Re:incorporate zahn's books
on
Star Wars TV Show
·
· Score: 4, Insightful
Possible premises:
The Old Republic - Plenty of scope here for what things were like "before the dark times", but will probably become a "Jedi of the week" show soon enough
The Clone Wars - kind of covered in the animated series though
Young Luke Skywalker. Cute^H^H^H^H Irritating kids, races though Begger's Canyon and shooting womp rats...
What ever Lucas has in mind for VII-IX this week. Probably closest to your option, and the one I'd like to see; could even keep the extended universe stuff intact with a little effort.
Face it though, this is the person who brought us Jar-Jar Binks - it's going to be a rehash of Young Indy, isn't it?
Not strictly true. "WinSxS" is short for "Windows Side-by-Side" which according to my research over the last few days is a horrible hack to try and allow different apps to use different versions of the same DLL on the same system. So, suppose we have three versions of the DLL; v1 and v2 are vulnerable, v3 is not. Windows comes with v2, but I install a graphics viewer that requires and installs v1 as part of its install - v1 goes into "WinSxS". When I install the MS patch, the vulnerable v2 version is replaced with the secure v3 and MS tells me all is well, but if I open a bad JPEG with my graphics viewer, it loads the v1 DLL and my PC belongs to someone else.
It means that you still have a Microsoft application that needs patching, "Ink" - is something to do with with either Tablet PC or frp, one of their dev kits. Lucky you; that sounds like you can isolate a patch fairly easy. My vulnerable files are in the SP2 uninstall directory and, more critically, "\Windows\WinSxS". The former is easy enough to deal with, but the latter which means I have almost no way of knowing which application stuck them there or what might break if I simply delete them.
I'm guessing that only the application that installed them there can actually call them since their appears to be a serial number in the folder name. Certainly that *specific* version of the DLL would need to be in use to be exploited, but I'm not sure whether it is possible for a malicious web app to seek out and deliberately call a vulnerable version of a DLL stored under WinSxS.
At the moment, I see two options to resolve this issue, other than simply relying on my virus scanner.
Find out which applications "own" the vulnerable DLLs by starting to every third party application on my systems and watching which files get opened.
Delete the vulnerable files and see what breaks as and when. Then hope that I can resolve all of the issues with Windows' system file integrity function that this appears to create.
I don't consider either of these a satisfactory solution to the problem, quite frankly, and I think that Microsoft needs to address this issue PFQ.
Yes it has. Unfortunately like many Microsoft patches it gives you a nice fuzzy sense of false security. According to Microsoft, I'm nice and safe, but according to Tom Liston's GDIScanner and a quick perusal of the file versions, I'm quite possibly not. Fortunately my virusscanner *does* seem to pick up on this, but that's no thanks to Microsoft.
Did anyone actually see a good reason for the creation of this particular format?
Hell yes. Unlike with a raster image such as JPEG or PNG, the data from a camera sensor is most likely a Bayer array - alternating lines of Red/Green and Blue/Green sensors, rather than RGB triplets, so it's not so much RGB, as RGBG. (There are some varients/exceptions in the in sensors from Foveon, Fuji and Sony). There is also a lot of data specific to the exposure; duration, ISO, lens details, etc. which would need to be applied in camera before a raster image could be produced. With RAW, you can apply these settings after the event in Photoshop or whatever. Exposed the sky correctly, but got the ground off by a stop? No problem; "develop" the RAW twice and use the sky from one shot and the ground from the other for a much better result than "enhancing" the ground in an image editor.
Yes, you could have most of this with a tweaked version of PNG and a bunch of ID3 type tags (and maybe that's exactly what Adobe has done, I haven't looked at the file format yet). The main benefit though is to make it very easy for data exchange and solve the nightmare situation whereby each new sensor has it's own RAW format. The state of play at the moment is a nightmare for vendors like Adobe who need to update their software for almost every new high-end camera release. Likewise for the makers of those "digital photo stations" that are cropping up like Starbucks, or their little brethren; the printers you can plug a camera into directly. With a standard like DNG to support you gain the much larger colour gamut of the RAW format and more flexibility in tweaking the image for a better print.
Anyway, you can read the actual Adobe press release, or download a free (beer) DNG converter here to find out a little more.
Because my DSLR produces ~10MB RAW files with 12bit/hue colour resolution which convert into ~36MB 16bit/hue colour resolution TIFFs? Or how about that those TIFFs only have a fraction of the flexibility offered by the RAW versions in post processing. It should be obvious that you need 3x the storage space, but if you've got used to rattling off shots at a rate of several a second, expect that to get slashed too.
