Anyone with an abysmal Motorola DCT2000 terminal can tell you, this is a damn shame. Channel changes take over a second, the online menu and guide are slow as molasses, the GUI is clumsy and inefficient, and it's pretty much the only choice in Comcast areas. An integrated PVR and cable terminal would open up a ton of possibilities for consumers. Unfortunately it looks like the FCC and cable providers will be dictating what features we are allowed to have out of our TV.
Now the fears about open source aren't completely irrational - it's true that closed implementations make hacking digital cable much harder. There is currently no working digital cable descrambler, and DSS is getting harder and harder to decrypt. The industry knows that restricting the information and licenses does work. It's just too bad that this means consumers are stuck with a minimal set of features, ugly, slow, beasts like the DCT2000, and higher prices due to proprietary technology.
As we all know, Thursday August 14, 2003 marked the start of the single largest electrical blackout ever. While power is being brought back and critical services restored, we turn our attention to a question: What was the cause of the blackout? We have conflicting reports from multiple sources. Was it lightning? A fire at a power station? Multiple downed lines in the Mid-West? Electricity insiders are now indicating a different source for the problem - a certain company in Redmond, WA. Microsoft Corporation, to say the least, has struggled with its image over the years. The company has a slight reputation for putting security on the back burner while concentrating on flashy features that will appeal to the home user, such as MAPI and COM+. Security experts have criticized Microsoft in the past for a practice known as "full disclosure." Security expert Bruce Schneier accuses [counterpane.com], "Microsoft is leading the charge to... the free flow of computer security vulnerabilities." Against the advice of experts, Microsoft provides comprehensive information on the causes and inner workings of their security problems. This is so that other developers will be able to write fixes themselves, freeing Microsoft of the responsibility.
Microsoft, in its insistence on releasing detailed explanations of vulnerabilities, is enabling attackers to write exploits! Is no one surprised that Microsoft's infantile approach to security concerns has finally caused real financial damage?
I am speaking, of course, of the "MS Blaster" computer virus that has been terrorizing Microsoft computers of late. The word from electricity industry insiders is that the Microsoft worm is the most likely cause for the historic blackout of 2003.
Canadian officials have determined that a power control computer, responsible for adjusting the flow of electricity across the US/Canada border, was attacked on the afternoon of August 14, 2003. The computer was even behind a firewall but as we know, a firewall does not protect you from inside attacks. Network traffic indicates that a Canadian user on-site was playing the popular computer game Everquest during working hours, which caused the virus to be downloaded to his hard drive - effectively bypassing the firewall. From there, it was on to the operations servers, which remained vulnerable. When the infected PC went haywire, operators were forced to shut it down, which completely disabled the flow of electricity across the US/Canada border. This had a ripple effect on the already beleaguered power grid, causing the blackouts in major cities such as New York, Detroit, and Cleveland. Boston was largely unaffected due to its reliance on GNU/Linux and open source software.
Do you want to hear the real kicker? Some time last month, Microsoft posted a detailed explanation of the "RPC bug," the very security hole that Blaster uses to infiltrate computers. Coincidence? Microsoft releases an explanation, and less than a month later a massive worm is sent onto the Internet that exploits the very same hole! Is anyone still convinced that "full disclosure" is a good idea?
Tell me this: If Microsoft hadn't released the details, how on earth would an attacker have known how to write an exploit for the "RPC hole?" If you think full disclosure is a good idea, tell that to the families of the victims in New York, Detroit, and Cleveland. Microsoft has willingly provided the tools necessary to cripple the United States' information infrastructure. These tools are accessible to anyone - even our terrorist enemies. Tell me, how does this make Microsoft any better than the terrorists themselves? The answer here is clear: Full disclosure is information terrorism. I urge you all to write to your legislators and end this dangerous practice once and for all. We need to make companies take responsibility for their security issues, and end the information terrorism known as full disclosure. God Bless America.
As we all know, Thursday August 14, 2003 marked the start of the single largest electrical blackout ever. While power is being brought back and critical services restored, we turn our attention to a question: What was the cause of the blackout? We have conflicting reports from multiple sources. Was it lightning? A fire at a power station? Multiple downed lines in the Mid-West? Electricity insiders are now indicating a different source for the problem - a certain company in Redmond, WA.
