My understanding is that most of your objections have been dealt with by using different blade configurations such that you the same power from more slowly-turning blades.
Most people choose new passwords that are completely predictable based on their old passwords. Hence, once a password is determined, access to the account is available to the intruder indeffinitely.
Now I can accept having some requirements on the passwords themselves. What you want to do is push users into having at least two passwords--one that they use for insecure personal web accounts, and one that they use for corporate accounts.
Ultimately, though, you have to take into account human behaviour in setting your security policies. How will users react to your system? What are the unintended consequences? (e.g., if you block various ports, will users set up proxies that open up new security holes?)
This goes along with my other pet peeve--password expiration. Here at work, the Windows passwords must be at least 8 characters, with mixed case and numerals. They expire after 90 days, but can't be changed for at least 10 days when new.
My password is written on my whiteboard.
For serious security, passwords shouldn't expire. They shouldn't even have to be that obscure. The security effort should go into making a brute force attempt impractical.
And the IT department needs to recognize that once someone has physicall access to the network, there's not much left to secure, anyway.
This is a case of the other side of the coin of globalism. Big companies like to be able to move their operations around wherever they want to minimize expenses, but consumers also want to be able to shop wherever they want to minimize prices. The infrastructure that supports one also supports the other. We need to keep vigilant to make sure the laws equally support both.
Of course, in this case, Apple is probably just passing on the policies set by the recording companies in their contracts. If my guess is right, then hopefully they can use this ruling to get more equitable terms in their contracts.
As to AC3, can't you just pipe the raw stream out a digital port from your computer to your sound system? If you have a surround sound system, they've already paid for a patent license to decode the AC3, so your computer can let it do the work and avoid the patent issue.
UDP is connectionless--you just send a packet to a given IP/port and it goes there. This means that you can forge the from address to make it impossible to tell who is sending the file (provided your ISP doesn't filter those as bogus packets). Of course, you still need some way to get the request from the recipient to the sender (along with re-requests for lost packets).
UDP has no flow control--the sender sends as fast has he likes without any knowledge as to what the maximum bandwidth on the connection is. If the sender's direct upstream connection is the bottleneck, then that should be fine, but otherwise there may be huge packet loss. Also, because of the lack of flow control, it tends to hog the bandwidth instead of share the bandwidth.
Yeah, the whole thing is rather confusing until you understand exactly what all is going on.
Regular analog TV, whether broadcast NTSC/PAL/SECAM, older analog cable (for me, channels under 100), or regular VHS tapes, is a signal that is essentially fed directly to the electron beam in your traditional TV. There is some funky electronics magic going on, but essentially, each dot in each frame corresponds to a specific fraction of a millisecond of the signal. (Some analog cable channels are scrambled, and decoder boxes will correct the mangled signal. There was a project, fscktv, to do this with a video card, but I never saw it actually work.)
To record an analog signal, you have two important steps. First, you need a TV tuner card that digitizes the signal. Second, you need to compress the video into something managable, such as MPEG-2. The PVR-250 cards are popular because they do both steps.
Digital broadcast TV is simpler. You just need to extract the digital information from the broadcast, much like a modem gets the digital information encoded on a voice phone line. With digital broadcasts, the process of compressing the data is done by the broadcaster, so you don't need any extra work to get a MPEG-2 stream.
Satellite and digital cable, whether HDTV or regular resolution, are sent as MPEG-2 streams, but the problem is that they are selling access to the channels, so they usually encrypt the streams. They assume you'll use their decoder boxes that do two things. First, they unencrypt the stream. Then they decode the stream. By "decode," I mean play the MPEG stream. That means you're back to an analog signal, whether you're using composite, s-video, or component outputs. Even if you use DVI or HDMI, which are digital, it's a decoded signal, not the MPEG stream.
So to record digital cable or satellite broadcasts, you have to either re-encode the signal, which simply isn't feasible right now for HDTV, or you have to somehow get the signal before it's decoded. If your PVR is integrated with your cable or satellite box, it can get the original MPEG stream (which is how DirectTiVo works). The only other option is that some digital cable and satellite boxes have a firewire port that you can connect to your computer, where they send the MPEG stream. MythTV doesn't support that yet, but someone was working on it a while ago.
