From "iOS Security February 2014 (http://images.apple.com/ipad/business/docs/iOS_Security_Feb14.pdf)", one good reason not to allow OS downgrades:
"If downgrades were possible, an attacker who gains possession of a device could install an older version of iOS and exploit a vulnerability that’s been fixed in the newer version."
If you want to learn a lot about code, really help out the community, and get a lot of love, write some documentation for other people's code.
Now how you work the database requirement into that, I don't know. Perhaps you could write a documentation request tracker for ReadTheDocs.org - their site is on GitHub at https://github.com/rtfd/readthedocs.org so you can fork it, write something that lets people request and prioritise projects that need docs, then submit a pull request.
If you're really ambitious, write a web-based environment for writing, editing, and submitting documentation to projects on GitHub, BitBucket, etc.
No, the point is that Mozilla have a philosophical issue with putting patent-encumbered video support into the Firefox code. Flash's relative merits are irrelevant to this topic. Crap as it very well may be, it's installed virtually everywhere, and it's been playing H.264 for years - it also gets installed whether or not you use it to play HTML5 video.
H.264 is widely used, and all the other major browser vendors have signed on to it for future releases. It would be foolish for Mozilla to make a stand on this at the expense of their users - most of them don't care. They'll simply see that their browser doesn't "work", and they'll switch to one that does.
By making Firefox play H.264 through its existing plugin/extension architecture, Mozilla can maintain its stance on the patent issue without losing the goodwill and support of its users, just like they did by adding PNG support to support the move away from the LZW-patent-encumbered GIF, without actually removing GIF support. Firefox makes use of a number of technologies that are subject to patents, and they've taken a pragmatic approach to those. It's not unreasonable to suggest that they do it again.
Most Firefox users have the Flash plugin, the Flash plugin plays H.264. An extension or greasemonkey script could replace tags with a flash video player - patent fees paid for by Adobe, no need for a new browser fork, problem solved? Or is it more complicated than that?
A bug that lets any old script kiddie put up a page that can execute del/S c:\* on my PC is beyond the level of anyone's expectation of a bug [...] I have a reasonable level of expectation. That the program not destroy my machine with basic usage. That the program not allow remote execution. But Windows and IE does both those things almost monthly, out of beta. These aren't outside of the level of expectation for Windows usage at all. What was that statistic again; leaving a PC alone for 12 minutes average before a freshly-installed copy of Windows gets infected with adware/spyware through the use of remote execution flaws in the OS? That's not even enough time to download critical updates. And that's not even beta.
I'm not making excuses; the Safari beta's flaws are atrociously bad, but you appear to have a double standard here. I think the saddest thing about the whole story is that Safari on Windows is "business as usual" as far as security is concerned; it's certainly no worse.
Though it's possible to use an iPod as a portable hard drive, the hard drive just isn't made to run continuously and they seem to wear out quite quickly. I'm not sure it's a major selling-point for iPods, and if people did start buying them to use as hard drives, I think that there'd be a few more support calls and bad vibes about failing devices before long.
Caveat: this is based on the old first-gen 5G iPods, and the quality of the newer 20, 30 and 40 gig pod drives might be higher. Nevertheless, I suspect that Apple isn't confident enough about the reliability of the hard drive for that kind of use to promote it. The blog article claims that Apple doesn't even support it in the warrantee, but I can't back that up.
IE only supports very, very few selectors indeed. Certainly not attribute selectors like the one above. If it did, my life would be a lot easier.
As far as I know, Microsoft have no plans to replace IE 6 either. "Internet Explorer.NET" won't be integrated into anything (other than.NET) and probably won't even be called IE.NET. The obvious downside of this is that people are going make do with IE for a hell of a long time. Hopefully the fact that IE6 is already 3 years old and counting means that as new features emerge, people will find themselves switching to Opera and Gecko-based browsers.
