I saw it last night at midnight and really liked it.
My biggest complaint with the changes from the book was that Faramir was turned into a pretty weak character. I did get a nice chuckle when Sam said something along the lines of, "We're not even supposed to be here," while in Gondor as I was thinking much the same thing.
You'll get some additional stuff in your access log and potentially error log but the telltale sign that (on a patched system) someone is pinging you for the exploit is something like this in your ssl_error_log:
The whole issue is over the "don't copy me" flag(s) that they want to create. Right now there's nothing in the CD that explicitly limits your ability to space shift. Step one is to add some metadata that limits your ability to do something (record, play, whatever). Pretty much an expanded notion of region coding, but more flexible in the sorts of rights that would be permitted/restricted.
Step two is to legislate that every device that anyone would want to use for digital media legally has to respect the flag(s). Nothing wrong with space shifting... as long as the "locked to single player" bit isn't set. Of course all the "new" media that you "buy", download and receive via cable, OTA, DBS (whatever) will all be flagged for whatever "rights" you are "granted" as the licensee. You own nothing.
The theory (as I understand it) is that there are enough "legit words" in the "Sexy email to your gf" (i.e. her/your name/nickname, her/your email addy etc) that they'd cancel out the "bad words"
The big shift in thinking from looking for phrases vs scoring each and every word in an email is that the rest of the email is just as saving/damning as the stuff that filters look for.
Just about the best example of the "source code being useless" point is Mozilla.
Before I get flamed, let's remove the sarcasm from the bullet point (my stab at it, at least):
Source code is not a magic bullet
If enough skilled people have access to the source code and if they spend enough time to understand it, source code can be very useful. Just getting the source "out there" doesn't do anything (for a non-trivial piece of software).
The source code to mozilla was nice. 3+ years of work + the source code >> the source code.
Every company I've worked for have had massive cleanup projects like this. The only way to make them actually work is to freeze all other work by the developers involved, since cleanups (security or otherwise) are pretty much guaranteed to be less interesting than just about anything alse you might be doing.
Considering that Gates has decided to (at least for PR reasons) declare security/robustness to be the priority of the moment (as opposed to previous claims that users bought sw for features not bug fixes) I don't see why they WOULDN'T do something like this...
The only thing that I might question at all is the scope--i.e. is ALL of development doing this or just one or more departments within MS.
Today this may be an inconvenience, but give it a couple of years. Would you consider it an inconvenience if your phone was turned off for suspected wrongdoings? How about your electricity or water? Hmmm... We think you're growing something you shouldn't be in there... better shut off the water until we're sure that you're not...
While Internet access will never be as "critical" a service as heat or water, some of us would suffer very real economic damages if our net access was interrupted, and this is only going to get more and more common.
The satellite cos are regulated in a variety of ways as to what they're ALLOWED to show you. Between sports blackouts and issues regarding "local" networks it's not *just* about the money.
I have a ReplayTV box and thanks to the 30 second skip button, I rarely watch any commercials on the TV that it's connected to. I do find that occasionally I skip **BACK** to a commercial if it (from what little I see while skipping) looked really interesting.
I think that if/when PVRs go mainstream you'll see commercials specifically targeted to catch your eye at 20x.
The big question is does the IP holder have the right to limit access to their IP? A friend of mine is on a quest to see every episode of "Daria". MTV isn't showing the episodes, so P2P is the only game in town.
Should an IP rights holder be allowed to limit access to media (admittedly the NYT archives is a bit more significant from a historical perspective)? Certainly the case could be (has been) made that limiting access to media could drive up demand for "sanctioned" releases. Someone might potentially have less interest in buying a Daria DVD set (if one were to be released) having seen all the episodes.
Of course what if the aforementioned DVD set is never released? Does the public have a right to that media?
I've been thinking a lot lately about the word "pirate" w.r.t. its commonplace meaning "make a copy without paying for it"...
It seems that what the record companies are doing is a whole lot closer to the spirit of "pirating" (practicing robbery on the high seas, using force or the threat of force)
Nuke the planet from orbit--only way to be sure
on
Themes.org Cracked
·
· Score: 3
If the "rant" is to be believed, SourceForge missed a trojan when they recovered their server... I was thinking when reading the original story that I wouldn't feel comfortable just going through the logs and trusting that I caught everything... I guess re-installing from source media *IS* the only way to go...
The big remaining questions are how many sysadmins at sites "trusted" by a compromised
box should be looking for rootkits and dusting
off backup CDs... and how many man-hours will it take to audit the hosted code to regain confidence that there ISN'T a backdoor somewhere...
"Clearly, there is nothing to stop every software company in the world from writing its own Open Source license."
Just like there is nothing to stop every software company in the world from writing its own CLOSED SOURCE license--for that matter for writing different licenses PER SALE.
The company I work for had to run a license/contract through our legal department a couple of times recently to figure just WHAT we had bought the rights to use/distribute for a certain closed source library. The funny thing was that the company that we bought it from was unclear as well, as it seems that we had negotiated (way back when) very different terms than anything that they typically do for other customers.
Bottom line is that building systems on top of other systems can get complicated for both technical and business reasons.
No, what I said was that I couldn't read my *work* email from a shell (since the work mailserver is running Netscape's mail server, and I access it via IMAP)
My home mail is stored in MH folders, and I have no problems using MH commands, and in fact agree with just about all of the mh-kudos you mention.
Slashdot Mirror
My biggest complaint with the changes from the book was that Faramir was turned into a pretty weak character. I did get a nice chuckle when Sam said something along the lines of, "We're not even supposed to be here," while in Gondor as I was thinking much the same thing.
