Slashdot Mirror


User: Animats

Animats's activity in the archive.

Stories
0
Comments
14,273
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 14,273

  1. Archival quality CD/DVD blanks on What Makes a Good CD/DVD Duplicator? · · Score: 3, Informative
    There are archival quality CD blanks. They use phthalocyanine dyes, which require a slower writing rate but last longer. But the blanks are about $1.50 to $2.00 each, and are not widely available.

    Mitsui claims that their new dye formulation for their DVD-R and DVD+R blanks has a >100 year life, but they don't offer any independent information to back that up.

  2. SCOX support level at 6? on Royal Bank of Canada Cashes Out of SCO; SCO Begins Layoffs · · Score: 3, Interesting
    There seems to be an effort by somebody to keep the price from dropping below 6.0. Look at the 5 day chart. Every time the price dips below 6.0, there's a buy to push it back up to 6, but no higher. Thursday's chart is striking in this respect. It looks like somebody had a limit order in at 6.0. This may be SCO's announced "stock buyback" program. It will be interesting to see the SEC filings for the next quarter, when we find out how much cash went into the buyback.

    SCOX closed at 6.01 on Thursday and 5.99 on Friday. That does look like an effort to maintain the price.

    This only works until SCO runs out of cash, of course.

  3. Re:Vendor-dominated security group issues bad repo on Worms Jack Up the Total Cost of Windows · · Score: 1

    Notice the part where they ask for a tax break.

  4. Vendor-dominated security group issues bad report on Worms Jack Up the Total Cost of Windows · · Score: 5, Interesting
    The "National Cyber Security Partnership" has issued a new report on computer security. It focuses on how vendors can avoid responsibility for the defects in their products. The report suggests that the government weaken the Common Criteria for evaluating software security to conform to "commercial reality". The report suggests that the Government, at taxpayer expense, develop "code scanning" tools usable on existing software, thus deferring any action by vendors. There's no suggestion that vendors be held responsible for security flaws, or that any major changes, either technical or in business models. are required by vendors.

    Virus authors have nothing to worry about from this security group.

    Some excerpts:

    • While strong out-of-the-box security configurations are preferred, it is recognized that updating existing products to comply with this requirement can be costly, time-consuming and can result in various incompatibilities with current and supported versions of the product. As a result, it may not be possible for a vendor to transition a product to a more secure out-of-the-box state for several years, depending on product release cycles. ...

      In conjunction with the above recommendations, the requirement for medium or higher assurance evaluations (Evaluation Assurance Level 4+ [EAL4+]) for commercial products should be dropped, since the stated reason for higher assurance evaluations by the proponents is the ability to do vulnerability analysis. Higher assurance evaluations for commercial software impose a cost burden that even the largest IT vendors cannot bear or should not bear; they do not substantially improve product security, but may result in vendors paying multiple times for the same evaluation in different markets. Furthermore, finding faults in software that has already shipped is far more expensive and less effective than giving vendors the tools to be used during the development process. ...

      In order to promote the evaluation of more products, the U.S. Government should help offset the expenses of CC evaluation through research and development tax credits or paying part of the evaluation costs.

    Whose side are these guys on?
  5. Re:The hole Ironport wants you to install on Microsoft Will Sell Whitelist Services For Hotmail · · Score: 1
    If the rules changed to the DMA 4 pillars, how many ISPs and other organizations would continue to query bonded sender? This program would die a quick death.

    I hope you're right. But this involves Microsoft.

  6. What, no Bluetooth connection to the wristwatch? on A Running Shoe For Agent 86? · · Score: 4, Funny

    You can't tune the thing while running? That is so lame.

  7. Fragility of the decoder on Programming As If Performance Mattered · · Score: 3, Interesting
    "I was also bothered--and I freely admit that I am probably one of the few people this would bother--by the fragility of my decoder."

    And, sure enough, there's a known, exploitable buffer overflow in Microsoft's RLE image decoder.

  8. Re:Actually, SCO's stock is flat this week on NRF Calls SCO's Claims 'Meritless' · · Score: 1
    You know they will try to delay it again, and again, and again.............

    SCO has paid a price for that delay. SCO had to abandon the trade secret claim. SCO had to narrow their copyright claims. They've already had to back off quite a bit. SCO is not gaining by the delays; they're losing.

