Note: always check signatures when downloading software from unknown sources.
This kernel tarball is identical with the ones being distributed from ftp.us.kernel.org (dynamic mirrors), BUT IT DIDN'T HAVE TO BE. A trojaned kernel distributed from a private mirror could compromise any number of systems.
Always check downloaded files from unknown sources.
And all you need on the desktop you're connecting to is Terminal Services Server. Installed by default on Win2K Server, Whistler Server and XP Professional. (Not enabled by default on XP Professional but that's just one option to check.)
So, we can look forward soon to a worm which attacks TSS servers as CR* did with IIS. Since most people will have no idea that TSS is enabled (and people will enable it blindly just as they did with IIS in 2KPro) we'll be asking ourselves a month in whether it's legal to shut down Winboxen run by idiot admins and home users.
At least X has been field-tested, doesn't xhost + by default, and doesn't run without indications that it's running.
There's actually no reason Microsoft couldn't use XNS in place of their Passport authentication (and users would definitely benefit from the increased control over their information) -- unless they really aren't concerned about their users' privacy.
Actually, NASA didn't buy one -- they were GIVEN one by StarBridge. BIG difference.
Go to starbridge's site and poke around a bit. The "HAL 300" was enough to make me spew coffee on my monitor I was laughing so hard.
The "faster than the IBM Pacific Blue (when simulating a 4-bit adder)" claims put the nail in their coffin for me. These guys are hucksters of the worst kind.
I requested (and received) the official specifications for CPRM from 4C last week, as the CTO of a company producing content management solutions.
After digging through the specs I noticed that the encryption components appear to be based on 56-bit keyed C2 ciphers. The cipher appears to be a modified version of C2, the specs for which they had to send by regular mail.
The authentication phase (where the host software authenticates the drive) uses a 39-bit nonce (random number), which they claim doesn't have to be unpredictable. There is also, as you have noticed, an unused bit, always set to zero -- this makes me think that there's a back-door in the authentication system, perhaps to allow changing keys when they are inevitably cracked.
Security through obscurity, short key lengths, guessable random nonces for authentication, likely back-doors, an overly complex chain of security -- this sounds to me like another poorly designed protection scheme like CSS.
Do you feel that the 4C bunch hasn't learned much from the DeCSS debacle? How strong do you feel the actual security component of this system is (regardless of how notoriously bad an idea it is)? If the DMCA gets thrown out as unConstitutional as some think might happen, how high and dry will 4C be left when CPRM is open to reverse-engineering?
Yeah, but most of us aren't millionaires running high profile web logs,
and pretending to be actual editors or journalists.
Considering the number of stories (not many) that appear on/. even in
a given year repeatedly reposting the same stories as news is merely
incompetence.
They've already got the tools in place to prevent this -- typing "atari"
into your own site's search form is a small price to pay to prevent people
from thinking you're a complete idiot (those who don't already). Of course
keeping a list of links featured in stories with a simple script to check
for duplicates shouldn't take more than about 10 minutes to write (although
Malda and crew would apparently have to outsource the effort). They could
of course contract with some high-powered consultants who could introduce
them to the concept of a whiteboard or (heaven forbid) actual editorial
processes.
In any given week either IE or NS is "more secure", depending on the most recent security warnings. One could argue all year about which is inherently more secure. It often really comes down to trust issues and the tradeoff between apparent bugginess and featureset / browser religion. Neither of them is secure, neither of them is brazenly insecure (again, one could argue all year).
Back when the project started, the goal was to release 5.0 in under six months.
Yes, that was the original goal. Take the NS4 source, open it, and use an Open Source process to implement the next version. Problem? The NS4 code was, after years of patching, hacking, taping, and stringing it together, incomprehensible, unusable, and basically a dead-end.
So, the source had to be re-engineered -- read "rewritten". Once that decision was made Netscape had to decide whether to go forward, and they decided to go forward, supporting the Mozilla project even though it meant a complete rewrite -- that is, building a browser from scratch.