One of those digital photoframes to display the pictures from your kitecam. The panoramas... the approaching ground... the horrified expression on the face of a soon to be ex-digicam owner...
Who would a person call if they had some problems like this?
In the US? The FBI I think; it's wire fraud which is a very serious offence and the foreign bank account angle takes it out of the jurisdiction of local/state police. I've been peripherally involved with something like this in the UK where the National High Tech Crime Unit got involved; the important things are not to panic and to contact the authorities immediately so they can do their thing.
In my instance, the NHTCU took care of contacting the banks responsible for the various credit cards and everything, or at least passed the information along to the relevent organisation(s). I gather most of the banks simply issued a new credit card without making a fuss or the customer aware of the real reason for that matter. And yes, the perps got busted - or more accurately got stung due to the combination of information recovered from the compromised box and a few "creative" emails written by the NHTCU.
Spammers are supporting this ("using" would be more accurate) because they hope that systems such as SpamAssassin will assume that this indicates the email is more likely to be legit. Like many people, they've missed the point of SPF et al; SMTP is flawed in many ways and there is no single magic bullet, this bullet is designed to prevent address spoofing, not combat spam. However, if it encourages spammers to spend a few extra dollars on throwaway domains, that's fine by me.;)
There are several possible outcomes from an SPF query, and given the adoption by spammers I've taken to doing a reject on a hard failure and not scoring the rest at all. Once I've got a few hundred emails in each contingency I'll calculate the ratios and assign SpamAssassin some apropriate scores. At the moment, I see four possibilities for this;
A hard fail
A hard success ("-all" present)
A soft success ("-all" absent, or some other open ended SPF record)
SPF is absent
Depending on how spammers continue to implement SPF, I think it's very likely that only the first one is going to be a serious indicator, but that's fine because that's enough to kill Joe-Jobs.
I largely agree, which is why I made the comments about Microsoft making consessions and only going so far as to say that it "pretty much clears the way" in the submission. The problem MARID has is not that there is a possible patent issue, or even that it's Microsoft, but that Microsoft is not disclosing the details. There is also a seperate problem that the open source proponents in MARID have with Microsoft's license in that appears to prevent redistribution, hence the actions by the ASF, Debian and so on over the last few weeks.
It's not too late for Microsoft to change their mind, relax the license terms and waive any patent issues to get Sender-ID accepted. Their problem is that they need to do so quickly or they will be trying to push a proprietary standard onto a group that have already stated they don't want to know and will not implement it. Also, standard or not, adoption of Classic-SPF is proceeding apace and is already functional in most FOSS MTAs and anti-spam systems - for a lot of people the herd mentality is all that applies in selecting a solution.
Now I'm not saying this guy was writing viruses to feed his starving family
Actually, while "starving" is probably not accurate, several of the reports from back in May did make mention of Sven claiming his motivation was to drum up business for his mother's PC Help business.
Not at all. Since it doesn't say what level of compression was used on the one hour of video, I think it's reasonable to assume it's the one with the most. If so, and the thing can store 709 hours of video in 400GB, then that's just over half a GB of data, or about 10MB/s.
It'll go even more nicely with the shouts of "Code Blue" and crash teams rushing to the offices of various MPAA and Hollywood execs. I predict this thing is going to have enough red tape thrown at it to reach to the moon and back in an attempt to prevent it getting to as many markets as possible.
Meanwhile, the article a little light on the two details that matter most; "how much?" and "where from?". Anyone?
I think this would be a good idea too; a period of a few months between submission and approval of a patent during it would be open to public review and any possible prior art submitted. This is in addition to the relevent PTO doing a thorough review of the proposal of course, and could also be used a means of annulling some of the more dubious patents already in existence. The fundamental problem with this approach though is that a key issue of patent infringement cases is whether the defendant knowingly infringed upon the patent. Obviously any damages are going to be much higher if that can be shown to be true, and it's this that leads to plausible deniability rearing its ugly head.
As the law stands now, companies try and remain ignorant of any patents filed by their competitors, thus (in theory) minimising their liability while enabling business as usual. The contingency plan in the event of being accused of patent infringement seems to be to be one of trying to fight the patent first, and if that looks like failing enter into a cross licensing deal with your own patent portfolio. Given that stance, even if patents are open for public review prior to approval, I doubt many companies would be willing to review and submit challenges if doing so might negate their claim to ignorance in the process. Sure, they might get patent application X annulled, but if they are found to be infringing upon approved patent application Y then they are going to find it much harder to show they were unaware if they are demonstrably reviewing patents.
