The new Slashdot fortune generator. Now with story-relevance AI: Woolsey-Swanson Rule: People would rather live with a problem they cannot solve rather than accept a solution they cannot understand.
From the original "Forgent" Press Release: "We wanted to ensure the investment community and the general public are clear about the terms of our valuable JPEG data compression technology, one of the many technologies we have in our patent portfolio," stated Richard Snyder, chairman and chief executive officer at Forgent. "We are in ongoing discussions with other manufacturers of digital still cameras, printers, scanners and other products that use JPEG technology for licensing opportunities."
I'm not sure I'd even praise the JPEG group for taking swift action - I'd say they're doing what's necessary to combat Forgent's crime. Doing their job as a standards body like an officer does his job as a member of the police. Read that press release again, and try not to grit your teeth.
If you want my opinion (and I'm sure you don't), a company whose business plan involves sitting on a patent for eleven years, then springing back to life to collect, doesn't just need to be stopped. They need to be prosecuted - for a calculated conspiracy to defraud the general public and standards bodies.
Right on. If I actually bothered to moderate, I'd give you my +1.
It's really sad when an industry sees that 10% of the population is not purchasing their product, and then has the gall to spin it into accusations of crime.
As if the ones not purchasing CDs are somehow responsible for the rapidly declining quality. Perhaps it's the other way around.
You can easily record any show or movie you want from cable, using the times published in the newspaper as a guide. Put your new tapes/VCDs right next to those CDs on your shelf.
The same is not true for radio "programs", which normally shuffle schedules around and talk over songs in a vain attempt to get you to shell out $17.50.
slashdot is a chicken ranch, karma whorehouse filled with pedophiles, inbred freaks, and terrorist sympathizers. Most of you probably steal music, movies (like your precious tentacle rape anime) and I know the vast majority are turd burglers. How will those japanese scat artists make a living if no one pays for their work? Unlike you, they cannot live on the shit they eat for pleasure the way michael does.
You need to provide them with personal information in order to read about how they propose to manage your personal information. That's a fitting start.
What's the deal with the whole single sign-on thing, anyway? "Liberty" from Passport through yet another centralized login system. Great. Like having the enemy in your sights, turning the shotgun around, and blowing your own head off.
I just try to be as technical as possible. It is very important to me... People do not use the right words some of the time. Starting a fight is really easy. But instead of saying, for example, "You are full of shit," you can just say, "I don't think you are really right." You have to use the right words.
I'm not the parent poster, though - I didn't make any of the "assertions" that he may have. Nor do I let Microsoft store any of my passwords, for that matter.
But, assuming processing on the client side (with access to the plaintext), you're right - it's trivial.
Three seconds of thought and I came up with an algorithm to convert even encrypted passwords to their case-insensitive version. If I can do it in three seconds, I'm sure Microsoft's advanced research labs have at least as good a solution.
Here ya go:
e8ea8edcca6fe54eb3e417785a11f85e
That's MD5. Reply with your lowercase version of the hash, please.
No, it's an "I haven't been convinced that I have anything to gain from it" attitude. The burden isn't on any of us to pay money to test a company's product.
Yet for some reason, a lot of Windows XP advocates seem to think it is. Not that you are one - I'm just speaking from my general experience.
NO NO NO NO NO. Really. This is important. MS is not the final authority. The USER is, because the USER decides who will be a trusted authority.
So, all this strong encryption and hardware-enforced execution policy, and we're back to square one. The user has to decide whether or not to run that e-mail attachment they just received. That doesn't quite sound like an 'initiative' to me.
This 'initiative' doesn't formalize the software code signing or trust system - it's been there in Windows since 1998 or so. What it does do is force it into hardware so that everyone, including developers, are made to use it. And who does that help? System administrators can force trust on by themselves using system-wide policies, and most home users would switch it off (if they were allowed to) the moment it prevented them from running something.
This is designed to tighten Microsoft's grip on software distribution channels. By requiring certificates for software developers (essentially a developer license), and colluding with hardware manufactures to only manufacture 'trusted' hardware, Microsoft is attempting to lock out non-commercial and free software.
Broaden the definition of 'software' to include 'content', and we're all really fucked.
Yeah, I see it now. And I'm actually quite frightened I missed it on my initial read.:)
Having just finished reading the Gobbles docs, though - The really cool part was the trace down through the error handler, through fatal(), which at some point downstream used a function pointer to call a destructor. Since the overflowed buffer wasn't on the stack, it took a little bit of initial frobbing to reclaim a malloc block close enough to the function pointer.
