Sun is releasing the Java libraries under the GPLv2. The article never really explicitly makes that clear, but given that they're talking about the Java2D library it should be deadly obvious that they're releasing the entire J2SE library under the GPLv2.
And? Whoopdie-fracking do. Let me see if I can translate this into idiot for you:
Step 2: Download the skeleton classes and use to create a program.
Step 3: Ponder the legal implications of never having agreed to the GPL, or in fact, having any GPLed code in your possession.
Just because Sun releases a version of the platform under the GPL does not automatically make the entire platform GPL. And in any case, the FSF interpretation of Java code has always been suspect anyway. Their interpretation of Java linking is flawed, and of dubious enforceability.
However, this has always been more of an argument for the LGPL. If you develop with a GPLed version of a JDK, one could make a weak legal argue that you're extending the GPLed code in specific, and not the specification of the code. It would probably fail to hold up in court, but the possibility is there. Which is why the Classpath project issues this clarification of the license. It basically extends the OS exception to say that the Java classes are covered under similar terms. Not that it's legally necessary, as releasing the Classpath project cannot automatically make Java code fall under the GPL. But clarifies the position of using the Classpath library for development purposes. (Something which they couldn't enforce anyway.)
As I wrote in my previous comment, these networks contain several servers. Most of these servers are public and are intended to be accessible by almost anybody, so darknets are not really appropriate in this case.
I think you misunderstand my point. I'm not saying that your entire network would be dark, just the part that's not public. i.e. If you have 500 desktop machines that are routable to the internet, the firewall will make those machines "dark" by denying incoming requests to that portion of the network. However, server traffic would still be allowed according to the firewall rules.
The kind of scenario that I am trying to prevent or make more difficult by using NAT is the following: some of these servers have "interesting" contents on them and could be juicy targets for some attackers (no, I'm not talking about pr0n here but about some company internal information). These servers are usually well protected and have only one or just a couple of services exposed to the outside world (e.g., HTTP). But other servers may not be so well protected because they run experimental code for public testing or demonstrations, or simply because they run a larger number of services that may be vulnerable to zero-day exploits. If one of these "weaker" servers is compromised, I do not want it to be used as an intermediate step to launch an attack on other servers on the same network (behind the firewall).
I don't see how NAT helps this? If you've got the weaker services exposed, you've got them exposed. Period, end of story. However, if your firewall rules deny routing except to the secure services, you're as safe as you are with NAT.
Just because you have a DMZ doesn't mean that you have to turn off your firewall security. (Unless you have a really sucky firewall, that is.) You can still control the traffic going in and out of your network. For example, I might place server A into the DMZ. By default, all the ports of the machine are now open. However, that's a pretty dumb thing to do, so I immediately allow ONLY ports 80 and 443. The machine is now secure against external attacks from outside the network.
Now let's say that I add development server B to the same network and DMZ. (Why I would do that, I have no idea. But that's your scenario, not mine.) Since it's just for internal development, I will only allow incoming connections from the darknet portion of the network to machine. All external routing is disabled for that machine. Whammo, one properly firewalled network.
You don't know WTF you're talking about. If I go download the specification for Java from Sun, then code to that specification, have I agreed to the GPL? No. Therefore it is not binding, and the work is a completely separate work.
Actually, that's the wrong page. For some crazy reason that's incomprehensible to the average human being, Sun moved the code to a different page. See here:
You'll note that those downloads include all the core libraries that Sun promised to release. Why don't they redirect users looking at http://openjdk.dev.java.net/ to that page? I have no idea, but there you go.
* Is there a list of the methods that need to be reimplemented?
I imagine that the Graphics2D class as well as the VolatileImage class need to be implemented. The BufferedImage implementation may need to be modified to obtain the "Automatic Image" behavior seen in the Sun JVM. Depending on how much Sun has withheld, you may need to implement the GraphicsEnvironment code as well. I recommend asking on the mailing list for specifics.
* Have I been tainted -- I've seen java code before, If I reimplement something and it might look like the previous code, how do I guard against this?
The "tainting" problem was always an OSS community invention based on Sun's license wording. As long as the code you've seen is in the OpenJDK, it's quite impossible for you to be "tainted" as Sun has given it to you under the terms of the GPL. Of course, you should always consult a lawyer for the latest in paranoid-protective behavior, but I sincerely doubt that Sun would try and sue you over something they just gave you.
