As many may people have pointed out, this is just a plain old ordinary borking. Sending broken input to make the application crash or break. There was a time when it was popular to do the same with various versions of Microsoft Outhouse and Express Outhouse by sending carefully crafted email messages that tickled bugs in Outhouse. At the time, people did take those bugs as signs of serious design problems in Outhouse.
This bug and others like it are not of much consequence in and of themselves, but they do help underscore the big problem for browser development. The very early browsers, Mosaic and lynx, made the mistake of being "liberal in what they accepted". That is they made an effort to render broken HTLM. (Lynx, to its credit, at least produced a warning notice.)
This made it easier for web authors to grow ever sloppier in their HTML. And when the browser wars were in full swing, they were largely competing based on which could better render broken HTLM. This of course allowed web page developers to get even sloppier. And they started writing to the unpublished languages of MS-HTML and Mozilla-HTML.
I haven't looked at the actually HTML parsing code of any browser, but my guess is that more than 80% of it is there only to deal with broken HTML. This exploit (and it is an exploit with limited damage) exists only because mozilla is trying to render broken HTML.
This problem with HTML (and so the difficulty and complexity of writing browsers) is the clearest example to me of what is wrong with taking "Be liberal in what you accept, conservative in what you send" to mean that protocol and language violations should be tolerated.
I wish I could offer a realistic suggestion of how we get out of this mess. But the simple fact of the matter is that if one browser starts rejecting broken HTML, then people will use a more tolerent browser.
There are companies like fastmail (no personal connection, just a happy customer) which are set up to do this sort of thing.
If you really want to do something like this in house, hire someone like Nigel Metheringham (old friend of mine, haven't had any contact with him in years) who set up the mail system for freeserve.co.uk when they first got started. Look at what others have done.
Crucially, you will want several inbound MXes, several outbound SMTPs, and your IMAP server on the most robust hunk of metal and silicon that you can get your hands on.
Years ago I would have recommended UW-IMAP with mbx format, not mbox format. Now-a-days, I'd be more inclined to use Cyrus IMAP. As for sendmail, postfix or exim, I've got my personal favorites. Your choice will have to be based on more than my prejudices and biases. But do take a look at exim, many things were built into it for freeserve.co.uk. (Freeserve went from zero to more than a million users in a few short months when it started.)
I would think that this type of a system not only thwarts your average pickpockets and mail thieves, but also more ambitious criminals who are willing to go a step further. You'd have to 1) either fake the originating phone #, 2) break into the owner's home and get the actual PIN using their own phone, or 3) have personal details like last four of a SSN-type number, address, birthdate, etc., and by that time the problem is bigger than a stolen PIN.
Faking a caller line ID is easy. Any modern PBX system can do it, such as asterisk. As for your number three, that information is much easier to get then a PIN.
I was wondering the same thing. There is nothing in TFA or on the company's site that says anything about hash collisions. At least nothing I could find.
They do get as specific as saying "patented virtual algorithm". So here are some guesses.
It's a joke.
It's complete and utter snake oil.
The "virtual algorithm" is to upload junk with same hashes as real content. What makes the algorithm "virual" is that they just haven't quite figured out how to create such files.
Those options are not mutually exclusive.
Of course there was no reference to a patent filing. I am really inclined to think this is a joke.
Will you be complaining when they have a monopoly in the telecom business
Of course I would be complaining. But I just don't see them as becoming a monopoly. It is typical for a business, when entering into a new market to use "deep pockets" to try to undersell the established rivals.
Breaking into a market and establishing a monopoly are two very separate things. Sure, you have to do the first to do the second, but they are still separate.
Or how about every other company has to cut its R&D budget to compete and the whole market slows to a crawl?
Let me see if I understand what you are saying. Are you saying that tech companies need to be protected from competition so that they've got enough money to do R&D? If so, you might have a case. I agree that ATT's Bell Labs was great. But the advantages of competition, I think, are even more important. The over all benefits to the economy are enough that we can fund high quality public research labs (AKA universities).