I think it's to do with common knowledge and restriction of creativity. In days past, 17 years was probably necessary to ensure a small company could recoup its losses. That's the point of the patent - to encourage the inventor to innovate by providing assurance that profit and investment will be protected from bigger and richer companies. But once the costs and profit are recovered, usually well within 5-10 years (as is generally the case with modern high technology and global markets today), the patent only serves as a tool of unreasonable profit at the expense of others. Not that I want to sound like a pinko lefty commie or anything, but I wonder if we wouldn't all be zipping around in hovercars by now if oil companies weren't sitting on the alternative fuel patents.;)
Only something that's currently a trade secret can be patented... which is ironic, because part of the patent process is to reveal (in detail) the process/invention being patented. It was one of the reasons that the US patent system was created, in fact. Another one was to protect the investments of individuals and small businesses - to prevent their inventions being poached by larger companies or individuals with bigger bank balances. It was a system designed to encourage creativity and reward inventors.
Nowadays it seems that only large companies have the means to file patents. Others file patents simply to prevent any kind of competition; most of the alternative fuel technology patents around today are now owned by the major oil companies, for example. You don't even need to build or make anything to patent it, just design it on paper, and once you've patented it, you can rest assured that no one will be able to make it without your permission. When abused in this way, patent law is the very opposite of creativity.
Italy had it right in the 13th Century. The Venetian equivalent of patents (limited monopolies, basically) had 10 year lifespans. Putting a 10 year limit on modern patents would protect the owner's investment until such time as they'd been paid off many times over, and then everyone would be free to innovate the idea. No more patent-ambushes like we had with GIF (well, LZW), JPEG, and MP3 - and the inventors still have their rights, and they get all their money back (and if they're creative, a tidy profit too).
It'll never happen though, because those who stand to lose the most are the ones with the most money; not that I'm suggesting anything about the rich having more influence on the government than the common people at all. No no no. We're a democracy, right?
Oh/come on/ now, who seriously expects anyone to use a CVS snapshot in a production environment?
When 4.3.0 comes out and the PHP devs decide that the Apache2 module is stable, then they'll mark it stable. Until then, there's no good reason to remove the "this is not supported" disclaimer on 4.2.3 just because a later CVS version works better, and it's silly to tell people to compile and test their own binaries when they have every other task a sysadmin has to do. And even if they did, can you imagine trying to rationalise that decision with the bosses?
Admin: "Hey, I decided to move to Apache 2 and a development snapshot of PHP on our production servers because.. er.. there's some potential speed gains in the future"
Boss: "So if the PHP development snapshot is safe to use, why hasn't it been released as a full version increment?"
Admin: "Er.. because it's not stable yet.. oh."
The whole point of this article is that the Apache devs can see that Apache2 isn't getting picked up precisely because most third-party mods aren't stable/supported on it yet. It's a good thing that they're freezing development to allow third-party vendors to catch up, and it's a good thing that until PHP4's Apache2 support is as stable as the rest of PHP, it should be marked unsupported.
If I'd bother indeed! Get real.:) You're using a pre-release version of Windows, a pre-release version of PHP, and an early-release of Apache and you're telling me to revise my stance on production values? Tsk!:)
Huh, speak for yourself. I'm one of the unfortunates using the PHP Apache module on a windows Apache2 (2.0.39 and 2.0.40) install. Up until PHP 4.2.3 the module worked just fine, but after the upgrade? *bamf* Server module refused to load, Apache fails on startup./That's/ why it's unsupported. To be sure, it works for a lot of people - it probably wouldn't be in the distribution if it didn't work for most, but that's no reason to mark it as "supported", and it's every reason for big business to know that it quite possibly won't work for them, for no readily available reason.
Whether there's a detectable difference between a well-encoded Vorbis file and a well-encoded MP3 is subjective, but every independent listening test so far has concluded that Ogg sounds better at the same bitrate.
The idea is you can lower the bitrate and still achieve the same audio quality.. not that disk-space seems to be an issue to you if you have 3000+ 8meg-ish MP3s:)
Of course the best way for you to find out is to test it yourself. If you like it, just start coding your new CDs with Vorbis, and keep your old stuff in MP3 format.
What do you mean, there's little reason? There's little reason for the consumer, because the consumer doesn't give a monkey's: if people really cared about the sound quality, Kazaa and Gnutella wouldn't be flooded with 128kbit MP3s. MP3s encoded at a higher bitrate can be used as a solution to all of MP3's audio problems, and storage is cheap, so yes, it's unlikely that there'll be an instant switch to any better format, and if there is, it won't come from the consumer.
