Capital One determines the browser using JavaScript, not the UA header. Unfortunately overriding the UA string does not override what JavaScript returns. And the site of course doesn't work at all w/o JS...
Wamu is great as far as cross-browser support. I only have two complaints:
1) They block ICMP requests. Before I fixed my firewall (forcing the MTU), I couldn't get to the site.
2) Javascript that sets focus to the Username field *after* the page finishes loading (onLoad()). If you're already typing the password at this point, you look up, and just typed it (viewable) in the Username box.
Oh, make that 3 complaints:
3) It's far from realtime...
Other than these minor issues, I have never had a problem with any SSL-capable browser on any platform (even the HTML/CSS/tables all line up correctly).
---
I cancelled my Capital One card over their refusal to allow Mozilla. Spoofing the UA header doesn't work, as they obtain this via Javascript (which must be enabled). Moz doesn't (yet?) let you override the UA that javascript returns...
I've emailed Cap One many times, and even tried to explain to the Phone Monkey when I cancelled the card why I was cancelling. Unfortunately, this person understood none of what I was saying...
Of course I've also emailed Flipdog.com, VistaPrint.com, and other sites over issues like this. Pisses me off, and I do hope AOL one day ships a Gecko/Mozilla-based browser for this reason...
Either use a symbolic link (most Unix filesystems), or even a bit of mod_rewrite (Apache). The user will never see the true filename, and if you're smart the actual file is not within a web- or ftp-accessible location anyway.
Eg:/home/joblo/public_html/[unique_number]filename.zi p -->/home/joblo/.private/filename.zip
on the filesystem.
Or use a script that authenticates (using the unique ID) and sends the file data; this can be done with PHP, Perl, ASP, or just about any language that can read the QUERY_STRING environment and open/read files. You can store the user's ID and expiration time in a database, flat file, whatever. No browser issues as long as you send the appropriate headers.
I could think of many other ways do accomplish this; copying the file for each user is just nuts... you might as well email it to them.
The server is blocking ICMP requests, which means it will not see the ICMP Fragmentation Needed packets your NAT'd boxes will send. You need to reduce the MTU to around 1412 on the machines behind the firewall, or force the MTU in the firewall itself.
If using Linux 2.4/iptables, see the netfilter kernel config help option for "TCPMSS Target Support"...
Note that, technically, this is a problem on the server side (blocking ICMP for "security" reasons) but it can be solved on your end.
(I fought with this for months before I found the problem)
What's so bad about PPPoE? I run a Linux box on my DSL with no problem, and I use do run PPPoE under FreeBSD... for me it's not much different than straight DHCP, once it's set up (and even that was a snap)...
Why the fuck should you need to agree to anything to use software in the first place? We have copyright law for exactly this purpose.
Yes, but the holders of the copyrights do not have to let you use their software at all -- they can keep it locked up.
One might propose that you can use their software for payment. One might instead choose to let you use it after signing an NDA. One might, as is the case here, allow you to use the software after agreeing to some other terms, in the form of an EULA.
So if you refuse to pay the fee, sign the NDA, or agree to the terms, as the case may be, you have no right to use the software.
I'm not saying I agree with anything this company is doing -- but I do think EULAs have at least *some* merit...
If I purchased the software, it damned well is my software, and I can do anything with it allowed by copyright law.
IANAL, obviously (I corrected myself about the GPL issue); but I am not sure if that's entirely true. Under normal copyright law, as is my understanding, I don't have to show you any of my works. I can, if I so choose, allow you to view my works under certain restrictions (be it an NDA, or in exchange for $$$, or whatever).
Commercial software, typically, requires a payment, and agreement to certain terms -- the EULA.
Now, when you *purchase* software and are later greeted with an EULA, I do have mixed feelings about that. But we're talking freely-downloaded software, for which they are saying to you "you can use our software for free, under these conditions", and that's where the difference is.
The GPL makes no restrictions whatsover on the use or "running" of a program.
I stand corrected. My statement that the GPL was an EULA was incorrect.
I do think that both an EULA and the GPL alter the "default" copyright, albeit to opposite extremes, and as such they are still both protected by the same rights (providing that, in either case, said alterations are legal). Both also (generally) make sure the author isn't liable for any dammages caused by use of the software, etc...
But this is just my take on it, IANAL etc... I just don't feel that restrictions or regulations should be placed on EULAs. I still think that if one doesn't agree with the EULA, one shouldn't use the software -- regardless of the fact that most everyone else bit the bullet and made said software the de-facto standard...
My main point is simply this: whether or not an EULA would hold up in court, I feel that it is in fact the user's responsibility to read the agreement before signifying that they agree to it. For anything, really, not just software. Especially if the agreement constitutes giving permission to email all of your friends (again, not debating the legalities of this practice, but the user was given the opportunity to learn that this was going to happen).
Something so easily abused can only be described as deeply flawed.
I must ask, can you think of a better solution? One that makes sure the user understands what they are agreeing to by using your software?
Okay, granted this company is abusing this, but click-thru licenses have become somewhat of an industry standard by default. It is a commonly accepted method of informing the user on what terms they may utilize your product, and asking if the user agrees and wishes to continue.
I really don't want to see the day when, to purchase software, you have to go to the software store, take a number, and sit with an EULA Counselor and your attorney to go over and sign the legal documents...
Okay, that was probably a bit over the top, but I'd rather click-thru licensing remain/become a legally binding and viable way to set the terms a company wishes to impose on a user if that user wants to utilize the company's IP (did I just use that term?)
(no one's going to read through 50 page agreements before clicking on "yes").... and IMO, if you aren't willing to even read the license, you have no business running the software. Likewise, if you aren't willing to read the GPL you have no business using code from GPL-licensed software.
And, if you don't read the warning labels/user manual on a product, and are injured as a result of its use, you certainly deserve what you get. I bet you read the manual next time. Or not.