If that wasn't impressive enough, there was even a comic strip to go with the exploit.:)
Disclaimer: I don't want to know this so I can run around and r00t a bunch of machines. I'm genuinely interested, since the flaw wasn't immediately apparent to me when I glanced at the patch a few days ago.
With that said - does anyone have an analysis/description of where in the source the overflow was actually exploitable? I followed the auth_chall2.c call path fairly far, and didn't manage to find where nresp > 100 would actually overflow. It doesn't seem to be exploitable in the xmalloc() immediately following the patch, unless I really missed something. I didn't trace into openssl, so if it's an interaction between the two libraries, I wouldn't have hit it.
Hints, pointers, source snippets? All are appreciated.:)
Why don't you just send him a check? Maybe make a donation, or go to a concert.
It just seems odd that, in order to support his stance against the draconian copyright/DRM stuff the RIAA is attempting to hoist on everyone, you advocate going out to... buy more CDs from the RIAA.
Yeah, yeah, maybe I'm being too serious about all this. But, hell, if you're going to be anti- something, why not do it right?
That's quite a bit more than "marginally increase the quality". That's about 27.21088 TIMES better quality than regular cd's.
If you take the relationship of kilohertz to perceived quality to be linear. I'm guessing it's not.
Not sure why you got moderated down into the -1 pit, since it is a valid point. It's my opinion, though, that relative to the drawbacks of a heavyweight DRM system, the increase in quality is negligable.
I'd much rather have 44.1 open kilohertz then 1.2 drm-restricted megahertz. And judging by what's floating around on file-sharing systems (lots of 96-128kpbs crap), I'm in good company.
Slashdot Mirror
The new Slashdot fortune generator. Now with story-relevance AI:
Woolsey-Swanson Rule: People would rather live with a problem they cannot solve rather than accept a solution they cannot understand.
Excellent. Still laughing. :)
<bitter angst, non-software related>
Up to a certain number of times, and then it begins to wear you down.
</bitter angst, non-software related>
Better than when someone you like does things to you that you hate.
Amazing how software licensing can be like a really bad relationship, isn't it?
You must mean Sacstroker Audiotorium. :)
And come to think of it, I never did get around to sneaking out into the quad at 2:00am with a ladder, and finally doing a swap('sac', 'stro').
"We wanted to ensure the investment community and the general public are clear about the terms of our valuable JPEG data compression technology, one of the many technologies we have in our patent portfolio," stated Richard Snyder, chairman and chief executive officer at Forgent. "We are in ongoing discussions with other manufacturers of digital still cameras, printers, scanners and other products that use JPEG technology for licensing opportunities."
I'm not sure I'd even praise the JPEG group for taking swift action - I'd say they're doing what's necessary to combat Forgent's crime. Doing their job as a standards body like an officer does his job as a member of the police. Read that press release again, and try not to grit your teeth.
If you want my opinion (and I'm sure you don't), a company whose business plan involves sitting on a patent for eleven years, then springing back to life to collect, doesn't just need to be stopped. They need to be prosecuted - for a calculated conspiracy to defraud the general public and standards bodies.
Right on. If I actually bothered to moderate, I'd give you my +1.
It's really sad when an industry sees that 10% of the population is not purchasing their product, and then has the gall to spin it into accusations of crime.
As if the ones not purchasing CDs are somehow responsible for the rapidly declining quality. Perhaps it's the other way around.
Here's my break:
https://www.codewhore.org/node.php?id=1042
I don't like feigning ignorance. I prefer to violate stupid and nearly unenforcable corporate laws, and to do so with malice.
Why would upgrading the firmware on a product you own not be "completely legal"?
What strange DMCA-ridden world is this that I've suddenly fallen in to? It's dark in here.
You can easily record any show or movie you want from cable, using the times published in the newspaper as a guide. Put your new tapes/VCDs right next to those CDs on your shelf.
The same is not true for radio "programs", which normally shuffle schedules around and talk over songs in a vain attempt to get you to shell out $17.50.
CLIT still 0wns you fruits!
You need to provide them with personal information in order to read about how they propose to manage your personal information. That's a fitting start.
What's the deal with the whole single sign-on thing, anyway? "Liberty" from Passport through yet another centralized login system. Great. Like having the enemy in your sights, turning the shotgun around, and blowing your own head off.
Actually, it did.