Cherney points out that grass biofuel pellets are much better for the environment because they emit up to 90 percent less greenhouse gases than oil, coal and natural gas do.
Am I the only one who finds that claim implausible? My (uninformed) guess is that burning grass would give off almost as much CO2 as burning wood.
For families who use computers like televisions (entertainment and babysitting), there should be no surprise that the more boxes the worse the academics. At the moment, I don't think that my 6 year old daughter is harmed by living in a house with 5 computers.
On the other hand, I flunked out of graduate school long ago, and I only had to TVI920 and a 300 baud modem.
Reply: Atlantis, Troy and Plato's stories
on
Atlantis Found. Again.
·
· Score: 2, Informative
I've just read through the many replies to my original post. Instead of trying to reply to each, I'll try to sum up here.
Troy
Many people correctly pointed out that for a long time people believed that the story of the Trojan war was a myth, but archologistis have found something that shows signs of being Troy.
But consider how limited the finding is: there was a city in about the right place that seemed to have been sacked at about the right time (among other occassions). It is reasonable to suspect that this actual city is somehow connected to the legend we know from Homer. So there seems to be some grains of history in the Iliad, we don't know how big and frequent those grains are, but we do know that there is a lot of myth in there, too.
But the greater lesson of Troy is that the nay-sayers about Atlantis might be wrong. The point is taken. I might be wrong. The knowledge that I could conceivably be wrong doesn't prevent me from holding an opinion.
Parable or not
Some have pointed out that Plato's character who recites the Atlantis story says that he heard this as an ancient Egyptian story. Plato was not the only person writing back then, and there is no other indication of this story (or of its story teller) for a very long time. The form of the story fits so tightly to Plato's political and metaphysical views, that either Plato made it entirely or dramatically adapted it for his purposes.
While ancients also wrote about it, it really appears that they picked up the story from Plato and not from any sources that pre-date Plato, execpt that they repeat Plato's claim of an ancient Egyptian origin. And it was only the the 19th century that serious speculation began.
A deluge of flood stories
There is no dispute that there are loads of ancient flood stories. There is also no doubht that there were lots of ancient floods. We don't know the scale of these. A flood that destroys a few villages will seem to the survivers to have engulfed the whole world. It seems to me that even small floods can generate big stories, and that those floods may have been much more recent.
The Black Sea flood hypothesis is extremely interesting. If, indeed, the Black Sea did fill up rapidly, it certainly would have generated big flood stories for the generations that followed. But whether it is those or other floods that serve as the origin of the flood stories we know today is hard to determine.
If we treat Atlantis as a flood story, than it probably has the same kind of factual basis as many other flood stories: We'll never no location or scale of the floods, but there probably were lots of floods.
I've always thought of the Atlantis story is more than a flood story or earthquake story. Maybe I've just read too much Plato. If we really do take it to be about a lost civilization on some lost island, then I continue to bet on it being a myth.
On the otherhand, if we take it to be that some populated region was destroyed by earthquake or flood, then it almost certainly happened. But it is fruitless to try to tie a particular story to one of the many such events.
In "western" civiliation there is no history of this story prior to Plato. Plato has a fictional character, Timeos (sp?), tell the story of Atlantis. The story is an obvious parable illustrating Plato's ideas about how things decline.
Fastmail does IMAP right. I rarely use the web interface (even though it is the best I've seen). I agree that people who say they want webmail really want IMAP but don't know it. Fastmail.fm knows it, and whether you see them as an IMAP provider or a webmail provider is all up to you.
plug for fastmail.fm
on
The Webmail Wars
·
· Score: 2, Interesting
Fastmail is by far the best webmail/IMAP mail service I have ever seen. They really understand IMAP and what works for webmail.
I have no affiliation other than being a happy customer.