* Can we make java better?
You can do whatever the GPL license allows you to do. However, I imagine that OpenJDK won't accept anything more than implementation enhancements. New APIs need to go through the JCP for standardization before they can be accepted into a mainline JDK distribution. Again, ask on the mailing list for more details.
Currently, if I go to a page and the browser freezes for about 15 seconds, I think to myself, "This page must have an applet."
That's caused by the JVM startup. The pause can be nearly eliminated by starting the JVM with the browser. Of course, that slows the browser startup and holds onto memory needlessly. So I doubt anyone is going to bother doing that for a dead technology. (i.e. Applets)
Does NAT really offer that much better security than a Dark-Net implementation? I mean, if you simply don't allow any incoming connections to the "dark" area of your network, then the only thing that the Internet as a whole can divine is that some computers from inside the Dark Net are accessing resource X using their own IPv6 IP. Since every computer on your network is unlikely to access the same addresses, this gives potential attackers nothing more than a glimpse of a few computers behind the firewall. Certainly not the sort of complete information that a port scan would find them.
If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works.
In addition:
However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.
The second part is tenuous given the wording, but could be made to apply given Java's attempt to be the execution platform. However, the former part carries far more weight. Programming to the Java specification does not imply that you are basing it on a GPLed version.
Rich Sands, community marketing manager for OpenJDK community at Sun, would not say what percentage of Java's 6.5 million lines of code are encumbered, but explained that it is largely Java 2D graphics technology, such as font and graphics rasterizing.
In case anyone is wondering, this isn't much of a surprise to the Java community. When Sun was creating the latest and greatest Java libraries, they designed the APIs themselves to be generic. However, Sun generally licensed the underlying libraries for their reference implementation rather than developing them in-house. In the case of the Java2D APIs, they used code from Kodak to do all the fancy 2D rasterizations and transformations. This is why many Java coders thought that Sun's reference implementation would never be Open Sourced. (Happy to be wrong, BTW.)
That code by itself could probably be replaced with a modern 2D rasterizer (similar to the types found in SVG and Canvas implementations), but it would need to be heavily overhauled to backport the VolatileImage support added in Java 1.4. (Basically, the JVM is able to manage the video card memory to store images for faster rendering and backbuffering.) I'm thinking that something OpenGL-based would be the best bet.
However, that's not the only major library used. JavaSound also uses Dolby Headspace to render sound. It barely uses a fraction of the library's capabilities, but it would still need to be replaced. I don't know what was used for cryptography, but that would be replacable with a library like Bouncy Castle.
All in all, the final code shouldn't be too hard to replace as long as Open Source equivalents can be found. However, these areas *do* require significant expertise, so don't expect that joe random can jump in the code and make it happen.
However, this "getting rid of connectivity issues due to no longer having to NAT" has NEVER been expected by anyone who knows even a bit about networking. Because we're not returning to an un-firewalled world.
Thanks for clarifying that. I had a similar thought looking at the summary. I may have forgotten nearly everything I knew about IPv6, but it seems to me that a router is a router is a router, even in v6. If your router checks the traffic (like a good firewall would do) and blocks unauthorized incoming ports, then what's the issue? You're still routing IPv6. You even have the advantage of having your internal machines directly exposing their own IP addresses. The only difference is that the network area between your machines and your router is a controlled zone where only the traffic you want to enter your network will enter.
Now that we have done away with CRTs in both the camera and monitor, do we need to have frames at all?
Yes. For a few reasons:
1. If you don't transmit an entire frame of information at once, you're likely to get odd rendering artifacts such as tearing.
2. If you want to fool the eye, consistency is the key. Having a fixed framerate (whatever that may be) will always give the smoothest results. Games today do tend to render their backbuffers much faster than the monitor can update, but that's overcome because of time-based movement. i.e. The frame you finally see displays the character where your brain expects it to be after X number of milliseconds. Taken as a whole, the frames appear to add up to smooth movement.