In theory, you can get a smart card from your cable company that plugs into devices with digital tuners, which allows them to unencrypt channels that you are subscribed to. Some of the more expensive HDTVs accept them so you can use them without a cable box. There's nothing really stopping someone from building a card for your computer that uses the same card.
The problem with recording HDTV is that you have to generate a MPEG2 stream from the component or DVI signal. Real-time encoding of HDTV signals takes vastly more work than encoding NTSC signals, so you can't buy a consumer-priced card that does it.
Fortunately, HDTV is broadcast as a MPEG2 stream to begin with (with additional error correction). So you can get a tuner card that simply saves the raw data that is broadcast. This works great for over-the-air signals. For satellite and cable, you need to get to the signal after it's been unencrypted, but before it's been decoded. Your two options are to use a decoder with firewire output, or to put your recorder into the decoder box (like TiVo does).
They get the science and technology wrong as often as right. It seems like every other episode where they enhance three pixels of an image to get a recognizable face in a reflection. Or there was the CSI:Miami where they got a saved email off of the wireless router that the person had connected through. At least when they got image data out of the NTSC overscan, they were using a real concept, even if the amount of overscan they recovered was vastly exaggerated.
Despite DigSafe, there was a major gas leak this summer during road construction near my work (I think it was related to installing a traffic light). I belive that the conclusion was that the gas main wasn't exactly where the records showed it. I've heard of other similar problems.
And when you're dealing with infrastructure that may a hundred years old, there simply aren't accurate records indicating where the pipes are.
The theory is that the water essentially lubricates the fault, making it easier for it to move. The pumping does nothing to create pressure. Instead, it reduces the amount of pressure that has to build up before an earthquake hits. This means we get a bunch of small quakes relatively frequently instead of a big bad one when we least expect it.
So perhaps they should start similar pumping actions in California to allow for more smaller quakes to reduce the pressure buildup?
Imagine if the cast (and other creative people) from The Screen Savers were to independently produce new episodes (probably with a different name and slightly different format if they don't have all the rights). Then they would sell advertising just like any other TV show, but instead of broadcasting it on a network, they would release it on the Internet (probably using bittorrent).
What would make this viable? If TiVO and other PVRs included support for it. You could subscribe to Internet shows just like regular TV, and they would automatically be downloaded (and shared until you deleted them, with some bandwidth limits).
Perhaps you could find enough unemployed media people to do this on a volunteer basis (for the publicity) to demonstrate the concept. It's probably not viable yet to pay the necessary sallaries. (How many viewers would it require?) Still, it would be cool to seem someone try it.
I almost always receive LEGOs for Christmas--they're not just kids toys. (Well, maybe I'm eccentric.)
As to the direction of the LEGO sets, I usually find that most of them are junk, but some are cool, but what's cool will find widely-different opinions among different people. Personally, I'm disappointed that Harry Potter has pushed out most of the traditional castle sets, but I like the Star Wars sets. (Though I'm glad that both are making lots of money.) Mostly I buy the bulk tubs and train sets.
Of course, stay away from Mega Blocks. They don't fit the same.
I have my Myth box handling all my video, photos, and music.
In general, you have to deal with two sides of the issue: the format you get your media in, and the formats that your output device can handle. For me, that means I can do just about anything that doesn't have DRM involved. If instead of running your own system directly connected to you media setup, you rely on some consumer electronic solution (TiVo, etc.), you're going to have to deal with the formats accepted by that system. This is one reason a roll-your-own approach is so enticing.
Better yet, they send you a single email when you sign up with them, and they stamp that one. The idea is that known senders don't need stamps. This can solve the problem for mailing lists, as they get whitelisted when you subscribe.
I only read the FAQ, so I don't know if this solution does this, but my guess as to how this might work is:
Sender establishes an SMTP connection.
Mail server responds, indicating that it supports hashcash extensions
Sender requests hashcash workload
Mail server responds with complex computation based on Sender and Recipient
Sender computes
Sender sends message with computed hash
Recipients spam filters add Sender to presumed-good whitelist
So the key would be having the computation be based on the sender and the recipient, so it can't be pre-computed (unless all spammers agree to use the same forged sender, which would be nice).
Extensions are needed for mail filters, SMTP servers, and SMTP clients.
