Slashdot Mirror

rule of thumb for clock speeds: Pentium M x 1.5 = Pentium 4

e.g. a P-M with 2 GHz runs about as fast as a P4 3 GHz. AMD's QuantiSpeed ratings are usually on target for the P4.

according to german computer mag c't, the 2.13GHz Pentium-M achieves a SPEC CINT2000 of 1600, which is similar to a P4-3.8 GHz or an AMD Athlon64 4000+.

and it does that all with a thermal design power of 27 Watts (compared to the 100+ the P4/AMD need...). very neat.

And what if there is no decryption key available? How about copy-protected CD-Audios which don't use decryption keys?
According to a speaker of DDB, it is unlikely that DDB would always receive personalized copy-protection-free media, in which case they have to crack it (which they are now allowed to do according to the release).

Exactly. No matter how vigorously any software company may deny it, without access to the full and complete source code, one cannot verify the integrity of the system. The threat is real, and more pervasive than you may think, especially post-9/11 -- people I know personally have been approached to put backdoors into their companies' applications, a la Lotus Notes. And the NSA was not above using both rewards and threats to make it happen.

The frightening thing is that in the past, the NSA has apparently been interested only in export versions of software (spying on other governments, I would suspect); after 9/11 they are also interested in spying on us.

One article from 8 years ago is hardly the most convincing rebuttal.

• 18 November 1998: IBM kills study on software patents by the Whitehouse
• 1 July 1998: IBM manages to push through patents on "computer programs that have a further technical effect beyond the normal physical interaction between a computer and a computer program" at the EPO (represented by Fritz Teufel, their head patent lawyer in Europe). An example of such a further technical effect is reducing the number of mouse clicks (as in Amazon One Click).
• 8 September 2000: Pension Benefits case: IBM manages to push through "program claims" (claims on computer programs on a carrier) at the EPO.
• 30 October 2000: Fritz Teufel, IBM head patent lawyer, takes part in a German debate representing the pro software patents side (German article)
• IBM: $1.6 billion revenue from patent licensing in 2000.

The king of Linux DVRs is not MythTV, but VDR. VDR is a complete Tivo replacement, with built in simultaneously multichannel recording, TV guide, etc. http://www.cadsoft.de/vdr/

According to this report, the Berlin Fire Department's central radio dispatching system broke down at 0:04, including the backup system. The whole system was replaced a year later.

The breakdown was a whole series of unfortunate bugs of several systems. There's more detail in an article in c't issue 13/2000.

With the system missing, the fire department used fully manual dispatch via radio, pen and paper, but without their infrastructure, they were completely overwelmed.

Without the central dispatching system, the reginal fire departments were given several false information. In Germany's bigger cities, the fire departments also operate several ambulances, so this isn't just about fires, but also about regular injuries.

According to the article, one single fire was visited by 20 fire engines, unaware of each other's dispatch. Sometimes the police used riot control water cannons to extinguish fires, some injured people people were brought to the hospital by police staff long before the firemen's ambulances were able to arrive, in two incidents, victims had to wait 30 or 60 minutes for an ambulance to arrive. In another case, the neighbours of a small house used their garden hoses trying to control a fire that began small but wouldn't die during the two hours they waited for the fire engine to arrive.

Helpless, the fire department sent some fire engines and ambulances "on patrol" starting at 2:00 and told them to look for fires and act on their own without the central dispatch.

I wasn't affected (I don't live in Berlin), so I just report this second hand. But considering that this was new year's eve with several wild parties and firecracker incidents and Berlin being Germany's largest city, we were lucky that no really big fire or emergency occured that night.

According to this report, the Berlin Fire Department's central radio dispatching system broke down at 0:04, including the backup system. The whole system was replaced a year later.

The breakdown was a whole series of unfortunate bugs of several systems. There's more detail in an article in c't issue 13/2000.

With the system missing, the fire department used fully manual dispatch via radio, pen and paper, but without their infrastructure, they were completely overwelmed.

