Slashback: SmoothWall, Gopher, Be

Slashback tonight on the slipping of Be through the fingers of Palm, further squashing of ZeoSync, the age of gophers, the invention of everyone's favorite electric-powered pronoun, and more -- just read on.

But can you backtrack through a google cache? pointym5 writes "Checked out the ZeoSync web site lately? Remember all those PhDs on the scientific staff? Well, like I'm sure others did, I sent e-mail to a few of them expressing interest in more technical details. All that I contacted responded with absolute disclaimers of any relationship whatsoever with ZeoSync. This morning I note that most names are gone from the 'org chart' and the scientific team list. There are only five left, including Dr. Piotr Blass, 'developer of one of the world's first web sites.' Wow!"

How smooth is smooth? juct writes: "I appreciate it, that Slashdot gave the SmoothWall Team an opportunity to answer to the concerns in my review of their firewall. But it is full of errors and might leave a wrong feeling of security. So I invite everybody to my Tour on SmoothWall where you can judge for yourself."

Whispered words of wisdom, 'Let it be.' Sander van Dragt writes: "Many BeOS news lately. Not all so good for the BeOS community though. BeUnited, the organization which tried to license BeOS from Palm, has received today a final answer from Palm: '...we have made a firm decision NOT to license any part of this technology other than that which we incorporate into the Palm OS.' It is already known that the new 32-bit PalmOS will feature some elements of the Be technology, but that OS is built for PDAs, not for the desktop."

You can read that letter and the rest of the article on OS news.

And take this as you will -- An Anonymous Coward writes: "osnews.com is reporting that there is a new version of BeOS on the way... A German company called 'yellowTab' is said to be ready to ship a new version of BeOS (Just when everyone thought it was dead, and the final shovel full of dirt laid on top), get the full article here ... Hrm, I sure liked BeOS, I hope this one works out."

Dig, my brethren -- the Gopher Palace is almost complete! SuperguyA1 writes "Lwn is reporting that the gopher team has done it again with a 3.0 release marking Gopher's 10th anniversary. Happy birthday gopher. Thanks for helping me find all the muds I wasted so much time in college on:)"

"Bad connection, say again, you invented WHAT?" mi writes: "Yahoo! reports a potential problem, the Segway Scooter may have in Japan -- a Japanese robotics professor seems to have a patent on something very very similar since 1996. On the other hand, the USPTO knew about, when granting the patent to Segway's Dean Kamen, but still found Mr. Kamen's invention worthy of a patent in 1999. My favorite is the Kazuo Yamafuji's words: 'I would hand over my patent for one dollar if Mr. Kamen admitted that we were first.' Indeed, he just sat on the invention for 15 years."

I want to see the ZeoSync letters!

[grytpype]

Can whoever contacted the ZeoSync "scientific advisory board" give more details about the responses? I don't know why I'm so interested, I guess I just find fraud really fascinating.

BeOS as Embedded OS

[cliffy2000]

BeOS makes quite a capable OS for embedded systems. It seems completely logical that a portable computing company would want an interest in them. It's one of the most efficient OSes (on a operation/cycle) level and it's compatible with many different boards (x86, PPC, 68k, etc). It's really a waste that Palm's letting it go... in some ways, it's the wave of the future, but I guess (to Palm) it's also a relic of the past.

Gopher

[Syre]

back before I had SLIP (or PPP), the choice was Gopher or WWW via Lynx. Of the two, I found Gopher much easier to use.

If asked, I would have said that WWW was going to be a flash in the pan, and that Gopher was the future.

Oh well...

Re:Gopher

[daviddennis]

I was going to start running some kind of Internet server back in 1994. The folks who developed Gopher wanted a $ 500 license fee which I wasn't sure whether I had to pay or not, but I sure knew I couldn't afford.

So I fired up the NCSA web server and never looked back. And once I started using the web and taking advantage of its power, I knew it would soon surpass Gopher.

And, of course, I was right.

D

Segway: Chicken or Egg?

[john82]

The Yahoo article says that the Segway patent mentions Yamafuji's patent. It does not make clear whether the note was made by the USPTO or Kamen. i.e., did Kamen come up with the same idea independently or based on advances over Yamafuji's work? There's also an aside in the article that casts further aspersions on Kamen's stair-climbing wheelchair. That too is patented in the US.

Segway vs Yamafuji

[TheMCP]

Kazuo Yamafuji's words: 'I would hand over my patent for one dollar if Mr. Kamen admitted that we were first.'

Since I think Kamen actually cited Yamafuji's invention in his patent application, that rather implies that he does acknowledge that Yamafuji was first. I don't get what Yamafuji is upset about.

SmoothWall

[Corvidae]

Not trying to be a karma whore here (well, not REALLY trying), but this site really is worth a look if you're thinking about using Smoothwall. IMO, the REAL security concern with it is not the package itself, but the developers in charge of it. I, for one, refuse to support a product led by a group of developers with their heads that far up their ass when it comes to dealing with potential customers. Especially when they beg as loudly as they do for donations...

Speaking of BE.. Did anyone going to the auction?

