Linux? How about "I can hire MSCEs and know they have at least some knowledge of the systems they purport to administrate -- but there aren't Linux equivalents!"? That one's gone too, for better or for worse. And now, if your boss (or spouse) grouses that there aren't any free, multilingual Linux journals online, not only do you know their excuse barrel is near empty, but you can point them to ... well, let Atif Ghaffar explain:
"LinuxFocus (LF) is a multilingual magazine about the operating system Linux.LF is managed and produced by Linux volunteers, fans and developers. There is no subscription necessary to read LF, it is freely available on the web with mirrors all over the world.
Lf is published almost every two months. The master website for Linuxfocus is at http://www.linuxfocus.org
Articles this month include pieces on Rebol, a presentation application for X Window, distro reviews, a book review and more. Get it while it's Free!
Re:History repeats itself, with the same people! (Score:1)
He was not wrong. They made much of money with VCRs
Oh, maybe you meant, that he said thing that were not technically true ? Well, he don't mind. Incorrectly yelling that VCRs were going to eat the business enabled the MPAA to get better legal options to make more money from VCRs.
Do you really think that he doesn't know that half of its recent deposition was pure bullshit ? (Don't have the link handy, but, well, he obviously lie beyond belief).
Where did you read that beeing sincere would be a plus for running the MPAA ? Do you think thy plan *not* to make money with the internet ? Shareholders are probably happy. MPAA defend their corrupted business in order to make more money. The can lie to anyone they want (but to the shareholders...)
Cheers,
--fred
Re:You smell money in DeCSS? (Score:1)
----------------------------
Re:You smell money in DeCSS? (Score:1)
----------------------------
Re:Xerox (Score:1)
Re:Maybe a bit OT, but... (Score:1)
The asterisk isn't usually intended as a trademark avoidance method; it's usually a globbing character. Due to Bell Labs' enforcement of their trademark on "Unix", most Unix workalikes were given "Unix" soundalike names that ended with some of the same characters as "Unix". (e.g. Ultrix, Xenix, AIX, HP/UX, even Minix and Linux (although the latter names probably stemmed more from the by-then tradition of names sounding like "Unix", not directly from worries of trademark infringement))
--Phil (Yes, most of those names don't end in "nix". It's the spirit of the thing that counts.)
Unix Okay, Windows Bad (Score:1)
It was the Windows machines that needed software installed to provide an LPR driver to Windows!
The Xerox printers didn't support the SMB/NetBEUI protocol. They may have updated their software in the meantime, I don't know.
Xerox (Score:1)
Not a single one of them was plug-n-play like an HP with a JetDirect. I had to get a Freeware utility that emulates the LPD service on a Windows machine to communicate with them. Of course, this had to be installed on EVERY Windows machine, and NOWHERE did it say this was necessary in the documentation or on the Web site. The software wasn't even from Xerox.
Bah. Curse 'em or not, I stick by HP in general... But as for using Linux to create a print server and then blatantly NOT support LPD... That's really just... Wrong. Sorry, but based on that alone (that it doesn't support LPD) I would not buy this product. But you do have to look at who it's targeted at.
Re:You smell money in DeCSS? (Score:1)
Here is a link [zdnet.com].
--
Timothy, please review your quickies-fu (Score:1)
Timothy, with all due respect, your quickies-fu sucks!
You just mixed a couple interesting stories and the end result is noise. I don't know (or care) if the /. editorial policies have changed lately, but could you care to explain what's wrong with giving the stories their own post? I really can't picture someone coming to /. for news anymore, the real "value" now is the comments. Everybody else and their dog is doing better than /. at keeping people current on Linux events, but everybody else's (and their dog's) forums suck. Slashdot sucks, but just a mutt, it sucks less. You have it right there: news for nerds. stuff that matters. Don't try to be a news agency, you are not.
PGS? No, PGP. :) (Score:1)
Actually, he promised pretty good privacy. :)
---
Re:Congrats! A Slashback post I can understand! (Score:1)
Re:You smell money in DeCSS? (Score:1)
*Keeping in mind* there is _NO_ copy protection WHATSOEVER for DVDs. There is no mechanism at all to stop anyone copying a DVD they own (providing they also already own an artificially expensive DVD burner). That is *not* what this is about!
Were the MPAA not the pig-headed, reactionary, greedy, grasping, exploitative blood-sucking scum that they are, they would be already reaping the benefits of an extra 20mil players for their god-forsaken media format.
