Most distributions (ie the archlinux one you linked to) digitally sign their packages with private keys, so the people who compromised kernel.org wouldn't be able to tamper with them without causing verification failures by the package management system.
One huge problem could be downloadable ISOs for live images or installer DVDs. Since you are booting up your system with them, there would be no reliable automatic signature verification.
I downloaded a Centos-6 ISO from the kernel.org mirror just the other day, and broke out in a cold sweat when I saw this story. However, Centos and just about everyone else publishes checksums of their ISOs. I compared my download against the checksum, and, to my relief, it matched.
It would be wise if everyone compared checksums immediately after downloading something like this. Alternately, you can use a protocol like BitTorrent for the download, which compares checksums automatically.
US Funding Stealth Internets to Circumvent Repressive Regimes
I often wonder what would happen if a group of nerds..like ourselves.. decided to start our own root DNS.. I would suspect that it would be shut down by the FCC in short order under some new or trumped up mangled misinterpretation of some law.
Alternative root servers have existed for years. The largest is probaby OpenNIC.
New SHA Functions Boost Crypto On 64-bit Chips
I'm not an expert on crypto, but it seems to me that, for instance, SHA-512/256 would not produce the same digest from the same input as SHA-256. I just conducted the following test on the linux command line:
$ echo hello | sha512sum
e7c22b994c59d9cf2b4 8e549b1e24666636045 930d3da7c1acb299d1 c3b7f931f94aae41edd a2c2b207a36e10f8bcb 8d45223e54878f5b316e 7ce3b6bc019629 -
$ echo hello | sha256sum
5891b5b522d5df086d0ff 0b110fbd9d21bb4fc716 3af34d08286a2e846f6be03 -
The first is the SHA-512 hash of the word "hello" (with spaces inserted to defeat the slashdot lameness filter) and the second is the hash for SHA-256. I don't see any way to truncate the the 512-bit output and get one that matches the 256-bit output. Therefore SHA-512/256 would not be compatible with plain SHA-256.
I don't see much utility in these new algorithms. Since we would already be calculating the 512-bit hash, why not just use it instead of truncating it? I suppose there are a few situations where for externally imposed reasons you just need a value of a certain length, but that's about it.
Do Sleepy Surgeons Have a Right To Operate?
They can't dump the responsibility on the patient, especially by shoving an informed consent form under his hand in the 15 minutes before surgery.
Oh yes they can (legally speaking)
This is a very questionable statement, and depends a lot on the locale and the situations of the case. Contractually waiving your rights is something that the courts often frown upon.
Here is my experience. I live in California, and my old apartment was accidentally burned down by a maintenance worker who was not qualified to do the task he had been assigned. The landlord refused to reimburse me for my lost property, because I had signed a lease waiving my right to damages in such a case. I contacted a lawyer, who told me that one can't contract away responsibility for one's own negligence. The landlord was clearly negligent in the case, and the waiver clause in the lease would not hold up in court. I hired the lawyer, and we successfully sued the landlord
Taco Bell Programming
Taco Bell ingredients are great for quickly passing through your pipeline
That's why one of my friends calls the place Taco Bowel. It's much more descriptive than the commonly-heard Taco Hell.
Writing Style Fingerprint Tool Easily Fooled
Signatures written on paper are not all that helpful...Where they actually are accurate, however, is when written on pressure sensative pads (such as those seen on new-fandangled credit card swipers)
This may be slightly offtopic (but hopefully interesting to the slashdot crowd), so I apologize in advance. I've been trying to figure out how to use electronic signature pads to verify job authorizations, and haven't been able to come up with a way that they seem airtight to me if a customer denies issuing the authorization. Perhaps you or another reader can enlighten me.
I can record the data coming in from the signature pad and associate it with the job ticket in our database easily enough. However, if the customer denies authorizing the work, and we show them the signature data, they can just claim we copied it from another ticket. That seems like a reasonable defense to me, and one that very well might hold up in court if it came to that
I've tried to think of various ways to hash the signature data with unique information from a job ticket, but can't think of anything that can get around the fact that we have access to the raw data that comes from the signature pad, and can do what we want with it. Therefore, I don't see how they can be used for anything like signing a contract.
Of course, a signature on paper (which is what we currently do) can be forged, but there are ways to tell that have been mentioned elsewhere in this story.
Is the Federal Government the Most Interesting Tech Startup For 2009?
Microsoft Puts C# and the CLI Under "Community Promise"
I think pygtk is great. In fact, as I write this I'm taking a break from the cross-platform application I maintain as one of my job duties.
However, some people don't like python as much as you and I. For instance, they may prefer not to use a dynamically-typed language or need something with better performance. Also, I don't see why pygtk would be any more cross-platform than C# using the gtk bindings. At least in theory, both should work on many platforms, and look identical (since they would both use gtk widgets).
I've been deeply skeptical of Mono since it's inception, because of the patent issues hanging over it, so I see the latest happenings here as a positive thing. I'm not likely to abandon python any time soon, but more choice is a good thing for those of us who like using Free software but still need things to run under Windows.
Firefox 3.5 Reviewed; Draws Praise For HTML5, Speed
I've been looking too, but I don't see it anywhere. Have they ever released 64-bit versions on the Mozilla/Firefox website? I've always just gotten the version supplied by my distro.
Go For a Masters, Or Not?
Generally, to teach HS and below, the only degree allowable is an education degree. A PHD in math will not be allowed to teach algebra, and a Nobel prive winning physicist will not be allowed to teach physics, unless of course they additionally have a BA in education.
