Domain: replay.com
Stories and comments across the archive that link to replay.com.
Comments · 20
-
Re:Diamond Rio is still WMA
lol, my bad, the RIO mp3 player.
http://www.replay.com/shop/_templates/item_main_Ri o.asp?model=261 -
Look back to I-Opener
The death nail of Netpliance. Built a machine for $400 and sold for $100... Service extra. The same could be said for Replay and TiVo both boxs are being sold undervalue but it is the monthly checks that keep them working.
-
Not ready for mass marketDVRs are nice, but they're just not ready for the mass market. Criswell predicts that neither Tivo nor SonicBlue will get rich selling them.
Don't get me wrong. I love my Tivo. Works so much better for me than a VCR. I can't count the number of shows I've missed because I forgot to program the VCR, or I made some minor mistake in the programming process (when is it on? which tape has enough room? did i set up the weekly recording list properly? did I remember to put in the right tape and push the right button before I left for work? should I leave the clock on manual and risk a blackout, or did KTEH finally fix their sync box?). Not to mention shows I never knew about because scanning TV listings is boring.
So I go through some menus and just tell the Tivo to record this show or that. And it does. Unless the Tivo has already decided to record it on its own. Perfection, no?
No. There's still too much that can go wrong. Browse through the Tivo forum and you'll find dozens of posts from people hassling with weird problems. Disk errors. Software bugs. Signal acquisition failures. System crashes.
The awful truth is that DVRs are not consumer appliances. They're mutated PCs that are sold bundled with a TV listing database service. I can cope with that -- but then, I've been second-guessing neurotic computer systems for longer than I care to think about. (If I got one of those T shirts, a lot of people would have to dust off their typewriters.) And I still get screwed sometimes when a software upgrade screws up my box and I miss a bunch of shows before I impose a fix through a combination of persistence, intuition, and blind luck. It would be a lot easier of they didn't try to hide the basic platform from the user. But then, they'd never get backing if they didn't pretend this was a consumer item, not a hacker toy.
Perhaps Replay TV is better. (The basic technology does seem to be a little better thought out.) Perhaps TiVo would be better if they didn't keep doing new software releases. I doubt it though. Everybody has to use the same basic off-the-shelf technology to sell this toy at a reasonable price. So we're stuck with immature, kludged together technology. If you can cope with that, OK. Otherwise, stick with your VCR.
All that being said, they're isn't a lot of difference between Tivo and ReplayTV. Once you factor in the lifetime subscription for a Tivo (which you have no choice about, unless you plan to smash the Tivo exactly 19 months after you buy it) the prices are the same. Features are pretty similar. (There are claims that Tivo is deliberately trying to make it hard to not watch commercials, but I have little trouble skipping them.) Tivo has an active hacker community (even aftermarket upgraders), but Replay technology strikes me as more extensible, with its built-in IP support.
A major difference is that Tivo is part of the entertainment industry, while SonicBlue is an outsider. That's not a clear plus for either one -- Tivo boxes are less likely to be orphaned, but Replay boxes have functionality that isn't dictated by Hollywood lawyers.
Bottom line -- if you must buy a DVR, buy the one that has the features you like and you find easiest to use.
-
Re:looks cool to meUnfortunately, it appears you do have to sign up to use their server. According to the ReplayTV 4000 product page:
SONICblue reserves the right to automatically add, modify, or disable any features in the operating software when your ReplayTV 4000 connects to our server.
Fishy policy, I'd say...
-
ReplayTV 4000 official site
For more information on ReplayTV 4000, see the official site. Interestingly, it's the only networked digital video recorder with broadband connectivity.
-
Some places to start
There are a number of good places to look on the web, including:
Info on Loopback Encryption
Information on using CFS (useful)
Faster Option and another. These people have gone about it a different way. -
Build your own?First of all, did anyone notice that http://www.replay.com/ doen't show up in Netscape (on Linux at least, I haven't yet checked it under Windows) only IE. You can go to http://www.replay.com/overview/techspecs.htm under Lynx though.