Re:At the same time, excuses are piling up. (Score:1)
I also can use Visual C++ to quickly create W32 apps, and list them as shareware for hundreds of millions of "normal" computer users to use
Please, I beg you, do not create YAUSA (Yet Another Useless Shareware App). If not for us, then for the children. Please don't do it!Re:Timothy, please review your quickies-fu (Score:1)
Technically this article isn't quickies, as you would have quickly discovered had you actually read the title, the dept., and/or the blurb from Timothy. This is in fact a slashback section, which contains updates on stories which were previously seen on /. So it's not Timothy's fault that several interesting stories had updates; that's just the news biz.
If you don't like it, don't read it. Moron.
Maybe a bit OT, but... (Score:1)
[ Windows is (C) (TM) Microsoft Corporation. UNIX is (C) (TM) Bell Labs. ]
Re:You smell money in DeCSS? (Score:1)
As far as the DeCSS enabled piracy goes, there is the risk of large scale piracy by dealing in downgraded versions of movies copied from the DVD and then compressed and encoded onto CD-ROM using the like of DIVX. These become cheap to produce, small enough to exchange over high speed Internet connections, etc. The quality is not as good as the orignal DVD but may still eat into sales of those DVDs.
This does not detract from all the arguments FOR DeCSS, but I hope it better explains what the risk to the movie producers is.
Re:You smell money in DeCSS? (Score:1)
Re:A Common Problem (Score:1)
PEBCAK
Problem Exists Between Chair and Keyboard.
I don't know HOW I manged to post that followup to this story.
I'm just extra special/stupid I guess.
Re:Think Twice before installing PGP 6.5.8 (Score:1)
*BSD version? (Score:1)
Re:NSA sabotage. (Score:1)
richi.
Re:Think Twice before installing PGP 6.5.8 (Score:1)
these RFC's are definately worth the read if you are serious about security. I read an article a while ago where the police were trying to break someones password to get evidence for a trial. The article said that after a long time trying to crack it, they finally found the only password that would unlock the file was "a hole in one!". If the bad guys had hashed the password with MD5 the police would have been able to crack it much quicker. I don't have a problem with someone who has a proper warrant being able to crack my keys. What I do have a problem with, is some private dick being able to grap the keys off my harddrive, crack the keys with a PC and sell the unlocked contents to the highest bidder. Common sense precautions should prevent this from happening, but there are still a lot of badly installed PGP programs out there.
Re:You smell money in DeCSS? (Score:1)
Re:Think Twice before installing PGP 6.5.8 (Score:1)
Re:A Common Problem (Score:1)
Re:You smell money in DeCSS? (Score:1)
How, pray tell, can the MPAA make money with DeCSS? At least, with VCRs, the answer was pretty freaking obvious.
Let someone write a DVD player for Linux so I can start buying DVDs.(I do not own a TV, I don't want to buy one. I have already bought DVD-ROM drive with my computer, and I would like to use it.)
andy j.
Who writes this stuff? (Score:1)
The updated PGP won't use a forged ADK... This fix is a Public Relations fix, not a bugfix.
My FUDetector just went off.
If the updated PGP won't use a forged ADK on a tampered key, and if NAI's key servers won't accept tampered keys, doesn't that eliminate the forged ADK problem?
And why do some people keep calling ADKs a key recovery feature when it's a message recovery feature?
Re:International PGP link (Score:1)
Re:International PGP link (Score:1)
Re:I don't use PGP (Score:1)
Feh!
EXCELLENT POINT (Score:1)
Basically, a "free" machine. I was rather un-impressed with its performance until I discovered that it was running Apache, MySQL, Sendmail, and a whole TON of other services.
I was STUNNED!
It ran for ~ 7 months, 24x7, with NO PROBLEMS other than configuration.
I was STUNNED!
But, if I had gone in thinking this was going to be a replacement for Windows, I would've been skeptical from the get-go.
It replaces Windows on the SERVER side. It's almost OK as a client. (I use it, but mostly because I like to work in *nix when writing code for my *nix server)
What's perhaps funny is that although my main workstation is a pretty decent 400 Mhz system w/16 MB AGP card, 13 GB Hd, etc., the server on which I test and demo all my work is a P-100 w/2gb HD and a couple of NICs - not even a monitor or mouse to its name!
Ah well.
Re:Actually (Score:1)
3) speak for yourself... I would not
4) If you believe that - you should wear a big
sign saying "I need a cavity search" - after all
you have nothing to hide, freaking moron. Why don't you crawl into a time machine and go back to the USSR.
Don't (Score:1)
In my office, I had 1 extra pentium 90, and one very whiny coworker always complaining about windows crashing. I said "try this", and he willingly did so.