Without the central dispatching system, the reginal fire departments were given several false information. In Germany's bigger cities, the fire departments also operate several ambulances, so this isn't just about fires, but also about regular injuries.

According to the article, one single fire was visited by 20 fire engines, unaware of each other's dispatch. Sometimes the police used riot control water cannons to extinguish fires, some injured people people were brought to the hospital by police staff long before the firemen's ambulances were able to arrive, in two incidents, victims had to wait 30 or 60 minutes for an ambulance to arrive. In another case, the neighbours of a small house used their garden hoses trying to control a fire that began small but wouldn't die during the two hours they waited for the fire engine to arrive.

Helpless, the fire department sent some fire engines and ambulances "on patrol" starting at 2:00 and told them to look for fires and act on their own without the central dispatch.

I wasn't affected (I don't live in Berlin), so I just report this second hand. But considering that this was new year's eve with several wild parties and firecracker incidents and Berlin being Germany's largest city, we were lucky that no really big fire or emergency occured that night.

[...] Recht auf eine Privatkopie [...]
[...]
[...] As somebody who has lived in Germany [...]

How long ago did you left? In the meantime, things got worse regarding copyrights... you know, corruption by lobbies, masked as 'international pressure', 'germany has to stay competitive' (wtf!) etc...

The right to a 'Privatkopie' only exists on paper now. The new copyright law implemented a few years ago specifically forbids cracking copy ''protections''. What if you want to make an allowed copy of such media?

Germany's attorney general Brigitte Zypries said that there is no right to personal copies in copyright law ("Das Urheberrecht kennt kein Recht auf Privatkopie", see e.g. this German c't computer magazine article).

IMHO, such laws show how corrupt our goverment became.
Interesting opininions on slashdot (comparing copyright violation to drugs and to rape) let me strongly suspect, as another poster in a previous thread said very well: 'meme injection by *AA astroturfing agents'.

NV are forcing packagers to declare the supports up to and the size of the onboard memory

I did RTFA on the (german) Heise newsticker (http://www.heise.de/newsticker/meldung/54284) before, and there you can read that Nvidia would encourage their partners not to reveal the real memory size, but rather only tell "supports up to ... MB".

No sentient person would want DX9 in a card that is too slow for these DX9 features and furthermore steals RAM from the system whilst slowing the CPU.

The German computer magazine c't found out, thet ES5 is connected to the wanted Stephen M. Cohen (for transferring the sex.com domain to himself via fake documents to Network Solutions), who co-operates ES5 and several spam businesses from Mexico.

After the report was published a lot of traces that led to Cohen were deleted from ES5 message boards.

The network provider for ES5 Servers in Palesetine was found out to be only a letterbox-company.

While the report itself is not freely available on the net (for those interested: it's in c't 26/03) an addendum to the report can be read at http://www.heise.de/ct/04/04/035/default.shtml.

a. Would a corporation (MS) work with the feds to allow this software a backdoor to bypass security and be easily automatically installed on the system?

How NSA access was built into Windows http://www.heise.de/tp/r4/artikel/5/5263/1.html

Nope. Others have it too
http://www.heise.de/tp/r4/artikel/18/18969/1.html
http://www.heise.de/newsticker/meldung/54000

Nope. Others have it too
http://www.heise.de/tp/r4/artikel/18/18969/1.html
http://www.heise.de/newsticker/meldung/54000

Well - the German computer magazine c't published three times a customized version called "Knoppicilin". You boot in text mode, get the new virus lists via net or disc and scan your windows disks for viruses. The CD includes the scanners of F-Secure, Kaspersky and Sophos. It also includes Paragon NTFS. Information are here (German).

Get a C`t subscription(German,dutch), you get an up-to-date knoppix + scanner once every couple of months. Its called "Knoppicillin" You could have gotten your first one and a half year ago

I suppose complaining to you favourite computer related montly about their ridiculous oversight in not copying this concept might help. That is, if you stay away from the "Screenshots, colors and windows for kids" magazine`s. On the months there isn`t a bootable knoppix waiting on your doorstep you will have to do with such stuff as an oracle database, a service pack (which microsoft refuses to let people redistribute} and always the latest kernel.

