Microsoft would probably be well within their rights to sue over IP rights to NTFS.
Er, I don't think so. I believe that the NTFS support in Linux was reverse engineered, and Microsoft can do nothing to prevent that.
However, the Linux Kernel article does give hints that something else was going on. It sounds like Jeff Merkey, one of the kernel developers, used to work for Novell or something and was going to put NDS (Novell Directory Services) into Linux, and had both a license agreement with Microsoft for something else, and an informal understanding with Microsoft about NDS on Linux.
They talk about the Linux Laundromat - the idea being that Microsoft could get NDS support for Windows by downloading it from the internet - in the Linux code. Since Jeff Merkey has quit working on that, Microsoft is pissed... or something like that. For full understanding of this issue one would probably have to either interview Jeff Merkey and the other developers, or read hundreds of messages of the Linux Kernel Development mailing list. (There's an idea for slashdot - Interview the Linux Kernel Developers as a group.)
Microsoft has reason to be worried though. NTFS is a good file system - if you installed Linux over NT and it worked, and could read your data, there might not be any reason to wipe the hard drives and convert to ext2fs - a much scarier step that many companies would balk at.
With NTFS support in the Linux kernel, NT file servers, print servers, and web servers could be converted to Linux in about an hour with the safety of "if anything goes wrong, we'll just boot back to NT."
On my PIII 650 laptop the dvd playback keeps getting prempted by the kernel
The standard Linux kernel is not optimized for low latency. However, there are several developers (and companies) doing work to make the Linux kernel more low-latency without going all the way to RTLinux. This would stop the skipping problem with your DVD drive. Hopefully the 2.4 series of kernels will be much better for near-real-time applications like this.
If they do, could you email me and let me know? Unfortunately there is no kernel 2.2.17 version yet, and that's the one I'm waiting for. Torrey Hoffman (Azog)
Your scenario is pretty scary, and I would agree that it is technologically possible. But I don't think it will actually happen.
You see, it would take at least 5 years before there's enough of the new audio equipment out there that the CD manufacturers could actually stop selling regular CDs. During those 5 years, customers will become more and more accustomed to easy to use, cheap or free downloadable music. So there will be real resistance from people who don't want to replace their speakers, amplifiers, etc. They just won't do it.
In the meantime, do you really think the recording, production, distribution, and sales organization for CD's can survive for another 5 years, making enough money to push something like that through? Not a chance. They're as dead as the dinosaurs, they just haven't really realized it yet. However, they may thrash around alot and make a big mess as they die, so just stand back and wait for it to be over.
The only way the RIAA could make this work is to give everyone in North America a free SDMI-compatible music system, right now, backward compatible with everyone's existing CD collections. Then they could simply stop making regular CD's, and only sell the encrypted ones.
They can't afford to do that though, and people won't buy the stuff fast enough. They're doomed.
When I heard about DeCSS, I thought it was a stupid case. Then I read a description of what the program does, and that is flat illegal, no matter what you say. It makes a copy of copyrighted material.
You're kidding, right?
You think that making a copy of copyrighted material is breaking the law? Well shoot, you'd better shut down your browser right now, or I'll sue your ass. These comments are copyright by me, and your browser just copied them.
Of course that's nonsense, because I implicitly gave you the rights to make a copy of this article and read it when I posted it. But when I buy a DVD, I implicitly (should?) have the right to make a copy of it and view it too. That's what deCSS does. So why should it be illegal?
Another example: DeCSS cannot be illegal just because it could be used to copy a DVD. If that was true, photocopiers would be illegal, because they could be used to copy books.
Enough of this nonsense.
The RIAA, the MPAA, the IOC, and other oppressive organizations are attempting to take away freedom of speech and fair-use rights. Copyright was originally limited, they are trying to make it unlimited through legal and technological means.
These organizations want to create a world where you could be charged for everything you see, hear, and experience - every time. A world where you own nothing and rent everything. An attitude like that tends to polarise people, and push them in the other direction. Despite that, I don't think Slashdot (in general) is becoming anti-IP, although some posters may be.
But most posters here have a greater respect and understanding for the limitations of copyright. I think the original version of the copyright act was, on balance, a good thing.
I think the only "anti-IP" on Slashdot is an "anti-expansion-of-IP". At least, that's the only anti-IP I have.
Simply attach a GPS sensor to the client's machine and send some of the raw GPS data to the bank for authentication in conjunction with the username and password.
Nice idea, but it still doesn't help if the user's Windows 98 machine with the smartcard reaker and GPS and whatnot has been 0wn3d by the bad guys. They can intercept all communications between the smartcard, GPS unit, computer, and internet connection and basically do whatever they want.
The customer and the bank will be none the wiser - after the entire contents of the cutomser's savings account and online stock portfolio is transferred to the bad guys, the bank will have perfect records showing the correct PIN, username, password, GPS coordinates, etc. to validate the transaction. And the customer will hae printouts showing they did no such thing.
All that security would be worthless, and either the bank would tell the customer "We think you are trying to defraud us, look we have all this proof you really did make the transfer", or they would say "Tough luck, you should have kept your Windows machine secure, loser", or (more likely) the bank would just eat the loss and hush the whole thing up.
Banks save so much money not having tellers and buildings downtown that they would rather put up with millions of dollars of losses every year than give up on internet banking.
As long as internet banking uses customer's home PC's as trusted links in the whole system, real security is an impossibility.
Please explain how this would be even remotely possible.