A few days later, he wouldn't touch the thing. Because it was too slow obviously it's faster than windows 98 on the same computer, but he didn't seem to realize that. Instead, he installed star office, and compared it to how fast microsoft office ran on his Pentium III 500.
I tried, but I could not seem to explain to him the gigantic performance difference between the two computers and how it was relevant.
In other words, help others out, but don't get them to expect a damn miracle. Use those old computers for masq gates and stuff, demo linux on high performance hardware.
Re:At the same time, excuses are piling up. (Score:1)
I think that was quite possibly the most intelligent set of comments/attitudes I have seen from anyone in the open source community in some time.
Thank You
Lately its seemed that a lot of people have been loosing sight of just why they do things. GNU/Linux and the rest of the free *nix family were built on people doing something because they loved it, because it was challenging and fun. In recent time's it has started to degrade into in to a badge, a status symbol for people to wear on there sleeves to say "hey, look, I'm special, I use/develop for Linux.". This is not how it should be. The "community" isn't some elite group, it isn't something that should be distilled down to a business model. Its a family of like minded individuals doing something because they love it.
I think I'd like everyone in the community who has since moved Linux from a hobby to a career to look in the mirror at least once a day and ask themselves, just as the average professional athlete must, "Why do I still play the game? Do I do it for the love or for the money?".
I hope you come up with an answer you can live with...
--
The excuses. (Score:1)
I might get caught in the crossfire [slashdot.org] of a pointless and tired flamewar.
- Derwen
Re:You smell money in DeCSS? (Score:2)
There already are a couple of closed-source DVD players for Linux. This argument doesn't really hold water (and, actually, DeCSS has probably hurt DVD for Linux more than it's helped it.)
- A.P.
--
"One World, one Web, one Program" - Microsoft promotional ad
Re:At the same time, excuses are piling up. (Score:2)
NSA sabotage. (Score:2)
Now think about this: "what do you think the NSA is doing with your tax money ?", playing solitare on Windows ?
It's definately in there interest if they can crack the communications they intercept. And what nicer way than to have "bugs" introduced in crypto products exported from the US ?
Bruce Schneier reported last year that the NSA was walking door-to-door trying to introduce backdoors into crypto products, that would then be eligeble for export. [cryptome.org]
--
Why pay for drugs when you can get Linux for free ?
Re:Think Twice before installing PGP 6.5.8 (Score:2)
Why is this? Clearly searching by brute force, using the assumption of a low-entropy password (ie. ascii characters, and dictionary words) would be quicker than a brute force MD5 match (ie. finding a key that hashes to the same value as the original key). To my knowledge, MD5 has never been shown to be a weak hash (ie. it has appropriate collision properties, and while 128 bits is not as great as SHA-160, it should be more than adequate for protecting simple passphrases)
Do you remember where this "Article" is, or any other details?
Re:If you *bought* PGP, you're screwed (Score:2)
-- iCEBaLM
Re:Xerox (Score:2)
Did anyone else notice that the JetDirect box was actually to translate an SMB printing connection into an LPD printing connection to allow simple Windows printing on printers which only had LPD support?
Admittedly, it is nice to have all your printing going into the same queue, so that Unix Print jobs don't ignore prioritization, but that's not what their JetDirect box seemed to be intended for. It looks like more of a small business plug and play SMB->LPD translator.
Adam (Who uses SaMBa printing to an NT server and is quite happy with it)
Re:At the same time, excuses are piling up. (Score:2)
Moral of the story: if you are installing a windows product either make damn sure all your hardware is on the compatibility list, and then hold your breath, or pay premium and buy retail and hope you're not saddled with low quality components.
What HP has to say (Score:2)
History repeats itself, with the same people! (Score:2)
Re:If you *bought* PGP, you're screwed (Score:2)
I bought a copy for the Mac a couple of months before OS 9 came out. When it did a incampatability cropped up and I needed an upgrade. I call them and ask if there will be a free upgrade. Nope. I ask if there's a upgrade discount like most software. Nope. They actually wanted me to pay the full price again after just a few months! I'll never buy anything off them again.
Re:At the same time, excuses are piling up. (Score:2)
I've now started using Windows 2000, and am pretty impressed. It does crash, but it's a well-documented visual bug (playing around with OpenGL with beta Voodoo 3 drivers), and only if I attempt a set group of tasks. It runs games extremely well, in some cases better than their Windows 98 counterparts (e.g. Unreal Tournament). I also can use Visual C++ to quickly create W32 apps, and list them as shareware for hundreds of millions of "normal" computer users to use (instead of just Freshmeat users, which though cool, don't represent the average user).
Re:What HP has to say (Score:2)
You smell money in DeCSS? (Score:3)
- A.P.