If you have no need for these you will have to do with investigative journalism, benchmarks that are early but impartial and at least in the dutch case an overview of the worst lawmaking idea "for an internetworked world" of the month (EU patent "reform", passport biometrics, "traffic data" retention, internet tapping) researched and written by laywers rather then bloggers... All ideas worthy of copying in other magazines I would think.

Knoppicillin is what you are looking for. It has been released by the German magazin C't. Unfortunately it is not available for download because it uses 2 commercial virusscanners and a licenced NTFS driver for Linux.

Apropos, take a look at this. It even has a PortalPlayer DSP (just like the iPod). 20GB, SD/MMC-slot, and it's black without any U2 songs on it.

199 Euros.

Already sold out (according to the article).

Heise Newsticker is a major IT news site in germany. The linked article is in German, but you'll be able to read the stats.

Here is the story (in german) and here is the image only (obvious mockup)

Here is the story (in german) and here is the image only (obvious mockup)

... the left embrace their guy ...
Kerry == left? Okay, it may be difficult to be not left of Bush, but left in the real sense - no way.
Here is an interesting reading about the "two" choices Bush vs. Kerry.

It has been exploitet too just two months ago, when ebay.de was hijacked by a 19yo kid.

It seems that Tucows (the domain registrar) messed up by not responding to DENIC's inquiry.

http://www.heise.de/newsticker/meldung/50661

/me rushes to the local patent office

Over here, you could get a MDA3 from T-Mobile http://www.heise.de/mobil/newsticker/meldung/48653 / , add a 512MB MMC card and use (mostly free) WLAN at railroad stations etc to get webradio. Add an app like streamripper and store 100+ MP3s on your phone. Or just connect to your server at home to get the files. With 2-3 MBit connections, it's not an issue.

You mean like this?

It's in German, but if the google translation is correct, this device will the brothers many more subtly to the leather, once the elephant leaves the water. Which, of course, goes without saying.

I just read the bluecoat.com offers proxy servers that claim to do exactly what you want.

I would like to hear more about this. Is there an English version of that article anywhere?

c't had a couple of such solutions a while ago. Check out their Mucken statt drucken and Wohnzimmer-PC projects; or look at all their projects. Is this sort of what you are looking for?

c't had a couple of such solutions a while ago. Check out their Mucken statt drucken and Wohnzimmer-PC projects; or look at all their projects. Is this sort of what you are looking for?

c't had a couple of such solutions a while ago. Check out their Mucken statt drucken and Wohnzimmer-PC projects; or look at all their projects. Is this sort of what you are looking for?

just watch out what you're saying, coward.

Seeing the way you guys do elections (amongst more things) makes me happy to be a German.

Anyway. There's been several older attempts to make PC's fall under GEZ fee and all have stopped short of a legal way of doing so. This is yet another one, now with the coverage of the national press (by claiming this was actually a fact) but to tell the truth, all German people are as anti-GEZ as can be.

Many German analysts believe that collecting fees on PCs will - besides of being illegal - only lead to less income for the national TV funding. Peoples comments on this are pretty clear: Millions will claim to have sold their TV sets and not own computers to get rid of GEZ for good, myself being only one of them.

Popularity of GEZ is about at the same level as your RIAA and their methods are pretty much the same as good old Stasi, an open secret in Germany.

So, on the bottom line, there is a 50% chance that the GEZ will be stopped for good.

If you're capable of reading first level sources on the topic, this article might be quite interesting to you, coward: klik, it pretty much reflects the way people think about the matter.

It appears that a particularly crafted request may confuse ASP.Net and allow access to otherwise protected directories.

If a web server receives a request for a particular URL (e.g._http://server/somedirectory/filename), the 'somedirectory/filename' part has to be mapped to a particular file located on the server. This translation has been the source of many "directory traversal" bugs. The IIS unicode exploit is probably the most famous one.