Sure! I think there's already linux distributions that do this.
Basically, you would do it by mounting the NTFS or FAT partition that holds windows, from the Linux install. That's easy. Then you read parts of the Windows registry - a little harder, but certainly not impossible.
From that, you can find out the following information:
- what kind of sound card, video card, monitor, ethernet card, modem, etc. the user has.
- What their network settings are, or their ISP phone number, or their email passwords...
- What screen resolution and color depth the user likes.
- All sorts of other hardware and software information, like power management settings, how they have their Palm Pilot connected - do they have a scanner, what kind, a printer, a digital camera... Some of that stuff can be autodetected, but getting hints from the registry can't hurt.
Besides reading the registry, you could import the contents of their Internet Explorer Favorites and set them up as bookmarks in Mozilla.
You could go to the "My Documents" folder, grab all the files there, back them up, and set them up in Linux all ready to go...
You could grab their color scheme and set it up for KDE or Gnome. You could try to pick a similar screen saver. You could get their background wallpaper and their winamp skin. If they have the toolbar set to autohide, you can make the KDE/Gnome panels autohide. If they have Quake III, you could go out to the net and grab the Linux executables to set up Quake III for linux...
There's really no limit, it's just a matter of writing code for it. Most slashdot readers would have little use for something like this, but for people who have been using Windows forever, it could be a very friendly, reassuring thing to have Linux come up for the first time and look very similar.
This would be a great thing, because a majority of Windows users don't know how Windows is set up. They don't know what their hardware is, or how their email is set up, or any of that. They set it up once, or had their kid set it up, and now they're helpless. Linux could go and find all that information. Installing Linux on top of Windows would be almost as easy and seamless as upgrading from Windows NT to Windows 2000.
Actually, PGP and GPG use a different symmetric key for each message as well. But they use the same private key every time to encrypt the symmetric key. There's two different systems being used...
So if the bad guys crack BlowFish / 3DES / TwoFish, (the symmetric algorithm) they only have the one message. But if they crack RSA / ElGamel, (the public/private algorithm) then they have your private key and can read all messages sent to you.
You are right about the self-destruct feature though. There's no way that can be made to work in a totally secure way - the message recipient can always do whatever insecure thing they want with it - like printing it and sticking it in a filing cabinet.
Hushmail has had secure, encrypted email for a long time now. It uses a Java applet to do the encryption in your browser, without having to download and install any application. The Java source is available for everyone to check for security holes. Hushmail never actually sees your private key. It looks pretty secure, overall - it's been around for a couple of years and I haven't heard of any holes in it.
Bruce Schnier has even reviewed it. He has some problems with it, but there's no glaring security holes. Still, you're probably better off with GPG, storing your private key yourself.
So SafeMessage is nothing new. Of course, the more the merrier. Everyone should use encryption all the time, and competition is a good thing.
Actually, I kind of like the Mandrake installer, but it's too limiting. But Debian could get some good ideas and code from it, and then improve on it.
For those of you who haven't seen it... it boots off CD, quickly starts a Linux kernel with framebuffer support, and then starts X on top of that. After picking what language you want for the install, the next question is: choose Regular, Custom, or Expert installs. From that point on it's pretty slick. It autodetects most PCI cards, and sets up X for you. You can also back up at any point, and there is a text mode version as well.
Anyway, what I think would be good for Debian is something similar to start with, but after answering the language question, instead of just Regular, Custom, Expert, a really detailed menu would be nice.. something like this:
Choose which ever of these descriptions fits you best. Don't worry, if you change your mind you can back up. These choices just set defaults, so if you're not sure which one is best, just pick one that seems good, and you will be able to customize your install afterwards.
1. I'm really an expert..
\- and I want to see all the possibilities.
\- I'm setting up a lot of computers, and have a saved install config file on the network or on a floppy...
\- but I want to customize from that.
2. I'm New to Linux...
\- I don't know anything about my computer. Please autodetect everything and don't ask hard questions.
\- I'm a normal home user with a modem
\- I'm a normal home user with ADSL/Cablemodem
\- I have a LAN and want to share and secure the internet connection.
\- I have Windows installed and want to import all my settings to Linux.
\- I know Windows pretty well and want to see all the Linux options, with explanations.
3. I'm an experienced Linux User...
\- I've got loads of hard drive space. Install everything and I'll sort it out later.
\- I want a customized Gnome environment
\- I want a customized KDE environment
\- I want to choose a window manager and pick individual packages
\- I just want development tools and source code.
4. I'm setting up a server...
\- Secure Web Server with Apache, etc.
\- Samba server
\- NFS server
\- MySQL or Postgres SQL server
\- other choices
\- customized server
5. I'm building an embedded system...
\- Full development environment, plus another partition with one of:
\- Bare minimum, just enough to boot.
\- Boot into stripped down X 3.3.6
\- Boot into stripped down X 4.0.1
\- (more choices)...
etc.
The idea here would that the user would make a choice at the beginning of the process that would guide all the following choices by providing defaults, but not restrict it.
Autoinstalling software for CDR's, auto-downloading encryption software, and automatically connecting to find updates would all be slick.
Mandrake also has a pretty slick graphical disk partitioning system. It allows you do anything you want, but also has an "auto allocate" which sets up root, swap, and home partitions. I think Debian would do well to take that, but change the auto allocate default to do the "right thing" depending on the user's earlier choice of what kind of installation they are doing.
I'm sure Red Hat, Caldera, Slackware, and everyone else has good ideas too.