Much of the interview is the standard optimistic corporate smiley-face stuff you would expect. What I found interesting is the reference to a unified driver infrastructure. Apparently the bulk of their driver code is identical across platforms, so mostly what they need to maintain for Linux is a compatibility layer.
This is what they cite in not open sourcing the driver--too much of the unified code is licensed by them from third parties. (Now why don't they ask their sources about a dual GPL/proprietary license?)
The followup question that this raises is: Given that the base driver code is the same across platforms, are there any particular aspects of X or Linux that reduce performance?
Voter registration needs to be standardized. Because only US Citizens are allowed to vote, it would probably make sense to require a Social Security number. That would allow for easy removal of duplicate registrations across state lines (that doesn't happen now--college students and people with vacation homes can easily vote twice). It would also allow for easy removal of fellons in states that don't allow them to vote without accidentally removing people with similar names.
That's how we select our king. Long live Thorson! (Well, until Kelson assumes the throne in the spring.)
Context: SCA (At least in most kingdoms, the king is the victor in a tournament. In my experience, we're just as likely to get a good king as a good President.)
The state legislature elections in Nebraska are non-partisan. If you don't know the people when you go to vote, you can't just look at the party label on the ballot (it isn't there).
I would love to hear from people in Nebraska how this works in practice.
There are two wings of the Republican party. To be polite, I'll use terms that members of those wings would tend to agree with:
The Small Government Wing: These are the fiscal conservatives. Cut taxes, cut spending, reduce regulation, etc.
The Family Values Wing: These are the moral conservatives. Ban abortion, keep marriage traditional, keep smut and swearing off public airwaves, etc.
So the small government wing is fairly consistent with Libertarian Party (Badnarik) values, and the family values wing is fairly consistent with Constitution Party (Peroutka) values. So depending on where you see yourself as a disgruntled Republican, you have two options to express yourself.
BTW: Are you the trb that I used to work with at osf/tog?
Slashdot Mirror
My understanding is that most of your objections have been dealt with by using different blade configurations such that you the same power from more slowly-turning blades.
As to being unsightly, that's very subjective.
False.
Most people choose new passwords that are completely predictable based on their old passwords. Hence, once a password is determined, access to the account is available to the intruder indeffinitely.
Now I can accept having some requirements on the passwords themselves. What you want to do is push users into having at least two passwords--one that they use for insecure personal web accounts, and one that they use for corporate accounts.
Ultimately, though, you have to take into account human behaviour in setting your security policies. How will users react to your system? What are the unintended consequences? (e.g., if you block various ports, will users set up proxies that open up new security holes?)
This goes along with my other pet peeve--password expiration. Here at work, the Windows passwords must be at least 8 characters, with mixed case and numerals. They expire after 90 days, but can't be changed for at least 10 days when new.
My password is written on my whiteboard.
For serious security, passwords shouldn't expire. They shouldn't even have to be that obscure. The security effort should go into making a brute force attempt impractical.
And the IT department needs to recognize that once someone has physicall access to the network, there's not much left to secure, anyway.
This is a case of the other side of the coin of globalism. Big companies like to be able to move their operations around wherever they want to minimize expenses, but consumers also want to be able to shop wherever they want to minimize prices. The infrastructure that supports one also supports the other. We need to keep vigilant to make sure the laws equally support both.
Of course, in this case, Apple is probably just passing on the policies set by the recording companies in their contracts. If my guess is right, then hopefully they can use this ruling to get more equitable terms in their contracts.
Shenanigans!
If they fire 10% of their workforce every quarter then they would have a nearly 40%/year turnover rate simply from the firings. No way.
Or do you mean that the curve puts 0.1% of employees in the bottom 10% of the curve?
As to AC3, can't you just pipe the raw stream out a digital port from your computer to your sound system? If you have a surround sound system, they've already paid for a patent license to decode the AC3, so your computer can let it do the work and avoid the patent issue.
UDP has advantages and disadvantages.
UDP is connectionless--you just send a packet to a given IP/port and it goes there. This means that you can forge the from address to make it impossible to tell who is sending the file (provided your ISP doesn't filter those as bogus packets). Of course, you still need some way to get the request from the recipient to the sender (along with re-requests for lost packets).