Microsoft Corporation, to say the least, has struggled with its image over the years. The company has a slight reputation for putting security on the back burner while concentrating on flashy features that will appeal to the home user, such as MAPI and COM+. Security experts have criticized Microsoft in the past for a practice known as "full disclosure." Security expert Bruce Schneier accuses, "Microsoft is leading the charge to... the free flow of computer security vulnerabilities." Against the advice of experts, Microsoft provides comprehensive information on the causes and inner workings of their security problems. This is so that other developers will be able to write fixes themselves, freeing Microsoft of the responsibility.
Microsoft, in its insistence on releasing detailed explanations of vulnerabilities, is enabling attackers to write exploits! Is no one surprised that Microsoft's infantile approach to security concerns has finally caused real financial damage?
I am speaking, of course, of the "MS Blaster" computer virus that has been terrorizing Microsoft computers of late. The word from electricity industry insiders is that the Microsoft worm is the most likely cause for the historic blackout of 2003.
Canadian officials have determined that a power control computer, responsible for adjusting the flow of electricity across the US/Canada border, was attacked on the afternoon of August 14, 2003. The computer was even behind a firewall but as we know, a firewall does not protect you from inside attacks. Network traffic indicates that a Canadian user on-site was playing the popular computer game Everquest during working hours, which caused the virus to be downloaded to his hard drive - effectively bypassing the firewall. From there, it was on to the operations servers, which remained vulnerable. When the infected PC went haywire, operators were forced to shut it down, which completely disabled the flow of electricity across the US/Canada border. This had a ripple effect on the already beleaguered power grid, causing the blackouts in major cities such as New York, Detroit, and Cleveland. Boston was largely unaffected due to its reliance on GNU/Linux and open source software.
Do you want to hear the real kicker? Some time last month, Microsoft posted a detailed explanation of the "RPC bug," the very security hole that Blaster uses to infiltrate computers. Coincidence? Microsoft releases an explanation, and less than a month later a massive worm is sent onto the Internet that exploits the very same hole! Is anyone still convinced that "full disclosure" is a good idea?
Tell me this: If Microsoft hadn't released the details, how on earth would an attacker have known how to write an exploit for the "RPC hole?" If you think full disclosure is a good idea, tell that to the families of the victims in New York, Detroit, and Cleveland. Microsoft has willingly provided the tools necessary to cripple the United States' information infrastructure. These tools are accessible to anyone - even our terrorist enemies. Tell me, how does this make Microsoft any better than the terrorists themselves? The answer here is clear: Full disclosure is information terrorism. I urge you all to write to your legislators and end this dangerous practice once and for all. We need to make companies take responsibility for their security issues, and end the information terrorism known as full disclosure. God Bless America.
The number is 105885. Vote up! I see there are a few add-ons that allow this, I don't see why it's not part of the main browser though. I will try the add-ons but I'm expecting them to be a little clunky.
p.s., any idea why they don't allow links from Slashdot? Are they afraid of being linked from the front page?
This is my one feature request: Draggable tabs. There is no way to rearrange the order that the tabs are displayed in - you should be able to drag them left and right in the browser window. Once you open a tab, you are stuck with its position relative to your other tabs. Doesn't seem hard to do, and it's been in bugzilla for years.
All computer applications fall into one of three baskets: information retrieval, database interaction, and content creation. History shows that the Web browser, or something like it, is the right way to do the first two.
I disagree with his pigeonholes but that's not the issue. Every app I write would fall into the second category, and there is one universal truth: Web applications take longer to develop. End of story. Who knows, maybe it will be different later on. For now, the same application will take less time to develop for Winforms or VB6 than for a web platform. GUI development is just more mature and more adapted to PC-based apps. History doesn't show anything - users are perfectly happy with a 'database interaction' app running in a browser, or one running on a PC. They care about if it works, not what platform it's on. Managers care about how much it will cost, and PC-based apps have historically, and continue to, cost less. I don't know if this guy has some kind of open-source standards-based XML wet dream, but he's pretty much wrong.
I know, when I saw that 750,000 statistic the first thing I thought was you'd have to be insane to invest in that company. There is no way they are going to reach that number. If there is a number that high in the normally optimistic pre-launch hype, something is seriously wrong.
Here it comes, let's hear everyone chime in "I've never been paid to write a single line of code but somehow I consider myself an authority on the subject, and you're an idiot if you don't write 100% correct, well-documented, readable, fully-tested, on-time, and on-spec code."