    AutoZone has a motion pending to put their case on hold until the IBM case is decided. They cite SCO's stalling in the IBM case as a reason to do this, and the court in the AutoZone case is likely to agree. Especially since SCO asked the court in the Red Hat case to stall that case until the IBM case is decided, and that court agreed.

    If that happens, all further SCO-initiated lawsuits will go on hold until IBM is done with them. Further SCO-initiated lawsuits are then an empty threat.

  9. Re:It's time to tighten up C++ on Microsoft Drops Next-Generation Security Project [updated] · · Score: 1

    That's my point. After two decades of buffer overflows, it's time to fix the problem. It's going to cost. It's going to hurt. It has to be done, like Y2K fixes.

  10. Re:The hole Ironport wants you to install on Microsoft Will Sell Whitelist Services For Hotmail · · Score: 2, Interesting
    The trouble, though, is that IronPort/BondedSender reserves the right to change the rules at any time. Already, bulk mailers are complaining the rules are too restrictive. Once they have all the backdoors in place at major ISPs, they can change the rules.

    A likely change would be to embrace the Direct Marketing Association's "Four Pillars of Responsible E-Mail Marketing".. That's opt-out, not opt-in. And it's "narrow opt-out"; you may have to opt out for each "line of business" of each spammer separately. Once for Viagra, once for refinancing, once for toner cartridges...

    My point is that you don't want to blindly let through everything Ironport sends. You might give them some credit in the spam filters, but don't just open a hole.

  11. Actually, SCO's stock is flat this week on NRF Calls SCO's Claims 'Meritless' · · Score: 4, Informative
    It's a slow week for SCOX. It's been trading around 6.25 +- 0.25 for the last week. Volume is down. Over the last six months, the stock has tanked. It started the year around 18. But this week is slow.

    The market is losing interest in SCOX. It's clear now that there's no big near-term win there.

    It's hard to get excited about a press release from a lobbyist from a trade association, especially when it doesn't announce any action. But it's good to have statements like that, because it discourages Congressional action. Recall that SCO was lobbying Congress at one point. With IBM, Damlier-Chrysler, Utah's Novell, Goldman Sachs, and the National Retail Federation against SCO, Congress isn't going to do anything stupid.

    The real action is in the SCO vs IBM lawsuit, where SCO is not doing well. SCO has narrowed their copyright claim. SCO had a deadline coming up on the discovery front, where they have to disclose the "infringing code". They're close to the "put up or shut up" point in that case. They've stalled and stalled, but it didn't work. One motion at a time, IBM has whittled away at SCO's claims. The trade secret claim is gone. The copyright claims are steadily shrinking. The claim that the GPL is "unconstitutional" is gone. Meanwhile, IBM's claims against SCO threaten SCO's remaining cash.

  12. It's time to tighten up C++ on Microsoft Drops Next-Generation Security Project [updated] · · Score: 5, Interesting
    Stop using languages/tools that allow you have buffer overflows in code. That'll cut out 90% of critical updates in one swoop.

    Yes. I've been trying to get the C++ committee to tighten up that language for years, with little success. It's time to get more serious about this, and apply pressure via ANSI (which is supposed to insure that standards are safe) and the Department of Homeland Security's National Cyber Security Division. Like it or not, we need to go to full subscript checking for anything that could possibly be exploited. The resulting 10-20% performance hit is minor compared to the costs of dealing with these attacks.

    I've sent this to the C++ committee:

    • After the damage caused by the Sasser worm, the latest in a long series of buffer overflow exploits, perhaps the designed-in lack of safety in C++ should be reconsidered.

      The Sasser worm exploits a buffer overflow in Microsoft's LSASS service, which is, apparently, written in C++.

      Perhaps more weight should be given by the Standards Committee to tightening up C++ and making it a safer language. The Committee has consistently rejected most suggestions which tighten up the language, usually on the grounds that they would impact existing code or prevent some dangerous but valid code from being used.

      It is now appropriate to ask ANSI, and the Department of Homeland Security's National Cyber Security Division, to reevaluate the C++ committee's priorities in the light of the documented and substantial damage caused by weak safety features of the language. Whether the committee should be permitted to promulgate unsafe technologies with ANSI approval must be seriously questioned at this point.