As long as a reasonable effort was made to warn you (be it a warning label, or a license for which you have to click "I AGREE" before installation), it is your fault for not taking precautions.
Do I feel these people are doing wrong? Absolutely. Do I think it should be regulated/outlawed? Hell no.
And if you die in an explosion of a car that has a sticker under the dash board that says "Warning: car may explode at any random time", you deserve exactly what you get.
A sticker under the dash, no. But a sign on the door that you must remove in order to open the vehicle? Perhaps. Think "DANGER - HIGH VOLTAGE" signs and the like.
You can only warn a user so much, beyond which it is, in fact, their own fault.
and you of course read all your end user agreements in full right? riiiiight....
Before I sign something, I read and make sure I understand it. Likewise, I don't signify agreement on an EULA unless I have read, understood, and (most importantly) agreed with the terms. It's not my software; if I want to use it, it has to be on their terms, or not at all.
I'm all for free software, but the same rights that protect free software also protect proprietary software. If EULAs are deemed invalid, what does that say about the GPL (which is, technically, an EULA)? As many/.ers respond to GPL-violations, if you don't agree with the GPL, write your own damned code! -- Likewise, if you don't agree with an EULA, find another software package (or, write your own damned code;)
This isn't a case of people messing with their own PCs. It's people using said PCs for criminal acts--the virtual equivalent of grand theft auto, carjacking, evading arrest, AND slashing the cop's tires.
That's a bit of a stretch, but even if this were the case, it's imposing restrictions on other people who aren't using said PCs for anything illegal.
Another point... how does Palladium stop crackers from doing their dirty work? I don't fully understand it, but if they can disable it on their own machine, Palladium has no effect. Likewise if they stick with an "outdated" P4 box...
It *might* prevent them from breaking into a Palladium-enabled box, or from running virus/worm code on it (depending on exactly how strong it is), but I really don't see this helping nearly as much as it is hurting/confusing/frustrating legitimate users (and small-time developers).
A similar situation exists in the shareware world (yes, I'm guilty of writing some;). I could make the registration system very difficult, requiring authentication through my server (ala WinXP "Activation"), etc. However, it won't stop determined crackers. It will only serve to frustrate legitimate users.
The same can be said about the gaming issue (requiring the CD to be in the drive), or recent "copy-protected" audio CDs. None of these things really stop anyone, they just create complications for legitimate users. "Prove to me you are not a criminal, and I will give you the privilege of purchasing my product". This, of course, only works when you're one of the top players (or a monopoly).
I admit to not knowing a lot about Palladium, but I do know it won't prevent me from running Linux, or any tech-savy person from disabling it on their own PC. It *will* affect me personally if there comes a point where I have to have my shareware code "signed" before (the majority of) my users will run it. I wouldn't doubt if the process involved money changing hands (but I did hear that MS won't be handling the actual signing process)...
Remember what MS's & the gov'ts motives are. The USA wants to protect its citizens, itself, and the elected officials... MS wants to profit; period.
I agree on both motives. However, when you have a) a software giant who wants total control and dominance, lobbying to our b) Not-so-technically-savy government (for the most part), then you have a problem.
Add to that, the fact that everyone with an agenda to push is milking 9/11 for all it's worth, and you get things like the DMCA and the new ones that are being pushed right now (I forget what it was called, they changed the name a couple times).
As an aside, I admin a couple Unix boxes, and I'm a major security freak. Would something like Palladium (were it cross-platform) assist an admin? Possibly. Would I use it? Nope.
I agree that all software is buggy. I've patched my kernels, OpenSSH, Sendmail etc enough times to know this. And this isn't an argument about MS vs Open Source, or anything like that.
What this is about is MS trying to make things like Palladium mandatory, so that they can simply count on the legal system to enforce security, rather than having to go through all the trouble of plugging holes and releasing (timely) patches.
Intel took a lot of flack with something as simple/silly as a CPU serial number. Sure, there were some privacy issues with that, but nothing like what we are potentially facing now. I will really start to worry when they use FUD tactics to make Palladium look like a good thing. The day my dad says something like "I can't wait for Palladium; then I won't have to worry about these viruses" -- that's when I will start to worry.
---
Anyway, I'd really like to know, honestly, how you think Palladium will prevent using a PC to commit a criminal act. Does Palladium have to be present and enabled on the *attacker's* PC, or only the victim's? Or will it just help catch the criminal, and if so, how? I really am curious...
This is off-topic, but I just have to reply to this:
None of this would be necessary if we didn't have social-engineering black-hat hackers who break every attempt at default security just for kicks. Palladium (or something else) is coming, and I blame any bad side effects I suffer on hackers, not MS.
Tell me you are kidding. Please.
Palladium is simply rediculous. There is a much better solution:
1) Write more secure software. Dont' lock my PC up because you can't produce solid, tested code that's not full of holes.
2) Educate users. If you let someone you didn't know work on your car, and they broke something major, who is at fault? Should GM ship cars with the hood welded shut?
3) Profit!
Okay, bad pun, but seriously... Palladium is just a bad, bad idea. What happens when (not if) someone breaks it? Then what?
Oh, right, hide behind more DMCA-like laws. No need to make it unbreakable, when you can just make it illegal to break (think CSS).
Microsoft seems to be acting like the RIAA. The RIAA is IMO an unnecessary middle-man, who's usefullness is proving to be less and less. So they lobby to get laws passed in order to survive. MS can't write secure software, so they want to lock us out of the PC, making it a (worse) crime to exploit it. Telco's are using old technology and want the government to bail them out.
Well guess what? If a company can't survive, or a business model proves to be no longer viable, then you lose. It isn't the government's (and thus the taxpayers') responsibility to keep a dead idea going for the benefit of some corporation.
Ah, but I'm rambling again... *sigh* I just get so frustrated with the way things are going these days (which has gotten much worse since 9/11)... my girlfriend thinks I'm a paranoid conspiracy theorist... I'm simply making observations.