3. Active LCDs share a trait with CRTs in that they need regular refreshing. While it's true that LCD will maintain its state as long as a voltage is applied, it's often not feasible to maintain a regular voltage; or at least maintain the voltage longer than the refresh period. TFT displays in particular charge capacitors to power the pixels between refreshes. Because of this, LCD manufacturers tune their monitors for a specific refresh rate, and then instruct the user to use that refresh rate. Some LCDs use an internal framebuffer to provide transparent refresh rate divisions and deinterlacing, but the monitor is still designed to run at a specific Hz.
You thundering moron. Wisconsin is run by the democrats, the idiot governor here doesn't trust good people to be honest and instead caves to criminals and the RIAA.
Parent is quite correct. Between McCallum and Doyle, Wisconsin has been going down the shitter in a hurry. Wisconsin needs Tommy Thompson back, a much loved governor who continually managed to keep the state running smoothly and properously. There is little doubt in my mind (and the minds of most Wisconsinites, I would imagine) that had he stayed on as governor, he would have dealt with the deficit with no trouble at all.
Oh, and he happens to be a Republican. Which is kind of amusing considering how Wisconsin always votes Democrat. But Wisconsinites liked Thompson, so he stayed in office until he took up the HHS position with Bush. He ran the state (and ran it well!) for nearly 15 years.
It's only going to get worse in the next few years, as we feel the backlash from the teenybopper IM crowd. They're going to grow up and shower us with idiocy in written (or typed) form.
Try reading the schematics to the Atari 2600 sometime. Tristate logic all over the bloody place. (At least, to my poor, untrained eye.) Tristate is still used, but almost always in support of digital-binary logic. I don't think there's too much interest in creating a trinary logic computer. Such a device would be more trouble than it's worth.
Well, you have to admit he's got skills since he pretty much wrote Microsoft's basic compiler.
Microsoft had a BASIC compiler? (!?!) Could have fooled me.
As it happened, Microsoft BASIC wasn't that great of a product. Atari ended up contracting another company for BASIC after Microsoft couldn't deliver a good enough product, and Commodore effectively rewrote the interpreter based on a flat-fee source license. The only reason why Microsoft gained the popularity it did in the home computer market was because they were the first to the table with a BASIC product. (Altair BASIC, in case you're wondering.)
If Microsoft hadn't jumped on the IBM PC deal when they did, they would have been just another road-kill on the highway of technology companies.
It's at the beginning. He talks about using BASIC to start writing Windows/Windows Programs, including the Clock application. From the sound of it, this was very early work on the shell, and was always intended to be supplemented with lower level code.
Keep in mind, though, that Windows was just the shell that ran on top of DOS. He doesn't go into any detail, but I imagine the low-level improvments necessary for Windows were originally assigned to the DOS team. Especially given that if you go back far enough, the early reports of Windows portrayed it as a simple task switcher. i.e. There was no real multitasking, only active and inactive programs. Something that could have been done with a TSR program.
True enough. Though if you found this article interesting, you should try reading Barbarians Led by Bill Gates. It's an insider's perspective on the going-ons inside of Microsoft in the early days. It's especially freaky to learn that they started coding much of Windows in BASIC. (Which I suppose comes as no surprise given that the Microsoft of the time was known as "the BASIC company".) Just like in this article, Gates was described as the King of the Hill with whom very few of the developers wanted to tangle.
A particularly amusing anecdote was when the author was working on a clock application for Windows. He found the BASIC flood-fill routine to be buggy and quite poor, and set about to rewrite it. He then headed for Gates' office to tell him that he wanted to replace the existing flood-fill routine "because it was crap". (Or something to that effect.) Some of his coworkers tried to warn him off, but he headed straight in and showed off his work to Gates. After forcefully championing his work to Gates, Gates agreed to allow the fix. As he came out of Gates' office beaming, one of the coworkers said to him, "You know who wrote the original flood-fill routine, don't you?"
Yep, it was Gates. And the author had just told him that his code was crap to his face. Doh!:-P
That's probably just because your ISP doesn't let you run servers on your DSL or cable modem
Says who? I run my own home-servers, and even a very popular web app. I used to rely on them for email service, but I transitioned to GMail instead. Why?
Quality of Service
Having dedicated staff ensuring that my email is running smoothly, is upgraded regularly with the latest features, has enough bandwidth and i/o to respond quickly, and is not vulnerable to attack is worth a lot more than the value of running my own email server.
