Also, Ebay UK looks like they're not waiting for the results of the Australia experiment. From an e-mail from them this morning:
Starting in late April, eBay will now ask all sellers to offer PayPal on their listings. This means that even more items on eBay will offer buyer protection.
This is one of many new initiatives that eBay and PayPal are doing to make it much more difficult for bad sellers to operate on eBay. As a result, you'll notice a dramatic improvement in quality when buying on eBay.
Physically losing a laptop, is not in itself a crime. The negligence aspect of containing confidential data on an unsecured device is what turns stupidity into an offence.
Securing and encrypting the drive is a job for the organisation's IT infrastructure team, not the end employee. Given that government officials are generally not the most tech-savvy people around, it seems crazy to punish them for something that should already be pre-installed on their machine when they receive it.
b) you may find future versions of the GPL closing your loophole
The GPL specifies that the user can choose the apply a later revision of the GPL than was originally supplied, but is never forced to. If the loophole exists in the license with the software as you received it, you can subsequently redistribute with the exact same license. It is actually there to grant the user more freedom if a later version grants less restrictive rights.
When I release, I just compile each app for all the OSs I have access to and post them on my website. I barely expend any effort at all to achieve portability. So the question I have to ask is: Why do the masses perceive portability as something that requires effort and a waste of time?"
So, what about testing? That usually figures for a large part in most release schedules.
You are innocent until proven guilty though, which means you can do whatever you like as long as there is not a law of an interpretation of a law against it.
Not strictly true. Unlike the US with its constitution, we don't strictly have any rights in the UK. We have a big long list of things we are definitely not allowed to do, but we're never actually told what can do.
This might seem like pedantry, but if you commit any act which is not explicitly covered by UK law, you could still be prosecuted if it is deemed in the public interest. Also, it's not unheard of for new laws to be back-dated and people to be prosecuted for acts that happened before it became illegal to do them.
When you critique someone's work, it is customary to first read it in its entirety.
Besides the fact that it's just common courtesy, if you had read just one more paragraph you could've prevented yourself from committing such an egregious faux pas.
That's nonsense. Generally, (and not I'm not actually talking about this specific article in this case), if something is garbage, you can work that out without having to read through the whole lot.
As it happens, I did read pretty much all of the article, including the paragraph you quote. But the fact is the author makes a bold statement, "Avoid The Cursed Languages", when in reality the problem is not the programmer's choice of language but the fact that they haven't thought about and sepcified exactly what their program is going to do before coding it. Almost invariably, coders developing like this pay little attention to security.
In fact, the point I was raising is only alluded to in one of his closing sections, "Don't Trust User Input", certainly not given a great deal of exposure in his article.
In other words; if you're going to insult someone don't reveal what a stupid twit you are in the process. Dumbass.
> Just keeping a developer from using pointers
is no way to insure a projects security.
From the article:
It should be a crime to teach people C/C++.
[...] Java [...] The reason these languages are more secure (in theory) is that they don't have pointers.
This just shows that the guy really doesn't have a clue what he's talking about. Bugs in software are often exploited by targetting buffer overflows or protocol weaknesses. So, whilst Java tends not to be susceptible to buffer overflows in the traditional sense, it can still be a D.O.S. target, for example, if someone gives the program input that causes it to exceed the bounds of an array and that exception is never caught.
But more insidious are protocol weaknesses. If the programmers don't understand security then any app has the potential to be insecure no matter what language it's in. The obvious example is a simple server written in Java that takes connections on a given port and executes whatever command it is passed. Is this any more secure than an equivalent written in C?
The trouble is that more and more, people don't consider design enough and just believe that whatever they write is safe.
It amazes me that some people still think that a bigger font makes it more believeable.
I always wondered why/. was only tolerable with the largest possible font setting.
Re:Oh boy:: me not worried, it won't work
on
CD Copy Stopper
·
· Score: 3, Insightful
You would have to have the program attempting to verify send a random piece of data to the CD smartcard, which signs it with a private key and sends it back.
How is this substantially different introducing bad ECC data on the disk and checking for that?
I can see how this will stop no-brainer solutions that attempt to burn the same incorrect ECC signal to a disk when doing a raw disk copy (as I guess the laser needs to move around the disk in a predetermined manner), but it won't stop the "real hackers". Basically it'll be the same difficulty as current systems - just remove the section of the code that performs the check and the system is worthless. Are there any games on the market you can't get wares versions of if you look hard enough?
And it's always the legitimate users of the software that have to suffer. For instance, look at the no-cd hacks for pretty much any game you care to mention. People who paid money for the game have an added inconvenience when playing, people who pirated the game just load it straight from hard disk.
I think it's really about time that companies just started trusting their customers as their attempts at copy protection seem to achieve little except annoying genuine customers.