Where do you live? My wife is a high school English teacher, and has a degree in English. I have a friend who teaches elementary school who double-majored in Psychology and Italian. Here in California, teachers who teach specialized subjects (English, math, foreign languages, etc) generally have a degree in the subject they teach, while teachers who don't specialize (elementary school teachers, for example) might have a degree in education. There is a lot of flexibility, though.
All teachers here, except in rare circumstances, have to have teaching credentials, though. These are usually acquired after the bachelor's degree by completing graduate-level coursework that can be finished in a year, as well as taking an exam and getting some real classroom experience (usually through student teaching). The credential is not a degree, but it does require continuing education, and many teachers end up eventually getting a Master's in education due to all the additional education classes they need to take.
My wife did have a friend at her former school who ran into a problem similar to what you're describing. He was a 7th and 8th grade biology teacher, but had a doctorate in some branch of biology from Oxford University. Aside from having a solid background in the science, he was an excellent teacher, having been selected as Teacher of the Year for the district. However, he received notice that he wasn't "highly qualified" for his position and would have to take additional classes to keep his job. Apparently due to some bureaucratic snafu, the powers-that-be didn't recognize his Oxford degree because it wasn't a PhD, but a DPhil, DSc, or something similar that we never see in America. They couldn't be reasoned with, though, so he ended wasting a bunch of time taking classes that he had *taught* when he was a grad student.
Go For a Masters, Or Not?
Notice anything striking there? Of all my "Education" professors, none had taught in a non-college classroom in the last two decades. Some never had. What made them *qualified* to teach me? A PhD in Education. Did they have anything useful to teach? No. How could they, when their entire background was full-time immersion in college-level educational philosophy? My "Education" professors were philosophers,(PhD) not teachers.
My wife, who is a teacher, would definitely agree with you. She often refers to the following quote: "Those who can, do. Those who can't, teach. Those who can't teach, teach teachers."
Why Fear the End of the R-Rated Superhero Movie?
evolution is more concerned about the species as a whole.
There are many evolutionary biologists who would disagree with this statement, probably most of them. Read on wikipedia about group selection for more information.
Qt Becomes LGPL
Of the apps you listed, only Tomboy is an official Gnome app. The others are just third-party apps written using the gnome libs and Mono. Furthermore, there are (in my opinion) better gtk or gnome apps in each category that that don't use Mono. I don't see how this makes Mono "firmly entrenched" in Gnome.
For the record, I am a long time user of gnome, but am deeply skeptical about Mono, and avoid it like the plague. This attitude seems to be fairly common in the gnome community in my experience.
Also, to keep this message on topic, I don't use QT or even have it installed on my systems, but I think this license change is a smart idea, and I hope it increases QT usage in areas where it makes sense.
Qt Becomes LGPL
Oddly enough, Qt and KDE are the "free" ones now, where as Gnome is now firmly entrenched with Mono.
Do you have any evidence of this? To the best of my knowledge, the Gnome community is deeply ambivalent about Mono. There are very few official Gnome apps that use it.
Qt Becomes LGPL
"if you avoid using programs from another desktop"
Which is just not possible. Where is the CD burning program in GNOME that beats K3B? Where is the music player that beats Amarok? In the other direction, where is the office suite that beats OpenOffice.org? You cannot avoid mixing GTK and Qt apps on a desktop without hurting yourself.
Personally, I don't really like K3B. I use Gnome Baker and am perfectly happy with it. Amarok seems decent enough, but I prefer Quod Libet, a player that uses gtk, gstreamer, and python.
I don't mean any disrespect to the hackers who have put a lot of hard work into KDE/QT apps, but I don't even have QT installed on my system any more and don't feel like I'm missing anything. Likewise, I'm sure someone so inclined could do without gnome and gtk. It may be hard, though, to find an adequate substitute for OpenOffice, if one needs that sort of app.
Microsoft Rumored To Lay Off Thousands Worldwide
Having a stock option is not the same thing as having actual stock. An option is just the right to buy stock at a predetermined price at some point in the future. As a rule, you only exercise that option when you actually want to sell the stock and take your money, since there is little to no upside to exercising the option and then holding on to the stock. Furthermore, all options that haven't been exercised already are likely worthless, since the stock price has come down so much, and will probably never be exercised.
However, Microsoft stopped giving out stock options in 2003, and started giving direct stock grants. I'm not sure, but I suspect that these are non-voting shares. Microsoft's executives and board could not care less about the wishes of non-voting stockholders. I suppose these stockholders could organize a class-action lawsuit against the board, claiming they are not living up to their fiduciary duties. If things get bad enough where this is likely to happen, though, Microsoft will have much bigger problems to worry about.
Most Irritating Industry
There should have been an option for the insurance industry, though these vultures are way beyond merely irritating. This has to be the most evil, greedy collection of businesses I've ever seen. Their business plan is to prey on tragedies. They gladly take people's money, but when something bad actually does happen, they do their utmost to avoid paying out a dime.
If I sound bitter, I am. I'm currently involved in a 16-month-long lawsuit against an insurance company, trying to get the money I am due. It hasn't even gotten to trial yet, and their attorneys have privately acknowledged that they can't win and are looking to settle, yet they continue to drag their feet.
They long ago figured out if they put up enough obstacles, most people just give up.
msaavedra hasn't submitted any stories.
msaavedra has no journal entries.