Slashdot Mirror

What I want to see is a published register of all SSNs.

The Social Security Number was never intended to be a 'security key' for citizens. When I went to college, our SSN was used as our student ID number, in fact.

The government should simply publish each and every SSN. Who has each number, etc. Doing so would render SSNs immediately useless for identity thieves, and the financial industry would be forced to stop using them as a 'trusted identity number.'

Already available from the private sector: http://whats.all.this.brouhaha...

I loved the C64 because of its hackable nature. Unlike my dads Digital Group and TRS80, the C64 was very accessible from both software and hardware perspective, and easy to mess with for a highschooler like I was back then. I built tape copiers,font cartridges and light control modules for the thing, and later on I started modifying the machine itself. I picked up the C64 Reference Guide early on, it had a fold-out schematic of the complete machine in the back. How cool is that?

Part of the charm was that it was not all that hard to know and understand the complete machine, yet with some outside-the-box tricks it could be made to do amazing stuff.

http://nonpareil.brouhaha.com/ Calculator sim. I think one of the older versions can emulate the HP 15C.

If they statically link or dynamically link, they *must* license as GPL.

Not so clear. The jury is still out - not literally though, since the dynamic linking issue hasn't yet been tried in court.

In the 80s, Scottish hi-fi audio manufacturer Linn designed their own CPU to improve its manufacturing automation systems. It's a fascinating story. http://www.brouhaha.com/~eric/retrocomputing/rekursiv/rekursiv.txt

That was "World Power Systems" and I remember the incident well. They were caught when someone noticed that one of the important signals on the S-100 edge connector was not connected.

You can read about it here:
http://www.brouhaha.com/~eric/retrocomputing/wps/

So the next time I get stuck in a traffic jam for hours with thousands of other people because some poor bastard in a beat up el Camino knocked off on the freeway, I'm free to shoot him? I don't think it works that way. I think you're just a sick fuck. No, really, you need help. People like you end up doing crazy shit like bombing olympic events and such. If unsolicited email advertising bothers you that much, you are in serious need of psychological evaluation and some kind of anxiety medication. You should see a shrink. Soon.

But first, why don't you go read the 8th Amendment of the US Constitution while I quote a few words out of your own hypocritical mouth:

The point of even having a Constitution, laws, etc., is that we are supposed to abide by them. If we can ignore them whenever they happen to be inconvenient to our immediate needs (even the ill-defined "National Security"), then they are worthless.

Nitpick: It was a PDP-1, one of which has been restored to working order, much to the delight of Spacewar's creators.

But everything else you said was essentially correct, including the homebuilt input device, which consists of five switches laid out in a pattern that anyone who played the coin-op versions of Spacewar and Asteroids will immediately recognize.

No, bring back the 16C! That's a true Slashdot geek's calculator.

Perhaps this posting is an opportune place to mention nonpareil, the HP calculator simulator that actually uses the original ROMs and will flawlessly emulate a 15C, 12C, 11C or 16C. I've programmed one of the buttons on my keyboard to bring up nonpareil in 16C mode.

I always use lcdtest in my linux box.

I wonder what they're going to say when it's brutally apparent that ALL software players can be compromised.

• If the keys are truly embedded in the "trusted" ASIC: Making custom chips is expensive. There are substantial setup costs for each new mask, so there will be enormous economic pressure to only have one or a few versions of the chip. This means once one version gets cracked, millions of computers will be freed. What will it take to read the keys off an ASIC? A scanning electron microscope, that's what. As a bored physics grad student currently sitting 10 feet away from an SEM, I can tell you it'll happen :-)
  
• If the keys are somehow individualized to each computer, they'll be stored on a flash-based FPGA, or in some kind of microcontroller's flash memory. Manufacturers of such flash-based devices go to great lengths to make it so that the code stored in flash can't be read off of the device, but this is nothing more than the same ol, same ol security through obscurity... figure out the magic voltage that you need to apply to pin 12, and oops there goes the security. Smart card hackers have already figured out ways around the protection in the common PIC16C84 microcontroller.
  