Further, anybody who's smart enough to figure out how to change MAC addresses can also figure out that they can assign their own static IP address from the DHCP pool and the DHCP server will often allocate around it.
Off-topic, but I used to do that when I had a cable modem. One day, however, I typo'd the ifconfig command on FreeBSD, and accidentally took over the router's IP (I mixed up my IP with the gateway IP). My phone promptly rang... they didn't much like that. Seems I took out service for the whole area, and they had to reset the router.
Good thing this was before 9/11 and all the crazy computer crime laws...
I'm glad someone said it. Beyond true professional equipment, you will never hear the difference with any more than 16 bits.
Higher sample rates can have *some* effect, but only if we're talking cheap D/A converters. Oversampling techniques (or more recently, 1-bit D/A converters) fix that, and raising the encoded sample rate does nothing for humans. 44.1 kHz allows up to roughly 20 kHz, which is beyond most human ears (most humans can't hear the loud and annoying 17 kHz horizontal oscillator in a television).
On the other hand:
For people who need to record to separata channels and afterwards mix things, some extra bits might be worthwile, but probably not any more than four extra, ie. 20 bits in total.
I'd say 24 to 32 bits is necessary for recording and mixing. You have to remember, the initial recording is generally done at very low (relative) levels, since you *never* want to clip the original recording. Lower level == less use of the available dynamic range.
When mixing, you enter quantisation noise (not sure if that's the correct term/spelling), which is essentially math errors, the same you'd get when doing many different integer calculations. Similar reason we see 32-bit (and higher!) color in video cards, especially in the processing stages.
Anyway, I think the whole thing's a sham. I consider myself an audiophile to an extent. I can tell a 256k MP3 from the real thing, but I can enjoy even a 128k file.
Better than CD? Not necessary. Even if I could tell the difference, it's not enough to justify the cost/effort. SACD is nothing more than a 1-bit stream (pretty much the same as a normal CD with a 1-bit D/A, possibly with a tiny bit more detail), and DVD-Audio is just overkill. If the RIAA were smart, they'd pick *one* of the two formats and run with it (though I guess players can be easily made compatible with both/all 3)...
I've noticed, BTW, that Clear Channel is really, really pushing SACDs and the Sony players...
Re:Recycle Bins - don't you just hate them?
on
Undelete In Linux
·
· Score: 2
If you single click twice slowly, it lets you rename too. I prefer this over waiting for the right click menu to find all the NEW|> options and render.
God I hate that "feature". Especially if your mouse sucks (if you move even one pixel between clicks in a double-click, you're renaming).
I use F2 to rename. I very rarely rename files while inside an "Open" dialog, yet, I'm constantly accidentally slow-double-clicking. Of course you can't turn this feature off (that I am aware of).
Another one I can't stand, in Win2k at least, the "New Folder" icon is right next to the "Up Directory" icon in the Open/Save dialog. How many times I've had to delete "New Folder"...
Not to mention Win2k's Open/Save dialog never remembers your View settings. I love "Details", and I hate the sideways-scrolling variable-width list view. But, since it never remembers I find it useless to bother changing it every time.
But enough about that... to contribute to the topic, I think an Undelete would be good if it worked like the old Norton (IIRC) undelete:
- Deleting a file marks it (on the filesystem) as deleted, just as always - The filesystem doesn't re-use that space until it has to - A utility lets you find such "deleted" files, view their original location etc, and "restore" them
With this method, disk space is never really used, in that the more space you have available the more stuff you can "undelete". Perhaps this utility would also let you truly remove files (or even scramble the bits to truly wipe it).
That would be the ultimate, as it would protect joe-average and at the same time work no differently for the rest of us. Unless we needed it.
...why has microsoft not bought or written some buffer overflow detection tools and done a complete sweep of their code base
I don't know if you're a programmer or not, but it's really not just that simple. Many pointers are completely dynamic, depending on many other dynamic things that simply couldn't possibly be found at compile-time.
And many times, you might pass a pointer off to a function (that is in a separate library), which then manipulates the memory pointed to, and passes a pointer off somewhere else, ad infinitum. It's just not always that easy in a reasonably complex peice of software to just find and erradicate buffer overflows.
Even the debug runtimes for MS VC++ aren't perfect; they simply allocate a couple extra bytes on either side of any allocated memory, and if those bytes are touched a breakpoint is called the *next* time you access a memory-related function. Which doesn't always help (especially in a multi-threaded program).
Sorry for the rant, but I've been knee-deep in VC++ all day hunting buffer issues (not security-related but still a pain). It's very easy to over-step what you allocated, especially when you're several functions (and possibly several DLL's) away from where you started...
I don't claim to know much about PPTP but I believe many modems use it simply for encapsulation. PPTP is, literally, "Point to Point Tunnelling Protocol". Any encryption is done elsewhere (a VPN).
It's simply used to tunnel all sorts of network traffic between the ethernet adaptor and the modem. I believe this is why a typical ethernet ADSL modem works fine behind a switch or hub.
I could be completely full of shit, too. I do recall reading about PPTP being used by my Alcatel modem, but it doesn't require any oddball software on my side (just PPPoE and pppd).
Anyway, if this is the case, I don't think DSL users are at risk in this situation. But of course I can't be sure, but it seems like it's a completely unrelated use of the PPTP protocol...
I've worked on projects that had close to 100% piracy rates. That is to say that almost everyone who used it was stealing it. This in no way helped me, in fact it drive the company under.
The difference is in the users. Your product was probably targetted toward the type of user more apt to steal the software. Windows is targetted at a much broader audience, and the majority of people do not pirate windows (if only because they pay for it when purcahsing a PC).