Running my own email server takes a lot of time, effort, and money. To equal the level of service that GMail provides, I would have to spend the majority of time monitoring the service and writing/installing upgrades. Not to mention upgrading my bandwidth and server resources to provide the responsiveness I've come to expect out of GMail. (Sorry, imap on an old FreeBSD box just isn't as fast.) Thus in the end, it's easier and cheaper for me to simply use GMail.
I know a lot about one time pads. What is in your blog is not a one time pad, it's an exact reproduction of the HD-DVD key.
This is what's in your blog post:
However, I will admit right now, that there IS a corresponding key that, if XOR'ed against the number on my blog post, will provide the magic AACS number.
0×9F911029D74E35BD84156C4635688C0
This is the HD-DVD key:
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Your "secret" one time pad is 0x100000000. Honestly, it looks more like a typo than an attempt at encryption. And a judge certainly isn't going to buy that it's "accidently" similar. Especially when your "encryption" method is a non-encryption method. The point of encryption is to keep the contents secret. You've defeated your own attempt at an OTP by giving away 31 out of 32 nybbles. Hell, it's worse than that! You gave away 127 out of 128 bits! And then you suggest that I don't know anything about encryption?!?
I said it before, and I'll say it again. You cannot "hack" the laws like you're suggesting. If any common joe can see through your scheme, so will a judge.
You point out an interesting (and common) problem with geeks trying to interpret the law. Rather than truly understanding how the law is executed, you assume that it consists of iron-clad logic like a computer program. Therefore, you can hack it by finding the loophole in the logic.
News Flash: The law does not work that way.
If you were brought before a judge over your reproduction of the number, the first thing the judge would try to discern was your intent in publishing the number. Was it just a coincidence, or did you premeditate and fully intend to distribute the HD-DVD AACS key?
A defender would attempt to show that it is indeed a coincidence, but since you make your intent so gosh-darn clear in your blog entry, the defense wouldn't hold. A judge would find that you intended to distribute the key all along, and that the entire discussion of your blog is an explanation of how you intended to hide that fact. Your reference to HD-DVD as an "example" would be seen as particularly damning.
If you wanted any chance of winning, your defense would need to change tactics and argue if you actually committed a crime under the law. They would point out that the key itself is insufficient to be considered a DRM circumvention device, and that your intent was to participate in an online protest rather than using the key for circumvention. That a judge might buy. Especially if you do not own and HD-DVDs, and were not found to be soliciting anyone to illegally copy HD-DVD materials.
As for the grandparent post, consider something for a moment: How easy is it to break an encryption scheme if you already know the contents of the file? Hint: In many cases it's pretty gosh darn easy. Being able to demonstrate that the encryption could be broken that way would be proof enough of its contents. You have been warned.
Standard Disclaimer: I am not a lawyer, and you'd be pretty foolish to think this is legal advice. If you want a takeaway from this, it is: Get a real lawyer before you start trying to hack the laws.
Slashdot Mirror
And? Whoopdie-fracking do. Let me see if I can translate this into idiot for you:
Step 1: Go to http://java.sun.com/ and download a JDK.
Step 2: Ask yourself, "Did I just agree to the GPL?"
Step 3: Ponder the legal implications of never having agreed to the GPL, or in fact, having any GPLed code in your possession.
Alternate:
Step 1: Go to http://jcp.org/en/jsr/tech and find the Java API you're targetting.
Step 2: Download the skeleton classes and use to create a program.
Step 3: Ponder the legal implications of never having agreed to the GPL, or in fact, having any GPLed code in your possession.
Just because Sun releases a version of the platform under the GPL does not automatically make the entire platform GPL. And in any case, the FSF interpretation of Java code has always been suspect anyway. Their interpretation of Java linking is flawed, and of dubious enforceability.
However, this has always been more of an argument for the LGPL. If you develop with a GPLed version of a JDK, one could make a weak legal argue that you're extending the GPLed code in specific, and not the specification of the code. It would probably fail to hold up in court, but the possibility is there. Which is why the Classpath project issues this clarification of the license. It basically extends the OS exception to say that the Java classes are covered under similar terms. Not that it's legally necessary, as releasing the Classpath project cannot automatically make Java code fall under the GPL. But clarifies the position of using the Classpath library for development purposes. (Something which they couldn't enforce anyway.)
Unsurprisingly, Sun has the same clarification for the GPLed code.