"The shuttle computers were never envisioned to fly through a year-end changeover,"

"Timing Considerations .. In the HAL/S system, the RTE contains a clock measuring elapsed time ("RTE-clock" time). The time is measured in "machine units" (MUs) whose correspondence with physical time is implementation dependent. HAL/S contains several instances of timing expressions which in effect make reference to the RTE-clock"

"The true HAL/S concept of a program at run time is an entity executing over some interval in "real time", directed and controlled by a Real Time Executive (RTE). At the outset, the RTE begins execution of the program"

"The shuttle computers were never envisioned to fly through a year-end changeover,"

"Timing Considerations .. In the HAL/S system, the RTE contains a clock measuring elapsed time ("RTE-clock" time). The time is measured in "machine units" (MUs) whose correspondence with physical time is implementation dependent. HAL/S contains several instances of timing expressions which in effect make reference to the RTE-clock"

"The true HAL/S concept of a program at run time is an entity executing over some interval in "real time", directed and controlled by a Real Time Executive (RTE). At the outset, the RTE begins execution of the program"

PS eric your calculator emulators are breaching copyright law. I hope HP sues you into the ground.

If you're an HP calculator fan like me, you'll go nuts over Nonpareil. Actual HP microcode, believe it or not; and very realistic images of (almost) all of your old favourites. GPL code, runs on Linux/OSX/Windows, etc. Couldn't ask for more!

I'm actually in favor of using micropayments to solve the spam problem, but the micropayments should go to the actual email recipient, not the ISP or some other company. Obviously part of it would be consumed by processing expenses, but there could be competing clearinghouses. And use of the system would be completely by discretion of the email recipient, NOT the ISP.

You are.

United States Public Law 102-563
Audio Home Recording Act of 1992

http://www.brouhaha.com/~eric/bad_laws/ahra.html

I know there used to be "special" CD-Rs for copying music (special only when looking at the price tag, mind you)

The audio CD-Rs have a bit set somewhere that audio equipment looks at before deciding if they'll record on this media. So if you have cd writer in your stereo, it probably will only work with audio CD-Rs. Of course, the audio CD-Rs cost more, and some equipment can be hacked to not require this bit to be set, or you can swap it with a data CD-R at the right time and things will work, etc.

The cd writer in your computer, on the other hand, has no such restriction, since it's meant to store data. Of course, you can also burn audio onto your data CD-R on your computer, and people do do this.

As for the law changing in Canada, I have no idea. In the US, I know that audio CD-Rs include a tax that goes to the RIAA or the artists or somebody, and data CD-Rs do not. More on the DAT tax here. (It's called the DAT tax because it was originally written for DAT (4mm tapes) and is probably the #1 reason why we don't have consumer DAT audio drives in our stereos now.)

In any event, when I'm at Frys and I see somebody pick up a batch of Audio CD-Rs, I'll often ask them if they're going to burn them on a stereo component or a computer, and 95% of the time, the answer is `computer'. And then I tell them that they don't need the expensive audio CD-Rs -- the data ones will work just as well.

The DAT tax does have one good benefit though. From the article above --

It explicitly makes it legal (or more precisely, non-actionable) for you to copy audio works for your own use ( section 1008). That's right, it is now perfectly legitimate for you to borrow the latest Madonna album from a friend and make yourself a copy, despite the copyright. Pretty neat, huh?

And in the US we have the "DAT tax", which was extended to cover blank cassettes, Blank VHS tapes, and music (not data) CD-R. This is a royalty that goes to the labels, artists, producers, etc. regardless of what you record on the blank media, was lobbied for by the MPAA/RIAA, and is meant to ensure that IP owners get paid for at-home copying. So we're good to go, right?

Not exactly a hard drive, but Apple's Lisa had dual headed Twiggy floppy drives.

I don't know how HDs work today (or back then either ... I just like looking at the shiny platters,) but while the Twiggys varied the motor speed to cram more data into the outer tracks, this had the drawback of the media spinning at the wrong speed for one of the heads to read it.