I know your situation is common though with smaller projects. Back in my shareware days, my product (DJ software) had about 100 downloads per day for a solid 3 years; yet, registrations were maybe 2 or 3 per week (add up bandwidth and it was generally a loss). Granted not everyone who downloaded it necessarily used it, but with less than 0.5% registrations, and the easy availability of cracks/serials/keygens for it...
Note that this product also had an unusually high rate of credit card fraud on attempted registrations, which coincides with the high piracy rate.
So Windows has the following advantages over "niche" software:
- Many users pay for it (eg, PC purchase) who may not have otherwise - It's a much larger piece of software (more difficult to just find floating around the 'net, download and install) - The more people use it, the more people standardize on it. Generally not true with software for which there exists compatible choices and competition.
And so on. These are luxuries smaller developers don't have.
Unrelated note, the RIAA is an unnecessary middle-man and I hope they go broke and leave, or wisen up to the times, I don't care which. I long for the day a motion picture soundtrack costs less than the motion picture itself (DVD) by at least half.
...and content becomes... obsolete. ...because the news is still the same as when i left.
Had you read the article, you'd know that the author is referring to obsolete *code*, not content.
Back on topic: while I agree that one should never design to one specific browser, I don't agree with most of the author's points. For starters, most webmasters don't care about PDAs and cell phones, as those devices are generally used view more targetted sites. I'd rather have a nicely formatted page that works for most, than a boring, stripped-down lowest-denominator design.
Of course, sites such as Yahoo and Google target a wider range of users and thus have to look good on different platforms. So I disagree with his advice to update Yahoo...
About bad code that works - most people are lazy. If it isn't broken, there's no need to fix it (yet).
Why do today what you can put off for tomorrow (didn't we learn anything from Y2K?;)
MS quite often breaks their own rules. There are guidelines that a developer must follow in order to get the silly Windows logo on your product, and most of MS's own software break these rules.
They encourage developers to use the common dialog boxes (Open, Save As, etc), yet most of Office 2000 (and probably other versions) do not. It looks to me like they wanted to add some of the stupid features from Win2k to Office 2k, before Win2k shipped (IIRC, the buttons on the left of the dialog for Desktop, Network etc).
As a result, one annoyance I have with Office and Visual Studio is this: I keep my "MenuDelay" to zero, eg, I can't stand the 400 millisecond delay between the time you hover over a popup menu and the time the menu shows. It's a simple registry hack (or use TweakUI) to change this. But Office and Visual Studio apparently use their own menus, and ignore this setting.
There are probably a million other examples (many things in Media Player come to mind).
I agree, sometimes you do need custom widgets for specific tasks, but one should never replace the OS-provided ones if it can be avoided. This is about my only real gripe with Mozilla honestly... I don't care if it looks the same across platforms, and browsers do not need to be skinned IMO... Not to mention this god-awful buggy text box they created (though better than it used to be, it seems like an unnecessary waste of dev time).
Re:Sorry to bring it up, but there are options
on
Microsoft News Update
·
· Score: 2
I agree fully. I run MPlayer on a 433 Celeron BookPC (128 ram) with TV-Out as my main entertainment system. It has a few minor bugs, but write a good front-end wrapper for it and it's perfect. It plays everything (video) Windows Media Player (WMP) can play, and a few WMP can't.
On my Win2k box, WMP broke itself; it lost the ability to zoom, and most audio playback is distorted (sounds like wrapped samples - a lot more disturbing than clipped samples).
I upgraded to the highest version available at the time, and within 2 weeks it broke again. Not to mention, WMP breaks many of Microsoft's own UI rules, with how buttons are handled and such. Were it someone else's software it wouldn't qualify for the Windows logo.
Needless to say, MPlayer will not likely change its behavior for no good reason like that...
I run Winamp 2.x for MP3/Wave playback only. Winamp3 is just too bloated for my taste; even 2.x includes an MSIE component, which ends up bloating the player. I almost miss the 1.x days of Winamp, when it loaded fast on a 486 DX...
But then again, the GPL also states that any software so licensed is bound to any future revisions of the GPL.
Have you ever actually read the GPL? First, the GPL itself does not mention anything like this. The typical (and recommended) application of the GPL requests adding this paragraph to your software:
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This isn't part of the GPL itself, but I assume this is what you were referring to. Note the at your option part. This paragraph does appear in most GPL software I've seen, and I've never yet seen it without the at your option part.
I have TimeWarner digital cable, and it's the same problem. I don't know whether they allocate bandwidth based on a channel's popularity, but the big networks (NBC, ABC, etc.) all come across fine...
In most cases (at least with Time Warner cable in Kissimmee, FL), the broadcast channels are not digital; in fact, only channels above 100 are. In other words, ABC/NBC/etc should be analog, and thus would (in the case of digital artifacts) look better than the digital channels.
TW's typical receiver is both a digital and analog receiver in one unit. This might explain why those networks are clearer than the others. It might not if it is handled differently in your area... but it took me a while to realize that not all channels were in fact digital.
In Florida, I had TW digital cable, and didn't have many problems. Occasionally I would see typical MPEG artifacts, but these were pretty rare, and only noticable with certain types of programming (water, or HBO's static/fuzz logo thingy).
I also recall the cable guy explaining that some channels used MPEG, while others used some MPEG-ish format (don't recall it's name, but it had a Q in it...?) that was supposedely better. Namely, it used smaller blocks and less bandwidth, thus it didn't have as many artifacts when you first tuned the channel in.
To be on topic... broadcast TV is best kept analog. Like others have mentioned, digital isn't necessarily better, and in fact analog is much better when you're in poor receiving conditions. Cordless phones can easily demonstrate this. Unless they seriously boost the power/range of the digital TV stations, those not living directly in the cities will not benefit much from digital TV... I'd rather see occasional static than have my program cutting in and out (oh, but with "CD Quality sound!!!")... though it's hard for me to comment with any authority, not having seen a digital broadcast myself...