1 61/1uj1d.html
http://news.yahoo.com/news?tmpl=story2&u=/020714/
I just try to be as technical as possible. It is very important to me... People do not use the right words some of the time. Starting a fight is really easy. But instead of saying, for example, "You are full of shit," you can just say, "I don't think you are really right." You have to use the right words.
Slashdot could learn a lot from this guy.
Yeah, I know. I'm just giving you a hard time. :)
I'm not the parent poster, though - I didn't make any of the "assertions" that he may have. Nor do I let Microsoft store any of my passwords, for that matter.
But, assuming processing on the client side (with access to the plaintext), you're right - it's trivial.
Three seconds of thought and I came up with an algorithm to convert even encrypted passwords to their case-insensitive version. If I can do it in three seconds, I'm sure Microsoft's advanced research labs have at least as good a solution.
Here ya go:
e8ea8edcca6fe54eb3e417785a11f85e
That's MD5. Reply with your lowercase version of the hash, please.
No, it's an "I haven't been convinced that I have anything to gain from it" attitude. The burden isn't on any of us to pay money to test a company's product.
Yet for some reason, a lot of Windows XP advocates seem to think it is. Not that you are one - I'm just speaking from my general experience.
Google is your friend.
m l
http://www.ibiblio.org/mdw/HOWTO/Chinese-HOWTO.ht
NO NO NO NO NO. Really. This is important. MS is not the final authority. The USER is, because the USER decides who will be a trusted authority.
So, all this strong encryption and hardware-enforced execution policy, and we're back to square one. The user has to decide whether or not to run that e-mail attachment they just received. That doesn't quite sound like an 'initiative' to me.
This 'initiative' doesn't formalize the software code signing or trust system - it's been there in Windows since 1998 or so. What it does do is force it into hardware so that everyone, including developers, are made to use it. And who does that help? System administrators can force trust on by themselves using system-wide policies, and most home users would switch it off (if they were allowed to) the moment it prevented them from running something.
This is designed to tighten Microsoft's grip on software distribution channels. By requiring certificates for software developers (essentially a developer license), and colluding with hardware manufactures to only manufacture 'trusted' hardware, Microsoft is attempting to lock out non-commercial and free software.
Broaden the definition of 'software' to include 'content', and we're all really fucked.
Yeah, I see it now. And I'm actually quite frightened I missed it on my initial read. :)
:)
Having just finished reading the Gobbles docs, though - The really cool part was the trace down through the error handler, through fatal(), which at some point downstream used a function pointer to call a destructor. Since the overflowed buffer wasn't on the stack, it took a little bit of initial frobbing to reclaim a malloc block close enough to the function pointer.
If that wasn't impressive enough, there was even a comic strip to go with the exploit.
Thanks a lot. By the way, if anyone else is interested, the 01_DETAILS file in that tarball contains a really nice analysis.
Disclaimer: I don't want to know this so I can run around and r00t a bunch of machines. I'm genuinely interested, since the flaw wasn't immediately apparent to me when I glanced at the patch a few days ago.
:)
With that said - does anyone have an analysis/description of where in the source the overflow was actually exploitable? I followed the auth_chall2.c call path fairly far, and didn't manage to find where nresp > 100 would actually overflow. It doesn't seem to be exploitable in the xmalloc() immediately following the patch, unless I really missed something. I didn't trace into openssl, so if it's an interaction between the two libraries, I wouldn't have hit it.
Hints, pointers, source snippets? All are appreciated.
And once again, the porn industry becomes the first beneficiary of a new technology.
I guess this could work to my advantage, though. Can I get a site license?
Why don't you just send him a check? Maybe make a donation, or go to a concert.
It just seems odd that, in order to support his stance against the draconian copyright/DRM stuff the RIAA is attempting to hoist on everyone, you advocate going out to... buy more CDs from the RIAA.
Yeah, yeah, maybe I'm being too serious about all this. But, hell, if you're going to be anti- something, why not do it right?
That's quite a bit more than "marginally increase the quality". That's about 27.21088 TIMES better quality than regular cd's.
If you take the relationship of kilohertz to perceived quality to be linear. I'm guessing it's not.
Not sure why you got moderated down into the -1 pit, since it is a valid point. It's my opinion, though, that relative to the drawbacks of a heavyweight DRM system, the increase in quality is negligable.
I'd much rather have 44.1 open kilohertz then 1.2 drm-restricted megahertz. And judging by what's floating around on file-sharing systems (lots of 96-128kpbs crap), I'm in good company.