The video is stored in MPEG II format and it stores 20 hours, so how big a harddrive is that? (I'm thinking a 20.4 Gig hard drive would be more than adequate. But I've never tried to record a bunch of MPEG-II's before.) Now I'm guessing that the video capture device they are using is of higher quality than say, PC TV studio (which we use here at work). Any thoughts on the best video capture device to use? (Preferably one that works under Linux.)
I'm wondering what the serial port is for?
I'd rather try to build one of these myself than buy theirs, after all it is just a specialized PC.
Oh, and of course, my version will definitely have a CD reader/writer...
Well, just some random meanderings, I don't have any money right now or time to start a project -_-.
-
Buy RedHat Secure Server and transfer the licenseIf you want to run an SSL server for non-commercial purposes, you can compile mod_ssl linked against rsaref. The rsaref package is not free software--it is licensed for non-commercial use only and has a couple other restrictions. This route is the cheapest way to set up a non-commercial SSL site in the US.
If your site is a commercial site in the US, then there is no way around it--you must license the RSA algorithm from RSA (unless you want to challenge the RSA patent in court!). If you call up RSA they will give you a price quote in the thousands (I tried this once). A far cheaper way to get an RSA license is to buy RedHat Secure Web Server (now repackaged as RedHat Linux Professional).
IANAL, but I have read the "Advanced Cryptography License" that comes with Secure Web Server and I believe that the license does in fact allow you to legally run an implementation RSA using any SSL server software you want on your site. That means you can buy Secure Web Server and then legally run mod_ssl on your web site. That's what I would do if I were in your position, since mod_ssl is a quality free software product.
-
jam echelon day
These "hacktivists" seem to think that peppering their email with naughty words is a new idea. It isn't: "spook fodder" is at least ten years old (take a look at Tim May's 1992 Cypherno micon). The idea that they can "jam" Echelon is incredibly naive; if they're really concerned, they'd do better to encourage people to understand these surveillance systems and to use PGP - spreading misinformation about surveillance and encouraging one-day actions is counterproductive. Some of the hacktivist organizers have been told again and again (for example, by the foounders of Hack-Tic/xs4all) that their methods are misguided and useless, but they never listen. Hacking is about, among other things, understanding technical systems: if you promote misunderstanding, you've got no business calling yourself a "hack"-anything.
-
Your Anonymity Online
Some things to check out:
The Anonymizer
Surf the Web anonymously
Replays Anonymous Remailers
Send email anonymously
Onion Routing
Onion Routing allows you to send IP packets anonymously.
SSonet
Multilevel security in computer networks.
-
Two Part RedHat Solution.(Note: I've basically done this before, but only from RH4.2 to RH5.2 -- it's probably changed little in RH6))
- Create a customized RedHat installation.
- Mirror the RedHat distribution.
- copy the RPMs you want into the big RPMS directory, remove RPMS you don't want, etc. I'd highly reccomend replacing old RPMs with the updates and grabbing the ssh (etc) rpms from ftp.replay.com. Also, install autorpm and either customize it or make a separate RPM with just the files for autorpm to use an updates mirror that you make.
- Edit RedHat/base/comps -- the format is somewhat self-explanatory. For the purpose you're describing, go to the "0 --hide Workstation" section and customize that. It's probably easiest to make that list by doing a completely custom install off of the mirror you made in step one and then doing rpm -qa --queryformat '%{NAME}\n' to get a list of all the packages that got installed.
- run genhdlist on the appropriate directory.
- Put that all up someplace
- Optionally, do the whole kickstart thing.
- Set up an updates "mirror" someplace and point autorpm on all those workstations at that mirror. Presumably set up to only install from your relatively secure mirror and to check PGP signatures, etc...
- Create a customized RedHat installation.
-
Re:Not stupid at all...
