We could just block people who aren't seen as useful to the cause.. even if all we did was force them to request permission to join us before we gave them access. Some sort of shared login facility (not Passport!) shared between opensource sites. Force people to read a little statement before they can open an account or logon.
I've sometimes considered adding a clause to my software that it was only available under GPL-like rules if the user ceeded all their own IP under an opensource-style license. It's probably a bad idea but for example that would have meant that SCO had absolutely no leg to stand on if any bit of software they had ever used had such a clause. I'm not sure if it'd hold up in court though.. it's awful broad.. but then so are many EULA's.
I don't find being a consumer offensive.. I find the fact that often people are kept from being producers offensive.
So irritate people. They aren't paying for our work. Most of them don't even submit bug reports. Just because we give our efforts away for free doesn't mean we have to play the part of the loyal slave.
You've obviously never worked in sales. The whole point is to get every customer you can. This is the same reason it's bad to create websites for your company that are IE specific, require the user download plugin's, etc. Never turn customers away without a damn good reason. If device makers would just release their device specs and/or source code to the drivers they've already written other people would write the drivers for Linux. Thus the whole point of opensource. If you think Linux people don't buy 3com then you must not know many Linux users. Sure, not all Linux users buy 3com but many do.
How often is their a new OS market for devices? I can't imagine 3com made much money off their BeOS market. If they, and others, had released their source code then BeOS may have been where Linux is today. They had a good start but they just didn't have the resoures to keep fighting. Now they have no (well very little) BeOS market. Holding their code close has really paid off.
Most drivers are pretty simple. You can reverse engineer device specs from them pretty quickly. You might make a few mistakes but those are easily fixed as they are found. Somehow I doubt clone companies would often bother with clean room standards. Most likely they'd put an experienced team on the project and be getting results the first day. Once it works and is refactored it'd be awful hard to claim that it isn't an original work.. because it is an original work. In the least most variable and function names would be different.. comments would be different.. a lot of the code would be different. When you decompile something the result almost never looks like the original. If they get a 6 month headstart it'll be from the effort of manufacturing the hardware.. not from reverse engineering the drivers. Besides most clones use the same chips etc that the originals use and I'm sure when they buy those chips they get directions on how they are used. Usually they do get a sample driver and they only modify it as needed for any changes they make in their own devices. Which is why often you'll find drivers that work with a name brand device and many clones, but not all clones. Often enough these drivers are on the brand name device's website and include notes to this effect. Video cards especially I've noticed have those a lot.
You could always kidnap Bill Gates and do some dental torture to teach him why security is a good thing to build into his products. If his house runs Windows you can just infect it with a N0vAkaN3 virus to disable his security system and walk in and get him. That and he really must be made to pay for writing those horrible, laughable, The Road Ahead books.
I've never tried REC. Your description doesn't really make it sound worth the effort of trying either.;)
I don't remember the name of the decompiler I used to use but that was like 10 years ago. I find it a lil hard to believe that there has been no progress in decompiling during all that time (though I've yet to really look) and the free decompiler I used back them could make C/Asm code that could (usually) compile back into the functional equivilant program. True that the code had a lot of inline asm still mixed in and no real variable or function names but it was a start. Again, no worse than that which this guy produced doing the same thing by hand.
I've also never tried decompiling any really large complex programs (like M$ Office) so possibly it wouldn't work on that all that well.. but drivers usually shouldn't be very complex.
It sounds more like not telling customers where your business is at to me. Sure then your competition will have to work harder to find you.. but it also keeps away many potential customers. To me that seems a bad thing. As a business-man I was always trained to maximize the size of my market.
I could see the DMCA being a possible weapon against the competition but in most cases not the effort of actually reverse engineering a driver. If the competition is expert enough to be real competition anyway then they could probably reverse engineer most drivers in a few days time at most. Probably most of these could be duplicated by making tiny changes to existing known drivers. (Which is why on kernel lists etc you get a lot of converation about feeling in these lil holes.) Again, hardly enough gain to make it worth the market loss.
Actually I used to decompile programs written either by hand in assembly, using the Terse programming language, or using C. For various reasons but enough to know that decompilers worked okay. I have no idea really how they'd work on a VB program.. I've never tried.. and I've never seen one worth bothering.;)
I've not used IDA Pro so I can't say how well it does but it sounded from his description if it stopped short of decompiling to C (or psuedo-C if you like).. and he did that step by hand. It just seems a decompiler would have saved him a step or two. Obviously you still have to make something of the results by hand afterwards either way.