Slashdot Mirror
What about Opera masquerading as IE or netscape?
Capital One determines the browser using JavaScript, not the UA header. Unfortunately overriding the UA string does not override what JavaScript returns. And the site of course doesn't work at all w/o JS...
It was enough to cancel my card...
Wamu is great as far as cross-browser support. I only have two complaints:
1) They block ICMP requests. Before I fixed my firewall (forcing the MTU), I couldn't get to the site.
2) Javascript that sets focus to the Username field *after* the page finishes loading (onLoad()). If you're already typing the password at this point, you look up, and just typed it (viewable) in the Username box.
Oh, make that 3 complaints:
3) It's far from realtime...
Other than these minor issues, I have never had a problem with any SSL-capable browser on any platform (even the HTML/CSS/tables all line up correctly).
---
I cancelled my Capital One card over their refusal to allow Mozilla. Spoofing the UA header doesn't work, as they obtain this via Javascript (which must be enabled). Moz doesn't (yet?) let you override the UA that javascript returns...
I've emailed Cap One many times, and even tried to explain to the Phone Monkey when I cancelled the card why I was cancelling. Unfortunately, this person understood none of what I was saying...
Of course I've also emailed Flipdog.com, VistaPrint.com, and other sites over issues like this. Pisses me off, and I do hope AOL one day ships a Gecko/Mozilla-based browser for this reason...
How would you create a unique link to the file?
/home/joblo/public_html/[unique_number]filename.zi p --> /home/joblo/.private/filename.zip
Either use a symbolic link (most Unix filesystems), or even a bit of mod_rewrite (Apache). The user will never see the true filename, and if you're smart the actual file is not within a web- or ftp-accessible location anyway.
Eg:
on the filesystem.
Or use a script that authenticates (using the unique ID) and sends the file data; this can be done with PHP, Perl, ASP, or just about any language that can read the QUERY_STRING environment and open/read files. You can store the user's ID and expiration time in a database, flat file, whatever. No browser issues as long as you send the appropriate headers.
I could think of many other ways do accomplish this; copying the file for each user is just nuts... you might as well email it to them.
Off-topic, but:
If it only it worked through NAT firewalls. Grrrr
The server is blocking ICMP requests, which means it will not see the ICMP Fragmentation Needed packets your NAT'd boxes will send. You need to reduce the MTU to around 1412 on the machines behind the firewall, or force the MTU in the firewall itself.
If using Linux 2.4/iptables, see the netfilter kernel config help option for "TCPMSS Target Support"...
Note that, technically, this is a problem on the server side (blocking ICMP for "security" reasons) but it can be solved on your end.
(I fought with this for months before I found the problem)
What's so bad about PPPoE? I run a Linux box on my DSL with no problem, and I use do run PPPoE under FreeBSD... for me it's not much different than straight DHCP, once it's set up (and even that was a snap)...
Why the fuck should you need to agree to anything to use software in the first place? We have copyright law for exactly this purpose.
Yes, but the holders of the copyrights do not have to let you use their software at all -- they can keep it locked up.
One might propose that you can use their software for payment. One might instead choose to let you use it after signing an NDA. One might, as is the case here, allow you to use the software after agreeing to some other terms, in the form of an EULA.
So if you refuse to pay the fee, sign the NDA, or agree to the terms, as the case may be, you have no right to use the software.
I'm not saying I agree with anything this company is doing -- but I do think EULAs have at least *some* merit...
If I purchased the software, it damned well is my software, and I can do anything with it allowed by copyright law.
IANAL, obviously (I corrected myself about the GPL issue); but I am not sure if that's entirely true. Under normal copyright law, as is my understanding, I don't have to show you any of my works. I can, if I so choose, allow you to view my works under certain restrictions (be it an NDA, or in exchange for $$$, or whatever).
Commercial software, typically, requires a payment, and agreement to certain terms -- the EULA.
Now, when you *purchase* software and are later greeted with an EULA, I do have mixed feelings about that. But we're talking freely-downloaded software, for which they are saying to you "you can use our software for free, under these conditions", and that's where the difference is.
The GPL makes no restrictions whatsover on the use or "running" of a program.
I stand corrected. My statement that the GPL was an EULA was incorrect.
I do think that both an EULA and the GPL alter the "default" copyright, albeit to opposite extremes, and as such they are still both protected by the same rights (providing that, in either case, said alterations are legal). Both also (generally) make sure the author isn't liable for any dammages caused by use of the software, etc...
But this is just my take on it, IANAL etc... I just don't feel that restrictions or regulations should be placed on EULAs. I still think that if one doesn't agree with the EULA, one shouldn't use the software -- regardless of the fact that most everyone else bit the bullet and made said software the de-facto standard...
My main point is simply this: whether or not an EULA would hold up in court, I feel that it is in fact the user's responsibility to read the agreement before signifying that they agree to it. For anything, really, not just software. Especially if the agreement constitutes giving permission to email all of your friends (again, not debating the legalities of this practice, but the user was given the opportunity to learn that this was going to happen).
Something so easily abused can only be described as deeply flawed.
I must ask, can you think of a better solution? One that makes sure the user understands what they are agreeing to by using your software?
Okay, granted this company is abusing this, but click-thru licenses have become somewhat of an industry standard by default. It is a commonly accepted method of informing the user on what terms they may utilize your product, and asking if the user agrees and wishes to continue.
I really don't want to see the day when, to purchase software, you have to go to the software store, take a number, and sit with an EULA Counselor and your attorney to go over and sign the legal documents...
Okay, that was probably a bit over the top, but I'd rather click-thru licensing remain/become a legally binding and viable way to set the terms a company wishes to impose on a user if that user wants to utilize the company's IP (did I just use that term?)
(no one's going to read through 50 page agreements before clicking on "yes"). ... and IMO, if you aren't willing to even read the license, you have no business running the software. Likewise, if you aren't willing to read the GPL you have no business using code from GPL-licensed software.