After our original posting of this diary, a few users pointed to the following articles which provide more details then provided by Microsoft's advisory:
(Thanks to Chaouki & Daniel)

www.heise.de/security/news/meldung/51730 (german)
http://www.derkeiler.com/Mailing-Lists/NT-Bugtraq/ 2004-09/0068.html
blogs.devleap.com/rob/archive/2004/10/02/1803.aspx (italian)
www.k-otik.com/news/10052004.ASPNETFlaw.php (french)

It appears that by switching a '/' character in the URL with '\' or '%5C', the canonicalization routine will be confused. So if the URL: http://www.example.com/secure/file.apx is password protected, using the either of the following URLs will bypass the restriction: http://www.example.com/secure\file.apx http://www.example.com/secure%5Cfile.apx

In addition to the slash/back-slash confusion, one reader reports that inserting a space will bypass the URL restriction as well: http://www.example.com/%20/secure/file.apx (had no chance to validate this method so far)

URL Obfuscation

Handler and star SANS instructor Ed Skoudis compiled a comprehensive list of various URL obfuscation methods used in phishing schemes and spam. Some of these methods do not work with all browsers (e.g. the %01 issue in older Internet Explorer versions). In order to preserve the tricky details of some of these methods, we setup a page which includes just the URL methods without our usual header and footer:isc.sans.org/presentations/urlobfuscation.p hp (to view as source: isc.sans.org/presentations/urlobfuscation.txt ).

Jan Reilink wrote to point us to this page with more details about URL obfuscation and decoding:www.pc-help.org/obscure.htm .

This article from 2002 claims that most fingerprint readers available to joe user by that time were easy to fool. Easy as in: press a plastic bag filled with warm water on it to replay the last print.
Are we looking at a new, better generation of readers today or are they still as insecure as they used to be?

The Council of Ministers has already voted in favour of a pro-swpat text, but this has yet to be confirmed, and while uncommon, it is still possible for countries to change their vote.

German IT news site heise.de reported today that the confirmation, originally scheduled for tomorrow, has been postponed. There is indication - but no certainty - the paper is going back to the relevant comittee for further discussion and possible changes.

European IT experts and smaller firms have fought hard against software patents over the last months. While the battle is far from won, it is good to see there is some sort of effect, and lobbying work has not entirely immunized the EU to reason.

Iraq is not as safe as, say, downtown Singapore, but it's a whole lot safer than downtown Washington D.C. or Mexico City.

This shows what a cynic you are. I don't hear of regular autobomb explosions, and jets bombing urban centers in both that cities. You are an apologist.

For the free media: There are newspapers, but most of them are organs of policy of a political force (see here, in German ).

People signing up for police and army have deserted on a lot of various occasions. A need for jobs triggered by mass poverty should not be equated to actual support.

Iraq's economy stronger? If you take away business going from US government that goes into the hands of US corporations and similar stuff, I guess that drops a lot. There are billions moved, but to no benefit of the Iraqis. How many of the rest of the economy is subsidized and not actually sustainable on its own?

The interim government is targetted because it is viewed as a US puppet regime. So every strike against the puppet regime is hoped to get "good PR", because the populace in general resents the Americans and their allies.

Oh yeah, and there is actually little or no progress in rebuilding Iraq: here, a study .

You forgot about c't. Though it has less DIY-projects than it did in the past it is still by far the best german computer magazine.

Last DIY I remember was the RFID-Detector a few issues ago.

the official German Government institution for IT (BSI) security says they want to see "different browsers" and people should "not only use IE"

Heise reporting about the BSI comment

(Link to German site)

Apart from that, SWR3 (the biggest German radio station) have a small "Multimedia" feature (weekly?). While it is quite light and sometimes has apparent errors (for a geek like me :), they _did_ plug the new firefox this week and told people to switch browsers. It nearly floored me when I heard that:

SWR3
(Link to German site)

Imagine hearing on the biggest radio station that users should switch to FireFox!

The only minor drawback was that the guy literally said Firefox is now at "version one" - oh well. Friendly User version numbers, they are not.