I've just been making my way through Novell's reply and it addresses exactly this question. First of all, in this particular case, SCO is suing Novell for making Novell's claim to the copyright public. So SCO has no grounds to complain that Novell didn't come forward earlier. (Novell says that they had contacted SCO privately)
SCO is trying to claim that Novell was malicious in knowingly publishing a false claim (that Novell owns Unix copyrights). Novell says that it had every right to publish its claim and it has reason to believe that the claim is true.
The particular memo doesn't prove anything about ownership but is one more (small) piece of evidence that Novell sincerely believes its claim (of ownership of copyrights), and so are in no way guilty of knowingly publishing a falsehood.
Novell's case is overwhelming, but this particular document is part of a filing in response to a filing by SCO alledeging that Novell knew it didn't own the copyrights.
I could be entirely misunderstanding things. There will certainly be a compentent analysis on groklaw soon enough.
Very interesting. Thank you for pointing that out. I can see uses for it, but I'm not sure that it will solve my problem (if I have a problem at all) since the Remote uses an infra-red connection, and my stereo (and Airport Express) is no where near being in IR range of the computer with the music. But maybe I've misunderstood how it is supposed to work.
it's rather less useful if you don't have a laptop in the same room where the Airport Express is plugged in.
I've just set up an Airport Express using "AirTunes". And I am facing this problem. My music is on my desktop (in one part of the house) and the stereo is in another. This set-up works fine if you have a "party playlist" to cycle through, but it's not all that useful if you want to have some more control over what is played.
I also have an iBook which I can take to the room with the stereo, but I'm a bit concerned about how the streaming would work. My fear is that my desktop would stream music over my wireless network to my iBook which in turn would stream it back to my main wireless hub, which in turn would stream it to the Airport Express. Thus all music will pass through my wireless hub three times.
Hopefully I'm wrong about that. As I said, I just set this up and have to test.
ls -ld/Library/StartupItems/ drwxr-xr-x 4 me admin 136 14 Oct 2003/Library/StartupItems/
I don't know how or why it got set that way
Well, I know now./Library/ is 775 root:admin and so when I wrote my first start-up script, I created/Library/StartupItems/, with myself as the owner.
So it looks like the permissions/ownership of/Library/ open a substantial trojan opportunity. Admin users can, without authenticating, create scripts that will be run as root.
On a system that was installed from scratch a couple of months ago with the most recent OS,/Library/StartupItems is protected 755 root:wheel. On an older system it is protected 775 root:wheel.
Until a few moments ago mine was
ls -ld/Library/StartupItems/ drwxr-xr-x 4 me admin 136 14 Oct 2003/Library/StartupItems/
I don't know how or why it got set that way, but I've changed it now.
Libertarianism certainly is an appealing ideology, but are you concerned that ideological based politics (whether yours or others) often precludes the adoption of pragmatic solutions to real problems?
Unless I've understood things incorrectly (a very real possibility), I believe that there is a class of NP-hard problems which are provably not N. It is the class of NP-complete problems which may or may not be P. We certainly need to add the the repetoire of PK algorithms, and ideally we should try to find some among the NP-hard problems.
Of course, I could be very wrong about this. It's been decades since I studied this stuff.
What the hell does that say, and what language is it in?:)
It says (or should say) something like, "The problem is that there is no Hungarian description." The language is something like Hungarian. (I am not fluent in the language, but can get by).
Slashdot Mirror
As many may people have pointed out, this is just a plain old ordinary borking. Sending broken input to make the application crash or break. There was a time when it was popular to do the same with various versions of Microsoft Outhouse and Express Outhouse by sending carefully crafted email messages that tickled bugs in Outhouse. At the time, people did take those bugs as signs of serious design problems in Outhouse.
This bug and others like it are not of much consequence in and of themselves, but they do help underscore the big problem for browser development. The very early browsers, Mosaic and lynx, made the mistake of being "liberal in what they accepted". That is they made an effort to render broken HTLM. (Lynx, to its credit, at least produced a warning notice.)