Folks, this is the real world. Listen carefully: It never works out that way.
It looks like they are hoping the subscription model and large library will appeal to an untapped market of casual gamers, who might not pony up $50 per game but would happily pay a subscription fee for access to a bunch of games.
EDRs are not found in all cars with airbags. Since all new cars have airbags, wouldn't this mean there's an EDR in every new car? I don't know where you got that idea. For now, GM is pretty much the only company installing them.
It's not on the level of the lone gunmen spoiler or anything, but still - nobody has actually seen the awards show, so maybe you should assume that SOME of us want to be surprised? Yeah I know it's been taped already, but it doesn't air until Thursday. Being as not a single Slashdot reader has actually seen the show, this should be posted with a spoiler warning.
That's a coincidence - I started that thread (my nick there is Rhobite). I did read that post, but I don't have the ability to burn a PROM, I also don't know how to solder. You'd still need a kernel with the modified initrd, do you know if anyone has done that? Maybe I should revisit hacking my S2.
Last, with monte-mips - I don't understand. Does this require a known vulnerability like BASH_ENV to be used? I don't think 4.0 has any known vulnerabilities yet, and you can't really rely on this method because TiVo inc. is bound to fix it. No, I think I'll stick with my initial plan - by the time my S2 is obsolete, I'm sure an open DVR will be on the market, or the hardware will be cheap enough to build one myself.
Yeah, well, too late for that. TiVo has completely locked down the Series2 model, so much for an 'unspoken deal.' The Series2 uses public key cryptography to restrict the software you can run on it. The backdoor code hasn't been found for either OS 3.2 or OS 4.0. I love my TiVo, but it will be my last - by the time it's obsolete, I'm sure there will be an affordable, open, DVR.
This book is useless! Do people know that most of the TiVo hacks can only be done to the Series 1 units, which are basically unsupported by TiVo Inc.? Series 1 units can't connect to the Internet (officially), they will not receive the new 4.0 software update, they don't have USB ports, they are slower than Series 2. There are some great hacks you can do to a S1 such as programming it remotely, caller ID, and instant messaging. But as of now the Series 2 can't be hacked, although you could add a new hard drive, and some of the 'hacks' are supported officially by the new Home Media Option.
Eventually someone will figure out how to hack the Series2, this will almost definitely involve replacing the unit's PROM chip (aka BIOS), then installing a new kernel that would allow hacks. Of course, that won't be in this book because it hasn't been figured out yet.
What a good idea, ruined by a horribly unfunny article. Maybe someone with an actual sense of humor could forget that one and write a new 'Information Minister' sketch.
There is only one reason to use managed C++ in.NET, and that is if you already know C++ or you want to bring in existing C++ code. That's it. If you're going to do.net development, and you don't know either language, there's absolutely no reason to learn C++ over C#. The only reason it's there is for compatibility. Also if you have a Java background C# will be much easier to pick up.
And one more thing, drop the elitism. Maybe VB isn't the answer to your programming questions, but when I need a graphical app done in a couple of weeks I can think of no better tool. I'm not going to restrict myself to perl or whatever language is en vogue with the free software community.
I hacked together a bencode parser in VB, works fine. I'll trade it to you for a free SHA1 implementation:)
Seriously though, what are you getting stuck on? I found it was easy to conceptualize when I realized a dictionary is just a list with labels. Since each piece of data can be part of a dict or a list, I made a BEKey class (think that's what I named it) with an optional name. The ONLY difference between keys in a dict and keys in a list, is the ones in a dict have names. And of course the BEKey could be a dictionary or list itself, so it would contain other BEKeys. The parser walks through the file recursively and built a tree of BEKey objects. Lemme know what you're having trouble with. I agree it's a moronic format but you only have to write the library once.. Bram Cohen really should have used XML. The extra space used is trivial, after all people are using this to send around gigabyte-long files - I don't think a few hundred K of highly compressible XML will kill anyone's pipe.
Slashdot Mirror
Anyone with an abysmal Motorola DCT2000 terminal can tell you, this is a damn shame. Channel changes take over a second, the online menu and guide are slow as molasses, the GUI is clumsy and inefficient, and it's pretty much the only choice in Comcast areas. An integrated PVR and cable terminal would open up a ton of possibilities for consumers. Unfortunately it looks like the FCC and cable providers will be dictating what features we are allowed to have out of our TV.