There are times when I respect the hell out of JWZ (whose comments you've linked to), and there are times when I think he's full of hot air. This time I respect his hot air. I think he's correct in saying that NS5 could've been done in 6 months -- with a set of really good programmers (like him), familiar with the code, with the right processes in place. Unfortunately, while there are some great programmers on Mozilla, some (minority) of the really good ones were not so familiar with the NS4 source. More importantly, the process of opening the source for outside development is largely different from the closed NS in-house process. This multiplies the schedule significantly (my guess is at least 100%).
For the open development process to take advantage of new programmers it has to expose them to the code. This exposure made it clear that those unfamiliar with NS4 code found it essentially unusable.
JWZ decided to leave, and I probably would've done the same in his shoes -- he'd put in his time, he saw the fast track to bringing NS5 to market, but he also realized (I believe) that the actual track that was taken (rebuilding from ground zero) would take a LONG time. That was probably pretty depressing for someone already tired of the Big Netscape culture that had developed.
So anyway, what do you have now? You have the bulk of a browser / web platform which is >95% standards compliant, supports XML at various levels, is cross-platform, implements a portable COM interface, is open source, etc.
Additionally, you have a plethora of open source development tools that have been needed for years: bugzilla, tinderbox, bonsai, etc., as well as open source crypto components and the numerous other open source modules that can be used in future applications.
And... Mozilla raises awareness about Open Source software to the point that the average AOLer is probably somewhat aware that the new Netscape is using that Open Source stuff. That's not a bad thing, IMHO.
While not making the 6-month window on the old NS4 source base is not amazing, the actual speed of development for the browser, tools, modules, and processes for large-scale Open Source development is nothing short of staggering. Of course, you're free not to use Mozilla or NS[56], but that doesn't diminish the magnitude of what has been done.
Unfortunately, Inside.com was wrong (or you're at least misinterpreting). Not only is the prize money split between successful hacks, but the conditions for a successful hack were never really laid out by SDMI. If you read over SDMI's rhetoric you'll realize that it will be a cold day in hell before they pay anyone anything.
Re:This is an incorrect definition of NP
on
Does P = NP?
·
· Score: 2
can someone explain how a Turing machine can possibly be
non-deterministic?
While it may be true that on the Internet no one knows you're a dog, the corollary is that once they find out you're a dog they can dig through the archives to see every place you've publicly urinated.
Over the last few weeks I've installed RH, Mandrake, and Debian over the Interet (not to mention OpenBSD). Download a floppy (or two or three depending on what you're installing), boot, select the appropriate Internet install, and away you go. For some distros the floppy you download may have to be a "network" floppy (which contains the appropriate drivers for network installation), but it's *always* documented where you download the floppies.
RTFM much?
As someone pointed out in this discussion,:C:ue::Ca:t:: is most likely being used to collect mountains of data on what you own or want (with the "value added" being the shovelware sites you're taken to when you scan in an ad for a lawn mower, or run the scanner over your CD collection). I personally don't care for this (colon (:) fetishists knowing what I might want to buy).
If we have drivers to read the protocol from the scanner, and understand how to go from scanned code to their web ads we can increase the level of noise in the system arbitrarily:
- collect code/url pairs in an open database (as many as we can get our hands on)
- write a user app that allow you to specify how many random code/url pairs to use when browsing an ad
- have that app get those url's
Example: I want to use the:::::::Q:Cat::: to get info on the new Widget. I fire up the software, specify "50", scan the widget and the software starts doing HTTP Gets to 50 random coded URL's, and the one URL I'm really interested in. The random ones go into the bit bucket, the one I'm interested in gets send to a browser (to do it right you'd have to make the User-Agent string look like your browser, etc.). The::: folks see a stream of 51 requests with no correlation whatsoever and can't do anything useful with the information.
It has been suggested in another forum that it is perhaps easiest to leave the mp3's in question on voice mail (since that seems to be where one gets sent when calling the RIAA).