Still.. the whole point of not releasing the source is to not release the info about the device. They don't release that info because they (or someone they have licensed tech from is delusional enough to think that without the source code competitiors can't figure out that info and thus can't compete as well. Obviously people do figure out that info all the time through various means of reverse engineering.. so all they are doing is making it hard and delaying support and thus sales to non-Windows users that might want to buy their device.
The MPAA shouldn't care about an MPEG decoder. The only thing I can see them caring about is if the decoder can handle CSS.. and thus need to somehow hide it's keys and such.. which seems a moot point as they've already been cracked.
I don't remember what the ones I used to use was called but if you Google for 'C decompiler' you should find some useful results. An opensource project to build a retargetable decompiler can be seen at http://boomerang.sourceforge.net/ but I haven't tried it so can't say how good it is.
Decompilers have limitations of course but I think they're easier as a first step (usually) than working with raw binary or even assembly. Once you get a mixed C/Asm source it's much easier to clean the code up and refactor than starting from scratch.
Some decompilers only work on binaries of a certain type or produced by a certain compiler. Others are more generic. Either way they can be useful.
Why not use a program that automaticlly takes the binary and builds a C program from it? You still have to pick through the logic to give things helpful function/variable names and refactor but it'd save the step discribed here. In the past when I've reverse engineered binaries that is the type of tool I used. Any good reason for doing this by hand?
This still begs the question.. why not just release the damn source? If we can reverse engineer the drivers what would keep the competition from doing so? Why harm your customers for a false sense of security?
My lil epia box does better than my parents faster Wintel box at playing dvd's and vob's. Sure a lot of that is because MPlayer and Linux are so much better but you're mistaken if you think the epia systems don't have the muscle for the job. If they could enable the hardware decoding it might even make the playback better. They also run much cooler, more energy effecient, and quieter.. something that IMO is a mark of quality.. not of being 'cheap'. Besides, price compare the CPU's.. you'll find they aren't that cheap.:)
It's sometimes been noted that Linux/ (and BSD, opensource) has more security alerts than does Windows. However, you see less damage per hole than Windows largely because Linux is better designed and the holes are public so that they can be patched. Of course you still have lossers who don't bother applying patches but overall Linux handles things much better. It's based on Unix concepts and Unix has been around (and taking hard lessons) for a lot longer than Windows.
Windows is weak because they threw away most of what they had learned and tried to do it different. Then they took their different system and tried to give it the abilities of what they could have started with anyway. So you get this sort of fractured fairy tale version of an OS. It'll take them a long time to gain the maturity of the Unix world. Linux on the other hand modeled itself on Unix and opened the code so that anyone that found something implemented incorrectly or incomplete could fix it. It's the difference of trying to build a 747 (but entirely different) starting from scratch or trying to build a 747 from the blueprints of a 747.
MacOS is based on BSD in part so it should inherit some of it's security. The closed portions though may be as insecure as Windows but as you say less tested.. so those insecurities are unknown factors.
If not for viruses and crackers and other ongoing minor threats then the concept of Cyberwar would be much more disturbing. The first person (or group) that did want to destroy everything would cause major chaos and it could take ages to fix the problems. At least most crackers and virus writers aren't really out for major destruction. They usually either just wanna make a clever hack, crack into something that might be valuable to them, or just show off their elite skills to their other little friends. Governments and terrorist groups fighting with each other would be much more destructive.
Since it seems users lack enough brain power to patch their systems maybe we could give the systems themselves enough brain power to patch their users. We can create a neural network that analyzes all data on the host machine and communicates with other neural nets on other infected machines. Making it such that the entire network acts as a neural net taught by watching users we can quickly develop the most intelligent being ever and prove it's intelligence by letting it download porn and play Minesweeper.
Umm.. no maybe that wouldn't help. Could we train a neural net to act exactly opposite as human users? That might help.
I suggest we nuke anyone we think may be guilty of spam. Terrorists I can deal with but damn those spammers to hell! Nuking them would give those who would follow in their steps something to hink about.
I recently reread all five Hitchhiker's books and a Dirk Gently book and am quite glad I did. Somehow all that nonsense fits together to make something that really makes sense and is really funny. A shame there wasn't a chance for another Hitchhiker's book.. sort of sucks to just leave everybody dead.:)
RHN isn't as nice as Red Carpet and I like the fact Red Carpet works the same across multiple distros. IMO Red Carpet is almost as powerful as apt and a lot more user-friendly which IMO means it's a good tool.:)
I perfer using Red Carpet (as it isn't distro specific and is very user friendly) and would like to see RedHat and other distro's offer Red Carpet as the default tool for keeping systems updated. Keeping the systems up-to-date is as easy as having a cron job that downloads and installs urgent updates every night.