I think you misunderstand my point. I'm not saying that your entire network would be dark, just the part that's not public. i.e. If you have 500 desktop machines that are routable to the internet, the firewall will make those machines "dark" by denying incoming requests to that portion of the network. However, server traffic would still be allowed according to the firewall rules.
I don't see how NAT helps this? If you've got the weaker services exposed, you've got them exposed. Period, end of story. However, if your firewall rules deny routing except to the secure services, you're as safe as you are with NAT.
Just because you have a DMZ doesn't mean that you have to turn off your firewall security. (Unless you have a really sucky firewall, that is.) You can still control the traffic going in and out of your network. For example, I might place server A into the DMZ. By default, all the ports of the machine are now open. However, that's a pretty dumb thing to do, so I immediately allow ONLY ports 80 and 443. The machine is now secure against external attacks from outside the network.
Now let's say that I add development server B to the same network and DMZ. (Why I would do that, I have no idea. But that's your scenario, not mine.) Since it's just for internal development, I will only allow incoming connections from the darknet portion of the network to machine. All external routing is disabled for that machine. Whammo, one properly firewalled network.
*cough* http://openjdk.java.net/ *cough*
The http://openjdk.dev.java.net site is defunct.
The important bits are all there, sans part of the Java2D and JavaSound implementation libs.
You don't know WTF you're talking about. If I go download the specification for Java from Sun, then code to that specification, have I agreed to the GPL? No. Therefore it is not binding, and the work is a completely separate work.
Actually, that's the wrong page. For some crazy reason that's incomprehensible to the average human being, Sun moved the code to a different page. See here:
http://openjdk.java.net/
You'll note that those downloads include all the core libraries that Sun promised to release. Why don't they redirect users looking at http://openjdk.dev.java.net/ to that page? I have no idea, but there you go.
Update: Check here instead - http://openjdk.java.net/
https://openjdk.dev.java.net/
I imagine that the Graphics2D class as well as the VolatileImage class need to be implemented. The BufferedImage implementation may need to be modified to obtain the "Automatic Image" behavior seen in the Sun JVM. Depending on how much Sun has withheld, you may need to implement the GraphicsEnvironment code as well. I recommend asking on the mailing list for specifics.
The "tainting" problem was always an OSS community invention based on Sun's license wording. As long as the code you've seen is in the OpenJDK, it's quite impossible for you to be "tainted" as Sun has given it to you under the terms of the GPL. Of course, you should always consult a lawyer for the latest in paranoid-protective behavior, but I sincerely doubt that Sun would try and sue you over something they just gave you.
You can do whatever the GPL license allows you to do. However, I imagine that OpenJDK won't accept anything more than implementation enhancements. New APIs need to go through the JCP for standardization before they can be accepted into a mainline JDK distribution. Again, ask on the mailing list for more details.
That's caused by the JVM startup. The pause can be nearly eliminated by starting the JVM with the browser. Of course, that slows the browser startup and holds onto memory needlessly. So I doubt anyone is going to bother doing that for a dead technology. (i.e. Applets)
Does NAT really offer that much better security than a Dark-Net implementation? I mean, if you simply don't allow any incoming connections to the "dark" area of your network, then the only thing that the Internet as a whole can divine is that some computers from inside the Dark Net are accessing resource X using their own IPv6 IP. Since every computer on your network is unlikely to access the same addresses, this gives potential attackers nothing more than a glimpse of a few computers behind the firewall. Certainly not the sort of complete information that a port scan would find them.
In addition:
The second part is tenuous given the wording, but could be made to apply given Java's attempt to be the execution platform. However, the former part carries far more weight. Programming to the Java specification does not imply that you are basing it on a GPLed version.
In case anyone is wondering, this isn't much of a surprise to the Java community. When Sun was creating the latest and greatest Java libraries, they designed the APIs themselves to be generic. However, Sun generally licensed the underlying libraries for their reference implementation rather than developing them in-house. In the case of the Java2D APIs, they used code from Kodak to do all the fancy 2D rasterizations and transformations. This is why many Java coders thought that Sun's reference implementation would never be Open Sourced. (Happy to be wrong, BTW.)