If Debian takes all the good ideas from the other distributions and polishes them, they basically can't go wrong.
I think that there's a tendancy among the linux distributions to a "Not Invented Here" syndome which is actually really strange in the open source world. Debian could break that pattern by using and improving good, GPL'ed stuff from the commercial distributions.
Here's a reality check - for me, anyway: I honestly thought slashdot.org would be somewhere in the top 500. I was going to make a joke about "You know it's time to move on to kuro5hin when slashdot makes it into the top 100". Nope. Slashdot isn't in the top 1000.
Linux doesn't show up in any of the top 1000 domain names, but windows does - once - in windowsmedia.com, which is about a TV-like a site as you can get, and a subsite of MSN.
Google was 21st, cnn.com was 37th, and wired.com was 970. Other than that, none of the sites I've bookmarked are in the top 1000.
I guess I shouldn't be surprised that the web I see is nothing like the web most of the world sees. I am a little disconcerted though. No wonder the general public doesn't care about software freedom, DeCSS, software patents, privacy, etc. The awful truth is that for most people, the internet is like TV.
Actually, I've been bitten by this in my MP3 collection. When using Music Match Jukebox to automatically file stuff, using the CDDB database, you can get stuff like this:
C:\Documents and Settings\torrey.hoffman.DOMAIN\My Documents\mp3library\mp3\classical\W. A. Mozart (1756-1791) Mozart Complete Piano Concertos (45)\Mozart Complete Piano Concertos (45)\06 Piano Concerto #18 in B-flat major (3rd movement), K. 456.mp3
Some of them are worse, especially classical CD's where the composer, conductor, orchestra, symphony, and movement all get packed into the path and file names. So far this has only been a problem when trying to burn CDR's - I think the ISO cd rom filesystem has a lower limit than Windows 2000.
I think 1024 would be a reasonable upper limit for a complete path, if an upper limit is neccessary for technical reasons.
You can lower the cable near the horizon to take measurements, but if you lower it into the horizon the cable will snap. Tension will increase without bound if you try to keep it from snapping.
Why? If the tension increases without bound, does that mean there is an infinite gravitational gradient?
Is it impossible for a solid object to be partly within and partly outside the event horizon? Why?
You know how many Microsoft CD's it would take to come close to having as much content as those two Red Hat CD's?
1. Windows 2000 CD for the OS
2. Microsoft Office 2000 for the user apps
3. Microsoft Back Office for the server apps
4. Dev Studio 6 for the compiler
5. MSDN for the documentation
6. Third-party software for shells, scripting, and other essentials.
That's at least 6 CDs, and thousands of dollars. Install it all on one computer, and it will take up many gigabytes. Good luck getting it all running at the same time, and stable.
But Red Hat has all that and more (Beowulf, more development tools, etc), for 30 bucks, on just two CDs. It probably installs into about 1.5 GB (based on my experience with Mandrake 7.1, which also comes on two CD's.)
Maybe some of the experts here can answer this random question... a thought experiment, if you will:
Suppose you had a platform or spaceship or something orbiting a small black hole, just above the event horizon. Now, that platform would be moving at just under light speed, but so what.
Now, what if you lowered a cable down towards the event horizon, while simultaneously extending a cable upwards to keep everything balanced out. This is pretty much the standard "space elevator" concept.
Why couldn't you be able to get the bottom end of the lower cable down into the event horizon, and measure the Hawking radiation effects directly? Then, you could pull the cable back out when you were finished the experiment - The end of the cable would then be escaping from the black hole.
I think the only problem (remember, this is a thought experiment) would be making a cable strong enough to withstand the gravitational pull. Would this be fundamentally impossible?
Acutally, 3.14156 is wrong. Of the top of my head (really!), it starts 3.14159 26535 89793.
When I was in grade 8, my math teacher put up an overhead once with pi to 10000 digits. I was so blown away I got a photocopy of it. That summer I memorized the first 100 digits, five digits a day. If you do it in groups of five, it's not that hard.
In grades 9-12 I used to write out at least 10 to 15 digits worth when using pi in calculations, especially on math and physics tests. How pathetic of a geek am I, eh?
Over on this Pi site you can get pi to 50 million places, and find out that some guy called Hiroyuki Goto is the current world record holder for the most digits of Pi memorized at over 42000 digits. (!)
I don't think this would gain you much. When Linux loads, the kernel gets stuffed into memory, and as as far as I know, pretty much stays there until the machine powers down. Maybe parts of it swap out (not sure) but it doesn't get loaded again from the image again. After all, that's why kernels are usually compressed - make bzImage gives you a mostly zipped kernel which uncompresses as it loads.
So, loading from EEPROM would perhaps get you a faster bootup, but not much more than that.
There is a project I read about somewhere where people are actually putting a modified Linux kernel directly into the Flash to replace the system BIOS. This is neat because they boot in less than a second - so fast they have to explicitly wait for the hard drives to spin up before looking for them!
Other embedded systems use Linux on "Disc On Chip" hardware. Have a look at the September Linux Journal, which has a lot on the use of Linux in embedded applications.
I was very impressed. It's interesting reading, not extremely technical, and has lots of good tips on how to think about building secure systems. There's not much detail on any particular system - that's not the focus of the book. Since it focuses more on concepts and less on specifics, it will remain relevant for a long time, compared to "Securing Red Hat Linux 6.0" which is already out of date.