Of course, faxing the mp3's (bonus points for creativity in method) to them at (202) 775-7253 would probably be the preferred method.:-)
Sorry for replying to myself, but I'm having a bit of fun with the whole idea...
They are evidently open to recieving our MP3's. Not in so many words, but a call to RIAA headquarters, explaining that I wanted to send my mp3's back was met without surprise by the front desk. They forwarded me to their piracy department where I was unfortunately forced to leave a voice mail. I told them, of course, that I was merely inquiring about where to send my mp3's. I made sure they knew they'd be getting them soon.
Time to fill up the hard disk on the old 386 and mail the machine to them I suppose...
Anyone who has mp3's downloaded from Napster should now repent -- send your mp3's back to the RIAA and tell them you've deleted them from your hard disk. Send them by email, or through the post on floppy/CD-R/Zip/DAT, etc.
by post: RIAA 1330 Connecticut Avenue N.W., Suite 300 Washington, D.C. 20036
While it is not easy to write working GC in a pointer environment, it is possible. It also has been done repeatedly. In the face of adversarial code one has to essentially use "smart" pointers (very smart actually) such as can be constructed in C++ (this is obviously not a Java phenomenon). When one has control of the language, however, GC becomes even more straightforward (as you know where every pointer could potentially be created). Probably the reason M$ has punted here is that they've never been able to code a working memory management system to this date (I have yet to see a version of a M$ product which didn't leak memory, and the underlying OS is the worst culprit).
It's easy to remember if you use mnemonics like "Must Call Someone Else", "Microsoft certified, seldom employable", or even "Major Crisis Starting Expert". Although on the VB issue, given that VB is programming (which is oftentimes a stretch), MCSD can easily be remembered by the handy mnemonics "My Code Suddenly Dies", "Machine Crashed, System Down", "Me Code! See Dialog?" or even "Mouse clicking shape dragger". It's easy with these simple memory improvement tricks!
And preloading doesn't explain IE's excellent CSS2, VML and XML support. Nor does it explain why IE is faster at rendering AFTER it's loaded.
The rendering engine renders incrementally, which is a better way to render than waiting for the entire page to load before rendering. But as far as support for those standards. IE supports some XHTML, which is an XML subset, CSS2 support is fairly laughable, although CSS1 is pretty much there. VML I don't know about (who cares anyway?).
IE5.* is a far better product than Netscape 4.*. Unfortunately it's still a prime example of monopoly leveraging and embrace-and-extend standards busting that both MS and NS have done in every supposedly standards-compliant product they've released. NS6 is already more standards compliant than IE, and a far better piece of software in general. Of course it's easy to see how well written Mozilla is when you can read through the source.
Slashdot Mirror
This kernel tarball is identical with the ones being distributed from ftp.us.kernel.org (dynamic mirrors), BUT IT DIDN'T HAVE TO BE. A trojaned kernel distributed from a private mirror could compromise any number of systems.
Always check downloaded files from unknown sources.
md5sum:
ftp.us.kernel.org kernel: 8b0f6c18e9c09ca1e5d0bbbed95f7ef2
ecliptik mirror kernel: 8b0f6c18e9c09ca1e5d0bbbed95f7ef2
gpg sigs match, using:
% gpg --verify linux-2.4.9.tar.gz.sign linux-2.4.9.tar.gz
But -- DON'T TAKE MY WORD FOR IT! CHECK THEM YOURSELF.
So, we can look forward soon to a worm which attacks TSS servers as CR* did with IIS. Since most people will have no idea that TSS is enabled (and people will enable it blindly just as they did with IIS in 2KPro) we'll be asking ourselves a month in whether it's legal to shut down Winboxen run by idiot admins and home users.
At least X has been field-tested, doesn't xhost + by default, and doesn't run without indications that it's running.
There's actually no reason Microsoft couldn't use XNS in place of their Passport authentication (and users would definitely benefit from the increased control over their information) -- unless they really aren't concerned about their users' privacy.
Maybe if enough people pushed for it...
