Ok, I thought about it a bit and I think I can post some of the source without violating my NDA. Here are two methods from code that I know is stolen. It is only doing Base 64 encoding and decoding so it is not giving away any company secrets. I removed all comments and package names so it is just the bare code. If anyone can locate the origins please reply to this post. Remember this particular code is dated about two years old. Thanks to all of those who put effort into giving ideas and opinions. I still haven't been able to locate the origins of this code, so if nothing more comes out of this last post then I suppose I will just accept the fact that sometimes sleazy people get away with thievery and walk away without a care. Thanks again.
public class Base64 { public static String encode(String data) { int c; StringBuffer ret = new StringBuffer(); try { byte[] arr = data.getBytes("iso-8859-1"); int len = arr.length; for (int i = 0; i < len; ++i) { c = (arr[i] >> 2) & 0x3f; ret.append(cvt.charAt(c)); c = (arr[i] << 4) & 0x3f; if (++i < len) c |= (arr[i] >> 4) & 0x3f; ret.append(cvt.charAt(c)); if (i < len) { c = (arr[i] << 2) & 0x3f; if (++i < len) c |= (arr[i] >> 6) & 0x3f; ret.append(cvt.charAt(c)); } else { ++i; ret.append((char) fillchar); } if (i < len) { c = arr[i] & 0x3f; ret.append(cvt.charAt(c)); } else { ret.append((char) fillchar); } } } catch (Exception e) {} return(ret.toString()); } public static String decode(String data) { int c; int c1; StringBuffer ret = new StringBuffer(); byte[] arr = data.getBytes(); int len = arr.length; for (int i = 0; i < len; ++i) { c = cvt.indexOf(arr[i]); ++i; c1 = cvt.indexOf(arr[i]); c = ((c << 2) | ((c1 >> 4) & 0x3)); ret.append((char) c); if (++i < len) { c = arr[i]; if (fillchar == c) break; c = cvt.indexOf((char) c); c1 = ((c1 << 4) & 0xf0) | ((c >> 2) & 0xf); ret.append((char) c1); } if (++i < len) { c1 = arr[i]; if (fillchar == c1) break; c1 = cvt.indexOf((char) c1); c = ((c << 6) & 0xc0) | c1; ret.append((char) c); } } return(ret.toString()); } private static final int fillchar = '='; private static final String cvt = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz" + "0123456789+/"; }
I call getting the pants sued off you something "deemed important by management".
You are missing the whole point of this article. Management doesn't consider this code stolen unless we can prove where it came from. Once we can point to the origins of this "questionable" code then we can remove it from this release. Otherwise it has to wait until the next release (in which case it is too late).
Several of you fucked up - this code got into the project without being checked where and who wrote it. Now rewrite and reintegrate and retest, and remember this lesson.
Again, this is another point of me posting the original article. I want to be able to prove this code is stolen so that we don't hire this guy again as a contractor, and maybe management won't be so blindly trusting to contractors in the future (LOL).
There is more than just that one file. There are about twelve classes that were "borrowed". Besides, like I said in a different post, the project is at the stage where only "show-stopping" bugs and things with management approval get in. At this point my main objectives are to 1) be able to prove this guy stole code so I can convince management to let me replace it, and 2) make sure he is never able to do contract work with our company again.
Believe me, this whole thing is/has taken way to much of my time. I'm just trying to stay focused on doing the ethical thing.
Several of us spoke with him before he left and got nowhere. He admitted that he didn't write the code and that he "borrowed it from the Internet". That is all he would tell us. He refused to tell us where he "borrowed" it from. He since left the company, so we can't threaten him with disciplinary actions. The main point of going through this search is 1) for ethical reasons and 2) to make sure that we never hire this guy back as a contractor again.
The code that he forgot to remove the original comments from was doing base64 encoding/decoding. It was Java code (a class named Base64) with only the following two methods:
public static String encode(String data)
public static String decode(String data)
Most implementations of base64 that I have seen use byte arrays instead of Strings. I have tried searching Google using the filename "Base64.java" and the various method signatures, but no luck. The original stolen code is dated (in the comments he forgot to remove) from about two years ago. This is probably why I can't find it on Google or SourceForge.