Best wishes,

Tels

This is the name for the British surveilance system.
More info here

Also, music is at a higher quality - 160kbps VBR

no, bitrate in not equal to quality. iTMS has the far superior AAC, while Microsoft uses WMA wich comes last (or close) in most tests (except the ones Microsoft pays for ;))
two tests here:
1
2

ROTFL, unfortunately Slashdot _blocks_ posting both, the German source code comments taken from the _original source_ and an attempt of a translation with the result:
"Lameness filter encountered. Post aborted! Reason: Please use fewer 'junk' characters."

The OX code is full of such stuff and gives a good indicator on the quality of the software. They seriously should have stayed closed source.

ROTFL, unfortunately Slashdot _blocks_ posting both, the German source code comments taken from the _original source_ and an attempt of a translation with the result:
"Lameness filter encountered. Post aborted! Reason: Please use fewer 'junk' characters."

The OX code is full of such stuff and gives a good indicator on the quality of the software. They seriously should have stayed closed source.

Now, many bad experiences people may have with OO are probably related to importing existing MS documents. Even though the filters are pretty good, they are obviously not perfect, and last I checked macros were ignored entirely. However, that is not a fair comparison -- Microsoft would utterly fail it, as they don't have the most basic OO import filter. And the complexity of this problem is similarly high as the one of emulating the Windows API on Linux - you don't just have to get the file format right, you also have to duplicate Microsoft's way of interpreting it, even if it's buggy and/or inconsistent.

Nevertheless, the developers are always working hard on improving import filters, as it is obviously essential to business migration. OpenOffice 2.0 will have improved filters, and it will also have much better database management with support for databases directly stored in files (as Access does).

OpenOffice is clearly more performance-hungry than MS Office, although in my experience that is mostly the start-up time. I don't anticipate major improvements in this area. If you're looking for a very slim MS Word replacement, KWord or AbiWord are probably projects worth keeping an eye on. TextMaker, a proprietary package, also exists for Linux. And if you're into DTP, Scribus is quite mature already.

Read Microsoft: A matter of trust from the same author mentioned in the Slashdot story. He reported a bug, and Microsoft told him it was a feature.

The specific flaws may not be big deal today, but Jürgen Schmidt's article Microsoft: A matter of trust makes some very good points about what the response says about Microsoft's attitude to the problem. One of the biggest obstacles to security it the "it hasn't been exploited yet so it isn't a problem" attitude in those who hold the purse strings. It is a recipe for always doing too little, too late.

But since they are probably selling songs at a loss around $0.49, I just hope for real (or should that be with a capital R) that Microsoft hasn't patented "Limiting downloads of popular content to 2.5 million a day (even if everybody needs them)" [penguins spared, ed.] yet...

But since they are probably selling songs at a loss around $0.49, I just hope for real (or should that be with a capital R) that Microsoft hasn't patented "Limiting downloads of popular content to 2.5 million a day (even if everybody needs them)" [penguins spared, ed.] yet...

That happened in Germany two years ago :-)

Some customers of the mobile phone provider "O2" got bills with a lot of "outgoing voicemail" connections to one certain telephone number.
That number was used by the authorities to record the customers calls - so warning the suspects that they were under observation.
According to some spokesperson of "O2" the reason was an erroneous software update.

Two year old (german)article at heise.de and a follow up.

That happened in Germany two years ago :-)

Some customers of the mobile phone provider "O2" got bills with a lot of "outgoing voicemail" connections to one certain telephone number.
That number was used by the authorities to record the customers calls - so warning the suspects that they were under observation.
According to some spokesperson of "O2" the reason was an erroneous software update.

Two year old (german)article at heise.de and a follow up.

According to this, notorious spammer Scott Richter has his own netblock (69.6.0.0-69.6.79.255), which until recently was connected to the internet through Taiwan based ISP Chunghwa Telecom. After they gave up on him, Germany based T-Systems took over. If you have any problems with spam from this netblock, their security team would like to hear about it. They have announced that they will terminate the contract if Richter violates it.

He did neither break AES, nor RSA. He simply found the public key of the AirportExpress device. (At least this is what german newsticker heise reports.)