Go to starbridge's site and poke around a bit. The "HAL 300" was enough to make me spew coffee on my monitor I was laughing so hard.
The "faster than the IBM Pacific Blue (when simulating a 4-bit adder)" claims put the nail in their coffin for me. These guys are hucksters of the worst kind.
After digging through the specs I noticed that the encryption components appear to be based on 56-bit keyed C2 ciphers. The cipher appears to be a modified version of C2, the specs for which they had to send by regular mail.
The authentication phase (where the host software authenticates the drive) uses a 39-bit nonce (random number), which they claim doesn't have to be unpredictable. There is also, as you have noticed, an unused bit, always set to zero -- this makes me think that there's a back-door in the authentication system, perhaps to allow changing keys when they are inevitably cracked.
Security through obscurity, short key lengths, guessable random nonces for authentication, likely back-doors, an overly complex chain of security -- this sounds to me like another poorly designed protection scheme like CSS.
Do you feel that the 4C bunch hasn't learned much from the DeCSS debacle? How strong do you feel the actual security component of this system is (regardless of how notoriously bad an idea it is)? If the DMCA gets thrown out as unConstitutional as some think might happen, how high and dry will 4C be left when CPRM is open to reverse-engineering?
Save yourself the headache and set up an IPSec VPN. PPTP is considered by many to be insecure. Fortunately even Microsoft is moving to IPSec.
Considering the number of stories (not many) that appear on /. even in
a given year repeatedly reposting the same stories as news is merely
incompetence.
They've already got the tools in place to prevent this -- typing "atari" into your own site's search form is a small price to pay to prevent people from thinking you're a complete idiot (those who don't already). Of course keeping a list of links featured in stories with a simple script to check for duplicates shouldn't take more than about 10 minutes to write (although Malda and crew would apparently have to outsource the effort). They could of course contract with some high-powered consultants who could introduce them to the concept of a whiteboard or (heaven forbid) actual editorial processes.
In any given week either IE or NS is "more secure", depending on the most recent security warnings. One could argue all year about which is inherently more secure. It often really comes down to trust issues and the tradeoff between apparent bugginess and featureset / browser religion. Neither of them is secure, neither of them is brazenly insecure (again, one could argue all year).
Yes, that was the original goal. Take the NS4 source, open it, and use an Open Source process to implement the next version. Problem? The NS4 code was, after years of patching, hacking, taping, and stringing it together, incomprehensible, unusable, and basically a dead-end.
So, the source had to be re-engineered -- read "rewritten". Once that decision was made Netscape had to decide whether to go forward, and they decided to go forward, supporting the Mozilla project even though it meant a complete rewrite -- that is, building a browser from scratch.
There are times when I respect the hell out of JWZ (whose comments you've linked to), and there are times when I think he's full of hot air. This time I respect his hot air. I think he's correct in saying that NS5 could've been done in 6 months -- with a set of really good programmers (like him), familiar with the code, with the right processes in place. Unfortunately, while there are some great programmers on Mozilla, some (minority) of the really good ones were not so familiar with the NS4 source. More importantly, the process of opening the source for outside development is largely different from the closed NS in-house process. This multiplies the schedule significantly (my guess is at least 100%).
For the open development process to take advantage of new programmers it has to expose them to the code. This exposure made it clear that those unfamiliar with NS4 code found it essentially unusable.
JWZ decided to leave, and I probably would've done the same in his shoes -- he'd put in his time, he saw the fast track to bringing NS5 to market, but he also realized (I believe) that the actual track that was taken (rebuilding from ground zero) would take a LONG time. That was probably pretty depressing for someone already tired of the Big Netscape culture that had developed.
So anyway, what do you have now? You have the bulk of a browser / web platform which is >95% standards compliant, supports XML at various levels, is cross-platform, implements a portable COM interface, is open source, etc.
Additionally, you have a plethora of open source development tools that have been needed for years: bugzilla, tinderbox, bonsai, etc., as well as open source crypto components and the numerous other open source modules that can be used in future applications.