The current situation with patents at the USPTO has gotten way too far out of hand, probably so much so that recovery isn't likely to happen no matter what is done. Even so, it's going to be better to at least make an attempt at reigning things back in than doing nothing at all, but I don't think that patent lawyers raking in the dollars are going to be too happy with that idea...
It doesn't take much digging to find out. The ASF is still supporting Meng Wong's "Classic SPF" via a plugin in SpamAssassin, I'd assume something similar will apply to JAMES. I don't see any licensing concerns that would stop Debian and the rest adopting a similar stance. Also, since Classic SPF is appears to be gaining momentum at a considerable rate, even if it is most by spammers, it would be sensible to discard all that effort in the official standard.
I was expecting your link to go the Newsforge story that leads to this article, but apparently not. Apparently Earthlink is refusing to adopt Sender-ID in its current state as well, and most interestingly it is doing so on the advice of its legal counsel. Given that the project leads of Exim and Postfix, but interestingly not Sendmail, have also adopted a similar stance I think Sender-ID is pretty much dead in the water at this point.
I have to admit, I'm in two minds about this. On the one hand it's long overdue for Microsoft to be seriously given the finger by a collective group that it is unlikely to be able to bully or "embrace and extend" around. On the other, Sender-ID does seem to be the most sophisticated of the sender validation technologies proposed to the MARID group at the IETF, it would be a shame to lose it to corporate greed if Microsoft doesn't resolve the patent issues soon.
SPF will not only stop spammers, but will stop (or at least prevent) people and worms from spoofing the from address *sent from _everywhere_* to claim to be from a user@domain they do not own.
Sorry, but you are wrong on the first count. SPF does absolutely nothing to stop a spammer from either:
Registering a domain, publishing valid SPF records for it (to circumvent people rejecting mail from SPF-less domains), and spamming away using that domain.
Compromising a box, finding out the default email address of its former owner, and using that address as the sender. This method may however trip a throttle on an outgoing smarthost, assuming one is in use.
What SPF will do, if enough people and ISPs in particular implement it, is help prevent spammers (and mass mailing worms etc.) from using domains they do not directly own - as you say. Even so, that is still dependant on the ISPs etc. handling SPF failures properly and not generating a bounce message. Given how many people who should know better quite happily send a bounce when their email virus scanner detects an trojan *known* to spoof the sender, I'm not holding my breath.
And no, I'm not opposed to SPF; all my domains have had SPF records for months, and they all have the "-all" flag in them too. Every little helps, as anyone who has been the victim of a Joe Job can testify.
It only benefits big ISPs, by keeping spammers from mentioning them in their return addresses.
Nope, sorry. It benefits anyone that owns a domain that is used for mail, more so infact than it does the big operators of email services. A friend of mine is currently being Joe Jobbed on her personal domain; adding an SPF entry made a significant impact on the number of bounce messages she is getting. SPF will not really do much to stop spam; the spammers can always use disposable domains or the domain of who ever's PC is being used as a spambot. It does however have the potential to prevent people's domains being hijaaked by spammers.
Exactly. With crypto, it's often that little bit of extra insight or improved technique which can bring the entire thing crashing down. As an example, take Charles Babbage's (yes, that one) breaking of what up until then had been the presumed unbreakable Vigenere cipher. The observation Babbage made was that certain sequences of letters might recur in the ciphered text, and the insight was that these might be the same plaintext letters encrypted against the same cipher sequence. From this small foothold, Babbage was able to ascertain the length of the keyword used to drive the encryption and from there break the complexity down into a limited number of substitution ciphers which are much easier to tackle.
While it's still not certain whether a similar jump might be made in the case of the MD5 and SHA-1 hashing algorithms, you can bet that a lot of crypto people are looking. What's that OSS saying about many eyes making flaws shallow again? Even if there is a fatal flaw though, I doubt it's not going to be the show stopper for hashes some people seem to think; you just use more of them. RPM supports DSA, SHA1, MD5 *and* GPG checksums for example, even if all four algorithms were broken, I doubt there is a method for generating an equivalent file that matches all four checksums at the same time.
To save you having to RTFA and check out the product descriptions, the say "1 to 96 high performance 2.5" disk drives, 30-80GB capacity, 7.8TB max capacity on deskside". You can probably infer from the 2.5" that they are using notebook harddrives which are most likely EIDE - at least I haven't seen any SATA ones yet, although they can't be too far away.
You should probably check out the product description anyway though; there are some quite interesting hardware design decisions in there!