HAHA! Look at your face! HAHA!

http://www.brouhaha.com/~eric/personal/

It looks like you had a face transplant, but there were only chins and jowls and some pork available.

No, not all media. CDs aren't subject to any such tax. How else can 100 blanks cost $10?

Actually there is a tax on blank cds according to The Audio Home Recording Act of 1992 as per this. A 1992 law allows music listeners to make some personal digital copies of their music. In return, recording companies collect royalties on the blank media used for this purpose. For every digital audio tape (DAT), blank audio CD, or minidisc sold, a few cents go to record labels.

Server after a slashdotting

And they were able to recover the data off the hard disk drives.

Full story here

Server after a slashdotting

And they were able to recover the data off the hard disk drives.

Full story here

Know why Macs could read PC disks but not vice versa? Easy. Apple's HFS filesystem was copyrighted ;-)

Curious, I'd always been told it was becase the Mac's used variable density floppies (which actually dated back to the Apple, and it was because huge amounts of storage was wasted if you didn't change the density/motor speed), and PC based floppy drivers were incapable of dealing with that.

This link shows roughly what I remember of the history.

There were programs that could read them back in the mid 90's. I'm fairly confident that any lawyer on the planet worth their salt could show that HFS couldn't be copyrighted (it might be patentable). It's like an API, they can't be copyrighted. A description of them can be copyrighted, but the actual API can't (see POSIX, anyone can implement POSIX, but the actual documentation of how it works is in fact copyrighted). You can't copyright something that breaks compatibility. I can't cite the case law off hand, but I know I've seen several people on slashdot talk about it. Maybe one of them can help me out.

Kirby

In the United States, a distinction is made between "consumer digital audio" media and data media. You have to pay extra for consumer audio CD-R blanks and DAT tapes, and the music recording industry gets a piece on the assumption that the media will be used to hold commercially recorded material.

ref, Audio Home Recording Act of 1992

...I feel impelled to chip in and mention that your choice of the term "shoots up" is a singularly - albeit probably subconsciously - appropriate description of BASH. (-:

It doesn't look quite as much like the result of a dodgy serial connector as, say, TECO (think "vi with the Shift key stuck down" :-), but it's close enough to represent a fairly strong incentive to use Ruby for all of your scripting.

My web site has the full expansion in binary. It's over 25 megabytes, so please don't download it unless you really need it.

SCons has automatic dependency checking built in, supporting many kinds of source files, but if it doesn't have what you need it can be easily extended.

SCons remembers the command line used to compile/build a given file, so it automatically figures out that it should rebuild that file if the command line arguments change. With Make it is very difficult to do that, so "make clean" is used much more often than it should be needed.

SCons is written in Python, and the SConstruct files it uses analagously to Makefiles are fundamentally Python scripts, but you don't need to know Python to use SCons. However, if you do know Python you can easily extend SCons.

SCons integrates well with Steven Ellis' 'nc' network compilation tool (though nc works with make also).

Audio Home Recording Act of 1992

Section 1008 is interesting:

"Section 1008. Prohibition on certain infringement actions

No action may be brought under this title alleging infringement of copyright based on the manufacture, importation, or distribution of a digital audio recording device, a digital audio recording medium, an analog recording device, or an analog recording medium, or based on the noncommercial use by a consumer of such a device or medium for making digital musical recordings or analog musical recordings. "

actually, that's not always been the position (vague) of the FSF. it's been -also- said that dynamically linking with a library is the -same- thing as statically linking

It doesn't matter what the FSF thinks. What matters is copyright law. Unless dynamic linking is a violation of copyright law then the GPL doesn't apply. Remember, the GPL is simply a conditional copyright waiver.

Of course, it's obvious that dynamic linking is not a violation of copyright law. Do a Google search and you'll find stuff like this. Or simply use your head.

If you have common filesystems (not necessarily even mounted in the same place, though this requires some unattractive transformation rules in the nc config file), and a synchronized clock (anyone heard of ntp?), nc will either definitely be faster than distcc, or will bring your NFS server to its knees (occasionally both).