    That will probably be ineffective. The appropriate forum will probably be Congressional hearings on computer security, which were threatened last year after the SOBIG virus, and are likely to happen this year.

  13. The hole Ironport wants you to install on Microsoft Will Sell Whitelist Services For Hotmail · · Score: 4, Informative
    IronPort wants you to install a hole to let their stuff through. For SpamAssassin, for example, they want you to put in
    • header RCVD_IN_BONDEDSENDER eval:check_rbl('relay', 'sa.bondedsender.org.')
      describe RCVD_IN_BONDEDSENDER Received via a whitelisted Bonded Sender address
      score RCVD_IN_BONDEDSENDER -100.000

    Note that "-100.000". That says "accept this, even if it looks like spam". You might want to use, say, "-3.0" instead. Give them a little credit, but don't open the floodgates.

    Watch for spam with the "RCVD_IN_BONDEDSENDER" flag in the X-Spam-Status header line. You might want to have Mozilla (I assume Slashdot readers aren't using Outlook) move such messages into a "Bonded Sender" folder. That lets you watch what they're sending.

    As soon as you find a real spam passed by BondedSender, please post it to NANAE.

  14. The "bond" is $200 to $4000, not $20,000 on Microsoft Will Sell Whitelist Services For Hotmail · · Score: 1

    Where did that "$20,000 bond" figure come from? BondedSender's price list starts at $200, for nonprofits. The "bond" for sending 5,000,000 spams is only $1000. And for $2000, you get to send 50,000,000 spams. Per month.

  15. Creeping featurism on Linux Smartphones On The Rise · · Score: 1
    It's getting hard to get good low-end phones. Ones that are small, indestructable, easy to use, and with really long battery life.

    Motorola came close for a while, but they seem to have had a falling out with Sprint.

    There are still interesting things to be done in the phone space other than more keyboard-oriented features. Active background noise cancellation. Waterproofing. Better voice recognition for voice dialing. An interface with directory assistance that puts numbers you're given into your phone's memory.

    Or new form factors. I'm surprised we haven't seen the earring/pendant/belt wearable version for teenage girls.

  16. Removal is not enough! on Sasser Worm Disruption Growing · · Score: 1
    This is what LASSS does:
    • It includes such information as what domains are entrusted to authenticate logon attempts, who has permission to access the system and how (interactive, network, and service logons), who is assigned which privileges, and what kind of security auditing is to be performed. The Lsass policy database also stores "secrets" that include logon information used for cached domain logons and Win32 service user-account logons.

    LASSS is the security policy manager for NT and XP. If that's been compromised, you have to assume it was used to put in a back door. Or to transmit password-type "secrets" to some external site. It may also have changed the logs to hide it. You've got to rebuild and reexamine the entire security policy database. Passwords may have been compromised. Local shares may be exposed to outside attack.

  17. If it works, why this application? on Gas Plasma Antennas Help Wi-Fi Security · · Score: 2, Interesting
    If this thing actually worked, they'd be selling it for applications that really need steerable directionality, like radars and satellite receivers. If they're selling it for "homeland security", it's probably not that good.

    The "war on terror" is turning into a pork program.

  18. The end of high margins on CPUs. on AMD Beats Intel in CPU Sales · · Score: 2, Troll
    The era of big profits on CPUs is over. They're a commodity now. That's killing Intel.

    There's a big change coming to the CPU industry. One of the major graphics chip manufacturers is about to put an x86 CPU in their chipset. This cuts out the CPU vendors entirely.

  19. Open source tax: $60 per yer on Red Hat Desktop Unveiled · · Score: 0
    How did open source software end up costing $60 per year per machine? Something has gone wrong here. How did a situation get created where you can't make copies of open source software for free? Apparently, all you have to do is "contaminate" the distribution with some proprietary software, and you get to crank up the price.

    What would it take to replace the proprietary parts of Red Hat's distro with open source software?

    Selling support is fine, but Red Hat is now basically a Microsoft competitor. Red Hat's pricing is roughly comparable to Microsoft's now.