I realize that this isn't much to go on, but like you stated, I don't want to violate the NDA and lose my job.
We know the code was stolen because he admitted that he didn't write it and "borrowed it from the Internet". He consistently refused to tell us where "from the Internet" that he got it. The whole thing seems way too suspicious for it to be legal.
We have tried Google, but the code that is in question had a time stamp (in the one section of comments this guy didn't remember to remove) of about two years ago. I think it was November 2000, I'll have to look at the code when I get back in the office on Monday. I was searching on file name and method signatures, I'll try searching again on "non-standard" looking lines of code. Great idea. Thanks.
Yes the code could be rewritten, but the project is at the stage where it takes a show-stopping** bug or management approval to modify any code. The next version of this product will NOT have the questionable code in it, but there will still be customers running this version (with the stolen code) for about a year or so.
** And by show-stopping bug, I mean broken core functionality or something deemed important by management.
Would you prefer they stream in Windows Media only? At least they use a format that can be played on Linux without a headache. And actually, some of their content (sister stations) are done in shoutcast and others.
We should all have the same skepticism about blindly installing free clients (non-opensource) that we all have about blindly running exes that we get in email. There are plenty of forums to find out what exactly gets installed. May the installer beware.
Remember the original article was about avoiding big media and their tricks, not finding an entertainment utopia.
Besides the obvious places to get free music, NPR and PBS are both good ways to avoid the big entertainment industries. As a matter of fact NPR even streams all of their programming (current and past) for free. If you want music they even have that too, especially jazz.
What on Earth do they mean convenience? How hard is it to pay three separate bills each month? With online bill pay I spend about ten minutes paying my bills each month. Not a problem.
Also, view on demand is nice, but I ALREADY have a form of this with my Tivo? And I don't have to pay each time I watch something! This is just another example of big media trying to get people used to the pay per use idea so they can increase their revenues.
And where do they get a price of $230? Talk about corporate greed! Here is my monthly bill for the same services...
$38 Phone
$49 DSL
$60 Direct TV with Tivo service
===
$147 Total
So I guess the extra $83 dollars per month is for the high quality AOL service ROFL!
Actually all you have to do is set the "run activex controls" setting to prompt or disable. It is interesting to note that if you try this with the demos from United Virtualities then the ad will not appear, but then neither does the original page you wanted to view. If you try this with the live boston.com site then you get the content and no annoying ads.
I wonder if the marketing and sales of United Virtualities intentionaly did this with the demos to "prove" that their technique is "flawless".
Does anyone else remember this article? With the current price of HDs (Fry's has 100Gig for $199 this week), I bet a similar box can be built for a fraction of the price. Of course there is the software side of it, but that is what us geeks do best. The thing is based on Linux after all. Just my thought.
The approach the IEEE is taking will only solve half the problem. What good is a team of "certified" engineers if the management is still PHBs? Where I work the management gets to make all of the *final* decisions about design, implementation, and deployment. I can count way too many times where buggy code has been released to the customer just because the management didn't want to take the schedule impact to fix things. And then of course there are the *closed* management only meetings where they decide on things like system architecture. Well before I start ranting let me get back to my point: What good is a team of "certified" software engineers when the management who control things are not required to be certified themselves? Perhaps have some form of technical management certification (and I don't mean TQM).
Best Buy had them for $139 a few months ago. I bought three of them (one for the livingroom, bedroom, and my geekroom). I have no regrets. If you can find them for under $200 then I would highly recommend getting two.
And as far as there being an XML/RPC interface, with one of the later beta firmware upgrades there is an http interface that returns plain text for easy parsing so you could build your own interface if you wanted. (I forgot where the link to that was, but I think it was somewhere on this site)
It may be the truth, but all I was stating is that we need to sound a little less harsh. I agree totally with you, I will never vote for anyone who supports this kind of legislation. Your letter sounded good until the last sentence... I could practically hear your backhand going up side this guys head;-)
I guess the point I was trying to make is that we need to sound as professional as possible. Corporate America (RIAA, MPAA, etc) is trying to paint this picture of us who oppose this type of legislation as "unruly lawbreaking anarchists".