I personally liked working with NetApp support explaining how 1 user doing 1 make could swamp a NetApp F840 (pushing about 1.6Gbit/sec over load balanced gig links to a cluster of 10 4-processor ultrasparcs). Our build, which would normally take ~1.5 hours (with -j4 on one machine) could finish in only about 12 minutes with nc.

When used across a workgroup, with distributed ccache, CCACHE_HARDLINK, scons and content signatures, it still rocks with a much more lame fileserver (it spreads the ccache jobs over the cluster, and most writes are just creating hardlinks on the server).

This may not help people trying to build random packages they picked up, but if you work on a large project in a workgroup environment, all of these tools:

• ccache
• scons
• distcc
• nc

-se

(My apologies for the shameless self-promotion)

I think nc can be used like distcc by redefining CC="nc gcc". However, more commonly it is done by putting $(NC) at the beginning of the build rules. Then you can use nc for any build rules, not just C compiles.

In addition to use with make, nc works well with SCons.

I really hope Linus will change his mind and will finally start using CVS or Subversion like the rest of the GNU and Free Software community does.

Linux development is very decentralized, so Bitkeeper is much better suited to it than CVS or Subversion. The CVS and Subversion models are by their nature oriented toward having a single central repository, though there is a project to provide a wrapper for Subversion to support a decentralized model.

Reportedly arch has a model more like Bitkeeper, but I haven't tried it. I use CVS at work, and Subversion for my personal projects.

(16) I live in Canada and pirating music is a right.
(17) I paid the DAT Tax and didn't get the right Canadians got from it.

Oh. Wait. I bursted your bubble, eh?

Sorry. Well, not really.

>What I find amusing is that the pirates seem unable or unwilling to distinguish between creative activity and brainless copying.

They do? If you could point out an example, I'd be happy to discuss it with you. Nothing you mentioned in your rant really worked well for me as an example.

>(10) I believe that copying someone elses music, and redistributing it to my 1,000,000 "best friends" on the internet is sharing. Music is made for sharing. It's my right.

I can't think of a single person who has 5 TB of bandwidth to use per song that pirates. Not a single one. Heck, there's a lot of national ISPs that don't have bandwidth like that to waste. Maybe if I were AT&T...

Or did you mean "10 best friends"? Yeah, sucks to be without friends like yourself, but watch those sour grapes, will ya?

PIC processors can be insanely useful for this sort of thing and very cheap (most around $10) and easy to get, and once you've got the basics down (which can seem a bit daunting at first) they are very easy to learn and program to do pretty much whatever you want. The playstation mod chips are cheap miniture 8-pin PICs usually - just to give you an idea of what they can do, and some of the more advanced models have RS232 (i think) builtin so you can directly interface it with your PC. Add to that some cheap easy to use wireless modules (they just take a power supply and you stick the on/off binary signal in and thats all you need, takes 2 minutes) you can do some nifty remote controlled things. Basically anything from just switching something on and off or blinking some leds (which can be programmed in minutes) to full fledged computing can be done with these babys. They have loads of extras too - analog-digital converters, eeprom memory, high-current switching and more.

Remote key-loggers anyone? ;)

The PIC makers
More stuff

If they do drop Itanium, it wouldn't be the first CPU that Intel spent a bunch of money on, only to kill it when it wasn't accepted by the market.

The iAPX 432 was a 32-bit processor Intel developed starting in 1975 that embodied CISC technology to the max. It was innovative, but also expensive and slow, and targeted towards the Ada programming language, another market failure.

So in your little corner of the universe, which language is everybody supposed to care about above all others? Let me guess. Perl? Java?

C++ does have some good features buried in the morass (mostly features copied from Ada, and sometimes given new names), but it still inherits all of the weaknesses of C.

C isn't a high-level language; rather it is a portable assembler. C++ is a fancier, object-oriented portable assembler.

There's a place for C, in writing code for very small embedded systems (perhaps under 16K of memory). IMNSHO, it is only a mediocre language for writing operating system kernels, and a terrible one for writing applications. Ada, Modula-3, Sather, and similar languages are quite suited for writing kernels, and many more languages are well suited for applications programming.