Now, for the content provider, it's a different story entirely. Thomson/Fraunhofer are actively pursuing royalty fees, and all the other "next generation" codecs do too. Except Vorbis. With Vorbis (one of the Ogg formats; there are several), audio can be coded at a lower bitrate and sound the same as a higher-bitrated MP3, and there's no royalty fee which means the development costs are lower, and (potentially) the product is cheaper. Thomson aren't making any friends running around with their team of lawyers and threatening people left right and centre with license-fee demands. If a good quality alternative presents itself (quality as a function of price and ease of use, rather than audio quality), developers will be tempted to switch. From what I hear, the Vorbis libraries are very easy to use.
New formats are being picked up by software developers (especially console game developers, where RAM and Storage are at a premium). Once developers start using the format, they'll use it in other products too. If it costs little to add a codec to encoding products (and well, the vorbis libraries are free, but you still have to pay a guy to learn the APIs and program for them), then there's little point in not implementing it.
Ironically, Thomson/Fraunhofer are trying to play down the significance of MP3 because they're trying to sell AAC, which benefits all alternative codecs pretty much equally.
Finally, don't be a fool. No one's asking anyone to recode anything. Unless there was an outright ban on the MP3 format tomorrow (and some way to enforce it), there's no point recoding your audio. There's no isolation in using Ogg when you can use MP3 at the same time. Winamp, the next version of RealPlayer, and Windows Media Player (via a DirectX plugin) all support OGG Vorbis files. To the consumer, little changes... to the average windows user, they probably won't even know! Windows hides file-extensions by default, so it'll just be another "Winamp Media File".
There's no "step backwards"; it's a step/sideways/, but still going in the same direction. Instead of being on the centre path of MP3, you can switch to Ogg, and still have MP3 at your right hand. You're given/more/ choice, not less. You now have a choice whether to use OGG or MP3 in many applications. That's a good thing, right?
You speak of Sonique and Windows Media player, so I'm assuming you use Windows. Several CD-rippers will rip directly to Ogg Vorbis internally, and most allow the use of an external encoder.
Personal recommendation? CDEx [SourceForge] allows a variety of encoding formats including built-in LAME and OGG Vorbis, CDDB with freeDB and gracenote, works on XP (which is a rarity, I believe), and it's open-source to boot.
Hardware en/decoding of Vorbis has been the subject of at least two articles on Slashdot in the last week; I don't think it's too far away. Now, if the iPod starts supporting OGG, my bank balance is going to suffer terribly.
The invasion of privacy, if there is one at all, depends entirely on how the data from the cameras is handled. The license-plate checking is done via OCR, and the whole system is automated; if only toll-offenders are recorded, and the rest are stored as anonymous statistics (i.e., 100 cars/hour, not "Joe Bloggs of 28 Hawley Crescent, Lower Godawfulminging, Surrey passed through here at 10:05am"), I see no gross invasion of privacy. This is the most likely way to handle things anyway, due to the amount of traffic (real and digital) involved and the amount of storage required).
For an invasion of privacy to truly occur (and this is my opinion, not the law), the cameras would have to track individual license plates across the city, and link the license plate to an individual's personal data. The fact is that a license plate isn't private data, it's an official identification number, and it's perfectly possible to collect toll money on a car without directly linking it to its owner's personal details (though such things could be done easily if a court of law has requisitioned that data). It's ineffective to do so automatically anyway, since cars change owners unpredictably.
The UK is the most surveilled country on the planet; I'd rather see strict controls on who's on the other end of the cameras and how that collected data is handled than simply banning the cameras.
The attitude toward driving in the UK, especially around London, is vastly different from the US. My understanding is that public transport in, say, California, carries a stigma of poverty or "immigrant" with it, whereas in London it's a fact of life.
Driving in London, even without the traffic, is an incredible pain in the arse. There's no grid system, the signposting is sparse and often misleading, and if you think you're going to find a parking space in central london, forget it. If toll money goes to improving those things, there'll be a decrease in congestion simply because people know where they're going! If toll money also prevents London Underground from going "public-private" then I'm all for it too.