Basically, the 6-plane colour value was turned into a 2-bit selector and a 4-bit value. The selector decided whether the current colour was pulled from a plain palette register (max. 16 colours rather than 32) or had one of the red, green or blue components modified.
It is perfectly possible to just use a standard 16 colour palette in HAM and have it looking like a normal mode (other than using up more memory and bandwidth than really necessary).
Of course, HAM is at its best when converting from raw 12-bit images as then you can dither as appropriate, so that you change whichever component will get you closest to the desired colour. And of course, let's not forget that at the time JPEG was introduced the Amiga could do a far better job of rendering the pictures than most PCs with their sucky 256 colour palettes.
Tomcat is officially known as Jakarta-Tomcat. But that's just a guess. I've no idea what he really means!
And Apache isn't hard to configure. There are numerous examples on the web showing how to go from a stock RedHat install to having mod_jk or mod_webapp up and running. All you need to do is cut and paste a few lines from a web page into an appropriate place. And if you can't understand the (heavily commented) syntax of the example configuration file, I'd suggest that perhaps Linux isn't the OS for you, as it's one of the simplest configuration files you're likely to come across.
Just dropping a new.war file in the deploy directory
We can't use war files easily
Neither could we, but that's because the feature just doesn't work reliably.
A large number of times, you'd stick a new.war file there and it'd just ignore it. IN my opinion the only safe way to do this is:
kill apache
kill tomcat
wait a few seconds
kill -9 tomcat
remove all of the un-jarred directory ~tomcat/webapps/whatever
start tomcat
wait about 10 seconds
start apache
If you're feeling daring, or are using the webserver for other sites, don't kill apache in step 1, and just restart apache at the end. mod_webapp seems substantially less resiliant than mod_jk at restarting - with mod_jk you could just leave apache alone completely.
If you don't wait about 10 seconds between restarting tomcat and restarting apache, you run the risk of mod_webapp failing to connect to tomcat at all.
If you don't delete the appropriate webapp directory, in my experience your.war file is never actually unpacked.
They claim that 'the need for a common 3D format becomes clear in a simple perusal of the Web, where the volume of 3D content is minuscule -- well under 1 percent.'
Note that this just says that there is hardly any 3D content. Just making yet another file format available is not going to create more content. Sure, it'll ease migration of file between applications, but little else.
And anyway, wasn't VRML supposed to be the de-facto standard for 3D on the web?
... metal TDK tape...
Recordings you have made do not count.
I seriously doubt they can really hear the difference.
I'm not talking about heavily compressed 96bit mp3's. I'm talking about CD, or DVD audio quality.
So, what you're saying is:
You don't want to make your own recordings, because that's too much effort for you.
Because you can't hear any difference, it can't possibly be better.
You don't actually want to contribute to the discussion about the article because you'd rather troll instead. Clearly the fact that you think mp3 should be excluded from the test is because you know the quality is lower than you'll get from metal tapes.
or did you have a comment that was actually relevant?
... old-school audiophiles...
Ah! So you're one of those kids who grew up the the CD-era. Fine. I suppose you think VHS is better than Betamax too. Or are you too busy thinking that DVD is the dog's bollocks without actually noticing all the hideous artifacts everywhere?
</rant>
I stand by my comment, although apparently the moderators seem to think that because I have my own opinion I must be trolling...
The film is already too long at 3 hours.
It's just about possible to maintain concentration that long, and I admit it kept my attention for most of it, but certainly another half hour would slightly push it over the balance.
But I don't understand your comment. I books took ages to read when I was a kid. Or maybe you're thinking of the Hobbit.
[...] has already been invented is cars running on water [...] some guy invented it and a large car company brought it off him years ago
I'd be less surprised if it was a large oil company that bought it, if the aim was to keep it under wraps.
That and the fact that this technique requires more energy than you get out of it, unless you believe thos cold fusion experiments a few years ago were true. You don't think it's strange that water is an end product of combustion engines.
The best IMAX-like thing wasn't actually an IMAX, but the Terminator movie/theatre thing at Universal Studios in California.
There were three giant screens filling almost 180 degrees, between each were structures and platforms that the actors climbed through and walked on and in front of them all was a flat regular stage. Oh, and we had these polarized glasses and it was all in 3D.
It was the most awesome marriage of cinema and theatre that I've ever seen. The 3D film parts worked really well, and e.g. a filmed actor would walk off one cinema screen and their real-life actor would walk onto the stage as if it was just a continuation of the screen. Plus, there were real motorbikes on stage, and God knows what else.
And the physical special effects were amazing. Air and water was used to great effect, and at one point, there's a fantastic water explosion thing leaping out of the 3D cinema screen at you and you feel the spray as it hits you.
