Disable all analog outputs on my high definition devices (such as blu-ray players) - this is coming up in a couple years.
This makes a feature I paid for on my $1000 USD receiver for "multiple zones" absolutely useless. That very same feature is also crippled by default by Sony such that *only analog* video and audio can be piped to the other zones.
Charging extra for "digital download" for content I have already purchased a license for
I've intentionally not purchased many blu-ray discs because of the absurd crypto on them preventing me from watching that content on something besides a severely locked down combination of HDCP compliant players and display sets. When blu-ray's crypto is 100% broken like CSS for DVDs, then I'll start purchasing all my favorite shows in high definition on blu-ray. Until then, I'm downloading shows that I watch on TV in the US via BitTorrent.
Cable Companies that set the CCI bytes such that TV shows can't be transferred from one DVR to another
http://www.zatznotfunny.com/2009-09/tivo-and-the-cci-byte/ Cox Communications (my cable TV and cablemodem internet provider until I get Verizon FiOS) sets the CCI bit to prevent me from moving content off my TiVo. FiOS doesn't set these CCI bytes, and permits "multi room viewing" on both TiVo DVRs and their own FiOS DVRs. I've been working approximately a 66 hour work week for the past month and a half, and I can't be sure that when I have time between work and sleep to watch a TV show that it will be present on my DVR because other programs have been recorded and replaced it. So, back to BitTorrent.
MPAA/RIAA/friends suing their consumers instead of getting with the program and adopting the new world that they find themselves in
I stopped buying CDs entirely. I stopped buying music entirely. I now find music that I enjoy much more than the cookie cutter "formula" stuff I hear on the radio that artists put on their own website available for free. And you know what? I paypal them money as a thank you for producing the music. Direct cash to the artist. If you like ambient/chillout electronica, go to http://www.scene.org/ and look up the artist Xerxes.
Take away features with a software update
Yep, I'm pissed that instead of Sony fixing a software problem with a patch, they remove a feature all together. When was the last time that Microsoft told you that they were retroactivly removing support for Mice and all pointing devices in Microsoft Windows because of a Click-Jacking vulnerability? Fix the hardware or software bug you made and don't negativly impact your consumers, or live with the fact that users will get what they want out of what they purchased. Licenses be damned, I'll take a soldering iron to my Sony PS3 if I damn please.
I was bit by the preupgrade CLOSED NOTABUG "bug" where preupgrade requires a sizeable chunk of (temporary) disk space in/boot during an upgrade from Fedora 10 to Fedora 11. I ended up with a system that was unbootable, but repairable. No CDROM made things.. interesting, to say the least. I use pxeboot and kickstart to do all my installs because I hate having to swap CDs/burn DVDs
I don't recall exactly what I did to work around the huge file "needing" to be in/boot, but I think I had a local copy of the install medium on disk, and softlinked the big file from/boot to where it actually resided. Then preupgrade went smoothly.
Alliance had the Palladin class. Horde had the Shamman class.
Then the Burning Crusade expansion comes out, further blurring Alliance and Horde by giving each of them what the other had, and they did not.
Now they're going to let you flip sides years after being stuck on one side? What's the point of having factions? Where's the lore of the hostility between the races?
It sounds rather neat, I may have to go start reading the books. I never played Second Life, mostly due to the entire island owned by the bloody furries. Nor did I play The Matrix: Online because it seemed so bland.
Or until there is a community based patch to remove the DRM.
I tried finding a way to contact EA/Maxis, and all I could find was their support portal. Entirely FAQ based, and when you go the route of "None of these help me, let me send an e-mail to customer support" my message was received but obviously misunderstood.
How can I and the rest of the community tell EA/Maxis that they're not going to purchase the game unless the draconian DRM is removed? They don't seem to want to hear my thoughts, and I'm already planning on voting with my wallet.
HL2 came out, with Steam. You rejoice, HL2 was an awesome game.
But wait, there's more! Valve promises a 3-part episodic sequal!
You buy the first episode, and rejoice. Yet another awesome game.
You buy other games on Steam, ragdoll kung fu, Sam and Max, etc.
You hear about the second episode coming out -- but it's bundled with everything else HL2.
I ask politely: why is valve alienating their existing steam consumer base? If I want this extra sound track, which is likely to be an exclusive part of the Orange Box, why do I have to buy the same product twice? No, I don't care for 'certificates' that I can give to a friend for HL2 and HL2:EP1. I'm a gamer just like everyone else I know -- they all already have purchased HL2.