People who already live in London shouldn't have to pay the toll, so already it's a pretty fair tax (we have enough pollution of our own, we don't need commuters to import their own:)
Someone said here it's tolling the poor to make more room on the roads for the rich, but only rich people can afford to commute by car into London anyway; unlike the US, we pay a hell of a lot for our fuel, and idling in city traffic jams eats a lot of it up. In almost all cases it's cheaper to use public transport than own, maintain, and drive a car into London every day (let alone pay for the parking), and a significant portion of us do just that.
An automated system that uses cameras, retains only the details of offending cars, and links license plates to an account that can be owned by anyone is cheaper, faster, and makes more sense from both a technical and a physical point of view. Additionally, the person who pays the toll doesn't necessarily have to be the owner of the car; this makes sense because a whole bunch of people driving into the city are using company cars, company-subsidised cars, or are carpooling. Those concerned about their privacy could pay a third party to handle tolls on their behalf.
Finally, this kind of system is virtually guaranteed if the system is to be maintained by a private company: they simply won't have legal access to private car owner information. We have laws in this country, you know:)
I totally agree, but this is not even a whole step away from patenting handwriting. What next? On-screen keyboards? The english alphabet? Does someone own a patent for ASCII?
There's no doubt that innovators should be rewarded for their effort and that creators should have some right of ownership, but someone has to draw a line somewhere. How can we morally allow companies to claim ownership of chunks of our DNA, for example? Imagine if the Alexander breathing technique for asthma sufferers was patented and doctors couldn't teach people to breathe a certain way. We'd call it absurd, wouldn't we?
I think you fail to see a major point of steganography:
If Alice passes an encrypted message to Bob, there has been a provable exchange of encrypted data. Alice and Bob can be forced by law to decrypt that data if it is known to contain legally relevant information.
Steganography provides plausible deniability. That is, Alice and Bob can state that no encrypted message passed between them and not be proved wrong beyond reasonable doubt.
In this case, the benefits of steganography are undeniable. Just as there is no such thing as 100% secure, there's no such thing as 100% hidden, but (in this instance) steganography only has to provide plausible deniability.
Please reply by email if you want to reply - I don't have time to check this thread very often. matt at lazycat dot org (let's not mention the irony of hiding my email address:)
Re:Security is only as good as its inventor
on
Quantum Security
·
· Score: 1
It is undeniably true that no form of machine encryption is truly unbreakable, I don't think that anyone can argue that. Even one-time pads can be at least partially broken if a poor (i.e., predictable) random-number generator creates the pads. In fact, one-time pads merely shift the burden of security even further onto the key-holders, and it can be a lot harder to hold onto your pads in the real world than to remember a password in your head. The government (or whoever) can subpoena your pads, but they can't pluck passwords out of your brain.
However, encryption doesn't ever have to be perfect, it only has to be good enough. That is, the algorithm only needs to be able to protect the information encrypted beyond the span of its relevance/usefulness. Don't forget that 129 bit encryption is an order of magnitude harder to break than 128. 4096 bits should keep even the most paranoid slashdotters happy well into the next century.
Of course, if you're truly paranoid, you wouldn't just encrypt. You'd use some form of steganographic file-system to hide the fact that you even have encrypted data to begin with. Don't forget that someone who wants to read your data doesn't have to crack your codes. You could be required by law to reveal your keys. Britain's new Regulation of Investigatory Powers (RIP) bill now makes it a prisonable offence to withold decryption keys from a legal authority (even worse, it's up to you to prove that you never had them! Guilty until proven innocent).
The bottom line is that no security of any kind is perfect, you only need it to be good enough(tm) to outlast the purpose to which you put it. It might also help your case if it's hard to prove you're securing it in the first place.
If your "plugin developers" (as they could be construed as being) are concerned about their plug-ins being used as parts of other programs, then they only have to withdraw the GPL on them. It'd suck, but if they really don't want to let their source code fall into bad hands, then they should just lock it, obfuscate it, encrypt it, or whatever. Just because LiteStep is GPL, that doesn't mean that all the add-ons have to be GPL too. Right?
Even a limited license could be applied to certain parts of the code. Then again, it seems to me that your developers are missing the point - either they want to benefit the open-software community or they don't! You can't say who can and who can't look at your open source-code simply because you don't like them. The GPL is a double-edged sword - like any kind of freedom it can be used for good and bad alike.