That code by itself could probably be replaced with a modern 2D rasterizer (similar to the types found in SVG and Canvas implementations), but it would need to be heavily overhauled to backport the VolatileImage support added in Java 1.4. (Basically, the JVM is able to manage the video card memory to store images for faster rendering and backbuffering.) I'm thinking that something OpenGL-based would be the best bet.
However, that's not the only major library used. JavaSound also uses Dolby Headspace to render sound. It barely uses a fraction of the library's capabilities, but it would still need to be replaced. I don't know what was used for cryptography, but that would be replacable with a library like Bouncy Castle.
All in all, the final code shouldn't be too hard to replace as long as Open Source equivalents can be found. However, these areas *do* require significant expertise, so don't expect that joe random can jump in the code and make it happen.
Thanks for clarifying that. I had a similar thought looking at the summary. I may have forgotten nearly everything I knew about IPv6, but it seems to me that a router is a router is a router, even in v6. If your router checks the traffic (like a good firewall would do) and blocks unauthorized incoming ports, then what's the issue? You're still routing IPv6. You even have the advantage of having your internal machines directly exposing their own IP addresses. The only difference is that the network area between your machines and your router is a controlled zone where only the traffic you want to enter your network will enter.
I just don't see what the big whoop is about.
Yes. For a few reasons:
1. If you don't transmit an entire frame of information at once, you're likely to get odd rendering artifacts such as tearing.
2. If you want to fool the eye, consistency is the key. Having a fixed framerate (whatever that may be) will always give the smoothest results. Games today do tend to render their backbuffers much faster than the monitor can update, but that's overcome because of time-based movement. i.e. The frame you finally see displays the character where your brain expects it to be after X number of milliseconds. Taken as a whole, the frames appear to add up to smooth movement.
3. Active LCDs share a trait with CRTs in that they need regular refreshing. While it's true that LCD will maintain its state as long as a voltage is applied, it's often not feasible to maintain a regular voltage; or at least maintain the voltage longer than the refresh period. TFT displays in particular charge capacitors to power the pixels between refreshes. Because of this, LCD manufacturers tune their monitors for a specific refresh rate, and then instruct the user to use that refresh rate. Some LCDs use an internal framebuffer to provide transparent refresh rate divisions and deinterlacing, but the monitor is still designed to run at a specific Hz.
Parent is quite correct. Between McCallum and Doyle, Wisconsin has been going down the shitter in a hurry. Wisconsin needs Tommy Thompson back, a much loved governor who continually managed to keep the state running smoothly and properously. There is little doubt in my mind (and the minds of most Wisconsinites, I would imagine) that had he stayed on as governor, he would have dealt with the deficit with no trouble at all.
Oh, and he happens to be a Republican. Which is kind of amusing considering how Wisconsin always votes Democrat. But Wisconsinites liked Thompson, so he stayed in office until he took up the HHS position with Bush. He ran the state (and ran it well!) for nearly 15 years.
2 l8
Try reading the schematics to the Atari 2600 sometime. Tristate logic all over the bloody place. (At least, to my poor, untrained eye.) Tristate is still used, but almost always in support of digital-binary logic. I don't think there's too much interest in creating a trinary logic computer. Such a device would be more trouble than it's worth.
As usual, Wikipedia has an article.
Microsoft had a BASIC compiler? (!?!) Could have fooled me.
As it happened, Microsoft BASIC wasn't that great of a product. Atari ended up contracting another company for BASIC after Microsoft couldn't deliver a good enough product, and Commodore effectively rewrote the interpreter based on a flat-fee source license. The only reason why Microsoft gained the popularity it did in the home computer market was because they were the first to the table with a BASIC product. (Altair BASIC, in case you're wondering.)
If Microsoft hadn't jumped on the IBM PC deal when they did, they would have been just another road-kill on the highway of technology companies.
It's at the beginning. He talks about using BASIC to start writing Windows/Windows Programs, including the Clock application. From the sound of it, this was very early work on the shell, and was always intended to be supplemented with lower level code.
Keep in mind, though, that Windows was just the shell that ran on top of DOS. He doesn't go into any detail, but I imagine the low-level improvments necessary for Windows were originally assigned to the DOS team. Especially given that if you go back far enough, the early reports of Windows portrayed it as a simple task switcher. i.e. There was no real multitasking, only active and inactive programs. Something that could have been done with a TSR program.