You'll get some additional stuff in your access log and potentially error log but the telltale sign that (on a patched system) someone is pinging you for the exploit is something like this in your ssl_error_log:
[Sun Sep 22 12:45:51 2002] [error] mod_ssl: SSL handshake failed (server YOURSERVER:443, client aaa.bbb.ccc.ddd) (OpenSSL library error follows)
[Sun Sep 22 12:45:51 2002] [error] OpenSSL: error:1406B458:SSL routines:GET_CLIENT_MASTER_KEY:key arg too long
The whole issue is over the "don't copy me" flag(s) that they want to create. Right now there's nothing in the CD that explicitly limits your ability to space shift. Step one is to add some metadata that limits your ability to do something (record, play, whatever). Pretty much an expanded notion of region coding, but more flexible in the sorts of rights that would be permitted/restricted.
Step two is to legislate that every device that anyone would want to use for digital media legally has to respect the flag(s). Nothing wrong with space shifting... as long as the "locked to single player" bit isn't set. Of course all the "new" media that you "buy", download and receive via cable, OTA, DBS (whatever) will all be flagged for whatever "rights" you are "granted" as the licensee. You own nothing.
Fair Use-->Pay-per-view. Sigh.
The theory (as I understand it) is that there are enough "legit words" in the "Sexy email to your gf" (i.e. her/your name/nickname, her/your email addy etc) that they'd cancel out the "bad words"
The big shift in thinking from looking for phrases vs scoring each and every word in an email is that the rest of the email is just as saving/damning as the stuff that filters look for.
You could also hit:
i ll a1.0/MD5SUMS
:)
http://ftp.mozilla.org/pub/mozilla/releases/moz
which is a small enough page that it can probably survive the slashdotting.
The posted MD5 does check out BTW
the cars cost $270,000 and $15/mile to operate
I thought it was just the one guy on a cell phone and a friend on the other end saying "Yup. Still hear ya'" Man, how I do get that gig?
Of course if you're willing to hook an RF modulator to your head, you'll be fine.
Before I get flamed, let's remove the sarcasm from the bullet point (my stab at it, at least):
If enough skilled people have access to the source code and if they spend enough time to understand it, source code can be very useful. Just getting the source "out there" doesn't do anything (for a non-trivial piece of software).
The source code to mozilla was nice. 3+ years of work + the source code >> the source code.
Considering that Gates has decided to (at least for PR reasons) declare security/robustness to be the priority of the moment (as opposed to previous claims that users bought sw for features not bug fixes) I don't see why they WOULDN'T do something like this...
The only thing that I might question at all is the scope--i.e. is ALL of development doing this or just one or more departments within MS.
While Internet access will never be as "critical" a service as heat or water, some of us would suffer very real economic damages if our net access was interrupted, and this is only going to get more and more common.
I really do like their storage system though :)
The satellite cos are regulated in a variety of ways as to what they're ALLOWED to show you. Between sports blackouts and issues regarding "local" networks it's not *just* about the money.
Of course it really *is* about the money :)
I think that if/when PVRs go mainstream you'll see commercials specifically targeted to catch your eye at 20x.
Should an IP rights holder be allowed to limit access to media (admittedly the NYT archives is a bit more significant from a historical perspective)? Certainly the case could be (has been) made that limiting access to media could drive up demand for "sanctioned" releases. Someone might potentially have less interest in buying a Daria DVD set (if one were to be released) having seen all the episodes.
Of course what if the aforementioned DVD set is never released? Does the public have a right to that media?
I've been thinking a lot lately about the word "pirate" w.r.t. its commonplace meaning "make a copy without paying for it"... It seems that what the record companies are doing is a whole lot closer to the spirit of "pirating" (practicing robbery on the high seas, using force or the threat of force)
The big remaining questions are how many sysadmins at sites "trusted" by a compromised box should be looking for rootkits and dusting off backup CDs... and how many man-hours will it take to audit the hosted code to regain confidence that there ISN'T a backdoor somewhere...
--Ken
Just like there is nothing to stop every software company in the world from writing its own CLOSED SOURCE license--for that matter for writing different licenses PER SALE.
The company I work for had to run a license/contract through our legal department a couple of times recently to figure just WHAT we had bought the rights to use/distribute for a certain closed source library. The funny thing was that the company that we bought it from was unclear as well, as it seems that we had negotiated (way back when) very different terms than anything that they typically do for other customers.
Bottom line is that building systems on top of other systems can get complicated for both technical and business reasons.
--Ken
"You create your own web site with a form in it and have your customers submit that form directly to our SSL server! We handle everything"
This paradigm is intended to decouple payment processing from the rest of the website. There really isn't any incentive to "muck with the details".
Except, of course if you want to avoid this bug...
Now if the authors of Pig Latin had simply had the good sense to GPL it, private interests like AIMster wouldn't have been able to hijack it.
No, what I said was that I couldn't read my *work* email from a shell (since the work mailserver is running Netscape's mail server, and I access it via IMAP) My home mail is stored in MH folders, and I have no problems using MH commands, and in fact agree with just about all of the mh-kudos you mention.
I ran into the "sync" mail issue a while back and came up with the following criteria:
1) I want to be able to read mail both from a GUI-based mail prog (Outlook, Eudora, Netscape, whatever) **AND** from a shell
2) I want to be able to access live and "older" mail anytime from (at least) home and work, preferably both my home and work email accounts.
3) I do not want to send any cleartext passwords
What I came up with is the following:
At home I run the UW-IMAP server, and store my incoming mail in MH folders. Stunnel does a fine job of adding SSL support to IMAP.
At work we run Netscape's Mail server which actively supports SIMAP.
Either at home or at work, both servers (and all the mail in all the folders) are available.
Just about the only thing missing is the ability to read my work mail from a shell, but that's where most of the big ugly attachments are, anyway...