Microsoft got it's wrist slapped for bundling IE with Windows. Now Apple is bundling iTunes with iPods, and requires you to use iTunes to make your iPod work as advertised. Isn't this the exact same thing, and illegal?
"This is expected to become the largest ever fan campaign to bring a television show back from cancellation."
I've never seen Jericho, and I bet the series is great, (I just watch very little TV nowadays) but
This makes me wonder how this will compare to the "save farscape" media frenzy that lots and lots of 'scapers took action to get Sci-Fi's rectal-cranial inversion syndrome diagnosed, and cured. It was on CNN Headline News for chrissakes!
All in all, I'll probally check out Jericho now. Good luck to all the Jericho fans, I hope you get your show back.
If you want to protect yourself from installing a root kit, there's just two words: anal rape. You'll be bestest friends with Brian the BeefCake at the county jail for installing a rootkit on your company's servers.
You know what really creeps me out? When I went to see the changing of the guards at joe-random-place-of-royalty in Great Brittian. I was on a three week vacation.
Ofcourse, all the tourists were standing on the edge of the concrete slabs that had the painted black (Ooh! history) fences on them. A local police officer on mounted horse back shouted into the crowd:
Get OFF the fence! This is a place of ROYALTY!
Let the stupid tourists take their photos. Leave them alone unless they try to climb over the fence and cause problems. Yeesh. There was less than standing room at that fence anyway. All the little 6 year old kids who were wide-eyed and super-impressed by the guards couldn't see a damn thing.
My eurpoean friends are going to hate me for saying this, but last I checked, both royalty and I bleed red. Explain to me the difference between someone who is sufficently educated, and today's royalty.
Link to the blogger post, that's the article, and THEN the pdf! Thank you!
(karmawhoring)
Here's a portion of the introduction:
I. INTRODUCTION
Google users trust that when they enter a search query into a Google search box, not only will they receive back the most relevant results, but that Google will keep private whatever information users communicate absent a compelling reason. The Government's demand for disclosure of untold millions of search queries submitted by Google users and for production of a million Web page addresses or "URLs" randomly selected from Google's proprietary index would undermine that trust, unnecessarily burden Google, and do nothing to further the Government's case in the underlying action.
Fortunately, the Court has multiple, independent bases to reject the Government's Motion. First, the Government's presentation falls woefully short of demonstrating that the requested information will lead to admissible evidence. This burden is unquestionably the Government's. Rather than meet it, the Government concedes that Google's search queries and URLs are not evidence to be used at trial at all. Instead, the Government says, the data will be "useful" to its purported expert in developing some theory to support the Government's notion that a law banning materials that are harmful to minors on the Internet will be more effective than a technology filter in eliminating it.
Bugs are worth more on the black market. Blackhats do not release their bugs to $VENDOR, that puts a stop to their money making by droping adware, keyloggers, and trojans on poor unsuspecting Joe Average User. No matter how large the bounty is, no matter how appealing the company tries to make it, it will only attract white hats, and some greyhats.
The best exploits stay underground for an extremely long time until a whitehat catches a blackhat doing something careless (like not deleting their exploit they load on a system) or sniffing the exploit off the wire.
Jabber has built in anti spam. In order for me to talk to you, I have to ask you if I can, and then you have to tell me that it's OK. This is part of the Jabber protocol itself. Google Talk has no reason not to turn on server-to-server connectivity. They're limiting their usefulness by leaving it off. I really do wish they would turn it on because I already run my own Jabber server, and my Jabber ID is the same as my email address. I'm confident that gaim will support Jingle soon, so all Google needs to do is enable s2s support and I can completely ditch AOL IM and stop signing into Google Talk.
I want to ditch AOL IM because lately AOL IM has turned to crap, with their auth-servers (the servers that verify your screen name and password) successfully authenticating me, and then redirecting me to a chat server (commonly known as a BOS server) that is dead. Dead as a doorknob. -ECONNREFUSED. And if I mash reconnect enough times while they continue to direct me to a broken chat server, they put a ban on me for trying to sign in!
The catch is this: change something, lose support.
on
Open Source Not That Open?
·
· Score: 5, Informative
What TFA is saying (while being overly general) is that when you move outside of the box to an unsupported configuration, you lose support -- and if you want support, you'll pay through the nose for it.
What the article doesn't say, is that M$ has the exact same stance. You run 3rd party software with Microsoft Exchange, you lose support from Microsoft on not only Exchange, but probally your install of Windows 2003 Advance Server. Go read your EULAs from top-to-bottom, and you'll see what I mean. For any Microsoft product.