I do applaud you for sending a letter. If every/. user was as active as you then the DCMA probably would never have passed.
Not to sound like a troll, but can you back up your answers with more than just a "yes"? Give me some examples of Lisp Application Servers. Is this one a good example or are there better? Yes, I could spend the next half hour looking through Google, but I would rather hear the word from the mouth of someone who knows what they are talking about.
Your letter is a bit draconian, but writing your government official is a very good idea. Check out this EFF page to find out who to write to. We can't just sit buy and let another DCMA type nightmare pass. Be VOCAL!
Actually you are right. Off topic but right. As more proof that STUPID laws stick around, even though every reasonable person laughs at them, can be seen by the fact that there are dry cities (as in you can NOT buy alcohol) in TX. Before I moved to TX I lived in NY and never thought that there were parts of the US that were that backward, but there are.
Arcades are far from being dead. Maybe in small town malls they are fading away, but just look at places like GameWorks. Here in Dallas the one we have is always packed. For those of you who have never seen one, just imagine an old-two-story-warehouse-looking-building with tons of games and VR rides. Way cool, and far from dead.
Anyway, it is really sad to see another company who helped to define a market now abandon it.
Why should they have to attach a prefix (TBS) to their user name? That looks unprofessional and seems like a hack. Why not do what most other companies do in this same situation... make everyones email at TBS something like "first.last@tbs.aol.com". Oh wait, the people who use aol (of their own free will) are too stupid and would get confused by an email with more than one dot in it;-)
However, like was said eariler, I would really fight to NOT have my real name as part of an aol adress.
I think the box looks really cool, but I have a hard time believing them when they say xbox competitor. My thought on this is that if Sega couldn't compete against Sony, Nintendo, etc then what makes Nokia think they can. It still looks like something I would either build myself or buy. I just hope that Nokia's box doesn't suffer the same fate as the Indrema
For those of you who don't want to follow the link to the tech specs:
Technical Specifications
Software
Linux Operating System
Mozilla open source browser
DVB System running on separate RTOS
Nokia Navi (TM)bars Lite (user Interface)
HTML 4.0, CSS1, HTTP1.1 and JavaScript 1.5 compliant
Netscape compatible plug-ins
Support for GIF, JPEG, PNG, MIDI, Macromedia Flash and PDF
E-mail client: SMTP, POP3, IMAP4, NNTP protocols.
Chat support
IP over MPEG (DVB standard)
IP Multicast and Unicast
SSL and TLS security protocols
2D and 3D residential and network games
IR and USB game pads support
Upgradeable software
Conditional Access
DVB, ATVEF and MHP Compliant
Parental Control
Support for USB-devices, e.g.printers
Support for 1394-devices, e.g.Digital Video cameras
Hardware
Intel Celeron ® 366 Mhz CPU or faster
20 GB Hard Disk or more
Full MPEG2/DVB compatible engine
Integrated V.90 POTS modem
Nokia designed RC
Memory
32-64 MB system memory (SDRAM)
4 MB SDRAM for video and system memory (DVB subsystem)
1+1 MB Flash memory for boot loader and DVB system
Graphics and Video Processing
Accelerated 3D graphics
Graphics and video stream mixing
Per Pixel Alpha Blending
Special Effects
Programmable 2D scaling (1:64 arbitrary)
Advanced flicker filtering
Macrovision 7 compliant
PAL and NTSC
Network Interfaces
2x (QPSK/QAM/OFDM) DVB front-end tuner
Digital satellite, cable and terrestrial transmissions
ISDN, ADSL, Ethernet and Cable modem
Audio / Video Ouput Interfaces
Multi-standard connectors supporting composite video
S-video or RGB
SCART signals for TV set and VCR
2x RCA connectors (analogue audio L/R)
1x S/PDIF coaxial digital audio output
External Interfaces
2x ISO 7816-3 smart card readers
(for conditional access and e-commerce)
1x PCMCIA connector (WLAN, GPRS)
2x USB connectors
2x IEEE 1394 connectors
1x RJ11 telephone connector
1x IR receiver (supporting RC-MM protocol)
1x RJ45 Ethernet interface (10/100 Baset)
1x Common interface port
Content Protection
Secure mechanism, using triple DES encryption/decryption
I came across this article a while back and for some reason mentally filed it away. Read through it, it appears to answer all of your questions. Its by Kenn Hoekstra at RavenSoft.