C++ seems well-suited for not much of anything. I have yet to find any convincing argument that C++ is the best-suited language for any particular purpose. The only thing it seems to have going for it is popularity, and one shouldn't confuse popularity with merit.

And dismissing the whole C++ language with a flick of the pinky

Eric Smith (who writes C and sometimes C++ code for a living, sigh)

Software Reliability: Don't Use the Wrong Tools

Obligatory C++ quotes:

C++ is a fairytale language. Unfortunately, the fairytale is not The Goose that laid the Golden Eggs, but rather The Emperor has no Clothes.

-- Peter van der Linden

C++ is already too large and complicated for our taste.

-- X3J16, (SIGPLAN notices, June 1992)

C++ will do for C what Algol-68 did for Algol.

-- David L. Jones

If you think C++ is not overly complicated, just what is a protected abstract virtual base pure virtual private destructor and when was the last time you needed one?

-- Tom Cargin (C++ Journal, Fall 1990) [see http://www.apostate.com/programming/c-tech.html]
[see Peter van der Linden, _Expert C Programming_, Page 327]

It has been discovered that C++ provides a remarkable facility for concealing the trivial details of a program - such as where its bugs are.

-- David Keppel

When your hammer is C++, everything begins to look like a thumb.

-- Steve Haflich (smh@franz.com)

Don't do things illegal in your country!

God bless Canada and the blank media tax; I don't mind paying a little bit on every CD-R for a music piracy license!

Of course, the RIAA isn't going after downloaders (I wonder if they'd win) -- they're going after uploaders. And having paid a tax on your CD-R media won't help there.

Hmmmm, what happens if your house catches fire? 8 copies of the same document all nicely toasted!

And who knows, maybe some day I will learn to type. Let's try that again! About the intel 432

some of that money goes back to the companies that make music anyhow..

It's called The DAT Tax.

One interesting thing about the DAT tax is this --

The law does have one benefit to the consumer. It explicitly makes it legal (or more precisely, non-actionable) for you to copy audio works for your own use ( section 1008). That's right, it is now perfectly legitimate for you to borrow the latest Madonna album from a friend and make yourself a copy, despite the copyright. Pretty neat, huh?

Often when I see people buying Audio CD-Rs in the store, I ask them if they're going to burn it on a computer or a stereo component. In every case, they've said `computer'.

Now, I've heard that companies that make analog media, like cassette and VHS tapes, pay a certain amount to the recording and movie industries -- sort of a `hush' money -- but it's not something that has been codified into law like the DAT tax.

Didn't the Audio Home Recording Act of 1992 impose a tax on media that was meant to reimbure the industry from pirating? (I don't know if it applies to cd's or just tapes)

Is it still stealing if we pay taxes to refund them for stealing?

As far as huge software companies go, they're pretty benign in my view.

Photoshop is the best piece of software out there for image manipulation. Bar none. Gimp may be nice, but it's not as easy to use and it doesn't have anywhere near the polish as its older brother.

PDF is wonderful. PDF is open.

I mean, did John Warnock piss in your cornflakes or something?

IMHO, the DMCA is a terrible law, and most uses of it are "abuses". But using the DMCA to stifle fair use rights is particularly nasty, especially since the DMCA explicitly contains an exemption that was supposed to protect fair use:

(c) Other Rights, Etc., Not Affected.--(1) Nothing in this section shall affect rights, remedies, limitations, or defenses to copyright infringement, including fair use, under this title

in the UK at least, we pay a additional fee whenever we buy blank cassettes, either music or video, that go to support the music industry from 'illegal' copying onto them.

(I've heard about the latter (analog) issue from people in the music industry, but have never actually seen anything more definate. Can anybody corroborate or disprove it?)

Because almost all of the interesting Alto software used the writable control store, it is important to simulate the Alto at the microcode level. The Alto used horizontal microcode, so several operations are done in each clock cycle, which IIRC was 170 ns. On an Athlon XP 1900+, the CPU simulation runs at about 1/4 real time. In order to obtain better performance, it will be necessary to do quite a bit of optimization, possibly including binary translation of the microcode into native host code.