I'm also in Europe, but i have strong crypto! When using netscape i rely on Fortify. This is a fully automated patch, just type install (or whatever) a few stupid questions, and voila... then you can repackage it and even distribute... When using IE, then there are strong versions on replay.com (Even a 128 bit WinCE IE is downloadable here).
-
I do know of something comparable for Linux
ftp.kerneli.org has a set of international patches to the kernel which include encryption support for the loopback device. You can encrypt a partition or a file containing a filesystem image. It supports blowfish and several AES candidates.
gnupg 1.0.0 is available as an rpm in ftp://ftp.replay.co m/pub/crypto/incoming/gnupg-1.0.0-1.i386.rpm
Alternatively, you can create the rpm yourself: rpm -tb gnupg-1.0.0.tar.gz will automatically compile and package it to an RPM. -
US Export Regulations
Most of the cryptographic material that is illegal to export outside of the United States is done and distributed offsite. The article misquoted the website. Pre4 is not available on ftp.kha0s.org (which is u.s.). However, snapshots are available on ftp.replay.com (hosted in the Netherlands). Take a look at www.replay.com
-
Just use anonymous remailers
Take a look at mixmaster remailers if you really want to keep even the recipient of your emails a secret. Properly used, The Man can tell that you put a message into a remailer, and that your recipient got a message from a different remailer some time afterward... but connecting the two is pretty much intractable.
-
So what about crypto file systems, anyway?I have a laptop. I have, periodically, searched around for information on how to use a cryptographic file system. I've found a few references to CFS:
- In the Security HOWTO;
- RPMs at replay.com;
- Matt Blaze's developer-oriented announcement message;
- And something called TCFS that claims to be an ``improved'' version of CFS.
There is something notable missing from all of these pages: simple, easy-to-follow instructions on how to install and effectively (and securely!) use a file system like this.
From the dearth of documentation, I get the feeling that this has only ever been attempted by file-system gurus, which means that I wouldn't even want to consider attempting it, because reformatting my disk and reinstalling the system is not something I look forward to.
Here is what I would like to end up with:
- I power on my machine;
- Early in the boot process, it prompts me for a pass-phrase;
- If I don't type the correct one, the machine is useless, and all non-trivial data on the disk is encrypted;
- If I do type the pass-phrase, the machine boots up normally;
- When I put the machine into suspend mode, it again prompts me for a pass-phrase when I try and un-suspend. If I don't type it, the machine remains effectively halted until I get it right.
Is this dream even remotely realizable?
Basically, the situation I want to protect against is simply that of the laptop being stolen while I'm away from the keyboard -- whether it is powered on at the time, or powered off.
The problem here is that the usual crypto-heads are the types who use ssh and pgp and are already used to having to perform nontrivial system-administration tasks to get things up and running, and who don't mind wading through a command-line alphabet soup to do simple tasks, all day long. What we need is someone who is both a crypto-head, and who understands that their agenda is best served by taking the time to make this software be drool-proof.
It doesn't matter how good the math is if no real users are actually using it. Crypto is only effective if widely deployed. If not, those few who use crypto stand out for targetting.
-
Printout? Nah. Code. Computer readable.
The code in Schneier's book is available at replay.com (which is in the Netherlands), at ftp://ftp.replay.com/pub/replay/pub/applied-crypt
o / . -
Printout? Nah. Code. Computer readable.
The code in Schneier's book is available at replay.com (which is in the Netherlands), at ftp://ftp.replay.com/pub/replay/pub/applied-crypt
o / . -
The EFF did it quite some time ago.
The Electronic Frontier Foundation built custom chips to crack DES by brute force. It took them $250000 and a few months to design the whole thing. I forget how long it took them to crack a DES key, but it wasn't very long.
They wrote a nice-to-read book about it all. It's online somewhere on replay.com . An excellent read. I'm surprised that UNC guy didn't mention it.
The scary thing is that $250000 or $60000 is pocket change for the NSA guys. I don't want to know how long it takes them to break DES keys. -
Somebody smack me with a clue stick