UDP has no flow control--the sender sends as fast has he likes without any knowledge as to what the maximum bandwidth on the connection is. If the sender's direct upstream connection is the bottleneck, then that should be fine, but otherwise there may be huge packet loss. Also, because of the lack of flow control, it tends to hog the bandwidth instead of share the bandwidth.
Yeah, the whole thing is rather confusing until you understand exactly what all is going on.
Regular analog TV, whether broadcast NTSC/PAL/SECAM, older analog cable (for me, channels under 100), or regular VHS tapes, is a signal that is essentially fed directly to the electron beam in your traditional TV. There is some funky electronics magic going on, but essentially, each dot in each frame corresponds to a specific fraction of a millisecond of the signal. (Some analog cable channels are scrambled, and decoder boxes will correct the mangled signal. There was a project, fscktv, to do this with a video card, but I never saw it actually work.)
To record an analog signal, you have two important steps. First, you need a TV tuner card that digitizes the signal. Second, you need to compress the video into something managable, such as MPEG-2. The PVR-250 cards are popular because they do both steps.
Digital broadcast TV is simpler. You just need to extract the digital information from the broadcast, much like a modem gets the digital information encoded on a voice phone line. With digital broadcasts, the process of compressing the data is done by the broadcaster, so you don't need any extra work to get a MPEG-2 stream.
Satellite and digital cable, whether HDTV or regular resolution, are sent as MPEG-2 streams, but the problem is that they are selling access to the channels, so they usually encrypt the streams. They assume you'll use their decoder boxes that do two things. First, they unencrypt the stream. Then they decode the stream. By "decode," I mean play the MPEG stream. That means you're back to an analog signal, whether you're using composite, s-video, or component outputs. Even if you use DVI or HDMI, which are digital, it's a decoded signal, not the MPEG stream.
So to record digital cable or satellite broadcasts, you have to either re-encode the signal, which simply isn't feasible right now for HDTV, or you have to somehow get the signal before it's decoded. If your PVR is integrated with your cable or satellite box, it can get the original MPEG stream (which is how DirectTiVo works). The only other option is that some digital cable and satellite boxes have a firewire port that you can connect to your computer, where they send the MPEG stream. MythTV doesn't support that yet, but someone was working on it a while ago.
In theory, you can get a smart card from your cable company that plugs into devices with digital tuners, which allows them to unencrypt channels that you are subscribed to. Some of the more expensive HDTVs accept them so you can use them without a cable box. There's nothing really stopping someone from building a card for your computer that uses the same card.
The problem with recording HDTV is that you have to generate a MPEG2 stream from the component or DVI signal. Real-time encoding of HDTV signals takes vastly more work than encoding NTSC signals, so you can't buy a consumer-priced card that does it.
Fortunately, HDTV is broadcast as a MPEG2 stream to begin with (with additional error correction). So you can get a tuner card that simply saves the raw data that is broadcast. This works great for over-the-air signals. For satellite and cable, you need to get to the signal after it's been unencrypted, but before it's been decoded. Your two options are to use a decoder with firewire output, or to put your recorder into the decoder box (like TiVo does).
They get the science and technology wrong as often as right. It seems like every other episode where they enhance three pixels of an image to get a recognizable face in a reflection. Or there was the CSI:Miami where they got a saved email off of the wireless router that the person had connected through. At least when they got image data out of the NTSC overscan, they were using a real concept, even if the amount of overscan they recovered was vastly exaggerated.
Despite DigSafe, there was a major gas leak this summer during road construction near my work (I think it was related to installing a traffic light). I belive that the conclusion was that the gas main wasn't exactly where the records showed it. I've heard of other similar problems.
And when you're dealing with infrastructure that may a hundred years old, there simply aren't accurate records indicating where the pipes are.
I could see the corporate I.S. people using this to check on employee's desktop systems.
The theory is that the water essentially lubricates the fault, making it easier for it to move. The pumping does nothing to create pressure. Instead, it reduces the amount of pressure that has to build up before an earthquake hits. This means we get a bunch of small quakes relatively frequently instead of a big bad one when we least expect it.
So perhaps they should start similar pumping actions in California to allow for more smaller quakes to reduce the pressure buildup?
Cyrix was bought from National Semiconductor by Via.