Now the fears about open source aren't completely irrational - it's true that closed implementations make hacking digital cable much harder. There is currently no working digital cable descrambler, and DSS is getting harder and harder to decrypt. The industry knows that restricting the information and licenses does work. It's just too bad that this means consumers are stuck with a minimal set of features, ugly, slow, beasts like the DCT2000, and higher prices due to proprietary technology.
And you people modded me down when I scooped the Blaster story. Now who's laughing?
... the free flow of computer security vulnerabilities." Against the advice of experts, Microsoft provides comprehensive information on the causes and inner workings of their security problems. This is so that other developers will be able to write fixes themselves, freeing Microsoft of the responsibility.
Blackout 2003: The search for answers
As we all know, Thursday August 14, 2003 marked the start of the single largest electrical blackout ever. While power is being brought back and critical services restored, we turn our attention to a question: What was the cause of the blackout? We have conflicting reports from multiple sources. Was it lightning? A fire at a power station? Multiple downed lines in the Mid-West? Electricity insiders are now indicating a different source for the problem - a certain company in Redmond, WA.
Microsoft Corporation, to say the least, has struggled with its image over the years. The company has a slight reputation for putting security on the back burner while concentrating on flashy features that will appeal to the home user, such as MAPI and COM+. Security experts have criticized Microsoft in the past for a practice known as "full disclosure." Security expert Bruce Schneier accuses [counterpane.com], "Microsoft is leading the charge to
Microsoft, in its insistence on releasing detailed explanations of vulnerabilities, is enabling attackers to write exploits! Is no one surprised that Microsoft's infantile approach to security concerns has finally caused real financial damage?
I am speaking, of course, of the "MS Blaster" computer virus that has been terrorizing Microsoft computers of late. The word from electricity industry insiders is that the Microsoft worm is the most likely cause for the historic blackout of 2003.
Canadian officials have determined that a power control computer, responsible for adjusting the flow of electricity across the US/Canada border, was attacked on the afternoon of August 14, 2003. The computer was even behind a firewall but as we know, a firewall does not protect you from inside attacks. Network traffic indicates that a Canadian user on-site was playing the popular computer game Everquest during working hours, which caused the virus to be downloaded to his hard drive - effectively bypassing the firewall. From there, it was on to the operations servers, which remained vulnerable. When the infected PC went haywire, operators were forced to shut it down, which completely disabled the flow of electricity across the US/Canada border. This had a ripple effect on the already beleaguered power grid, causing the blackouts in major cities such as New York, Detroit, and Cleveland. Boston was largely unaffected due to its reliance on GNU/Linux and open source software.
Do you want to hear the real kicker? Some time last month, Microsoft posted a detailed explanation of the "RPC bug," the very security hole that Blaster uses to infiltrate computers. Coincidence? Microsoft releases an explanation, and less than a month later a massive worm is sent onto the Internet that exploits the very same hole! Is anyone still convinced that "full disclosure" is a good idea?
Tell me this: If Microsoft hadn't released the details, how on earth would an attacker have known how to write an exploit for the "RPC hole?" If you think full disclosure is a good idea, tell that to the families of the victims in New York, Detroit, and Cleveland. Microsoft has willingly provided the tools necessary to cripple the United States' information infrastructure. These tools are accessible to anyone - even our terrorist enemies. Tell me, how does this make Microsoft any better than the terrorists themselves? The answer here is clear: Full disclosure is information terrorism. I urge you all to write to your legislators and end this dangerous practice once and for all. We need to make companies take responsibility for their security issues, and end the information terrorism known as full disclosure. God Bless America.
Microsoft Corporation, to say the least, has struggled with its image over the years. The company has a slight reputation for putting security on the back burner while concentrating on flashy features that will appeal to the home user, such as MAPI and COM+. Security experts have criticized Microsoft in the past for a practice known as "full disclosure." Security expert Bruce Schneier accuses, "Microsoft is leading the charge to ... the free flow of computer security vulnerabilities." Against the advice of experts, Microsoft provides comprehensive information on the causes and inner workings of their security problems. This is so that other developers will be able to write fixes themselves, freeing Microsoft of the responsibility.