[caferace]

Frankly, I'd love to go and pick up a BeBox just to toy with. It starts tomorrow, and all the bidding stuff is on Wednesday....

That being said, it's in Menlo Park, Ca. Don't buy your plane tickets tonight. Some of these auctions end up WAY overbid...

I already submitted this!

I submitted the Segway article to Slashdot about Yamafugi's patent with a story on ananova soon after IT was revealed.

Here is the story dated from Story filed: 10:48 Friday 14th December 2001. Why the editors didn't post it is not right.

Here is another interesting link about police using the Segway.

NYTimes: Time.ca Faux Pas

[instinctdesign]

This wasn't one of the mentioned Slashbacks, but it probably could have been. The NY Times is running a story on Time Canada's (free reg...) apparent faux pas on the new iMac announcement. The article is a bit more about the content of the article than the error which was oh so recently immortalized here on slashdot, but its still a good read.

Re:Dr. John Post at the University of Arkansas

[blach]

There is no Dr. John Post on the math faculty here, and as far as I am aware, not in the CS or CE departments either.

Sad to think they had to make up names. They're sinking fast.

Regards
James

Re:God grow some skin

[TellarHK]

Well, the problem isn't with me needing to grow some skin, it's with people needing to understand just what sort of person Richard Morrell is. If you're going to consider trusting your security to someone who uses tactics like these, both in a personal manner and in his use of Open Source as an excuse to try and make a fast buck, you should be aware of the situation. His blatant demand for donation before support is a really poor example for the Open Source community to be showing, a true poster child for unpleasantness.

It costs me just a little bit of time to whip up a page like mine, and even less time to respond to comments like this. Richard didn't threaten lawsuits so much as he threatened (and attempted) to have me falsely accused of hacking. He threatened, repeatedly to "make this personal". My only point in bringing up the specter of legal action was to simply get that on record, if nothing else, to show the scorn and rudeness so often displayed in Richard's correspondence. I have seen other erratic behavior from Richard and others at SmoothWall, such as posting to a mailing list by both Richard and one other, saying that the developers of SmoothWall don't read the list(!). Not only this, but Richard and said other team member were -regulars- on the list.

As I've said a number of times, I may have made some mistakes. But nothing deserving of what occurred, and I'm quite pleased that the majority of responses from people who've read the site have been positive and in some cases informative.

Prior to the 14th, I had no knowledge of the SourceForge forked project "IPCop", and am pleased to say that I wish that team well, and hope that other members of the SmoothWall team with less of a temper issue find a more respectable leader.

ZeoSync does not claim lossless compression?

[Arkaein]

After seeing the renewed comments about ZeoSync's supposed compression technique I decided it might be worth checking out their site to read whatever technical info they might have that wasn't deeply disscused here the last time around.

The most interesting thing I read is in their Technical Description, where they state that they "will have for all intents and purposes successfully encoded lossy universal compression". No where in their description can I find anything that explicitly states that their algorithm is lossless.

They also talk about mapping binary strings into higher dimensional spaces, but that these spaces cannot become super saturated or their "multi dimensional circumvention of the pigeonhole principle breaks down". In other words they do claim to be able to compress all strings of equal size down to smaller strings.

This makes me look at them in a different light. I'm still skeptical because they have offered no proof of their algorithms, but at least in their "technical description" they do not seem to make claims that have already been proven impossible. I also find their talk about multi dimensional representations intriguing, because lots of typical information does become more compressible in higher dimensions. Look at how much better video compression works when encoding just the changes between frames rather than encoding frames individually. An ideal compression algorithm would find such representations in any kind of data (maybe that's where the marketspeak about "random" data came in) and be able to compress it, since all meaningful data is full of patterns.

Think of music, specifically 74 minutes of 16 bit, 44.1 kHz audio. Uncompressed = 650 MB, or about 5e9 bits. That means 2^(5e9) possible 74 minute sound samples. Now think about how many of those are likely to match anyone's idea of music. I don't know if ZeoSync has actually found a way to extract that kind of pattern from arbitrary data, but it seems like the way to go for a universal lossy compression algorithm.

Re:ZeoSync's Claims

[Azog]

You are correct, they should look up the Pigeonhole principle.

The "Layman Process" explaination of their technology is worth a read just for the amusement value. They claim that it is not a compression technology, but that it works by "sending more data across less bandwidth while saving time", and that it "stores massive amounts of data compared to standard binary compression". Well, that sounds like compression to me. You might think that maybe they're referring to a different encoding method, but no, they also say that the data is able to "move rapidly on a fixed set of binary carriers through existing digital transmission devices".

So: They take binary data, do something magical to it, and then it can go across a digital, binary network, faster than any standard binary compression. OK, so what kind of magic is this?

Moving on to the "Technical Process", they have some astonishingly blatant smokescreen to their impossible claims.

First of all, they talk about the "solution to the Pidgeonhole Principle". Well, that's not something you solve, it just is. That's like saying you've learned to fly by "solving" gravity.