I didn't realise that 03 had already been designated as geographic. I thought it was just reserved. Good to see a comprehensive list anyway - I remember seeing a very old version of this list once back when phone numbers were simple.
Interestingly, I notice that there aren't any Birmingham 0121 8xx or 0121 9xx numbers, so I wonder how long it'll be before Birmingham numbers migrate to 0121 8xxx yyyy and so that can be renumbered 024 8xxx yyyy. That'd be good.
I found another page that looks pretty interesting too.
Slashdot Mirror
This is one of many new initiatives that eBay and PayPal are doing to make it much more difficult for bad sellers to operate on eBay. As a result, you'll notice a dramatic improvement in quality when buying on eBay.
Physically losing a laptop, is not in itself a crime. The negligence aspect of containing confidential data on an unsecured device is what turns stupidity into an offence.
Securing and encrypting the drive is a job for the organisation's IT infrastructure team, not the end employee. Given that government officials are generally not the most tech-savvy people around, it seems crazy to punish them for something that should already be pre-installed on their machine when they receive it.
The GPL specifies that the user can choose the apply a later revision of the GPL than was originally supplied, but is never forced to. If the loophole exists in the license with the software as you received it, you can subsequently redistribute with the exact same license. It is actually there to grant the user more freedom if a later version grants less restrictive rights.
Not strictly true. Unlike the US with its constitution, we don't strictly have any rights in the UK. We have a big long list of things we are definitely not allowed to do, but we're never actually told what can do.
This might seem like pedantry, but if you commit any act which is not explicitly covered by UK law, you could still be prosecuted if it is deemed in the public interest. Also, it's not unheard of for new laws to be back-dated and people to be prosecuted for acts that happened before it became illegal to do them.
That's nonsense. Generally, (and not I'm not actually talking about this specific article in this case), if something is garbage, you can work that out without having to read through the whole lot.
As it happens, I did read pretty much all of the article, including the paragraph you quote. But the fact is the author makes a bold statement, "Avoid The Cursed Languages", when in reality the problem is not the programmer's choice of language but the fact that they haven't thought about and sepcified exactly what their program is going to do before coding it. Almost invariably, coders developing like this pay little attention to security.
In fact, the point I was raising is only alluded to in one of his closing sections, "Don't Trust User Input", certainly not given a great deal of exposure in his article.
In other words; if you're going to insult someone don't reveal what a stupid twit you are in the process. Dumbass.
Pot. Kettle. Black.
From the article:
It should be a crime to teach people C/C++.
[...] Java [...] The reason these languages are more secure (in theory) is that they don't have pointers.
This just shows that the guy really doesn't have a clue what he's talking about. Bugs in software are often exploited by targetting buffer overflows or protocol weaknesses. So, whilst Java tends not to be susceptible to buffer overflows in the traditional sense, it can still be a D.O.S. target, for example, if someone gives the program input that causes it to exceed the bounds of an array and that exception is never caught.
But more insidious are protocol weaknesses. If the programmers don't understand security then any app has the potential to be insecure no matter what language it's in. The obvious example is a simple server written in Java that takes connections on a given port and executes whatever command it is passed. Is this any more secure than an equivalent written in C?
The trouble is that more and more, people don't consider design enough and just believe that whatever they write is safe.
ITYM, kill -9 -1
Windows users should try out gvim - definitely now my editor of choice under Windows...
But if you also remove all the emacs links that include swear words, vi would win. emacs is a worst swear word there is.
I always wondered why /. was only tolerable with the largest possible font setting.
How is this substantially different introducing bad ECC data on the disk and checking for that? I can see how this will stop no-brainer solutions that attempt to burn the same incorrect ECC signal to a disk when doing a raw disk copy (as I guess the laser needs to move around the disk in a predetermined manner), but it won't stop the "real hackers". Basically it'll be the same difficulty as current systems - just remove the section of the code that performs the check and the system is worthless. Are there any games on the market you can't get wares versions of if you look hard enough?
And it's always the legitimate users of the software that have to suffer. For instance, look at the no-cd hacks for pretty much any game you care to mention. People who paid money for the game have an added inconvenience when playing, people who pirated the game just load it straight from hard disk.
I think it's really about time that companies just started trusting their customers as their attempts at copy protection seem to achieve little except annoying genuine customers.
Why not? Text would be clear as you like.
Basically, the 6-plane colour value was turned into a 2-bit selector and a 4-bit value. The selector decided whether the current colour was pulled from a plain palette register (max. 16 colours rather than 32) or had one of the red, green or blue components modified.
It is perfectly possible to just use a standard 16 colour palette in HAM and have it looking like a normal mode (other than using up more memory and bandwidth than really necessary).