No, No no no no no no no no no no no no no no no no please please pleas not @Mail.
I had the displeasure of getting rockcool.com (Hah! No link because it's a dot bomb!) to purchase a copy of @Mail because it was backed in perl... to find out that the codebase sucked, it corrupted inboxes, and oh, you could log into any account with any password. Yes, their shit was something fierce for broke.
This was 5 years ago. I don't know if it's any better or not.
No, you're not pigging back data over the Content-Length: HTTP/1.1 header, you're abusing the HTTP/1.1 header to confuse a required combination of a proxying firewall (or proxy/cache) and a webserver.
I recently released an internal advisory on this from reading TFA. Folks, the sky is not falling. 99% of consumers out there will not be affected. People behind NATing firewalls will not have issue. People behind proxies (Squid to name one), and proxying firewalls (Checkpoint, Symantec, etc) will be the ones "vulnerable" to this "attack".
The deal is this:
Proxy A uses Content-Length: header #1, and Webserver A uses Content-Length: header #1 == no problem, no vulnerability. Proxy A uses Content-Length: header #1, and Webserver B uses Content-Length: header #2 == problem.
That is how it's done. TFA says this may be used to bypass intrusion detection systems. Sure, if you don't have defence in depth. Otherwise you're fine.
Actually the best thing to do is have your employees VPN into your corporate network, and use the same mail client configuration they'd use when they're jacked in.
Allowing employees to use personal hardware on the corporate lan is a big no-no, and is an entry-vector for malware.
In this case, you have your employee connect to your mail server over ssl, usually port 589. Require SMTP auth. Require SSL.
Also, require SRS. Sender Recipient Signing is the shit. I used to get metric assloads of joe-job spam at 4 (out of 12) of the domains I own, and now the only joe-job bounces I get are delayed bounces that aren't really bounces at all.
SRS proves that the "bounce" you're getting actually came from your server. It's great.
Rejecting mail (Hmm.... sound like Earthlink?) based on the lack of SPF/SID records is just plain stupid in today's Intarweb. Tagging them, on the other hand, is a more intelligent thing to do. I have SPF, SID, DomainKeys, SRS, and 20 something DNSRBLs in my sendmail setup. Tag the mail so spamassassin, dspam, or crm11 can assign a better score with this extra information.
Yes, you heard me right, I said sendmail. No, I'm not batty. Those of you who are going to preach on about Postfix, Qmail (jesus christ what the fuck are all these dot files! why do I have 30 distinct files instead of one config file! What? I have to supply all my DNSRBLs on the command line!?... hate much? Yes. Yes I Do.), or Exim need to do one thing first:
Tell me what your favorite MTA can do that mine can't.
I've got nothing against the other popular MTAs, but I can't stand "linux makes the baby jesus cry", "why are you using deadrat, use {debian,gentoo,suse,lfs,slackware} instead!", "sendmail sucks", "FreeBSD(M) sucks, use OpenBSD" zelots.
Slashdot Mirror
Charging extra for "digital download" for content I have already purchased a license for
Cable Companies that set the CCI bytes such that TV shows can't be transferred from one DVR to another
MPAA/RIAA/friends suing their consumers instead of getting with the program and adopting the new world that they find themselves in
Take away features with a software update
I was bit by the preupgrade CLOSED NOTABUG "bug" where preupgrade requires a sizeable chunk of (temporary) disk space in /boot during an upgrade from Fedora 10 to Fedora 11. I ended up with a system that was unbootable, but repairable. No CDROM made things .. interesting, to say the least. I use pxeboot and kickstart to do all my installs because I hate having to swap CDs/burn DVDs
/boot, but I think I had a local copy of the install medium on disk, and softlinked the big file from /boot to where it actually resided. Then preupgrade went smoothly.
I don't recall exactly what I did to work around the huge file "needing" to be in
How long until we have undead salmon providing emotional therapy services for humans? Or is Dartmouth employing Aqua Man?
Alliance had the Palladin class.
Horde had the Shamman class.
Then the Burning Crusade expansion comes out, further blurring Alliance and Horde by giving each of them what the other had, and they did not.
Now they're going to let you flip sides years after being stuck on one side? What's the point of having factions? Where's the lore of the hostility between the races?
More to the point: what's the bloody point?
It sounds rather neat, I may have to go start reading the books. I never played Second Life, mostly due to the entire island owned by the bloody furries. Nor did I play The Matrix: Online because it seemed so bland.
This, on the other hand sounds very interesting.