An interesting thing about the book is the contrast between two concepts that may seem contradictory at first: Security is only as strong as it's weakest link, but layered security can result in stronger security than any one part.
It's like the difference between logical AND and logical OR. You want to build security systems where to break it, an attacker would have to break through a firewall AND steal a password AND get root access from user access AND evade the network monitoring system, etc. This is security in depth - stronger than any one link.
Unfortunately, most systems are designed as logical OR: To break the security, the attacker just needs to penetrate the firewall OR steal a password OR buffer-overflow a CGI script, etc. This is "weakest link" security.
Other things that stuck in my mind from the first reading: No matter how strong you build it, someone will eventually break it. So design it for easy recovery. The CSS system on DVD's is an excellent example for this - now that it's been broken, there is no good way for the DVD manufacturers to recover. They can't change the encryption system without breaking compatibility... (The CSS/deCSS system is actually used as an example several times throughout the book).
I highly recommend this book. I'll probably reread my copy several times.
Stick with the issue - the GPL decreases freedom. [...]
...in this country you are allowed to be self-interested - although there are many countries that apply the RMS ideals to every day living...
It's ironic that you trumpet the right to be self interested, while complaining about the GPL. You obviously don't get it.
Let me spell it out for you: Developers choose to publish code under the GPL (in part) because they are self interested.
Read that again.
Let me explain. If I wrote some cool software on my own time, and I released it as BSD, and some corporation used it and improved it and then released it as closed source with an expensive license, then I wouldn't get to use those improvements. Since I'm self interested, I don't want that to happen. So I use the GPL instead.
The GPL says "I'll share my code... but if you use it, you have to share too." So if you don't want to share, go away. Write your own code.
The only people who complain about the GPL resticting their freedom is people who want the freedom to freeload.
However, this driver only works for the NetStream 2000 card, not their popular Hollywood Plus card (which is very similar to the Creative Labs DXR3). Also, it is pretty much a command-line thing at the moment, but I'm sure somebody could make nice graphical wrappers for it.
The important bits are closed source, because of the CSS issue, but they include sample code for interfacing with the MPEG2 driver and some other useful things.
Indeed. Here's a classic line from the Microsoft manager quoted in the article:
This feature has a trade-off, like almost every other feature on the Web--in this case, between functionality and a minor, potential privacy exposure..."
And, as always, Microsoft has made the call to sacrifice security and privacy for functionality.
Seriously, this must be a Microsoft corporate policy. Maybe a Microsoft-employed Slashdot reader can spill the beans, and point us to the internal web site or policy manual that says:
"If you ever need to choose between security and functionality, choose functionality. If you ever need to choose between stability and backward compatibility, choose backward compatibility. If you ever need to choose between adhering to the internet standard or adding a proprietary feature, why are you even thinking about it! Add the proprietary feature - of course! And don't document it, either!".
Or something like that. Come on, give it up, we know it's in there somewhere!
I've got X 3.3.6 running on a TV here. It works with both Mandrake 7.0 and 7.1. The Mandrake setup didn't recognize the video card (which is an unusual thing) so it automatically installed a linux kernel with framebuffer support, and then the framebuffer X server. When it starts up, it automatically uses the frame buffer default mode (640 x 480 at 60 Hz, 16bpp) and the video card automatically puts that on the TV. Seems to work just fine, but not very fast as the FB driver obviously has no hardware acceleration.
I tried to do the same thing on a different machine, using an ATI All-In-Wonder Rage Pro 128, and that worked too. But then I tried to upgrade to XFree86 4.0.1 using the tar.gz straight off XFree86.org, and it quit working. The problem seems to be that the X Server isn't finding the font server, or it's the wrong font server, or something. Getting that fixed (and displaying DVD's under Linux) is my project for the weekend. Woo hoo!
Lets have some common sense here. . . . . I'm not even going to waste my time looking up facts to call this ridiculous, because its common sense.
(sigh). Yeah, good idea, don't even bother looking up facts. Who needs facts when you have common sense! Just ignore the fact it's NASA's research, and call it pop-sci. Just ignore the fact that smarter people than you have done research on this, and have done lots of math, because common sense says they must be wrong! Ignore the facts in the article about the tensile strength of carbon nanotubes, because common sense says if you can't imagine it, it must be impossible.
And it's common sense that quantum physics must be wrong, cause it just doesn't make sense that something could be like a wave or a particle at the same time!
And it's just common sense that no one will ever be able to make a fabric that could stop a bullet.
Oh wait, they did - it's called kevlar. Hey! that's your alias!
If, as one of them states, the Higgs field is a little like the electromagnetic field, two questions immediately arise. First, is the Higgs field the same everywhere in the Universe? And second, perhaps we can learn to manipulate it?
If the Higgs field "causes mass", maybe its different in other areas of the universe. Maybe this could explain the "dark matter" problem - perhaps there is no missing matter, but the Higgs field is stronger in other places so everything just has more mass "out there".
If we could make a device that modifies the Higgs field, would that have the effect of changing the apparent mass of objects within the field?
Would it perhaps be possible to make a "Higgs Ray" that projects an extra-strong or extra-weak Higgs field, thereby changing the mass of objects in the beam?
Fun to speculate. Could some of you particle physicists hanging out here say if this is possible? Thanks!
They knew they were breaking the law, they just went ahead and did it anyway
I don't think you are correct. If they knew they were breaking the law, I'm sure they knew that the RIAA would be coming after them. And they certainly knew that the RIAA had more money for lawyers, and would sue them until they were a smoking crater in the ground.