And... Mozilla raises awareness about Open Source software to the point that the average AOLer is probably somewhat aware that the new Netscape is using that Open Source stuff. That's not a bad thing, IMHO.
While not making the 6-month window on the old NS4 source base is not amazing, the actual speed of development for the browser, tools, modules, and processes for large-scale Open Source development is nothing short of staggering. Of course, you're free not to use Mozilla or NS[56], but that doesn't diminish the magnitude of what has been done.
Unfortunately, Inside.com was wrong (or you're at least misinterpreting). Not only is the prize money split between successful hacks, but the conditions for a successful hack were never really laid out by SDMI. If you read over SDMI's rhetoric you'll realize that it will be a cold day in hell before they pay anyone anything.
yes
Over the last few weeks I've installed RH, Mandrake, and Debian over the Interet (not to mention OpenBSD). Download a floppy (or two or three depending on what you're installing), boot, select the appropriate Internet install, and away you go. For some distros the floppy you download may have to be a "network" floppy (which contains the appropriate drivers for network installation), but it's *always* documented where you download the floppies. RTFM much?
If we have drivers to read the protocol from the scanner, and understand how to go from scanned code to their web ads we can increase the level of noise in the system arbitrarily:
- collect code/url pairs in an open database (as many as we can get our hands on)
- write a user app that allow you to specify how many random code/url pairs to use when browsing an ad
- have that app get those url's
Example: I want to use the :::::::Q:Cat::: to get info on the new Widget. I fire up the software, specify "50", scan the widget and the software starts doing HTTP Gets to 50 random coded URL's, and the one URL I'm really interested in. The random ones go into the bit bucket, the one I'm interested in gets send to a browser (to do it right you'd have to make the User-Agent string look like your browser, etc.). The ::: folks see a stream of 51 requests with no correlation whatsoever and can't do anything useful with the information.
If you want to send them a message, go over to Give back the mp3's! and join in...
Of course, faxing the mp3's (bonus points for creativity in method) to them at (202) 775-7253 would probably be the preferred method. :-)
Sorry for replying to myself, but I'm having a bit of fun with the whole idea...
Time to fill up the hard disk on the old 386 and mail the machine to them I suppose...
Anyone who has mp3's downloaded from Napster should now repent -- send your mp3's back to the RIAA and tell them you've deleted them from your hard disk. Send them by email, or through the post on floppy/CD-R/Zip/DAT, etc.
by post:
RIAA
1330 Connecticut Avenue N.W., Suite 300
Washington, D.C. 20036
by email: (report piracy email address) -- cdreward@riaa.com
You might also want to pick up the phone and call them... tell them you wish to send your mp3's back and ask where to send them.
Telephone: (202) 775-0101
Why would it not be considered one?
Actually, it's basic human WRONG.
It's easy to remember if you use mnemonics like "Must Call Someone Else", "Microsoft certified, seldom employable", or even "Major Crisis Starting Expert". Although on the VB issue, given that VB is programming (which is oftentimes a stretch), MCSD can easily be remembered by the handy mnemonics "My Code Suddenly Dies", "Machine Crashed, System Down", "Me Code! See Dialog?" or even "Mouse clicking shape dragger". It's easy with these simple memory improvement tricks!
Why bother?
The rendering engine renders incrementally, which is a better way to render than waiting for the entire page to load before rendering. But as far as support for those standards. IE supports some XHTML, which is an XML subset, CSS2 support is fairly laughable, although CSS1 is pretty much there. VML I don't know about (who cares anyway?).
IE5.* is a far better product than Netscape 4.*. Unfortunately it's still a prime example of monopoly leveraging and embrace-and-extend standards busting that both MS and NS have done in every supposedly standards-compliant product they've released. NS6 is already more standards compliant than IE, and a far better piece of software in general. Of course it's easy to see how well written Mozilla is when you can read through the source.
Should that be www.befound.co.uk. There's a big difference.