On the subject of stealing portions of code for proprietary (closed-source) software. There's not a lot you can do to prevent it, because you can't check the source without "probable cause" and a warrant or something. However, surely if someone "steals" portions of your code, they've taken a part of a good piece of software and (presumably) are now charging for it. What's the average consumer going to do when faced with two software packages (one open-source and free, and the other costing $xxx)?
It just sounds a bit to me like your developers don't want other people to make money from their own software without them getting any of it - this may sound fair enough, but isn't RedHat making a tonne of money selling a distro with your latest GPL toy?
Doesn't RealPlayer's install program actually ask you if you want to send information to Real.com?
I know for a fact that there's an option to send "connection statistics" to the content provider. Isn't this what the hoo-ha is all about? Seems a bit silly that people are consenting to send in information about what they're watching/listening and then bitch about it happening.
Slashdot Mirror
From "iOS Security February 2014 (http://images.apple.com/ipad/business/docs/iOS_Security_Feb14.pdf)", one good reason not to allow OS downgrades:
"If downgrades were possible, an attacker who gains possession of a device could install an older version of iOS and exploit a vulnerability that’s been fixed in the newer version."
If you want to learn a lot about code, really help out the community, and get a lot of love, write some documentation for other people's code.
Now how you work the database requirement into that, I don't know. Perhaps you could write a documentation request tracker for ReadTheDocs.org - their site is on GitHub at https://github.com/rtfd/readthedocs.org so you can fork it, write something that lets people request and prioritise projects that need docs, then submit a pull request.
If you're really ambitious, write a web-based environment for writing, editing, and submitting documentation to projects on GitHub, BitBucket, etc.
No, the point is that Mozilla have a philosophical issue with putting patent-encumbered video support into the Firefox code. Flash's relative merits are irrelevant to this topic. Crap as it very well may be, it's installed virtually everywhere, and it's been playing H.264 for years - it also gets installed whether or not you use it to play HTML5 video.
H.264 is widely used, and all the other major browser vendors have signed on to it for future releases. It would be foolish for Mozilla to make a stand on this at the expense of their users - most of them don't care. They'll simply see that their browser doesn't "work", and they'll switch to one that does.
By making Firefox play H.264 through its existing plugin/extension architecture, Mozilla can maintain its stance on the patent issue without losing the goodwill and support of its users, just like they did by adding PNG support to support the move away from the LZW-patent-encumbered GIF, without actually removing GIF support. Firefox makes use of a number of technologies that are subject to patents, and they've taken a pragmatic approach to those. It's not unreasonable to suggest that they do it again.
Most Firefox users have the Flash plugin, the Flash plugin plays H.264. An extension or greasemonkey script could replace tags with a flash video player - patent fees paid for by Adobe, no need for a new browser fork, problem solved? Or is it more complicated than that?
I'm not making excuses; the Safari beta's flaws are atrociously bad, but you appear to have a double standard here. I think the saddest thing about the whole story is that Safari on Windows is "business as usual" as far as security is concerned; it's certainly no worse.
Though it's possible to use an iPod as a portable hard drive, the hard drive just isn't made to run continuously and they seem to wear out quite quickly. I'm not sure it's a major selling-point for iPods, and if people did start buying them to use as hard drives, I think that there'd be a few more support calls and bad vibes about failing devices before long.
Caveat: this is based on the old first-gen 5G iPods, and the quality of the newer 20, 30 and 40 gig pod drives might be higher. Nevertheless, I suspect that Apple isn't confident enough about the reliability of the hard drive for that kind of use to promote it. The blog article claims that Apple doesn't even support it in the warrantee, but I can't back that up.
IE only supports very, very few selectors indeed. Certainly not attribute selectors like the one above. If it did, my life would be a lot easier.
.NET) and probably won't even be called IE.NET. The obvious downside of this is that people are going make do with IE for a hell of a long time. Hopefully the fact that IE6 is already 3 years old and counting means that as new features emerge, people will find themselves switching to Opera and Gecko-based browsers.