The investors behind the company would have considered these things too, and nixed the project if they thought it was illegal and therefore a financial risk. I'm sure they had lawyers look at it. Maybe they should sue their own lawyers for giving them bad advice.
And if they really didn't think about it until they got sued, well, even then they could have bailed out, shut the service down, and settled out of court with the RIAA. If they knew they were breaking the law and had no chance of winning the lawsuit, that's the only thing that would have made sense.
Therefore, even after they were sued, they must have believed they would win in court. Nothing else makes sense!
If you believe they knew they were breaking the law and would lose the lawsuit, maybe you can explain: Why would they do anything that suicidal? Why didn't they settle out of court? What did they possibly hope to gain?
Slashdot Mirror
However, the Linux Kernel article does give hints that something else was going on. It sounds like Jeff Merkey, one of the kernel developers, used to work for Novell or something and was going to put NDS (Novell Directory Services) into Linux, and had both a license agreement with Microsoft for something else, and an informal understanding with Microsoft about NDS on Linux.
They talk about the Linux Laundromat - the idea being that Microsoft could get NDS support for Windows by downloading it from the internet - in the Linux code. Since Jeff Merkey has quit working on that, Microsoft is pissed... or something like that. For full understanding of this issue one would probably have to either interview Jeff Merkey and the other developers, or read hundreds of messages of the Linux Kernel Development mailing list. (There's an idea for slashdot - Interview the Linux Kernel Developers as a group.)
Microsoft has reason to be worried though. NTFS is a good file system - if you installed Linux over NT and it worked, and could read your data, there might not be any reason to wipe the hard drives and convert to ext2fs - a much scarier step that many companies would balk at.
With NTFS support in the Linux kernel, NT file servers, print servers, and web servers could be converted to Linux in about an hour with the safety of "if anything goes wrong, we'll just boot back to NT."
Torrey Hoffman (Azog)
In the meantime, have you tried installing Ingo Molnar's low latency patches for the kernel? You might find they solve the problem for you.
If they do, could you email me and let me know? Unfortunately there is no kernel 2.2.17 version yet, and that's the one I'm waiting for.
Torrey Hoffman (Azog)
Your scenario is pretty scary, and I would agree that it is technologically possible. But I don't think it will actually happen.
You see, it would take at least 5 years before there's enough of the new audio equipment out there that the CD manufacturers could actually stop selling regular CDs. During those 5 years, customers will become more and more accustomed to easy to use, cheap or free downloadable music. So there will be real resistance from people who don't want to replace their speakers, amplifiers, etc. They just won't do it.
In the meantime, do you really think the recording, production, distribution, and sales organization for CD's can survive for another 5 years, making enough money to push something like that through? Not a chance. They're as dead as the dinosaurs, they just haven't really realized it yet. However, they may thrash around alot and make a big mess as they die, so just stand back and wait for it to be over.
The only way the RIAA could make this work is to give everyone in North America a free SDMI-compatible music system, right now, backward compatible with everyone's existing CD collections. Then they could simply stop making regular CD's, and only sell the encrypted ones.
They can't afford to do that though, and people won't buy the stuff fast enough. They're doomed.
Torrey Hoffman (Azog)
You think that making a copy of copyrighted material is breaking the law? Well shoot, you'd better shut down your browser right now, or I'll sue your ass. These comments are copyright by me, and your browser just copied them.
Of course that's nonsense, because I implicitly gave you the rights to make a copy of this article and read it when I posted it. But when I buy a DVD, I implicitly (should?) have the right to make a copy of it and view it too. That's what deCSS does. So why should it be illegal?
Another example: DeCSS cannot be illegal just because it could be used to copy a DVD. If that was true, photocopiers would be illegal, because they could be used to copy books.
Enough of this nonsense.
The RIAA, the MPAA, the IOC, and other oppressive organizations are attempting to take away freedom of speech and fair-use rights. Copyright was originally limited, they are trying to make it unlimited through legal and technological means.
These organizations want to create a world where you could be charged for everything you see, hear, and experience - every time. A world where you own nothing and rent everything. An attitude like that tends to polarise people, and push them in the other direction. Despite that, I don't think Slashdot (in general) is becoming anti-IP, although some posters may be.
But most posters here have a greater respect and understanding for the limitations of copyright. I think the original version of the copyright act was, on balance, a good thing.
I think the only "anti-IP" on Slashdot is an "anti-expansion-of-IP". At least, that's the only anti-IP I have.
Torrey Hoffman (Azog)
The customer and the bank will be none the wiser - after the entire contents of the cutomser's savings account and online stock portfolio is transferred to the bad guys, the bank will have perfect records showing the correct PIN, username, password, GPS coordinates, etc. to validate the transaction. And the customer will hae printouts showing they did no such thing.
All that security would be worthless, and either the bank would tell the customer "We think you are trying to defraud us, look we have all this proof you really did make the transfer", or they would say "Tough luck, you should have kept your Windows machine secure, loser", or (more likely) the bank would just eat the loss and hush the whole thing up.
Banks save so much money not having tellers and buildings downtown that they would rather put up with millions of dollars of losses every year than give up on internet banking.
As long as internet banking uses customer's home PC's as trusted links in the whole system, real security is an impossibility.
Torrey Hoffman (Azog)
Basically, you would do it by mounting the NTFS or FAT partition that holds windows, from the Linux install. That's easy. Then you read parts of the Windows registry - a little harder, but certainly not impossible.