And then they "define" the pidgeonhole principle:

Given a number of pidgeons within a sealed room that has a single hole, and which allows only one pigeon at a time to escape the room, how many unique markers are required to individuall mark all of the pigeons as each escapes, one pigeon at a time? After some time a person will reasonably conclude that: "One unique marker is required for each pigeon that flies throught the hole, if there are one hundred pigeons in the group then the answer is one hundred markers".

Well, that's not what the pigeonhole principle is. The pigeonhole principle is simply: If you have more pigeons than holes, then there must be more than one pidgeon in at least one hole. Conversely, if you have less pidgeons than holes, then there must be at least one hole with no pidgeon.

Getting this basic theory wrong proves that they are either hopelessly ignorant or total frauds.

Furthermore, the reason the pidgeonhole principle disproves ridiculous compression claims is there are exponentially more long bitstrings than short bitstrings. So if you claim to be able to represent every long bitstring (the pidgeons) as a short bitstring, (the holes) then there must be at least two long bitstreams represented by one short bitstream. (Two pidgeons in one hole). But that means you can't tell which long bitstream was represented by the short bitstream, and you don't have a real compression algorithm - at least not a lossless one.

And then, Zeosync's alleged "technical explanation" veers off into the most amazing bullsh*t I've read in a long time:

In higher, multi-dimensional projective theory, it is possible to create string nodes that describe significant components of simultaneously identically yet different mathematical entities."

Simultaneously identical yet different. Sure. Uh-huh. Giggle.

But wait! Reading further, I see that they use the word "lossy". The surrounding context simply doesn't make sense, but if you're talking about lossy compression, the pidgeonhole principle is irrelevant, because it's OK to not know exactly which long bitstream a shorter bitstream encodes - that's the whole point of lossy compression - you loose some detail. But then why discuss the pidgeonhole principle at all?

I hope someone sues these hucksters into a smoking crater. I hate it when people lie about fundamental mathematics.

Viewing partial pages in web browsers

[yerricde]

of course then Netscape came out and the rest is history... the main feature of Netscape that made everyone use it was that partial pages were displayed while the images downloaded.

Both IE and Netscape had problems displaying partial pages that contained tables. (IE still does.) The fact that Mozilla can display a partial page (right-click anywhere to force a reflow) makes browsers based on Mozilla code (skipstone, k-meleon, netscape 6.x, etc) feel faster than browsers based on MSHTML (winamp, neoplanet, msie, etc), especially when displaying tall tables such as the one Slashdot's standard mode uses to draw its page.

Re:ZeoSync's Claims

[Azog]

Digging around I found some more interesting stuff. First of all, if you get the PDF org chart, the information on that essentially contradicts the Flash propaganda - the technical staff seems to be divided into two teams, one "Advanced Compression Technologies Team" and one "Singular Bit Varience [sic] Encoder Team".

The org chart also mentions Wavelets, Fractals, and Sub-band compression... So much for the website that claims their technology isn't actually compression...

Maybe, just maybe, the scientists actually do have some sort of interesting compression technology, but the marketing / business people have spun and hyped it up, totally out of control and totally out of touch with reality. But I don't think so - marketing people alone wouldn't be able to come up with the pseudo-scientific drivel on that website.

Moving on, you see that Dr. Burko Fuhrt and Dr. Piotr Blass are from Florida Atlantic University. Sure enough, doing a search of the university website turns up a few computer science classes... but that's interesting... All of Fuhrt's classes for Fall 2001 were cancelled, and they don't seem to be teaching anything in Spring 2002... Blass is an Instructor, apparently not a tenured professor, while Furht is a professor. They don't seem to have home pages so it's hard to know much about them.

Dr. Steve Smale of Berkely, on the other hand, looks like the real thing - a serious mathemetician. Someone should contact him and find out if he knows he's on the Zeosync org chart, and if so, what he thinks of their web site... I'd hate to see a genuine researcher inadvertently associated with something phony.

The Zeosync website claims that John Post of the University of Arkansas is on the Zeosync team, but a search of that University's directory turns up no hits for that name, and he doesn't have a home page there.

Very strange indeed.

Re:Yet another smoothwall security hole

[slashdot.org]

Yes, it runs it as root.

And like the guy says, if you can hijack the string (= argv[1]) you can execute almost any program as root.

Since popen hands this to a shell, things like .. are expanded. E.g. you can execute most anything,- consider for example argv[1] = "../../usr/sbin/bla > "

This would basically execute
/usr/sbin/bla > /setup

If you want you can also remove the /setup by just adding "../usr/../usr/../usr" (or plain whitespace may work too) until you overflow the buffer and have snprintf throw the rest away.

In this case I don't know where argv[1] comes from, but it would have to be a very trustworthy source. In general it's fairly stupid to execute commands based on a parameter, especially as root.

Re:OT: Re:Announcement *on* Gopher

[Ozx]

I'll eat at your soul, because I own you... I've drilled right into your flesh with my ironic retard beating stick, and I'm not letting go... You picked this war with reason by embodying a form of hypocrisy unignorable any longer...

Your posts are filled with complete drivel, often incorrect, and always from a position of undeserved prestige...

Accept yourself and stop harping like you matter...

Make sure to do all sorts of gay stuff thinking of me, sweety...