This made it easier for web authors to grow ever sloppier in their HTML. And when the browser wars were in full swing, they were largely competing based on which could better render broken HTLM. This of course allowed web page developers to get even sloppier. And they started writing to the unpublished languages of MS-HTML and Mozilla-HTML.
I haven't looked at the actually HTML parsing code of any browser, but my guess is that more than 80% of it is there only to deal with broken HTML. This exploit (and it is an exploit with limited damage) exists only because mozilla is trying to render broken HTML.
This problem with HTML (and so the difficulty and complexity of writing browsers) is the clearest example to me of what is wrong with taking "Be liberal in what you accept, conservative in what you send" to mean that protocol and language violations should be tolerated.
I wish I could offer a realistic suggestion of how we get out of this mess. But the simple fact of the matter is that if one browser starts rejecting broken HTML, then people will use a more tolerent browser.
If you really want to do something like this in house, hire someone like Nigel Metheringham (old friend of mine, haven't had any contact with him in years) who set up the mail system for freeserve.co.uk when they first got started. Look at what others have done.
Crucially, you will want several inbound MXes, several outbound SMTPs, and your IMAP server on the most robust hunk of metal and silicon that you can get your hands on.
Years ago I would have recommended UW-IMAP with mbx format, not mbox format. Now-a-days, I'd be more inclined to use Cyrus IMAP. As for sendmail, postfix or exim, I've got my personal favorites. Your choice will have to be based on more than my prejudices and biases. But do take a look at exim, many things were built into it for freeserve.co.uk. (Freeserve went from zero to more than a million users in a few short months when it started.)
Someone, less lazy that I, should check weather records to confirm. Also, I thought that night-side lights were supposed to be visible.
They do get as specific as saying "patented virtual algorithm". So here are some guesses.
- It's a joke.
- It's complete and utter snake oil.
- The "virtual algorithm" is to upload junk with same hashes as real content. What makes the algorithm "virual" is that they just haven't quite figured out how to create such files.
Those options are not mutually exclusive.Of course there was no reference to a patent filing. I am really inclined to think this is a joke.
Of course I would be complaining. But I just don't see them as becoming a monopoly. It is typical for a business, when entering into a new market to use "deep pockets" to try to undersell the established rivals.
Breaking into a market and establishing a monopoly are two very separate things. Sure, you have to do the first to do the second, but they are still separate.
Let me see if I understand what you are saying. Are you saying that tech companies need to be protected from competition so that they've got enough money to do R&D? If so, you might have a case. I agree that ATT's Bell Labs was great. But the advantages of competition, I think, are even more important. The over all benefits to the economy are enough that we can fund high quality public research labs (AKA universities).Competition is good for consumers, and in the long run it is good for the industry as well. It's only bad news for the entrenched players.
If China wants to tax its citizens so that it can sell me cheap telecoms products, I'm not going to complain.
Now I need to go back to teaching my daughter the principles of cryptography.
Thank you (and scareduck in another post) for clearing things up for me.
Am I the only one who finds that claim implausible? My (uninformed) guess is that burning grass would give off almost as much CO2 as burning wood.
On the other hand, I flunked out of graduate school long ago, and I only had to TVI920 and a 300 baud modem.
But consider how limited the finding is: there was a city in about the right place that seemed to have been sacked at about the right time (among other occassions). It is reasonable to suspect that this actual city is somehow connected to the legend we know from Homer. So there seems to be some grains of history in the Iliad, we don't know how big and frequent those grains are, but we do know that there is a lot of myth in there, too.
But the greater lesson of Troy is that the nay-sayers about Atlantis might be wrong. The point is taken. I might be wrong. The knowledge that I could conceivably be wrong doesn't prevent me from holding an opinion.