If all of the hardware that you listed is included then that is a good deal. But considering the price a PS2 goes for ($300 USD), I some how doubt that Sony is going to give you all of that for only $200 USD just because it has Linux on it.
Slashdot Mirror
Ok, I thought about it a bit and I think I can post some of the source without violating my NDA. Here are two methods from code that I know is stolen. It is only doing Base 64 encoding and decoding so it is not giving away any company secrets. I removed all comments and package names so it is just the bare code. If anyone can locate the origins please reply to this post. Remember this particular code is dated about two years old. Thanks to all of those who put effort into giving ideas and opinions. I still haven't been able to locate the origins of this code, so if nothing more comes out of this last post then I suppose I will just accept the fact that sometimes sleazy people get away with thievery and walk away without a care. Thanks again.
public class Base64 {
public static String encode(String data) {
int c;
StringBuffer ret = new StringBuffer();
try {
byte[] arr = data.getBytes("iso-8859-1");
int len = arr.length;
for (int i = 0; i < len; ++i) {
c = (arr[i] >> 2) & 0x3f;
ret.append(cvt.charAt(c));
c = (arr[i] << 4) & 0x3f;
if (++i < len)
c |= (arr[i] >> 4) & 0x3f;
ret.append(cvt.charAt(c));
if (i < len) {
c = (arr[i] << 2) & 0x3f;
if (++i < len)
c |= (arr[i] >> 6) & 0x3f;
ret.append(cvt.charAt(c));
} else {
++i;
ret.append((char) fillchar);
}
if (i < len) {
c = arr[i] & 0x3f;
ret.append(cvt.charAt(c));
} else {
ret.append((char) fillchar);
}
}
} catch (Exception e) {}
return(ret.toString());
}
public static String decode(String data) {
int c;
int c1;
StringBuffer ret = new StringBuffer();
byte[] arr = data.getBytes();
int len = arr.length;
for (int i = 0; i < len; ++i) {
c = cvt.indexOf(arr[i]);
++i;
c1 = cvt.indexOf(arr[i]);
c = ((c << 2) | ((c1 >> 4) & 0x3));
ret.append((char) c);
if (++i < len) {
c = arr[i];
if (fillchar == c)
break;
c = cvt.indexOf((char) c);
c1 = ((c1 << 4) & 0xf0) | ((c >> 2) & 0xf);
ret.append((char) c1);
}
if (++i < len) {
c1 = arr[i];
if (fillchar == c1)
break;
c1 = cvt.indexOf((char) c1);
c = ((c << 6) & 0xc0) | c1;
ret.append((char) c);
}
}
return(ret.toString());
}
private static final int fillchar = '=';
private static final String cvt = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "abcdefghijklmnopqrstuvwxyz"
+ "0123456789+/";
}
I call getting the pants sued off you something "deemed important by management".
You are missing the whole point of this article. Management doesn't consider this code stolen unless we can prove where it came from. Once we can point to the origins of this "questionable" code then we can remove it from this release. Otherwise it has to wait until the next release (in which case it is too late).
Several of you fucked up - this code got into the project without being checked where and who wrote it. Now rewrite and reintegrate and retest, and remember this lesson.
Again, this is another point of me posting the original article. I want to be able to prove this code is stolen so that we don't hire this guy again as a contractor, and maybe management won't be so blindly trusting to contractors in the future (LOL).
There is more than just that one file. There are about twelve classes that were "borrowed". Besides, like I said in a different post, the project is at the stage where only "show-stopping" bugs and things with management approval get in. At this point my main objectives are to 1) be able to prove this guy stole code so I can convince management to let me replace it, and 2) make sure he is never able to do contract work with our company again.
Believe me, this whole thing is/has taken way to much of my time. I'm just trying to stay focused on doing the ethical thing.