And, if you don't read the warning labels/user manual on a product, and are injured as a result of its use, you certainly deserve what you get. I bet you read the manual next time. Or not.
As long as a reasonable effort was made to warn you (be it a warning label, or a license for which you have to click "I AGREE" before installation), it is your fault for not taking precautions.
Do I feel these people are doing wrong? Absolutely. Do I think it should be regulated/outlawed? Hell no.
And if you die in an explosion of a car that has a sticker under the dash board that says "Warning: car may explode at any random time", you deserve exactly what you get.
A sticker under the dash, no. But a sign on the door that you must remove in order to open the vehicle? Perhaps. Think "DANGER - HIGH VOLTAGE" signs and the like.
You can only warn a user so much, beyond which it is, in fact, their own fault.
and you of course read all your end user agreements in full right? riiiiight....
/.ers respond to GPL-violations, if you don't agree with the GPL, write your own damned code! -- Likewise, if you don't agree with an EULA, find another software package (or, write your own damned code ;)
Before I sign something, I read and make sure I understand it. Likewise, I don't signify agreement on an EULA unless I have read, understood, and (most importantly) agreed with the terms. It's not my software; if I want to use it, it has to be on their terms, or not at all.
I'm all for free software, but the same rights that protect free software also protect proprietary software. If EULAs are deemed invalid, what does that say about the GPL (which is, technically, an EULA)? As many
This isn't a case of people messing with their own PCs. It's people using said PCs for criminal acts--the virtual equivalent of grand theft auto, carjacking, evading arrest, AND slashing the cop's tires.
;). I could make the registration system very difficult, requiring authentication through my server (ala WinXP "Activation"), etc. However, it won't stop determined crackers. It will only serve to frustrate legitimate users.
That's a bit of a stretch, but even if this were the case, it's imposing restrictions on other people who aren't using said PCs for anything illegal.
Another point... how does Palladium stop crackers from doing their dirty work? I don't fully understand it, but if they can disable it on their own machine, Palladium has no effect. Likewise if they stick with an "outdated" P4 box...
It *might* prevent them from breaking into a Palladium-enabled box, or from running virus/worm code on it (depending on exactly how strong it is), but I really don't see this helping nearly as much as it is hurting/confusing/frustrating legitimate users (and small-time developers).
A similar situation exists in the shareware world (yes, I'm guilty of writing some
The same can be said about the gaming issue (requiring the CD to be in the drive), or recent "copy-protected" audio CDs. None of these things really stop anyone, they just create complications for legitimate users. "Prove to me you are not a criminal, and I will give you the privilege of purchasing my product". This, of course, only works when you're one of the top players (or a monopoly).
I admit to not knowing a lot about Palladium, but I do know it won't prevent me from running Linux, or any tech-savy person from disabling it on their own PC. It *will* affect me personally if there comes a point where I have to have my shareware code "signed" before (the majority of) my users will run it. I wouldn't doubt if the process involved money changing hands (but I did hear that MS won't be handling the actual signing process)...
Remember what MS's & the gov'ts motives are. The USA wants to protect its citizens, itself, and the elected officials... MS wants to profit; period.
I agree on both motives. However, when you have a) a software giant who wants total control and dominance, lobbying to our b) Not-so-technically-savy government (for the most part), then you have a problem.
Add to that, the fact that everyone with an agenda to push is milking 9/11 for all it's worth, and you get things like the DMCA and the new ones that are being pushed right now (I forget what it was called, they changed the name a couple times).
As an aside, I admin a couple Unix boxes, and I'm a major security freak. Would something like Palladium (were it cross-platform) assist an admin? Possibly. Would I use it? Nope.
I agree that all software is buggy. I've patched my kernels, OpenSSH, Sendmail etc enough times to know this. And this isn't an argument about MS vs Open Source, or anything like that.
What this is about is MS trying to make things like Palladium mandatory, so that they can simply count on the legal system to enforce security, rather than having to go through all the trouble of plugging holes and releasing (timely) patches.
Intel took a lot of flack with something as simple/silly as a CPU serial number. Sure, there were some privacy issues with that, but nothing like what we are potentially facing now. I will really start to worry when they use FUD tactics to make Palladium look like a good thing. The day my dad says something like "I can't wait for Palladium; then I won't have to worry about these viruses" -- that's when I will start to worry.
---
Anyway, I'd really like to know, honestly, how you think Palladium will prevent using a PC to commit a criminal act. Does Palladium have to be present and enabled on the *attacker's* PC, or only the victim's? Or will it just help catch the criminal, and if so, how? I really am curious...
This is off-topic, but I just have to reply to this:
None of this would be necessary if we didn't have social-engineering black-hat hackers who break every attempt at default security just for kicks. Palladium (or something else) is coming, and I blame any bad side effects I suffer on hackers, not MS.
Tell me you are kidding. Please.
Palladium is simply rediculous. There is a much better solution:
1) Write more secure software. Dont' lock my PC up because you can't produce solid, tested code that's not full of holes.
2) Educate users. If you let someone you didn't know work on your car, and they broke something major, who is at fault? Should GM ship cars with the hood welded shut?
3) Profit!
Okay, bad pun, but seriously... Palladium is just a bad, bad idea. What happens when (not if) someone breaks it? Then what?
Oh, right, hide behind more DMCA-like laws. No need to make it unbreakable, when you can just make it illegal to break (think CSS).
Microsoft seems to be acting like the RIAA. The RIAA is IMO an unnecessary middle-man, who's usefullness is proving to be less and less. So they lobby to get laws passed in order to survive. MS can't write secure software, so they want to lock us out of the PC, making it a (worse) crime to exploit it. Telco's are using old technology and want the government to bail them out.
Well guess what? If a company can't survive, or a business model proves to be no longer viable, then you lose. It isn't the government's (and thus the taxpayers') responsibility to keep a dead idea going for the benefit of some corporation.