From that, you can find out the following information:
- what kind of sound card, video card, monitor, ethernet card, modem, etc. the user has.
- What their network settings are, or their ISP phone number, or their email passwords...
- What screen resolution and color depth the user likes.
- All sorts of other hardware and software information, like power management settings, how they have their Palm Pilot connected - do they have a scanner, what kind, a printer, a digital camera... Some of that stuff can be autodetected, but getting hints from the registry can't hurt.
Besides reading the registry, you could import the contents of their Internet Explorer Favorites and set them up as bookmarks in Mozilla.
You could go to the "My Documents" folder, grab all the files there, back them up, and set them up in Linux all ready to go...
You could grab their color scheme and set it up for KDE or Gnome. You could try to pick a similar screen saver. You could get their background wallpaper and their winamp skin. If they have the toolbar set to autohide, you can make the KDE/Gnome panels autohide. If they have Quake III, you could go out to the net and grab the Linux executables to set up Quake III for linux...
There's really no limit, it's just a matter of writing code for it. Most slashdot readers would have little use for something like this, but for people who have been using Windows forever, it could be a very friendly, reassuring thing to have Linux come up for the first time and look very similar.
This would be a great thing, because a majority of Windows users don't know how Windows is set up. They don't know what their hardware is, or how their email is set up, or any of that. They set it up once, or had their kid set it up, and now they're helpless. Linux could go and find all that information. Installing Linux on top of Windows would be almost as easy and seamless as upgrading from Windows NT to Windows 2000.
Torrey Hoffman (Azog)
Technical nipicks:
Actually, PGP and GPG use a different symmetric key for each message as well. But they use the same private key every time to encrypt the symmetric key. There's two different systems being used...
So if the bad guys crack BlowFish / 3DES / TwoFish, (the symmetric algorithm) they only have the one message. But if they crack RSA / ElGamel, (the public/private algorithm) then they have your private key and can read all messages sent to you.
You are right about the self-destruct feature though. There's no way that can be made to work in a totally secure way - the message recipient can always do whatever insecure thing they want with it - like printing it and sticking it in a filing cabinet.
Torrey Hoffman (Azog)
Hushmail has had secure, encrypted email for a long time now. It uses a Java applet to do the encryption in your browser, without having to download and install any application. The Java source is available for everyone to check for security holes. Hushmail never actually sees your private key. It looks pretty secure, overall - it's been around for a couple of years and I haven't heard of any holes in it.
Bruce Schnier has even reviewed it. He has some problems with it, but there's no glaring security holes. Still, you're probably better off with GPG, storing your private key yourself.
So SafeMessage is nothing new. Of course, the more the merrier. Everyone should use encryption all the time, and competition is a good thing.
Torrey Hoffman (Azog)
Actually, I kind of like the Mandrake installer, but it's too limiting. But Debian could get some good ideas and code from it, and then improve on it.
For those of you who haven't seen it... it boots off CD, quickly starts a Linux kernel with framebuffer support, and then starts X on top of that. After picking what language you want for the install, the next question is: choose Regular, Custom, or Expert installs. From that point on it's pretty slick. It autodetects most PCI cards, and sets up X for you. You can also back up at any point, and there is a text mode version as well.
Anyway, what I think would be good for Debian is something similar to start with, but after answering the language question, instead of just Regular, Custom, Expert, a really detailed menu would be nice.. something like this:
Choose which ever of these descriptions fits you best. Don't worry, if you change your mind you can back up. These choices just set defaults, so if you're not sure which one is best, just pick one that seems good, and you will be able to customize your install afterwards.
1. I'm really an expert..
\- and I want to see all the possibilities.
\- I'm setting up a lot of computers, and have a saved install config file on the network or on a floppy...
\- but I want to customize from that.
2. I'm New to Linux...
\- I don't know anything about my computer. Please autodetect everything and don't ask hard questions.
\- I'm a normal home user with a modem
\- I'm a normal home user with ADSL/Cablemodem
\- I have a LAN and want to share and secure the internet connection.
\- I have Windows installed and want to import all my settings to Linux.
\- I know Windows pretty well and want to see all the Linux options, with explanations.
3. I'm an experienced Linux User...
\- I've got loads of hard drive space. Install everything and I'll sort it out later.
\- I want a customized Gnome environment
\- I want a customized KDE environment
\- I want to choose a window manager and pick individual packages
\- I just want development tools and source code.
4. I'm setting up a server...
\- Secure Web Server with Apache, etc.
\- Samba server
\- NFS server
\- MySQL or Postgres SQL server
\- other choices
\- customized server
5. I'm building an embedded system...
\- Full development environment, plus another partition with one of:
\- Bare minimum, just enough to boot.
\- Boot into stripped down X 3.3.6
\- Boot into stripped down X 4.0.1
\- (more choices)...
etc.
The idea here would that the user would make a choice at the beginning of the process that would guide all the following choices by providing defaults, but not restrict it.
Autoinstalling software for CDR's, auto-downloading encryption software, and automatically connecting to find updates would all be slick.
Mandrake also has a pretty slick graphical disk partitioning system. It allows you do anything you want, but also has an "auto allocate" which sets up root, swap, and home partitions. I think Debian would do well to take that, but change the auto allocate default to do the "right thing" depending on the user's earlier choice of what kind of installation they are doing.
I'm sure Red Hat, Caldera, Slackware, and everyone else has good ideas too.