Google on: Cyrix history
Imagine if the cast (and other creative people) from The Screen Savers were to independently produce new episodes (probably with a different name and slightly different format if they don't have all the rights). Then they would sell advertising just like any other TV show, but instead of broadcasting it on a network, they would release it on the Internet (probably using bittorrent).
What would make this viable? If TiVO and other PVRs included support for it. You could subscribe to Internet shows just like regular TV, and they would automatically be downloaded (and shared until you deleted them, with some bandwidth limits).
Perhaps you could find enough unemployed media people to do this on a volunteer basis (for the publicity) to demonstrate the concept. It's probably not viable yet to pay the necessary sallaries. (How many viewers would it require?) Still, it would be cool to seem someone try it.
I almost always receive LEGOs for Christmas--they're not just kids toys. (Well, maybe I'm eccentric.)
As to the direction of the LEGO sets, I usually find that most of them are junk, but some are cool, but what's cool will find widely-different opinions among different people. Personally, I'm disappointed that Harry Potter has pushed out most of the traditional castle sets, but I like the Star Wars sets. (Though I'm glad that both are making lots of money.) Mostly I buy the bulk tubs and train sets.
Of course, stay away from Mega Blocks. They don't fit the same.
I have my Myth box handling all my video, photos, and music.
In general, you have to deal with two sides of the issue: the format you get your media in, and the formats that your output device can handle. For me, that means I can do just about anything that doesn't have DRM involved. If instead of running your own system directly connected to you media setup, you rely on some consumer electronic solution (TiVo, etc.), you're going to have to deal with the formats accepted by that system. This is one reason a roll-your-own approach is so enticing.
Better yet, they send you a single email when you sign up with them, and they stamp that one. The idea is that known senders don't need stamps. This can solve the problem for mailing lists, as they get whitelisted when you subscribe.
- Sender establishes an SMTP connection.
- Mail server responds, indicating that it supports hashcash extensions
- Sender requests hashcash workload
- Mail server responds with complex computation based on Sender and Recipient
- Sender computes
- Sender sends message with computed hash
- Recipients spam filters add Sender to presumed-good whitelist
So the key would be having the computation be based on the sender and the recipient, so it can't be pre-computed (unless all spammers agree to use the same forged sender, which would be nice).Extensions are needed for mail filters, SMTP servers, and SMTP clients.
Much of the interview is the standard optimistic corporate smiley-face stuff you would expect. What I found interesting is the reference to a unified driver infrastructure. Apparently the bulk of their driver code is identical across platforms, so mostly what they need to maintain for Linux is a compatibility layer.
This is what they cite in not open sourcing the driver--too much of the unified code is licensed by them from third parties. (Now why don't they ask their sources about a dual GPL/proprietary license?)
The followup question that this raises is: Given that the base driver code is the same across platforms, are there any particular aspects of X or Linux that reduce performance?
Voter registration needs to be standardized. Because only US Citizens are allowed to vote, it would probably make sense to require a Social Security number. That would allow for easy removal of duplicate registrations across state lines (that doesn't happen now--college students and people with vacation homes can easily vote twice). It would also allow for easy removal of fellons in states that don't allow them to vote without accidentally removing people with similar names.
That's how we select our king. Long live Thorson! (Well, until Kelson assumes the throne in the spring.)
Context: SCA (At least in most kingdoms, the king is the victor in a tournament. In my experience, we're just as likely to get a good king as a good President.)
The state legislature elections in Nebraska are non-partisan. If you don't know the people when you go to vote, you can't just look at the party label on the ballot (it isn't there).
I would love to hear from people in Nebraska how this works in practice.
There are two wings of the Republican party. To be polite, I'll use terms that members of those wings would tend to agree with:
The Small Government Wing: These are the fiscal conservatives. Cut taxes, cut spending, reduce regulation, etc.
The Family Values Wing: These are the moral conservatives. Ban abortion, keep marriage traditional, keep smut and swearing off public airwaves, etc.
So the small government wing is fairly consistent with Libertarian Party (Badnarik) values, and the family values wing is fairly consistent with Constitution Party (Peroutka) values. So depending on where you see yourself as a disgruntled Republican, you have two options to express yourself.
BTW: Are you the trb that I used to work with at osf/tog?
Oh, I do have my reasons, I just don't feel the need to go into them here. I don't think I would change any opinions here, even if I tried.