Ah, but I'm rambling again... *sigh* I just get so frustrated with the way things are going these days (which has gotten much worse since 9/11)... my girlfriend thinks I'm a paranoid conspiracy theorist... I'm simply making observations.
Further, anybody who's smart enough to figure out how to change MAC addresses can also figure out that they can assign their own static IP address from the DHCP pool and the DHCP server will often allocate around it.
Off-topic, but I used to do that when I had a cable modem. One day, however, I typo'd the ifconfig command on FreeBSD, and accidentally took over the router's IP (I mixed up my IP with the gateway IP). My phone promptly rang... they didn't much like that. Seems I took out service for the whole area, and they had to reset the router.
Good thing this was before 9/11 and all the crazy computer crime laws...
I'm glad someone said it. Beyond true professional equipment, you will never hear the difference with any more than 16 bits.
Higher sample rates can have *some* effect, but only if we're talking cheap D/A converters. Oversampling techniques (or more recently, 1-bit D/A converters) fix that, and raising the encoded sample rate does nothing for humans. 44.1 kHz allows up to roughly 20 kHz, which is beyond most human ears (most humans can't hear the loud and annoying 17 kHz horizontal oscillator in a television).
On the other hand:
For people who need to record to separata channels and afterwards mix things, some extra bits might be worthwile, but probably not any more than four extra, ie. 20 bits in total.
I'd say 24 to 32 bits is necessary for recording and mixing. You have to remember, the initial recording is generally done at very low (relative) levels, since you *never* want to clip the original recording. Lower level == less use of the available dynamic range.
When mixing, you enter quantisation noise (not sure if that's the correct term/spelling), which is essentially math errors, the same you'd get when doing many different integer calculations. Similar reason we see 32-bit (and higher!) color in video cards, especially in the processing stages.
Anyway, I think the whole thing's a sham. I consider myself an audiophile to an extent. I can tell a 256k MP3 from the real thing, but I can enjoy even a 128k file.
Better than CD? Not necessary. Even if I could tell the difference, it's not enough to justify the cost/effort. SACD is nothing more than a 1-bit stream (pretty much the same as a normal CD with a 1-bit D/A, possibly with a tiny bit more detail), and DVD-Audio is just overkill. If the RIAA were smart, they'd pick *one* of the two formats and run with it (though I guess players can be easily made compatible with both/all 3)...
I've noticed, BTW, that Clear Channel is really, really pushing SACDs and the Sony players...
If you single click twice slowly, it lets you rename too. I prefer this over waiting for the right click menu to find all the NEW|> options and render.
God I hate that "feature". Especially if your mouse sucks (if you move even one pixel between clicks in a double-click, you're renaming).
I use F2 to rename. I very rarely rename files while inside an "Open" dialog, yet, I'm constantly accidentally slow-double-clicking. Of course you can't turn this feature off (that I am aware of).
Another one I can't stand, in Win2k at least, the "New Folder" icon is right next to the "Up Directory" icon in the Open/Save dialog. How many times I've had to delete "New Folder"...
Not to mention Win2k's Open/Save dialog never remembers your View settings. I love "Details", and I hate the sideways-scrolling variable-width list view. But, since it never remembers I find it useless to bother changing it every time.
But enough about that... to contribute to the topic, I think an Undelete would be good if it worked like the old Norton (IIRC) undelete:
- Deleting a file marks it (on the filesystem) as deleted, just as always
- The filesystem doesn't re-use that space until it has to
- A utility lets you find such "deleted" files, view their original location etc, and "restore" them
With this method, disk space is never really used, in that the more space you have available the more stuff you can "undelete". Perhaps this utility would also let you truly remove files (or even scramble the bits to truly wipe it).
That would be the ultimate, as it would protect joe-average and at the same time work no differently for the rest of us. Unless we needed it.
...why has microsoft not bought or written some buffer overflow detection tools and done a complete sweep of their code base
I don't know if you're a programmer or not, but it's really not just that simple. Many pointers are completely dynamic, depending on many other dynamic things that simply couldn't possibly be found at compile-time.
And many times, you might pass a pointer off to a function (that is in a separate library), which then manipulates the memory pointed to, and passes a pointer off somewhere else, ad infinitum. It's just not always that easy in a reasonably complex peice of software to just find and erradicate buffer overflows.
Even the debug runtimes for MS VC++ aren't perfect; they simply allocate a couple extra bytes on either side of any allocated memory, and if those bytes are touched a breakpoint is called the *next* time you access a memory-related function. Which doesn't always help (especially in a multi-threaded program).
Sorry for the rant, but I've been knee-deep in VC++ all day hunting buffer issues (not security-related but still a pain). It's very easy to over-step what you allocated, especially when you're several functions (and possibly several DLL's) away from where you started...
I don't claim to know much about PPTP but I believe many modems use it simply for encapsulation. PPTP is, literally, "Point to Point Tunnelling Protocol". Any encryption is done elsewhere (a VPN).
It's simply used to tunnel all sorts of network traffic between the ethernet adaptor and the modem. I believe this is why a typical ethernet ADSL modem works fine behind a switch or hub.
I could be completely full of shit, too. I do recall reading about PPTP being used by my Alcatel modem, but it doesn't require any oddball software on my side (just PPPoE and pppd).
Anyway, if this is the case, I don't think DSL users are at risk in this situation. But of course I can't be sure, but it seems like it's a completely unrelated use of the PPTP protocol...
I've worked on projects that had close to 100% piracy rates. That is to say that almost everyone who used it was stealing it. This in no way helped me, in fact it drive the company under.
The difference is in the users. Your product was probably targetted toward the type of user more apt to steal the software. Windows is targetted at a much broader audience, and the majority of people do not pirate windows (if only because they pay for it when purcahsing a PC).