  20. The vaporware problem on Directed Sound · · Score: 1
    While this thing really does exist, Holosonics seems to have problems getting the product out. They announced a new version at CES back in January, but it's still not on their web site.

    Once they get it working and get the price down, there are good applications. PC speakers for office environments. Audio at trade shows. Anywhere there are many audio sources that you don't want to interfere.

    It's not clear what the holdup is. It doesn't seem that complicated.

  21. Re:Collision detection on Blender 2.33 Re-enables Game Engine · · Score: 1
    I've always had some stability issues with spring/damper systems - they seem to me to be a little sensitive to floating point errors when you create very stiff springs.

    Yes, they are, and those errors must be detected and bounded. But it can all work. Not easily.

    Treating contact points as a joint handles the easy cases rapidly. But sliding contact is a problem.

    Doing spring/damper in real time for a complex world would probably take more CPU than is presently available, but if you were doing a two-person fighter and wanted really good physics, it could work.

    I always wanted to do more in the control area for physically-based character animation, but assembling mocap segments works well enough for most game applications. Besides, if you have physically realistic characters, they have to have human-quality reflexes. Even controlling legged running is tough, let alone martial arts. Because legged locomotion is dominated by sliding contact problems, I've been interested in getting better physical simulation techniques in that area.

    There's been some recent work reported at GDC on Verlet integration for implicit integration in a physics engine. That may lead to faster spring/damper systems. See the 2004 GDC proceedings. I tried several implicit integrators a few years ago, and they worked, but the convergence time for the nonlinear solver for a single big step was worse than the time to do many little steps with explicit RK4 integration. Recomputing the Jacobian by differencing is too expensive, and is needed too frequently. Maybe if you had analytical Jacobians... Somebody needs to crack that performance problem. But you don't want to tackle that one when you have a game to ship.

  22. Re:iPod on Super MP3 Will Feature User Tracking · · Score: 1
    So use four channel headphones.

    For that "thumpa, thumpa thumpa" subwoofer effect, there's the Aura Interactor chest-mounted subwoofer.

  23. For that, you buy Havok on Cinematic Game Graphics · · Score: 1
    That's what commercial physics engines like Havok are for, The Havok engine on the Playstation 2 reportedly uses the vector processors, so special purpose hardware is already being used.

    Massive parallelism is helpful to a physics engine, as are lots of fast FPUs. (Preferably double precision. Single precision in a physics engine requires workarounds for the low precision, if the world is at all big. You lose precision when far from the origin. The PS2 has single precision floating point only, which is a headache.) You do lots of 4x4 matrix multiplies, so the same kind of hardware that appears in the geometry-acceleration part of a GPU is helpful. There's not much use for the back end of a GPU, with the frame buffers, Z buffers, and fill engine.

    The hardware requirements for a physics engine look much like those for a number-crunching supercomputer. That's not surprising; the calculations are quite similar. Amusingly. the biggest supercomputer today, the Earth Simulator in Japan, has a architecture that looks vaguely similar to a PS2.

  24. Re:Collision detection on Blender 2.33 Re-enables Game Engine · · Score: 1
    I'm John Nagle, owner of Animats, and you can reach me through the addresses on the Animats web site.

    If you have to handle the hard cases, like multiple simultaneous sliding contacts, the Baraff-type LCP solutions don't really work too well, or at least they didn't a few years ago. I realize there's been some progress. I prefer spring/damper simulators, because you can handle frictional contacts right and you don't have the zero-time bounces (the "boink problem") of impulse/constraint systems. The CPU load is higher, but that's less of a problem than it used to be.

    A good test of a physics system is the spinning top. That's easy to set up. The base should roll around a little (it has a nonzero diameter), the top should precess, it should recover from small disturbing impacts, and over time, the speed of the top should slow. Just like a real top. If it doesn't behave like that, something is broken.

  25. Re:Collision detection on Blender 2.33 Re-enables Game Engine · · Score: 1
    Bouncing balls, yes. Bouncing humanoid figures with joints, friction, and multiple contacts, no.

    I'm the inventor of "ragdoll physics". More of my physics videos. Those are from work done in 1996-1998. (The videos are overcompressed; everybody had less bandwidth back then.)

    The difference between "sort of works" and "works as well as that" is non-trivial. That's why I collect royalties on the technology.