Microsoft, in its insistence on releasing detailed explanations of vulnerabilities, is enabling attackers to write exploits! Is no one surprised that Microsoft's infantile approach to security concerns has finally caused real financial damage?
I am speaking, of course, of the "MS Blaster" computer virus that has been terrorizing Microsoft computers of late. The word from electricity industry insiders is that the Microsoft worm is the most likely cause for the historic blackout of 2003.
Canadian officials have determined that a power control computer, responsible for adjusting the flow of electricity across the US/Canada border, was attacked on the afternoon of August 14, 2003. The computer was even behind a firewall but as we know, a firewall does not protect you from inside attacks. Network traffic indicates that a Canadian user on-site was playing the popular computer game Everquest during working hours, which caused the virus to be downloaded to his hard drive - effectively bypassing the firewall. From there, it was on to the operations servers, which remained vulnerable. When the infected PC went haywire, operators were forced to shut it down, which completely disabled the flow of electricity across the US/Canada border. This had a ripple effect on the already beleaguered power grid, causing the blackouts in major cities such as New York, Detroit, and Cleveland. Boston was largely unaffected due to its reliance on GNU/Linux and open source software.
Do you want to hear the real kicker? Some time last month, Microsoft posted a detailed explanation of the "RPC bug," the very security hole that Blaster uses to infiltrate computers. Coincidence? Microsoft releases an explanation, and less than a month later a massive worm is sent onto the Internet that exploits the very same hole! Is anyone still convinced that "full disclosure" is a good idea?
Tell me this: If Microsoft hadn't released the details, how on earth would an attacker have known how to write an exploit for the "RPC hole?" If you think full disclosure is a good idea, tell that to the families of the victims in New York, Detroit, and Cleveland. Microsoft has willingly provided the tools necessary to cripple the United States' information infrastructure. These tools are accessible to anyone - even our terrorist enemies. Tell me, how does this make Microsoft any better than the terrorists themselves? The answer here is clear: Full disclosure is information terrorism. I urge you all to write to your legislators and end this dangerous practice once and for all. We need to make companies take responsibility for their security issues, and end the information terrorism known as full disclosure. God Bless America.
The number is 105885. Vote up! I see there are a few add-ons that allow this, I don't see why it's not part of the main browser though. I will try the add-ons but I'm expecting them to be a little clunky.
p.s., any idea why they don't allow links from Slashdot? Are they afraid of being linked from the front page?
This is my one feature request: Draggable tabs. There is no way to rearrange the order that the tabs are displayed in - you should be able to drag them left and right in the browser window. Once you open a tab, you are stuck with its position relative to your other tabs. Doesn't seem hard to do, and it's been in bugzilla for years.
All computer applications fall into one of three baskets: information retrieval, database interaction, and content creation. History shows that the Web browser, or something like it, is the right way to do the first two.
I disagree with his pigeonholes but that's not the issue. Every app I write would fall into the second category, and there is one universal truth: Web applications take longer to develop. End of story. Who knows, maybe it will be different later on. For now, the same application will take less time to develop for Winforms or VB6 than for a web platform. GUI development is just more mature and more adapted to PC-based apps. History doesn't show anything - users are perfectly happy with a 'database interaction' app running in a browser, or one running on a PC. They care about if it works, not what platform it's on. Managers care about how much it will cost, and PC-based apps have historically, and continue to, cost less. I don't know if this guy has some kind of open-source standards-based XML wet dream, but he's pretty much wrong.
I know, when I saw that 750,000 statistic the first thing I thought was you'd have to be insane to invest in that company. There is no way they are going to reach that number. If there is a number that high in the normally optimistic pre-launch hype, something is seriously wrong.
Here it comes, let's hear everyone chime in "I've never been paid to write a single line of code but somehow I consider myself an authority on the subject, and you're an idiot if you don't write 100% correct, well-documented, readable, fully-tested, on-time, and on-spec code."
Folks, this is the real world. Listen carefully: It never works out that way.
It looks like they are hoping the subscription model and large library will appeal to an untapped market of casual gamers, who might not pony up $50 per game but would happily pay a subscription fee for access to a bunch of games.
Feel free to not buy the damn thing. Or would you prefer to make it illegal for companies to produce devices that inconvenience your copying?
You misspelled the words existence, thereof, referenced, absolutely, and tainted. Thanks for correcting my grammar, though.