Parable or not Some have pointed out that Plato's character who recites the Atlantis story says that he heard this as an ancient Egyptian story. Plato was not the only person writing back then, and there is no other indication of this story (or of its story teller) for a very long time. The form of the story fits so tightly to Plato's political and metaphysical views, that either Plato made it entirely or dramatically adapted it for his purposes.While ancients also wrote about it, it really appears that they picked up the story from Plato and not from any sources that pre-date Plato, execpt that they repeat Plato's claim of an ancient Egyptian origin. And it was only the the 19th century that serious speculation began.
A deluge of flood stories There is no dispute that there are loads of ancient flood stories. There is also no doubht that there were lots of ancient floods. We don't know the scale of these. A flood that destroys a few villages will seem to the survivers to have engulfed the whole world. It seems to me that even small floods can generate big stories, and that those floods may have been much more recent.The Black Sea flood hypothesis is extremely interesting. If, indeed, the Black Sea did fill up rapidly, it certainly would have generated big flood stories for the generations that followed. But whether it is those or other floods that serve as the origin of the flood stories we know today is hard to determine.
If we treat Atlantis as a flood story, than it probably has the same kind of factual basis as many other flood stories: We'll never no location or scale of the floods, but there probably were lots of floods.
I've always thought of the Atlantis story is more than a flood story or earthquake story. Maybe I've just read too much Plato. If we really do take it to be about a lost civilization on some lost island, then I continue to bet on it being a myth.
On the otherhand, if we take it to be that some populated region was destroyed by earthquake or flood, then it almost certainly happened. But it is fruitless to try to tie a particular story to one of the many such events.
In "western" civiliation there is no history of this story prior to Plato. Plato has a fictional character, Timeos (sp?), tell the story of Atlantis. The story is an obvious parable illustrating Plato's ideas about how things decline.
Fastmail does IMAP right. I rarely use the web interface (even though it is the best I've seen). I agree that people who say they want webmail really want IMAP but don't know it. Fastmail.fm knows it, and whether you see them as an IMAP provider or a webmail provider is all up to you.
I have no affiliation other than being a happy customer.
OK. Now I understand. This is exactly what I need.
SCO is trying to claim that Novell was malicious in knowingly publishing a false claim (that Novell owns Unix copyrights). Novell says that it had every right to publish its claim and it has reason to believe that the claim is true.
The particular memo doesn't prove anything about ownership but is one more (small) piece of evidence that Novell sincerely believes its claim (of ownership of copyrights), and so are in no way guilty of knowingly publishing a falsehood.
Novell's case is overwhelming, but this particular document is part of a filing in response to a filing by SCO alledeging that Novell knew it didn't own the copyrights.
I could be entirely misunderstanding things. There will certainly be a compentent analysis on groklaw soon enough.
Very interesting. Thank you for pointing that out. I can see uses for it, but I'm not sure that it will solve my problem (if I have a problem at all) since the Remote uses an infra-red connection, and my stereo (and Airport Express) is no where near being in IR range of the computer with the music. But maybe I've misunderstood how it is supposed to work.
I've just set up an Airport Express using "AirTunes". And I am facing this problem. My music is on my desktop (in one part of the house) and the stereo is in another. This set-up works fine if you have a "party playlist" to cycle through, but it's not all that useful if you want to have some more control over what is played. I also have an iBook which I can take to the room with the stereo, but I'm a bit concerned about how the streaming would work. My fear is that my desktop would stream music over my wireless network to my iBook which in turn would stream it back to my main wireless hub, which in turn would stream it to the Airport Express. Thus all music will pass through my wireless hub three times.
Hopefully I'm wrong about that. As I said, I just set this up and have to test.
Libertarianism certainly is an appealing ideology, but are you concerned that ideological based politics (whether yours or others) often precludes the adoption of pragmatic solutions to real problems?
Of course, I could be very wrong about this. It's been decades since I studied this stuff.
De az a baj, hogy magyarul leiras nincs.