If Debian takes all the good ideas from the other distributions and polishes them, they basically can't go wrong.
I think that there's a tendancy among the linux distributions to a "Not Invented Here" syndome which is actually really strange in the open source world. Debian could break that pattern by using and improving good, GPL'ed stuff from the commercial distributions.
Torrey Hoffman (Azog)
Here's a reality check - for me, anyway: I honestly thought slashdot.org would be somewhere in the top 500. I was going to make a joke about "You know it's time to move on to kuro5hin when slashdot makes it into the top 100". Nope. Slashdot isn't in the top 1000.
Linux doesn't show up in any of the top 1000 domain names, but windows does - once - in windowsmedia.com, which is about a TV-like a site as you can get, and a subsite of MSN.
Google was 21st, cnn.com was 37th, and wired.com was 970. Other than that, none of the sites I've bookmarked are in the top 1000.
I guess I shouldn't be surprised that the web I see is nothing like the web most of the world sees. I am a little disconcerted though. No wonder the general public doesn't care about software freedom, DeCSS, software patents, privacy, etc. The awful truth is that for most people, the internet is like TV.
What a depressing way to start a Friday.
Torrey Hoffman (Azog)
Actually, I've been bitten by this in my MP3 collection. When using Music Match Jukebox to automatically file stuff, using the CDDB database, you can get stuff like this:
C:\Documents and Settings\torrey.hoffman.DOMAIN\My Documents\mp3library\mp3\classical\W. A. Mozart (1756-1791) Mozart Complete Piano Concertos (45)\Mozart Complete Piano Concertos (45)\06 Piano Concerto #18 in B-flat major (3rd movement), K. 456.mp3
Some of them are worse, especially classical CD's where the composer, conductor, orchestra, symphony, and movement all get packed into the path and file names. So far this has only been a problem when trying to burn CDR's - I think the ISO cd rom filesystem has a lower limit than Windows 2000.
I think 1024 would be a reasonable upper limit for a complete path, if an upper limit is neccessary for technical reasons.
Torrey Hoffman (Azog)
Is it impossible for a solid object to be partly within and partly outside the event horizon? Why?
Damn, I have to get a good book on this stuff.
Torrey Hoffman (Azog)
You know how many Microsoft CD's it would take to come close to having as much content as those two Red Hat CD's?
1. Windows 2000 CD for the OS
2. Microsoft Office 2000 for the user apps
3. Microsoft Back Office for the server apps
4. Dev Studio 6 for the compiler
5. MSDN for the documentation
6. Third-party software for shells, scripting, and other essentials.
That's at least 6 CDs, and thousands of dollars. Install it all on one computer, and it will take up many gigabytes. Good luck getting it all running at the same time, and stable.
But Red Hat has all that and more (Beowulf, more development tools, etc), for 30 bucks, on just two CDs. It probably installs into about 1.5 GB (based on my experience with Mandrake 7.1, which also comes on two CD's.)
So who's bloated?
Torrey Hoffman (Azog)
Maybe some of the experts here can answer this random question... a thought experiment, if you will:
Suppose you had a platform or spaceship or something orbiting a small black hole, just above the event horizon. Now, that platform would be moving at just under light speed, but so what.
Now, what if you lowered a cable down towards the event horizon, while simultaneously extending a cable upwards to keep everything balanced out. This is pretty much the standard "space elevator" concept.
Why couldn't you be able to get the bottom end of the lower cable down into the event horizon, and measure the Hawking radiation effects directly? Then, you could pull the cable back out when you were finished the experiment - The end of the cable would then be escaping from the black hole.
I think the only problem (remember, this is a thought experiment) would be making a cable strong enough to withstand the gravitational pull. Would this be fundamentally impossible?
Torrey Hoffman (Azog)
Acutally, 3.14156 is wrong. Of the top of my head (really!), it starts 3.14159 26535 89793.
When I was in grade 8, my math teacher put up an overhead once with pi to 10000 digits. I was so blown away I got a photocopy of it. That summer I memorized the first 100 digits, five digits a day. If you do it in groups of five, it's not that hard.
In grades 9-12 I used to write out at least 10 to 15 digits worth when using pi in calculations, especially on math and physics tests. How pathetic of a geek am I, eh?
Over on this Pi site you can get pi to 50 million places, and find out that some guy called Hiroyuki Goto is the current world record holder for the most digits of Pi memorized at over 42000 digits. (!)
Torrey Hoffman (Azog)
I don't think this would gain you much. When Linux loads, the kernel gets stuffed into memory, and as as far as I know, pretty much stays there until the machine powers down. Maybe parts of it swap out (not sure) but it doesn't get loaded again from the image again. After all, that's why kernels are usually compressed - make bzImage gives you a mostly zipped kernel which uncompresses as it loads.
So, loading from EEPROM would perhaps get you a faster bootup, but not much more than that.
There is a project I read about somewhere where people are actually putting a modified Linux kernel directly into the Flash to replace the system BIOS. This is neat because they boot in less than a second - so fast they have to explicitly wait for the hard drives to spin up before looking for them!
Other embedded systems use Linux on "Disc On Chip" hardware. Have a look at the September Linux Journal, which has a lot on the use of Linux in embedded applications.
Torrey Hoffman (Azog)
I was very impressed. It's interesting reading, not extremely technical, and has lots of good tips on how to think about building secure systems. There's not much detail on any particular system - that's not the focus of the book. Since it focuses more on concepts and less on specifics, it will remain relevant for a long time, compared to "Securing Red Hat Linux 6.0" which is already out of date.