Or until there is a community based patch to remove the DRM. I tried finding a way to contact EA/Maxis, and all I could find was their support portal. Entirely FAQ based, and when you go the route of "None of these help me, let me send an e-mail to customer support" my message was received but obviously misunderstood. How can I and the rest of the community tell EA/Maxis that they're not going to purchase the game unless the draconian DRM is removed? They don't seem to want to hear my thoughts, and I'm already planning on voting with my wallet.
Trixter, of DemoDVD (aka Mindcandy) fame will be presenting. Should be an awesome con.
HL2 came out, with Steam. You rejoice, HL2 was an awesome game.
But wait, there's more! Valve promises a 3-part episodic sequal!
You buy the first episode, and rejoice. Yet another awesome game.
You buy other games on Steam, ragdoll kung fu, Sam and Max, etc.
You hear about the second episode coming out -- but it's bundled with everything else HL2.
I ask politely: why is valve alienating their existing steam consumer base? If I want this extra sound track, which is likely to be an exclusive part of the Orange Box, why do I have to buy the same product twice? No, I don't care for 'certificates' that I can give to a friend for HL2 and HL2:EP1. I'm a gamer just like everyone else I know -- they all already have purchased HL2.
Microsoft got it's wrist slapped for bundling IE with Windows. Now Apple is bundling iTunes with iPods, and requires you to use iTunes to make your iPod work as advertised. Isn't this the exact same thing, and illegal?
"This is expected to become the largest ever fan campaign to bring a television show back from cancellation."
I've never seen Jericho, and I bet the series is great, (I just watch very little TV nowadays) but
This makes me wonder how this will compare to the "save farscape" media frenzy that lots and lots of 'scapers took action to get Sci-Fi's rectal-cranial inversion syndrome diagnosed, and cured. It was on CNN Headline News for chrissakes!
All in all, I'll probally check out Jericho now. Good luck to all the Jericho fans, I hope you get your show back.
Um, if you had actually researched a little bit on the XO laptop, you'd have found out:
All the security features of the XO laptop, BitFrost, etc can be disabled by the user.
Every. Last. One.
Next time please research the subject before you start posting.
An intruder gained access to the database . So they're resetting passwords. Good.
... which is also probally in the same database that was already compromised?
But they're using the "security question"
and how is this fixing the problem? What exactly prevents the intruder from using the security question out of the database they compromised?
Heh. Lemme guess, you probally work for the same people I do. Federal government?
If you want to protect yourself from installing a root kit, there's just two words: anal rape. You'll be bestest friends with Brian the BeefCake at the county jail for installing a rootkit on your company's servers.
Ofcourse, all the tourists were standing on the edge of the concrete slabs that had the painted black (Ooh! history) fences on them. A local police officer on mounted horse back shouted into the crowd:
Let the stupid tourists take their photos. Leave them alone unless they try to climb over the fence and cause problems. Yeesh. There was less than standing room at that fence anyway. All the little 6 year old kids who were wide-eyed and super-impressed by the guards couldn't see a damn thing.
My eurpoean friends are going to hate me for saying this, but last I checked, both royalty and I bleed red. Explain to me the difference between someone who is sufficently educated, and today's royalty.
Link to the blogger post, that's the article, and THEN the pdf! Thank you!
(karmawhoring)
Here's a portion of the introduction:
Google users trust that when they enter a search query into a Google search box, not only will they receive back the most relevant results, but that Google will keep private whatever information users communicate absent a compelling reason. The Government's demand for disclosure of untold millions of search queries submitted by Google users and for production of a million Web page addresses or "URLs" randomly selected from Google's proprietary index would undermine that trust, unnecessarily burden Google, and do nothing to further the Government's case in the underlying action.
Fortunately, the Court has multiple, independent bases to reject the Government's Motion. First, the Government's presentation falls woefully short of demonstrating that the requested information will lead to admissible evidence. This burden is unquestionably the Government's. Rather than meet it, the Government concedes that Google's search queries and URLs are not evidence to be used at trial at all. Instead, the Government says, the data will be "useful" to its purported expert in developing some theory to support the Government's notion that a law banning materials that are harmful to minors on the Internet will be more effective than a technology filter in eliminating it.
Bugs are worth more on the black market. Blackhats do not release their bugs to $VENDOR, that puts a stop to their money making by droping adware, keyloggers, and trojans on poor unsuspecting Joe Average User. No matter how large the bounty is, no matter how appealing the company tries to make it, it will only attract white hats, and some greyhats.
The best exploits stay underground for an extremely long time until a whitehat catches a blackhat doing something careless (like not deleting their exploit they load on a system) or sniffing the exploit off the wire.