As far as I know, Microsoft have no plans to replace IE 6 either. "Internet Explorer.NET" won't be integrated into anything (other than
I think it's to do with common knowledge and restriction of creativity. In days past, 17 years was probably necessary to ensure a small company could recoup its losses. That's the point of the patent - to encourage the inventor to innovate by providing assurance that profit and investment will be protected from bigger and richer companies. But once the costs and profit are recovered, usually well within 5-10 years (as is generally the case with modern high technology and global markets today), the patent only serves as a tool of unreasonable profit at the expense of others. Not that I want to sound like a pinko lefty commie or anything, but I wonder if we wouldn't all be zipping around in hovercars by now if oil companies weren't sitting on the alternative fuel patents. ;)
Only something that's currently a trade secret can be patented. .. which is ironic, because part of the patent process is to reveal (in detail) the process/invention being patented. It was one of the reasons that the US patent system was created, in fact. Another one was to protect the investments of individuals and small businesses - to prevent their inventions being poached by larger companies or individuals with bigger bank balances. It was a system designed to encourage creativity and reward inventors.
Nowadays it seems that only large companies have the means to file patents. Others file patents simply to prevent any kind of competition; most of the alternative fuel technology patents around today are now owned by the major oil companies, for example. You don't even need to build or make anything to patent it, just design it on paper, and once you've patented it, you can rest assured that no one will be able to make it without your permission. When abused in this way, patent law is the very opposite of creativity.
Italy had it right in the 13th Century. The Venetian equivalent of patents (limited monopolies, basically) had 10 year lifespans. Putting a 10 year limit on modern patents would protect the owner's investment until such time as they'd been paid off many times over, and then everyone would be free to innovate the idea. No more patent-ambushes like we had with GIF (well, LZW), JPEG, and MP3 - and the inventors still have their rights, and they get all their money back (and if they're creative, a tidy profit too).
It'll never happen though, because those who stand to lose the most are the ones with the most money; not that I'm suggesting anything about the rich having more influence on the government than the common people at all. No no no. We're a democracy, right?
When 4.3.0 comes out and the PHP devs decide that the Apache2 module is stable, then they'll mark it stable. Until then, there's no good reason to remove the "this is not supported" disclaimer on 4.2.3 just because a later CVS version works better, and it's silly to tell people to compile and test their own binaries when they have every other task a sysadmin has to do. And even if they did, can you imagine trying to rationalise that decision with the bosses?
Admin: "Hey, I decided to move to Apache 2 and a development snapshot of PHP on our production servers because .. er.. there's some potential speed gains in the future"
Boss: "So if the PHP development snapshot is safe to use, why hasn't it been released as a full version increment?"
Admin: "Er.. because it's not stable yet.. oh."
The whole point of this article is that the Apache devs can see that Apache2 isn't getting picked up precisely because most third-party mods aren't stable/supported on it yet. It's a good thing that they're freezing development to allow third-party vendors to catch up, and it's a good thing that until PHP4's Apache2 support is as stable as the rest of PHP, it should be marked unsupported.
If I'd bother indeed! Get real. :) You're using a pre-release version of Windows, a pre-release version of PHP, and an early-release of Apache and you're telling me to revise my stance on production values? Tsk! :)
Huh, speak for yourself. I'm one of the unfortunates using the PHP Apache module on a windows Apache2 (2.0.39 and 2.0.40) install. Up until PHP 4.2.3 the module worked just fine, but after the upgrade? *bamf* Server module refused to load, Apache fails on startup. /That's/ why it's unsupported. To be sure, it works for a lot of people - it probably wouldn't be in the distribution if it didn't work for most, but that's no reason to mark it as "supported", and it's every reason for big business to know that it quite possibly won't work for them, for no readily available reason.
Whether there's a detectable difference between a well-encoded Vorbis file and a well-encoded MP3 is subjective, but every independent listening test so far has concluded that Ogg sounds better at the same bitrate.
:)
The idea is you can lower the bitrate and still achieve the same audio quality.. not that disk-space seems to be an issue to you if you have 3000+ 8meg-ish MP3s
Of course the best way for you to find out is to test it yourself. If you like it, just start coding your new CDs with Vorbis, and keep your old stuff in MP3 format.
What do you mean, there's little reason? There's little reason for the consumer, because the consumer doesn't give a monkey's: if people really cared about the sound quality, Kazaa and Gnutella wouldn't be flooded with 128kbit MP3s. MP3s encoded at a higher bitrate can be used as a solution to all of MP3's audio problems, and storage is cheap, so yes, it's unlikely that there'll be an instant switch to any better format, and if there is, it won't come from the consumer.