There's no packaged release of the Altogether code, but it can be checked out from CVS.

Using a better language doesn't completely prevent software defects, but it can eliminate a large class of exploitable security problems.

Some more suitable languages include Ada, Java, Modula-3, Sather, Scheme, and Smalltalk. There are, of course, many others as well. Some of these impose a non-trivial performance penalty compared to C and C++, but some of them don't.

Some time back I was involved in a thread about programming language support for reliable software, in which I compared C to a table saw with no finger guard.

C.A.R. Hoare, in his 1980 ACM Turing Award Lecture, made the insightful observation:

...there are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies and the other way is to make it so complicated that there are no obvious deficiencies.

The first method is far more difficult. It demands the same skill, devotion, insight, and even inspiration as the discovery of the simple physical laws which underlie the complex phenomena of nature. It also requires a willingness to accept objectives which are limited by physical, logical, and technological constraints, and to accept a compromise when conflicting objectives cannot be met. No committee will ever do this until it is too late.

Given how difficult it is to write robust software, it astonishes me that it is still common practice to use languages that offer essentially no help in avoiding common mistakes.

Microsoft is correct, however, that better education would improve things. Marc Donner posted an insightful comparison between how programming and writing are taught.

Eric

[*] Laziness in programmers is a virtue! Most new software tools are developed because a programmer somewhere was too lazy to keep doing things the same old way.

Using a better language doesn't completely prevent software defects, but it can eliminate a large class of exploitable security problems.

Some more suitable languages include Ada, Java, Modula-3, Sather, Scheme, and Smalltalk. There are, of course, many others as well. Some of these impose a non-trivial performance penalty compared to C and C++, but some of them don't.

Some time back I was involved in a thread about programming language support for reliable software, in which I compared C to a table saw with no finger guard.

C.A.R. Hoare, in his 1980 ACM Turing Award Lecture, made the insightful observation:

...there are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies and the other way is to make it so complicated that there are no obvious deficiencies.

The first method is far more difficult. It demands the same skill, devotion, insight, and even inspiration as the discovery of the simple physical laws which underlie the complex phenomena of nature. It also requires a willingness to accept objectives which are limited by physical, logical, and technological constraints, and to accept a compromise when conflicting objectives cannot be met. No committee will ever do this until it is too late.

Given how difficult it is to write robust software, it astonishes me that it is still common practice to use languages that offer essentially no help in avoiding common mistakes.

Microsoft is correct, however, that better education would improve things. Marc Donner posted an insightful comparison between how programming and writing are taught.

Eric

[*] Laziness in programmers is a virtue! Most new software tools are developed because a programmer somewhere was too lazy to keep doing things the same old way.

What if the end user does the linking?

How can he be in violation of the GPL if, ONE, internal use is unrestricted by the GPL(?), and TWO, the end user doesn't even have the source code available?

Steps to "downgrade" a GPL'ed library to LGPL and keeping your source code a secret would therefore be:

1) Compile (and don't link) your code to object code.
2) Supply end-user with the object code (without source code) together with instructions to download the GPL'ed library and link it with the object code (statically or dynamically doesn't matter). A batch file could even do this automatically for convenience.
3) The mandatory "Profit!"

The only act which could be argued to be a violation is the inclusion of a header file by the author of the object code, but that is just a specification and an interface to the real part of the library (and claiming restrictions in using that is to me just as evil as software patents).

Add to that the possibility of linking with a different library instead (which could even be written LATER ON just to ridicule the whole issue) and it seems clear to me that the GPL and the LGPL are not only MORALLY EQUIVALENT, but LEGALLY as well.

Finally I would ask if anyone actually know of ANY specific example of a LGPL'ed piece of software which was "abused" in a way which would not be possible under the GPL.

Partially inspired by http://www.brouhaha.com/~eric/editorials/gpl_dynam ic_link.html.

You might try Broadcast2000.
It received a good write-up on O'Reilly
http://www.brouhaha.com/~eric/broadcast2000/