I know your situation is common though with smaller projects. Back in my shareware days, my product (DJ software) had about 100 downloads per day for a solid 3 years; yet, registrations were maybe 2 or 3 per week (add up bandwidth and it was generally a loss). Granted not everyone who downloaded it necessarily used it, but with less than 0.5% registrations, and the easy availability of cracks/serials/keygens for it...
Note that this product also had an unusually high rate of credit card fraud on attempted registrations, which coincides with the high piracy rate.
So Windows has the following advantages over "niche" software:
- Many users pay for it (eg, PC purchase) who may not have otherwise
- It's a much larger piece of software (more difficult to just find floating around the 'net, download and install)
- The more people use it, the more people standardize on it. Generally not true with software for which there exists compatible choices and competition.
And so on. These are luxuries smaller developers don't have.
Unrelated note, the RIAA is an unnecessary middle-man and I hope they go broke and leave, or wisen up to the times, I don't care which. I long for the day a motion picture soundtrack costs less than the motion picture itself (DVD) by at least half.
...and content becomes... obsolete.
...because the news is still the same as when i left.
;)
Had you read the article, you'd know that the author is referring to obsolete *code*, not content.
Back on topic: while I agree that one should never design to one specific browser, I don't agree with most of the author's points. For starters, most webmasters don't care about PDAs and cell phones, as those devices are generally used view more targetted sites. I'd rather have a nicely formatted page that works for most, than a boring, stripped-down lowest-denominator design.
Of course, sites such as Yahoo and Google target a wider range of users and thus have to look good on different platforms. So I disagree with his advice to update Yahoo...
About bad code that works - most people are lazy. If it isn't broken, there's no need to fix it (yet).
Why do today what you can put off for tomorrow (didn't we learn anything from Y2K?
MS quite often breaks their own rules. There are guidelines that a developer must follow in order to get the silly Windows logo on your product, and most of MS's own software break these rules.
They encourage developers to use the common dialog boxes (Open, Save As, etc), yet most of Office 2000 (and probably other versions) do not. It looks to me like they wanted to add some of the stupid features from Win2k to Office 2k, before Win2k shipped (IIRC, the buttons on the left of the dialog for Desktop, Network etc).
As a result, one annoyance I have with Office and Visual Studio is this: I keep my "MenuDelay" to zero, eg, I can't stand the 400 millisecond delay between the time you hover over a popup menu and the time the menu shows. It's a simple registry hack (or use TweakUI) to change this. But Office and Visual Studio apparently use their own menus, and ignore this setting.
There are probably a million other examples (many things in Media Player come to mind).
I agree, sometimes you do need custom widgets for specific tasks, but one should never replace the OS-provided ones if it can be avoided. This is about my only real gripe with Mozilla honestly... I don't care if it looks the same across platforms, and browsers do not need to be skinned IMO... Not to mention this god-awful buggy text box they created (though better than it used to be, it seems like an unnecessary waste of dev time).
I agree fully. I run MPlayer on a 433 Celeron BookPC (128 ram) with TV-Out as my main entertainment system. It has a few minor bugs, but write a good front-end wrapper for it and it's perfect. It plays everything (video) Windows Media Player (WMP) can play, and a few WMP can't.
On my Win2k box, WMP broke itself; it lost the ability to zoom, and most audio playback is distorted (sounds like wrapped samples - a lot more disturbing than clipped samples).
I upgraded to the highest version available at the time, and within 2 weeks it broke again. Not to mention, WMP breaks many of Microsoft's own UI rules, with how buttons are handled and such. Were it someone else's software it wouldn't qualify for the Windows logo.
Needless to say, MPlayer will not likely change its behavior for no good reason like that...
I run Winamp 2.x for MP3/Wave playback only. Winamp3 is just too bloated for my taste; even 2.x includes an MSIE component, which ends up bloating the player. I almost miss the 1.x days of Winamp, when it loaded fast on a 486 DX...
- But then again, the GPL also states that any software so licensed is bound to any future revisions of the GPL.
Have you ever actually read the GPL? First, the GPL itself does not mention anything like this. The typical (and recommended) application of the GPL requests adding this paragraph to your software:- This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This isn't part of the GPL itself, but I assume this is what you were referring to. Note the at your option part. This paragraph does appear in most GPL software I've seen, and I've never yet seen it without the at your option part.I have TimeWarner digital cable, and it's the same problem. I don't know whether they allocate bandwidth based on a channel's popularity, but the big networks (NBC, ABC, etc.) all come across fine...
In most cases (at least with Time Warner cable in Kissimmee, FL), the broadcast channels are not digital; in fact, only channels above 100 are. In other words, ABC/NBC/etc should be analog, and thus would (in the case of digital artifacts) look better than the digital channels.
TW's typical receiver is both a digital and analog receiver in one unit. This might explain why those networks are clearer than the others. It might not if it is handled differently in your area... but it took me a while to realize that not all channels were in fact digital.
In Florida, I had TW digital cable, and didn't have many problems. Occasionally I would see typical MPEG artifacts, but these were pretty rare, and only noticable with certain types of programming (water, or HBO's static/fuzz logo thingy).
I also recall the cable guy explaining that some channels used MPEG, while others used some MPEG-ish format (don't recall it's name, but it had a Q in it...?) that was supposedely better. Namely, it used smaller blocks and less bandwidth, thus it didn't have as many artifacts when you first tuned the channel in.
To be on topic... broadcast TV is best kept analog. Like others have mentioned, digital isn't necessarily better, and in fact analog is much better when you're in poor receiving conditions. Cordless phones can easily demonstrate this. Unless they seriously boost the power/range of the digital TV stations, those not living directly in the cities will not benefit much from digital TV... I'd rather see occasional static than have my program cutting in and out (oh, but with "CD Quality sound!!!")... though it's hard for me to comment with any authority, not having seen a digital broadcast myself...