/sideways/, but still going in the same direction. Instead of being on the centre path of MP3, you can switch to Ogg, and still have MP3 at your right hand. You're given /more/ choice, not less. You now have a choice whether to use OGG or MP3 in many applications. That's a good thing, right?
Now, for the content provider, it's a different story entirely. Thomson/Fraunhofer are actively pursuing royalty fees, and all the other "next generation" codecs do too. Except Vorbis. With Vorbis (one of the Ogg formats; there are several), audio can be coded at a lower bitrate and sound the same as a higher-bitrated MP3, and there's no royalty fee which means the development costs are lower, and (potentially) the product is cheaper. Thomson aren't making any friends running around with their team of lawyers and threatening people left right and centre with license-fee demands. If a good quality alternative presents itself (quality as a function of price and ease of use, rather than audio quality), developers will be tempted to switch. From what I hear, the Vorbis libraries are very easy to use.
New formats are being picked up by software developers (especially console game developers, where RAM and Storage are at a premium). Once developers start using the format, they'll use it in other products too. If it costs little to add a codec to encoding products (and well, the vorbis libraries are free, but you still have to pay a guy to learn the APIs and program for them), then there's little point in not implementing it.
Ironically, Thomson/Fraunhofer are trying to play down the significance of MP3 because they're trying to sell AAC, which benefits all alternative codecs pretty much equally.
Finally, don't be a fool. No one's asking anyone to recode anything. Unless there was an outright ban on the MP3 format tomorrow (and some way to enforce it), there's no point recoding your audio. There's no isolation in using Ogg when you can use MP3 at the same time. Winamp, the next version of RealPlayer, and Windows Media Player (via a DirectX plugin) all support OGG Vorbis files. To the consumer, little changes... to the average windows user, they probably won't even know! Windows hides file-extensions by default, so it'll just be another "Winamp Media File".
There's no "step backwards"; it's a step
You speak of Sonique and Windows Media player, so I'm assuming you use Windows. Several CD-rippers will rip directly to Ogg Vorbis internally, and most allow the use of an external encoder.
Personal recommendation? CDEx [SourceForge] allows a variety of encoding formats including built-in LAME and OGG Vorbis, CDDB with freeDB and gracenote, works on XP (which is a rarity, I believe), and it's open-source to boot.
Hardware en/decoding of Vorbis has been the subject of at least two articles on Slashdot in the last week; I don't think it's too far away. Now, if the iPod starts supporting OGG, my bank balance is going to suffer terribly.
- The invasion of privacy, if there is one at all, depends entirely on how the data from the cameras is handled. The license-plate checking is done via OCR, and the whole system is automated; if only toll-offenders are recorded, and the rest are stored as anonymous statistics (i.e., 100 cars/hour, not "Joe Bloggs of 28 Hawley Crescent, Lower Godawfulminging, Surrey passed through here at 10:05am"), I see no gross invasion of privacy. This is the most likely way to handle things anyway, due to the amount of traffic (real and digital) involved and the amount of storage required).
- For an invasion of privacy to truly occur (and this is my opinion, not the law), the cameras would have to track individual license plates across the city, and link the license plate to an individual's personal data. The fact is that a license plate isn't private data, it's an official identification number, and it's perfectly possible to collect toll money on a car without directly linking it to its owner's personal details (though such things could be done easily if a court of law has requisitioned that data). It's ineffective to do so automatically anyway, since cars change owners unpredictably.
- The UK is the most surveilled country on the planet; I'd rather see strict controls on who's on the other end of the cameras and how that collected data is handled than simply banning the cameras.
- The attitude toward driving in the UK, especially around London, is vastly different from the US. My understanding is that public transport in, say, California, carries a stigma of poverty or "immigrant" with it, whereas in London it's a fact of life.
- Driving in London, even without the traffic, is an incredible pain in the arse. There's no grid system, the signposting is sparse and often misleading, and if you think you're going to find a parking space in central london, forget it. If toll money goes to improving those things, there'll be a decrease in congestion simply because people know where they're going! If toll money also prevents London Underground from going "public-private" then I'm all for it too.