Stupidity is not a religion, but you sir are still an idiot if you believe one is no more probable than the other.
What do you mean fake? I met my Thai love slave on Yahoo Personals. How much more real could you get?
We are talking about people who think the universe began in 4004 BC, a belief that is just as ludicrous as thinking pi equals 3.
EDRs are not found in all cars with airbags. Since all new cars have airbags, wouldn't this mean there's an EDR in every new car? I don't know where you got that idea. For now, GM is pretty much the only company installing them.
Wow! 3.0 is on my alternate partition anyway, so I guess I'd just have to install monte-mips and set the bootpage.. I think I may try this. Thanks.
It's not on the level of the lone gunmen spoiler or anything, but still - nobody has actually seen the awards show, so maybe you should assume that SOME of us want to be surprised? Yeah I know it's been taped already, but it doesn't air until Thursday. Being as not a single Slashdot reader has actually seen the show, this should be posted with a spoiler warning.
That's a coincidence - I started that thread (my nick there is Rhobite). I did read that post, but I don't have the ability to burn a PROM, I also don't know how to solder. You'd still need a kernel with the modified initrd, do you know if anyone has done that? Maybe I should revisit hacking my S2.
Last, with monte-mips - I don't understand. Does this require a known vulnerability like BASH_ENV to be used? I don't think 4.0 has any known vulnerabilities yet, and you can't really rely on this method because TiVo inc. is bound to fix it. No, I think I'll stick with my initial plan - by the time my S2 is obsolete, I'm sure an open DVR will be on the market, or the hardware will be cheap enough to build one myself.
Yeah, well, too late for that. TiVo has completely locked down the Series2 model, so much for an 'unspoken deal.' The Series2 uses public key cryptography to restrict the software you can run on it. The backdoor code hasn't been found for either OS 3.2 or OS 4.0. I love my TiVo, but it will be my last - by the time it's obsolete, I'm sure there will be an affordable, open, DVR.
This book is useless! Do people know that most of the TiVo hacks can only be done to the Series 1 units, which are basically unsupported by TiVo Inc.? Series 1 units can't connect to the Internet (officially), they will not receive the new 4.0 software update, they don't have USB ports, they are slower than Series 2. There are some great hacks you can do to a S1 such as programming it remotely, caller ID, and instant messaging. But as of now the Series 2 can't be hacked, although you could add a new hard drive, and some of the 'hacks' are supported officially by the new Home Media Option.
Eventually someone will figure out how to hack the Series2, this will almost definitely involve replacing the unit's PROM chip (aka BIOS), then installing a new kernel that would allow hacks. Of course, that won't be in this book because it hasn't been figured out yet.
What a good idea, ruined by a horribly unfunny article. Maybe someone with an actual sense of humor could forget that one and write a new 'Information Minister' sketch.
Ah, voter intelligence tests. That's never been used for miserable, racist purposes before.
Yes, you do realize you have just suggested fascism, right? If only we didn't have to deal with those stupid voters.
There is only one reason to use managed C++ in .NET, and that is if you already know C++ or you want to bring in existing C++ code. That's it. If you're going to do .net development, and you don't know either language, there's absolutely no reason to learn C++ over C#. The only reason it's there is for compatibility. Also if you have a Java background C# will be much easier to pick up.
And one more thing, drop the elitism. Maybe VB isn't the answer to your programming questions, but when I need a graphical app done in a couple of weeks I can think of no better tool. I'm not going to restrict myself to perl or whatever language is en vogue with the free software community.
I hacked together a bencode parser in VB, works fine. I'll trade it to you for a free SHA1 implementation :)
Seriously though, what are you getting stuck on? I found it was easy to conceptualize when I realized a dictionary is just a list with labels. Since each piece of data can be part of a dict or a list, I made a BEKey class (think that's what I named it) with an optional name. The ONLY difference between keys in a dict and keys in a list, is the ones in a dict have names. And of course the BEKey could be a dictionary or list itself, so it would contain other BEKeys. The parser walks through the file recursively and built a tree of BEKey objects. Lemme know what you're having trouble with. I agree it's a moronic format but you only have to write the library once.. Bram Cohen really should have used XML. The extra space used is trivial, after all people are using this to send around gigabyte-long files - I don't think a few hundred K of highly compressible XML will kill anyone's pipe.