An interesting thing about the book is the contrast between two concepts that may seem contradictory at first: Security is only as strong as it's weakest link, but layered security can result in stronger security than any one part.
It's like the difference between logical AND and logical OR. You want to build security systems where to break it, an attacker would have to break through a firewall AND steal a password AND get root access from user access AND evade the network monitoring system, etc. This is security in depth - stronger than any one link.
Unfortunately, most systems are designed as logical OR: To break the security, the attacker just needs to penetrate the firewall OR steal a password OR buffer-overflow a CGI script, etc. This is "weakest link" security.
Other things that stuck in my mind from the first reading: No matter how strong you build it, someone will eventually break it. So design it for easy recovery. The CSS system on DVD's is an excellent example for this - now that it's been broken, there is no good way for the DVD manufacturers to recover. They can't change the encryption system without breaking compatibility... (The CSS/deCSS system is actually used as an example several times throughout the book).
I highly recommend this book. I'll probably reread my copy several times.
Torrey Hoffman (Azog)
Let me spell it out for you: Developers choose to publish code under the GPL (in part) because they are self interested.
Read that again.
Let me explain. If I wrote some cool software on my own time, and I released it as BSD, and some corporation used it and improved it and then released it as closed source with an expensive license, then I wouldn't get to use those improvements. Since I'm self interested, I don't want that to happen. So I use the GPL instead.
The GPL says "I'll share my code... but if you use it, you have to share too." So if you don't want to share, go away. Write your own code.
The only people who complain about the GPL resticting their freedom is people who want the freedom to freeload.
Torrey Hoffman (Azog)
Sigma Designs has a DVD player for Linux that is available right now. You can get it at:
http://www.sigmadesigns.com/d ownload_ns2000_linux.htm.
The FAQ is at http://www.sigmadesigns.com/faq_linux.htm .
However, this driver only works for the NetStream 2000 card, not their popular Hollywood Plus card (which is very similar to the Creative Labs DXR3). Also, it is pretty much a command-line thing at the moment, but I'm sure somebody could make nice graphical wrappers for it.
The important bits are closed source, because of the CSS issue, but they include sample code for interfacing with the MPEG2 driver and some other useful things.
Torrey Hoffman (Azog)
Seriously, this must be a Microsoft corporate policy. Maybe a Microsoft-employed Slashdot reader can spill the beans, and point us to the internal web site or policy manual that says: Or something like that. Come on, give it up, we know it's in there somewhere!
Torrey Hoffman (Azog)
I've got X 3.3.6 running on a TV here. It works with both Mandrake 7.0 and 7.1. The Mandrake setup didn't recognize the video card (which is an unusual thing) so it automatically installed a linux kernel with framebuffer support, and then the framebuffer X server. When it starts up, it automatically uses the frame buffer default mode (640 x 480 at 60 Hz, 16bpp) and the video card automatically puts that on the TV. Seems to work just fine, but not very fast as the FB driver obviously has no hardware acceleration.
I tried to do the same thing on a different machine, using an ATI All-In-Wonder Rage Pro 128, and that worked too. But then I tried to upgrade to XFree86 4.0.1 using the tar.gz straight off XFree86.org, and it quit working. The problem seems to be that the X Server isn't finding the font server, or it's the wrong font server, or something. Getting that fixed (and displaying DVD's under Linux) is my project for the weekend. Woo hoo!
Torrey Hoffman (Azog)
And it's common sense that quantum physics must be wrong, cause it just doesn't make sense that something could be like a wave or a particle at the same time!
And it's just common sense that no one will ever be able to make a fabric that could stop a bullet.
Oh wait, they did - it's called kevlar. Hey! that's your alias!
Torrey Hoffman (Azog)
Hey, thanks for the informative and friendly answer. I hope someone moderates you up.
Torrey Hoffman (Azog)
Those essays were very interesting.
If, as one of them states, the Higgs field is a little like the electromagnetic field, two questions immediately arise. First, is the Higgs field the same everywhere in the Universe? And second, perhaps we can learn to manipulate it?
If the Higgs field "causes mass", maybe its different in other areas of the universe. Maybe this could explain the "dark matter" problem - perhaps there is no missing matter, but the Higgs field is stronger in other places so everything just has more mass "out there".
If we could make a device that modifies the Higgs field, would that have the effect of changing the apparent mass of objects within the field?
Would it perhaps be possible to make a "Higgs Ray" that projects an extra-strong or extra-weak Higgs field, thereby changing the mass of objects in the beam?
Fun to speculate. Could some of you particle physicists hanging out here say if this is possible? Thanks!
Torrey Hoffman (Azog)
The investors behind the company would have considered these things too, and nixed the project if they thought it was illegal and therefore a financial risk. I'm sure they had lawyers look at it. Maybe they should sue their own lawyers for giving them bad advice.
And if they really didn't think about it until they got sued, well, even then they could have bailed out, shut the service down, and settled out of court with the RIAA. If they knew they were breaking the law and had no chance of winning the lawsuit, that's the only thing that would have made sense.
Therefore, even after they were sued, they must have believed they would win in court. Nothing else makes sense!
If you believe they knew they were breaking the law and would lose the lawsuit, maybe you can explain: Why would they do anything that suicidal? Why didn't they settle out of court? What did they possibly hope to gain?
Torrey Hoffman (Azog)