True enough. Though if you found this article interesting, you should try reading Barbarians Led by Bill Gates. It's an insider's perspective on the going-ons inside of Microsoft in the early days. It's especially freaky to learn that they started coding much of Windows in BASIC. (Which I suppose comes as no surprise given that the Microsoft of the time was known as "the BASIC company".) Just like in this article, Gates was described as the King of the Hill with whom very few of the developers wanted to tangle.
:-P
A particularly amusing anecdote was when the author was working on a clock application for Windows. He found the BASIC flood-fill routine to be buggy and quite poor, and set about to rewrite it. He then headed for Gates' office to tell him that he wanted to replace the existing flood-fill routine "because it was crap". (Or something to that effect.) Some of his coworkers tried to warn him off, but he headed straight in and showed off his work to Gates. After forcefully championing his work to Gates, Gates agreed to allow the fix. As he came out of Gates' office beaming, one of the coworkers said to him, "You know who wrote the original flood-fill routine, don't you?"
Yep, it was Gates. And the author had just told him that his code was crap to his face. Doh!
I have a premium account with DynDNS. That doesn't change anything I just said.
Says who? I run my own home-servers, and even a very popular web app. I used to rely on them for email service, but I transitioned to GMail instead. Why?
Quality of Service
Having dedicated staff ensuring that my email is running smoothly, is upgraded regularly with the latest features, has enough bandwidth and i/o to respond quickly, and is not vulnerable to attack is worth a lot more than the value of running my own email server.
Running my own email server takes a lot of time, effort, and money. To equal the level of service that GMail provides, I would have to spend the majority of time monitoring the service and writing/installing upgrades. Not to mention upgrading my bandwidth and server resources to provide the responsiveness I've come to expect out of GMail. (Sorry, imap on an old FreeBSD box just isn't as fast.) Thus in the end, it's easier and cheaper for me to simply use GMail.
P.S. You're certain that you have a 32 bit integer, eh? A 32 bit integer?
This is what's in your blog post:
0×9F911029D74E35BD84156C4635688C0
This is the HD-DVD key:
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Your "secret" one time pad is 0x100000000. Honestly, it looks more like a typo than an attempt at encryption. And a judge certainly isn't going to buy that it's "accidently" similar. Especially when your "encryption" method is a non-encryption method. The point of encryption is to keep the contents secret. You've defeated your own attempt at an OTP by giving away 31 out of 32 nybbles. Hell, it's worse than that! You gave away 127 out of 128 bits! And then you suggest that I don't know anything about encryption?!?
I said it before, and I'll say it again. You cannot "hack" the laws like you're suggesting. If any common joe can see through your scheme, so will a judge.
Charge you lots of money to have random "IBM consultants" wander around all your secure areas.
You point out an interesting (and common) problem with geeks trying to interpret the law. Rather than truly understanding how the law is executed, you assume that it consists of iron-clad logic like a computer program. Therefore, you can hack it by finding the loophole in the logic.
News Flash: The law does not work that way.
If you were brought before a judge over your reproduction of the number, the first thing the judge would try to discern was your intent in publishing the number. Was it just a coincidence, or did you premeditate and fully intend to distribute the HD-DVD AACS key?
A defender would attempt to show that it is indeed a coincidence, but since you make your intent so gosh-darn clear in your blog entry, the defense wouldn't hold. A judge would find that you intended to distribute the key all along, and that the entire discussion of your blog is an explanation of how you intended to hide that fact. Your reference to HD-DVD as an "example" would be seen as particularly damning.
If you wanted any chance of winning, your defense would need to change tactics and argue if you actually committed a crime under the law. They would point out that the key itself is insufficient to be considered a DRM circumvention device, and that your intent was to participate in an online protest rather than using the key for circumvention. That a judge might buy. Especially if you do not own and HD-DVDs, and were not found to be soliciting anyone to illegally copy HD-DVD materials.
As for the grandparent post, consider something for a moment: How easy is it to break an encryption scheme if you already know the contents of the file? Hint: In many cases it's pretty gosh darn easy. Being able to demonstrate that the encryption could be broken that way would be proof enough of its contents. You have been warned.
Standard Disclaimer: I am not a lawyer, and you'd be pretty foolish to think this is legal advice. If you want a takeaway from this, it is: Get a real lawyer before you start trying to hack the laws.