This way users don't even need to click an update button to stay current and if they wish to do so they can use the nice graphical interface of Red Carpet for all software management.
For myself I'd go back and finish my degree if I could find a CS program that taught with all opensource software. I'm already quite a good programmer and admin but if I could get classes that would teach me little tricks I might have missed and stuff like that then I'd be interested. I'm not, however, going to spend money to be taught how to click little buttons on an OS I don't use. Especially if there were an accredited online school that offered such a degree I'd be interested.
Use a mail program with bayseian filtering. I use Mozilla Mail and it drops all those autoreplies in my junk box before I even need to know it exists.:)
Exactly so. Another example would be that people greet each other with 'Wassup' and not 'What.. is.. up' like most voice apps might use. Errors are more human.
What OS does this thing run? WinCE? Just wait til small children start begging their parents for new copies of Microsoft Office. The lil doll will crawl up to their ear at night and whisper advertisments.
Or maybe it cold get a virus that made it say naughty things? That'd be rather funny.
Probably if you add slight mistakes in it'll be more realistic. Slight blurring of words.. breathing stops.. stutters.. etc. When I usda do text bots the ones that could make typos and make human-like grammar mistakes were far more convincing. People would often talk to them for hours before figuring out the weren't real people. I'd suspect voice follows the same rule.. add in fuzziness and people will believe it more.
Sadly the people of the USA as a whole no longer even support our own space program. To a large degree we no longer even support scientific research unless it has immediate commercial use. For such people it's not surprising that they can't see why anybody else would want to make such an effort. We've got Taco Bell and reality tv.. why strive for the future anymore!
Such is life when the explorers become to content and grow fat asses to sit on. We no longer seek to go where no man has gone before.. oh no that could be dangerous or expensive or could cause change that'd challenge the political and economic landscape of our fair country. To much good fortune can bring death to even the mighty.
Slashdot Mirror
We could just block people who aren't seen as useful to the cause.. even if all we did was force them to request permission to join us before we gave them access. Some sort of shared login facility (not Passport!) shared between opensource sites. Force people to read a little statement before they can open an account or logon.
I've sometimes considered adding a clause to my software that it was only available under GPL-like rules if the user ceeded all their own IP under an opensource-style license. It's probably a bad idea but for example that would have meant that SCO had absolutely no leg to stand on if any bit of software they had ever used had such a clause. I'm not sure if it'd hold up in court though.. it's awful broad.. but then so are many EULA's.
I don't find being a consumer offensive.. I find the fact that often people are kept from being producers offensive.
So irritate people. They aren't paying for our work. Most of them don't even submit bug reports. Just because we give our efforts away for free doesn't mean we have to play the part of the loyal slave.
You've obviously never worked in sales. The whole point is to get every customer you can. This is the same reason it's bad to create websites for your company that are IE specific, require the user download plugin's, etc. Never turn customers away without a damn good reason. If device makers would just release their device specs and/or source code to the drivers they've already written other people would write the drivers for Linux. Thus the whole point of opensource. If you think Linux people don't buy 3com then you must not know many Linux users. Sure, not all Linux users buy 3com but many do.
How often is their a new OS market for devices? I can't imagine 3com made much money off their BeOS market. If they, and others, had released their source code then BeOS may have been where Linux is today. They had a good start but they just didn't have the resoures to keep fighting. Now they have no (well very little) BeOS market. Holding their code close has really paid off.
Most drivers are pretty simple. You can reverse engineer device specs from them pretty quickly. You might make a few mistakes but those are easily fixed as they are found. Somehow I doubt clone companies would often bother with clean room standards. Most likely they'd put an experienced team on the project and be getting results the first day. Once it works and is refactored it'd be awful hard to claim that it isn't an original work.. because it is an original work. In the least most variable and function names would be different.. comments would be different.. a lot of the code would be different. When you decompile something the result almost never looks like the original. If they get a 6 month headstart it'll be from the effort of manufacturing the hardware.. not from reverse engineering the drivers. Besides most clones use the same chips etc that the originals use and I'm sure when they buy those chips they get directions on how they are used. Usually they do get a sample driver and they only modify it as needed for any changes they make in their own devices. Which is why often you'll find drivers that work with a name brand device and many clones, but not all clones. Often enough these drivers are on the brand name device's website and include notes to this effect. Video cards especially I've noticed have those a lot.