Of course, HAM is at its best when converting from raw 12-bit images as then you can dither as appropriate, so that you change whichever component will get you closest to the desired colour. And of course, let's not forget that at the time JPEG was introduced the Amiga could do a far better job of rendering the pictures than most PCs with their sucky 256 colour palettes.
Tomcat is officially known as Jakarta-Tomcat. But that's just a guess. I've no idea what he really means!
And Apache isn't hard to configure. There are numerous examples on the web showing how to go from a stock RedHat install to having mod_jk or mod_webapp up and running. All you need to do is cut and paste a few lines from a web page into an appropriate place. And if you can't understand the (heavily commented) syntax of the example configuration file, I'd suggest that perhaps Linux isn't the OS for you, as it's one of the simplest configuration files you're likely to come across.
We can't use war files easily
Neither could we, but that's because the feature just doesn't work reliably.
A large number of times, you'd stick a new .war file there and it'd just ignore it. IN my opinion the only safe way to do this is:
- kill apache
- kill tomcat
- wait a few seconds
- kill -9 tomcat
- remove all of the un-jarred directory ~tomcat/webapps/whatever
- start tomcat
- wait about 10 seconds
- start apache
If you're feeling daring, or are using the webserver for other sites, don't kill apache in step 1, and just restart apache at the end. mod_webapp seems substantially less resiliant than mod_jk at restarting - with mod_jk you could just leave apache alone completely.If you don't wait about 10 seconds between restarting tomcat and restarting apache, you run the risk of mod_webapp failing to connect to tomcat at all.
If you don't delete the appropriate webapp directory, in my experience your .war file is never actually unpacked.
Note that this just says that there is hardly any 3D content. Just making yet another file format available is not going to create more content. Sure, it'll ease migration of file between applications, but little else.
And anyway, wasn't VRML supposed to be the de-facto standard for 3D on the web?
Recordings you have made do not count.
I seriously doubt they can really hear the difference.
I'm not talking about heavily compressed 96bit mp3's. I'm talking about CD, or DVD audio quality.
So, what you're saying is:
- You don't want to make your own recordings, because that's too much effort for you.
- Because you can't hear any difference, it can't possibly be better.
- You don't actually want to contribute to the discussion about the article because you'd rather troll instead. Clearly the fact that you think mp3 should be excluded from the test is because you know the quality is lower than you'll get from metal tapes.
or did you have a comment that was actually relevant?Ah! So you're one of those kids who grew up the the CD-era. Fine. I suppose you think VHS is better than Betamax too. Or are you too busy thinking that DVD is the dog's bollocks without actually noticing all the hideous artifacts everywhere?
</rant>
The film is already too long at 3 hours. It's just about possible to maintain concentration that long, and I admit it kept my attention for most of it, but certainly another half hour would slightly push it over the balance.
But I don't understand your comment. I books took ages to read when I was a kid. Or maybe you're thinking of the Hobbit.
I'd be less surprised if it was a large oil company that bought it, if the aim was to keep it under wraps.
That and the fact that this technique requires more energy than you get out of it, unless you believe thos cold fusion experiments a few years ago were true. You don't think it's strange that water is an end product of combustion engines.
Water costs the same as Cola in most bars...
Because the film is already too long.
I bought Prince of Egypt and it just plain refuses to work in my DVD player. It gets to the menu and then just locks up.
The only way I can watch the film I paid £10 for is to use DeCSS to rip the IFOs to my hard disk and watch it from there.
And some of us are so badly organised, we normally miss them when going to the cinema!
There were three giant screens filling almost 180 degrees, between each were structures and platforms that the actors climbed through and walked on and in front of them all was a flat regular stage. Oh, and we had these polarized glasses and it was all in 3D.
It was the most awesome marriage of cinema and theatre that I've ever seen. The 3D film parts worked really well, and e.g. a filmed actor would walk off one cinema screen and their real-life actor would walk onto the stage as if it was just a continuation of the screen. Plus, there were real motorbikes on stage, and God knows what else.
And the physical special effects were amazing. Air and water was used to great effect, and at one point, there's a fantastic water explosion thing leaping out of the 3D cinema screen at you and you feel the spray as it hits you.
Well worth the trip...
Obviously, they came from ai.mit.edu domains and an AI lover was good enough for them.
I didn't realise that 03 had already been designated as geographic. I thought it was just reserved. Good to see a comprehensive list anyway - I remember seeing a very old version of this list once back when phone numbers were simple.
Interestingly, I notice that there aren't any Birmingham 0121 8xx or 0121 9xx numbers, so I wonder how long it'll be before Birmingham numbers migrate to 0121 8xxx yyyy and so that can be renumbered 024 8xxx yyyy. That'd be good.
I found another page that looks pretty interesting too.