Spam? on Jabber? This is news to me.
Jabber has built in anti spam. In order for me to talk to you, I have to ask you if I can, and then you have to tell me that it's OK. This is part of the Jabber protocol itself. Google Talk has no reason not to turn on server-to-server connectivity. They're limiting their usefulness by leaving it off. I really do wish they would turn it on because I already run my own Jabber server, and my Jabber ID is the same as my email address. I'm confident that gaim will support Jingle soon, so all Google needs to do is enable s2s support and I can completely ditch AOL IM and stop signing into Google Talk.
I want to ditch AOL IM because lately AOL IM has turned to crap, with their auth-servers (the servers that verify your screen name and password) successfully authenticating me, and then redirecting me to a chat server (commonly known as a BOS server) that is dead. Dead as a doorknob. -ECONNREFUSED. And if I mash reconnect enough times while they continue to direct me to a broken chat server, they put a ban on me for trying to sign in!
What TFA is saying (while being overly general) is that when you move outside of the box to an unsupported configuration, you lose support -- and if you want support, you'll pay through the nose for it.
What the article doesn't say, is that M$ has the exact same stance. You run 3rd party software with Microsoft Exchange, you lose support from Microsoft on not only Exchange, but probally your install of Windows 2003 Advance Server. Go read your EULAs from top-to-bottom, and you'll see what I mean. For any Microsoft product.
God I hate people slinging FUD around.
No, No no no no no no no no no no no no no no no no please please pleas not @Mail. I had the displeasure of getting rockcool.com (Hah! No link because it's a dot bomb!) to purchase a copy of @Mail because it was backed in perl ... to find out that the codebase sucked, it corrupted inboxes, and oh, you could log into any account with any password. Yes, their shit was something fierce for broke.
This was 5 years ago. I don't know if it's any better or not.
Yep, they did it again. Now they're linking to google!
No, you're not pigging back data over the Content-Length: HTTP/1.1 header, you're abusing the HTTP/1.1 header to confuse a required combination of a proxying firewall (or proxy/cache) and a webserver.
I recently released an internal advisory on this from reading TFA. Folks, the sky is not falling. 99% of consumers out there will not be affected. People behind NATing firewalls will not have issue. People behind proxies (Squid to name one), and proxying firewalls (Checkpoint, Symantec, etc) will be the ones "vulnerable" to this "attack".
The deal is this:
Proxy A uses Content-Length: header #1, and Webserver A uses Content-Length: header #1 == no problem, no vulnerability.
Proxy A uses Content-Length: header #1, and Webserver B uses Content-Length: header #2 == problem.
That is how it's done. TFA says this may be used to bypass intrusion detection systems. Sure, if you don't have defence in depth. Otherwise you're fine.
Actually the best thing to do is have your employees VPN into your corporate network, and use the same mail client configuration they'd use when they're jacked in.
Allowing employees to use personal hardware on the corporate lan is a big no-no, and is an entry-vector for malware.
Oops, SRS is Sender Rewriting Scheme. http://spf.pobox.com/srs.html (thanks to the poster below, sorry 'bout that.)
In this case, you have your employee connect to your mail server over ssl, usually port 589. Require SMTP auth. Require SSL.
... hate much? Yes. Yes I Do.), or Exim need to do one thing first:
Also, require SRS. Sender Recipient Signing is the shit. I used to get metric assloads of joe-job spam at 4 (out of 12) of the domains I own, and now the only joe-job bounces I get are delayed bounces that aren't really bounces at all. SRS proves that the "bounce" you're getting actually came from your server. It's great.
Rejecting mail (Hmm.... sound like Earthlink?) based on the lack of SPF/SID records is just plain stupid in today's Intarweb. Tagging them, on the other hand, is a more intelligent thing to do. I have SPF, SID, DomainKeys, SRS, and 20 something DNSRBLs in my sendmail setup. Tag the mail so spamassassin, dspam, or crm11 can assign a better score with this extra information.
Yes, you heard me right, I said sendmail. No, I'm not batty. Those of you who are going to preach on about Postfix, Qmail (jesus christ what the fuck are all these dot files! why do I have 30 distinct files instead of one config file! What? I have to supply all my DNSRBLs on the command line!?
Tell me what your favorite MTA can do that mine can't.
I've got nothing against the other popular MTAs, but I can't stand "linux makes the baby jesus cry", "why are you using deadrat, use {debian,gentoo,suse,lfs,slackware} instead!", "sendmail sucks", "FreeBSD(M) sucks, use OpenBSD" zelots.