You could always kidnap Bill Gates and do some dental torture to teach him why security is a good thing to build into his products. If his house runs Windows you can just infect it with a N0vAkaN3 virus to disable his security system and walk in and get him. That and he really must be made to pay for writing those horrible, laughable, The Road Ahead books.
I've never tried REC. Your description doesn't really make it sound worth the effort of trying either. ;)
I don't remember the name of the decompiler I used to use but that was like 10 years ago. I find it a lil hard to believe that there has been no progress in decompiling during all that time (though I've yet to really look) and the free decompiler I used back them could make C/Asm code that could (usually) compile back into the functional equivilant program. True that the code had a lot of inline asm still mixed in and no real variable or function names but it was a start. Again, no worse than that which this guy produced doing the same thing by hand.
I've also never tried decompiling any really large complex programs (like M$ Office) so possibly it wouldn't work on that all that well.. but drivers usually shouldn't be very complex.
It sounds more like not telling customers where your business is at to me. Sure then your competition will have to work harder to find you.. but it also keeps away many potential customers. To me that seems a bad thing. As a business-man I was always trained to maximize the size of my market.
I could see the DMCA being a possible weapon against the competition but in most cases not the effort of actually reverse engineering a driver. If the competition is expert enough to be real competition anyway then they could probably reverse engineer most drivers in a few days time at most. Probably most of these could be duplicated by making tiny changes to existing known drivers. (Which is why on kernel lists etc you get a lot of converation about feeling in these lil holes.) Again, hardly enough gain to make it worth the market loss.
Actually I used to decompile programs written either by hand in assembly, using the Terse programming language, or using C. For various reasons but enough to know that decompilers worked okay. I have no idea really how they'd work on a VB program.. I've never tried.. and I've never seen one worth bothering. ;)
I've not used IDA Pro so I can't say how well it does but it sounded from his description if it stopped short of decompiling to C (or psuedo-C if you like).. and he did that step by hand. It just seems a decompiler would have saved him a step or two. Obviously you still have to make something of the results by hand afterwards either way.
Still.. the whole point of not releasing the source is to not release the info about the device. They don't release that info because they (or someone they have licensed tech from is delusional enough to think that without the source code competitiors can't figure out that info and thus can't compete as well. Obviously people do figure out that info all the time through various means of reverse engineering.. so all they are doing is making it hard and delaying support and thus sales to non-Windows users that might want to buy their device.
The MPAA shouldn't care about an MPEG decoder. The only thing I can see them caring about is if the decoder can handle CSS.. and thus need to somehow hide it's keys and such.. which seems a moot point as they've already been cracked.
I don't remember what the ones I used to use was called but if you Google for 'C decompiler' you should find some useful results. An opensource project to build a retargetable decompiler can be seen at http://boomerang.sourceforge.net/ but I haven't tried it so can't say how good it is.
Decompilers have limitations of course but I think they're easier as a first step (usually) than working with raw binary or even assembly. Once you get a mixed C/Asm source it's much easier to clean the code up and refactor than starting from scratch.
Some decompilers only work on binaries of a certain type or produced by a certain compiler. Others are more generic. Either way they can be useful.
Why not use a program that automaticlly takes the binary and builds a C program from it? You still have to pick through the logic to give things helpful function/variable names and refactor but it'd save the step discribed here. In the past when I've reverse engineered binaries that is the type of tool I used. Any good reason for doing this by hand?
This still begs the question.. why not just release the damn source? If we can reverse engineer the drivers what would keep the competition from doing so? Why harm your customers for a false sense of security?
My lil epia box does better than my parents faster Wintel box at playing dvd's and vob's. Sure a lot of that is because MPlayer and Linux are so much better but you're mistaken if you think the epia systems don't have the muscle for the job. If they could enable the hardware decoding it might even make the playback better. They also run much cooler, more energy effecient, and quieter.. something that IMO is a mark of quality.. not of being 'cheap'. Besides, price compare the CPU's.. you'll find they aren't that cheap. :)
I suggest you rent the movie Risky Business and watch it over and over until you understand why hookers are a bargain.
It's sometimes been noted that Linux/ (and BSD, opensource) has more security alerts than does Windows. However, you see less damage per hole than Windows largely because Linux is better designed and the holes are public so that they can be patched. Of course you still have lossers who don't bother applying patches but overall Linux handles things much better. It's based on Unix concepts and Unix has been around (and taking hard lessons) for a lot longer than Windows.