Several of us spoke with him before he left and got nowhere. He admitted that he didn't write the code and that he "borrowed it from the Internet". That is all he would tell us. He refused to tell us where he "borrowed" it from. He since left the company, so we can't threaten him with disciplinary actions. The main point of going through this search is 1) for ethical reasons and 2) to make sure that we never hire this guy back as a contractor again.
The code that he forgot to remove the original comments from was doing base64 encoding/decoding. It was Java code (a class named Base64) with only the following two methods:
public static String encode(String data)
public static String decode(String data)
Most implementations of base64 that I have seen use byte arrays instead of Strings. I have tried searching Google using the filename "Base64.java" and the various method signatures, but no luck. The original stolen code is dated (in the comments he forgot to remove) from about two years ago. This is probably why I can't find it on Google or SourceForge.
I realize that this isn't much to go on, but like you stated, I don't want to violate the NDA and lose my job.
We know the code was stolen because he admitted that he didn't write it and "borrowed it from the Internet". He consistently refused to tell us where "from the Internet" that he got it. The whole thing seems way too suspicious for it to be legal.
We have tried Google, but the code that is in question had a time stamp (in the one section of comments this guy didn't remember to remove) of about two years ago. I think it was November 2000, I'll have to look at the code when I get back in the office on Monday. I was searching on file name and method signatures, I'll try searching again on "non-standard" looking lines of code. Great idea. Thanks.
Yes the code could be rewritten, but the project is at the stage where it takes a show-stopping** bug or management approval to modify any code. The next version of this product will NOT have the questionable code in it, but there will still be customers running this version (with the stolen code) for about a year or so.
** And by show-stopping bug, I mean broken core functionality or something deemed important by management.
Would you prefer they stream in Windows Media only? At least they use a format that can be played on Linux without a headache. And actually, some of their content (sister stations) are done in shoutcast and others.
Besides spyware is just part of the game these days. As if Real is the only client that installs spyware.
We should all have the same skepticism about blindly installing free clients (non-opensource) that we all have about blindly running exes that we get in email. There are plenty of forums to find out what exactly gets installed. May the installer beware.
Remember the original article was about avoiding big media and their tricks, not finding an entertainment utopia.
Besides the obvious places to get free music, NPR and PBS are both good ways to avoid the big entertainment industries. As a matter of fact NPR even streams all of their programming (current and past) for free. If you want music they even have that too, especially jazz.
What on Earth do they mean convenience? How hard is it to pay three separate bills each month? With online bill pay I spend about ten minutes paying my bills each month. Not a problem.
...
Also, view on demand is nice, but I ALREADY have a form of this with my Tivo? And I don't have to pay each time I watch something! This is just another example of big media trying to get people used to the pay per use idea so they can increase their revenues.
And where do they get a price of $230? Talk about corporate greed! Here is my monthly bill for the same services
$38 Phone
$49 DSL
$60 Direct TV with Tivo service
===
$147 Total
So I guess the extra $83 dollars per month is for the high quality AOL service ROFL!
Actually all you have to do is set the "run activex controls" setting to prompt or disable. It is interesting to note that if you try this with the demos from United Virtualities then the ad will not appear, but then neither does the original page you wanted to view. If you try this with the live boston.com site then you get the content and no annoying ads.
I wonder if the marketing and sales of United Virtualities intentionaly did this with the demos to "prove" that their technique is "flawless".
Does anyone else remember this article? With the current price of HDs (Fry's has 100Gig for $199 this week), I bet a similar box can be built for a fraction of the price. Of course there is the software side of it, but that is what us geeks do best. The thing is based on Linux after all. Just my thought.
The approach the IEEE is taking will only solve half the problem. What good is a team of "certified" engineers if the management is still PHBs? Where I work the management gets to make all of the *final* decisions about design, implementation, and deployment. I can count way too many times where buggy code has been released to the customer just because the management didn't want to take the schedule impact to fix things. And then of course there are the *closed* management only meetings where they decide on things like system architecture. Well before I start ranting let me get back to my point: What good is a team of "certified" software engineers when the management who control things are not required to be certified themselves? Perhaps have some form of technical management certification (and I don't mean TQM).