- People who already live in London shouldn't have to pay the toll, so already it's a pretty fair tax (we have enough pollution of our own, we don't need commuters to import their own
:) - Someone said here it's tolling the poor to make more room on the roads for the rich, but only rich people can afford to commute by car into London anyway; unlike the US, we pay a hell of a lot for our fuel, and idling in city traffic jams eats a lot of it up. In almost all cases it's cheaper to use public transport than own, maintain, and drive a car into London every day (let alone pay for the parking), and a significant portion of us do just that.
An automated system that uses cameras, retains only the details of offending cars, and links license plates to an account that can be owned by anyone is cheaper, faster, and makes more sense from both a technical and a physical point of view. Additionally, the person who pays the toll doesn't necessarily have to be the owner of the car; this makes sense because a whole bunch of people driving into the city are using company cars, company-subsidised cars, or are carpooling. Those concerned about their privacy could pay a third party to handle tolls on their behalf.Finally, this kind of system is virtually guaranteed if the system is to be maintained by a private company: they simply won't have legal access to private car owner information. We have laws in this country, you know :)
I totally agree, but this is not even a whole step away from patenting handwriting. What next? On-screen keyboards? The english alphabet? Does someone own a patent for ASCII?
There's no doubt that innovators should be rewarded for their effort and that creators should have some right of ownership, but someone has to draw a line somewhere. How can we morally allow companies to claim ownership of chunks of our DNA, for example? Imagine if the Alexander breathing technique for asthma sufferers was patented and doctors couldn't teach people to breathe a certain way. We'd call it absurd, wouldn't we?
If Alice passes an encrypted message to Bob, there has been a provable exchange of encrypted data. Alice and Bob can be forced by law to decrypt that data if it is known to contain legally relevant information.
Steganography provides plausible deniability. That is, Alice and Bob can state that no encrypted message passed between them and not be proved wrong beyond reasonable doubt.
In this case, the benefits of steganography are undeniable. Just as there is no such thing as 100% secure, there's no such thing as 100% hidden, but (in this instance) steganography only has to provide plausible deniability.
Please reply by email if you want to reply - I don't have time to check this thread very often. matt at lazycat dot org (let's not mention the irony of hiding my email address :)
However, encryption doesn't ever have to be perfect, it only has to be good enough. That is, the algorithm only needs to be able to protect the information encrypted beyond the span of its relevance/usefulness. Don't forget that 129 bit encryption is an order of magnitude harder to break than 128. 4096 bits should keep even the most paranoid slashdotters happy well into the next century.
Of course, if you're truly paranoid, you wouldn't just encrypt. You'd use some form of steganographic file-system to hide the fact that you even have encrypted data to begin with. Don't forget that someone who wants to read your data doesn't have to crack your codes. You could be required by law to reveal your keys. Britain's new Regulation of Investigatory Powers (RIP) bill now makes it a prisonable offence to withold decryption keys from a legal authority (even worse, it's up to you to prove that you never had them! Guilty until proven innocent).
The bottom line is that no security of any kind is perfect, you only need it to be good enough(tm) to outlast the purpose to which you put it. It might also help your case if it's hard to prove you're securing it in the first place.
Matt
Even a limited license could be applied to certain parts of the code. Then again, it seems to me that your developers are missing the point - either they want to benefit the open-software community or they don't! You can't say who can and who can't look at your open source-code simply because you don't like them. The GPL is a double-edged sword - like any kind of freedom it can be used for good and bad alike.
On the subject of stealing portions of code for proprietary (closed-source) software. There's not a lot you can do to prevent it, because you can't check the source without "probable cause" and a warrant or something. However, surely if someone "steals" portions of your code, they've taken a part of a good piece of software and (presumably) are now charging for it. What's the average consumer going to do when faced with two software packages (one open-source and free, and the other costing $xxx)?
It just sounds a bit to me like your developers don't want other people to make money from their own software without them getting any of it - this may sound fair enough, but isn't RedHat making a tonne of money selling a distro with your latest GPL toy?
Doesn't RealPlayer's install program actually ask you if you want to send information to Real.com?
I know for a fact that there's an option to send "connection statistics" to the content provider. Isn't this what the hoo-ha is all about? Seems a bit silly that people are consenting to send in information about what they're watching/listening and then bitch about it happening.
Just my two pennies.