Windows is weak because they threw away most of what they had learned and tried to do it different. Then they took their different system and tried to give it the abilities of what they could have started with anyway. So you get this sort of fractured fairy tale version of an OS. It'll take them a long time to gain the maturity of the Unix world. Linux on the other hand modeled itself on Unix and opened the code so that anyone that found something implemented incorrectly or incomplete could fix it. It's the difference of trying to build a 747 (but entirely different) starting from scratch or trying to build a 747 from the blueprints of a 747.
MacOS is based on BSD in part so it should inherit some of it's security. The closed portions though may be as insecure as Windows but as you say less tested.. so those insecurities are unknown factors.
If not for viruses and crackers and other ongoing minor threats then the concept of Cyberwar would be much more disturbing. The first person (or group) that did want to destroy everything would cause major chaos and it could take ages to fix the problems. At least most crackers and virus writers aren't really out for major destruction. They usually either just wanna make a clever hack, crack into something that might be valuable to them, or just show off their elite skills to their other little friends. Governments and terrorist groups fighting with each other would be much more destructive.
Since it seems users lack enough brain power to patch their systems maybe we could give the systems themselves enough brain power to patch their users. We can create a neural network that analyzes all data on the host machine and communicates with other neural nets on other infected machines. Making it such that the entire network acts as a neural net taught by watching users we can quickly develop the most intelligent being ever and prove it's intelligence by letting it download porn and play Minesweeper.
Umm.. no maybe that wouldn't help. Could we train a neural net to act exactly opposite as human users? That might help.
I suggest we nuke anyone we think may be guilty of spam. Terrorists I can deal with but damn those spammers to hell! Nuking them would give those who would follow in their steps something to hink about.
And if you take 42 - 24 you get 18. Add 1 + 8 and you get 9. 9 is an upside down 6. 6 is 4 + 2. Now we're getting somewhere!
;)
Just never admit that any two digit number with two uniqe digits would work out the same way.
I recently reread all five Hitchhiker's books and a Dirk Gently book and am quite glad I did. Somehow all that nonsense fits together to make something that really makes sense and is really funny. A shame there wasn't a chance for another Hitchhiker's book.. sort of sucks to just leave everybody dead. :)
RHN isn't as nice as Red Carpet and I like the fact Red Carpet works the same across multiple distros. IMO Red Carpet is almost as powerful as apt and a lot more user-friendly which IMO means it's a good tool. :)
I perfer using Red Carpet (as it isn't distro specific and is very user friendly) and would like to see RedHat and other distro's offer Red Carpet as the default tool for keeping systems updated. Keeping the systems up-to-date is as easy as having a cron job that downloads and installs urgent updates every night.
This way users don't even need to click an update button to stay current and if they wish to do so they can use the nice graphical interface of Red Carpet for all software management.
For myself I'd go back and finish my degree if I could find a CS program that taught with all opensource software. I'm already quite a good programmer and admin but if I could get classes that would teach me little tricks I might have missed and stuff like that then I'd be interested. I'm not, however, going to spend money to be taught how to click little buttons on an OS I don't use. Especially if there were an accredited online school that offered such a degree I'd be interested.
Use a mail program with bayseian filtering. I use Mozilla Mail and it drops all those autoreplies in my junk box before I even need to know it exists. :)
Exactly so. Another example would be that people greet each other with 'Wassup' and not 'What.. is.. up' like most voice apps might use. Errors are more human.
What OS does this thing run? WinCE? Just wait til small children start begging their parents for new copies of Microsoft Office. The lil doll will crawl up to their ear at night and whisper advertisments.
Or maybe it cold get a virus that made it say naughty things? That'd be rather funny.
Probably if you add slight mistakes in it'll be more realistic. Slight blurring of words.. breathing stops.. stutters.. etc. When I usda do text bots the ones that could make typos and make human-like grammar mistakes were far more convincing. People would often talk to them for hours before figuring out the weren't real people. I'd suspect voice follows the same rule.. add in fuzziness and people will believe it more.
Sadly the people of the USA as a whole no longer even support our own space program. To a large degree we no longer even support scientific research unless it has immediate commercial use. For such people it's not surprising that they can't see why anybody else would want to make such an effort. We've got Taco Bell and reality tv.. why strive for the future anymore!
Such is life when the explorers become to content and grow fat asses to sit on. We no longer seek to go where no man has gone before.. oh no that could be dangerous or expensive or could cause change that'd challenge the political and economic landscape of our fair country. To much good fortune can bring death to even the mighty.