Best Buy had them for $139 a few months ago. I bought three of them (one for the livingroom, bedroom, and my geekroom). I have no regrets. If you can find them for under $200 then I would highly recommend getting two.
I'm surprised that you didn't mention the fact that they do streaming net radio. The firmware that comes with the box is weak, but if you upgrade to the latest you get a bunch of cool functionality.
And as far as there being an XML/RPC interface, with one of the later beta firmware upgrades there is an http interface that returns plain text for easy parsing so you could build your own interface if you wanted. (I forgot where the link to that was, but I think it was somewhere on this site)
It may be the truth, but all I was stating is that we need to sound a little less harsh. I agree totally with you, I will never vote for anyone who supports this kind of legislation. Your letter sounded good until the last sentence ... I could practically hear your backhand going up side this guys head ;-)
/. user was as active as you then the DCMA probably would never have passed.
I guess the point I was trying to make is that we need to sound as professional as possible. Corporate America (RIAA, MPAA, etc) is trying to paint this picture of us who oppose this type of legislation as "unruly lawbreaking anarchists".
I do applaud you for sending a letter. If every
Not to sound like a troll, but can you back up your answers with more than just a "yes"? Give me some examples of Lisp Application Servers. Is this one a good example or are there better? Yes, I could spend the next half hour looking through Google, but I would rather hear the word from the mouth of someone who knows what they are talking about.
Your letter is a bit draconian, but writing your government official is a very good idea. Check out this EFF page to find out who to write to. We can't just sit buy and let another DCMA type nightmare pass. Be VOCAL!
Actually you are right. Off topic but right. As more proof that STUPID laws stick around, even though every reasonable person laughs at them, can be seen by the fact that there are dry cities (as in you can NOT buy alcohol) in TX. Before I moved to TX I lived in NY and never thought that there were parts of the US that were that backward, but there are.
Anyway, this should be paid attention to. I was one of many people who looked at the DCMA and laughed. I learned my lesson, I will be writing the proper government officials about this.
Off topic again, but if you want a good laugh at some of the stupid laws that have been passed then check out Dumb Laws.
"Another nail in the coffin of the arcade."
;-)
Arcades are far from being dead. Maybe in small town malls they are fading away, but just look at places like GameWorks. Here in Dallas the one we have is always packed. For those of you who have never seen one, just imagine an old-two-story-warehouse-looking-building with tons of games and VR rides. Way cool, and far from dead.
Anyway, it is really sad to see another company who helped to define a market now abandon it.
What is this a sign of? First Sega drops out of the console market. Then the S word is spoken 162 times on television. Now Midway is droping out of the coin op business. What is this world comming to
bad humor is still humor.
Why should they have to attach a prefix (TBS) to their user name? That looks unprofessional and seems like a hack. Why not do what most other companies do in this same situation ... make everyones email at TBS something like "first.last@tbs.aol.com". Oh wait, the people who use aol (of their own free will) are too stupid and would get confused by an email with more than one dot in it ;-)
However, like was said eariler, I would really fight to NOT have my real name as part of an aol adress.
I think the box looks really cool, but I have a hard time believing them when they say xbox competitor. My thought on this is that if Sega couldn't compete against Sony, Nintendo, etc then what makes Nokia think they can. It still looks like something I would either build myself or buy. I just hope that Nokia's box doesn't suffer the same fate as the Indrema
For those of you who don't want to follow the link to the tech specs:
Technical Specifications
Software
Hardware
Memory
Graphics and Video Processing
Network Interfaces
Audio / Video Ouput Interfaces
External Interfaces
Content Protection
Digital Video Recording (DVR)
Power Supply
Dimensions
Environmental Conditions
Getting A Job In The Game Development Industry
http://www2.ravensoft.com/getajob.htm
Here is the index of the article:
This story is just too unreal. There's greed, corporate greed, and then this.
<humor>
What's next, the RIAA charging us royalties when we sing in the shower???
</humor>
If all of the hardware that you listed is included then that is a good deal. But considering the price a PS2 goes for ($300 USD), I some how doubt that Sony is going to give you all of that for only $200 USD just because it has Linux on it.
I would love to be wrong.