--
"One World, one Web, one Program" - Microsoft promotional ad
Re:You smell money in DeCSS? (Score:3)
How, pray tell, can the MPAA make money with DeCSS? At least, with VCRs, the answer was pretty freaking obvious.
Obviously, it wasn't at the time (early 80's)...
How can they make money with DeCSS? Dunno. I'm not a marketdroid. A first guess would be to increase their market penetration for legally purchased DVDs.
Besides, who says it has to be the MPAA making money off of the DeCSS source code? Why couldn't a company create a DVD add-on for the HandSpring or WinCE in the future? How about a selling and supporting DVD playback capability for less than a licence from the DVD-CCA? Hey, maybe there's a market for some T-Shirts with source code on them! The possibilites are endless.
Don't dismiss what corporate -insert country here- can think of to make money when they are forced to actually think about product development rather than sit back and milk an existing monopoly/product line.
David
I don't use PGP (Score:4)
I don't use it, and won't use it. Their liscensing is too restrictive. I'd much rather use the German produced GnuPG [gnupg.org]. Better liscensing, more standards compliant, and they don't put stupid features like ADK in to satisfy Big Brotherish commercial interests.
Maintain the paranoia! (Score:4)
http://cryptome.org/nsa-sabotage.htm
If you *bought* PGP, you're screwed (Score:4)
Nice to see that honesty is rewarded.
International PGP link (Score:4)
The link given for PGP says:
So if that doesn't mean you (it is not I) go to the international site [pgpi.org]. The link given has versions for many platforms.
Think Twice before installing PGP 6.5.8 (Score:5)
Re:You smell money in DeCSS? (Score:5)
Because the MPAA represents makers of movies, who will benefit because more people will be able to play DVDs and thus have an incentive for buying them. The CSS system limits what systems can be used to play a DVD, the DeCSS code circumvents this so that drivers can be written for platforms the drive vendors don't consider "lucrative" because then they have to pay lots of money to the consortium.
If they really cared about piracy they would go after the factories in China or wherever which spit out bit-for-bit copies of the DVDs, because - and this is what the recent lawsuits don't want you to think about: You don't need, and have never needed DeCSS to copy a DVD. You just need it to descramble the data for viewing. As a side-effect, you can take that stream and save it, but you could do that with any video stream, even if your descrambling driver was licensed from CSS.
Sadly, this goes unreported in the press, and you instead end up with ignorants like John Taschek [zdnet.com] voicing off after swallowing the "arguments" of the business - even if the MPAA does not benefit from CSS at all.
At the same time, excuses are piling up. (Score:5)
Having started with *nix in '96, I remember that there were many excuses not to try open source software. I had a friend tell me, here play with this on a 2nd partition or older machine. It's fun. You can learn UNIX for free.
I got slackware 3.0 (I may be off) and played with the command line for a while, just poking at things. I didn't care that the install was hard...it was fun! I was challenged to learn how computing worked at a deeper level. I was specifically told that I would spend many hours wrestling with things, but it would feel good at the end. I remember thinking...hey cool, this comes with a c compiler by default. Then when I got X running it was fun to tweak, and pop xeyes randomly on other peoples screens (causing a few lost shell accounts).
I think people are reluctant to try OSS today because of the way the community presents it. No one says anymore "hey, install this and see if you can learn *nix". Instead it is "This is faster, more reliable, easier to install, better than windows, and totally free." Obviously, this is quite a hefty claim for a win32er to take (true or not true), and so people will quickly become disillusioned at the first couple signs of trouble, and will not wish to work for a few hours learning how to compile soundcard support into a new kernel, or activate IP-Masquerading with additional modules.
If we said instead, "Hey try this on an old P100, it is fun to play with," we could let the OS try and prove itself. Without the hype, people might get turned on quicker. When I started, there was no concept of replacing windows, it was just another OS to accomplish things on. I only went full *nix in '98 when NT4 ate my partition table, and I went back to win98 this year because I missed the games, and Netscape4.0 does have issues.
Its true that win2000 and linux are closing in on each others turf, and this is going to cause sparks, but the attitude that should be fostered is to know BOTH win2000 and *nix inside and out, and take some pride in being knowledgeable in both spheres. Granted, everyone has a preferred environment, but discussion should focus more on getting things done, not "come to our side."
The more hype escalates, the more win32 users will loathe *nix. (also, win2k hype will make *nixers hate the win32 community, works both ways). People will find excuses, especially with the "conversion" attitude. The community needs to go back to "grab that old 486 from the closet and come play". As easy as setup and install is getting, excuses will go away when win32ers stop feeling threatened.