This is a problem at the Slashdot end rather than with Orion - either from the original submitter or the editos. Checking out the product descriptions on Orion Multisystems' site reveals the following (and other interesting specs):
Based on Fedora Core 2
Linux kernel 2.6.6 with performance optimized Orion drivers
Slashdot Mirror
Not strictly true. "WinSxS" is short for "Windows Side-by-Side" which according to my research over the last few days is a horrible hack to try and allow different apps to use different versions of the same DLL on the same system. So, suppose we have three versions of the DLL; v1 and v2 are vulnerable, v3 is not. Windows comes with v2, but I install a graphics viewer that requires and installs v1 as part of its install - v1 goes into "WinSxS". When I install the MS patch, the vulnerable v2 version is replaced with the secure v3 and MS tells me all is well, but if I open a bad JPEG with my graphics viewer, it loads the v1 DLL and my PC belongs to someone else.
I'm guessing that only the application that installed them there can actually call them since their appears to be a serial number in the folder name. Certainly that *specific* version of the DLL would need to be in use to be exploited, but I'm not sure whether it is possible for a malicious web app to seek out and deliberately call a vulnerable version of a DLL stored under WinSxS.
At the moment, I see two options to resolve this issue, other than simply relying on my virus scanner.
I don't consider either of these a satisfactory solution to the problem, quite frankly, and I think that Microsoft needs to address this issue PFQ.
Yes it has. Unfortunately like many Microsoft patches it gives you a nice fuzzy sense of false security. According to Microsoft, I'm nice and safe, but according to Tom Liston's GDIScanner and a quick perusal of the file versions, I'm quite possibly not. Fortunately my virusscanner *does* seem to pick up on this, but that's no thanks to Microsoft.
Hell yes. Unlike with a raster image such as JPEG or PNG, the data from a camera sensor is most likely a Bayer array - alternating lines of Red/Green and Blue/Green sensors, rather than RGB triplets, so it's not so much RGB, as RGBG. (There are some varients/exceptions in the in sensors from Foveon, Fuji and Sony). There is also a lot of data specific to the exposure; duration, ISO, lens details, etc. which would need to be applied in camera before a raster image could be produced. With RAW, you can apply these settings after the event in Photoshop or whatever. Exposed the sky correctly, but got the ground off by a stop? No problem; "develop" the RAW twice and use the sky from one shot and the ground from the other for a much better result than "enhancing" the ground in an image editor.
Yes, you could have most of this with a tweaked version of PNG and a bunch of ID3 type tags (and maybe that's exactly what Adobe has done, I haven't looked at the file format yet). The main benefit though is to make it very easy for data exchange and solve the nightmare situation whereby each new sensor has it's own RAW format. The state of play at the moment is a nightmare for vendors like Adobe who need to update their software for almost every new high-end camera release. Likewise for the makers of those "digital photo stations" that are cropping up like Starbucks, or their little brethren; the printers you can plug a camera into directly. With a standard like DNG to support you gain the much larger colour gamut of the RAW format and more flexibility in tweaking the image for a better print.
Anyway, you can read the actual Adobe press release, or download a free (beer) DNG converter here to find out a little more.
Because my DSLR produces ~10MB RAW files with 12bit/hue colour resolution which convert into ~36MB 16bit/hue colour resolution TIFFs? Or how about that those TIFFs only have a fraction of the flexibility offered by the RAW versions in post processing. It should be obvious that you need 3x the storage space, but if you've got used to rattling off shots at a rate of several a second, expect that to get slashed too.
One of those digital photoframes to display the pictures from your kitecam. The panoramas... the approaching ground... the horrified expression on the face of a soon to be ex-digicam owner...
In the US? The FBI I think; it's wire fraud which is a very serious offence and the foreign bank account angle takes it out of the jurisdiction of local/state police. I've been peripherally involved with something like this in the UK where the National High Tech Crime Unit got involved; the important things are not to panic and to contact the authorities immediately so they can do their thing.
In my instance, the NHTCU took care of contacting the banks responsible for the various credit cards and everything, or at least passed the information along to the relevent organisation(s). I gather most of the banks simply issued a new credit card without making a fuss or the customer aware of the real reason for that matter. And yes, the perps got busted - or more accurately got stung due to the combination of information recovered from the compromised box and a few "creative" emails written by the NHTCU.
Or, if you prefer plain HTML and JPEGs, the BBC has a summary of the major and more contentious issues here.
There are several possible outcomes from an SPF query, and given the adoption by spammers I've taken to doing a reject on a hard failure and not scoring the rest at all. Once I've got a few hundred emails in each contingency I'll calculate the ratios and assign SpamAssassin some apropriate scores. At the moment, I see four possibilities for this;
A hard fail
A hard success ("-all" present)
A soft success ("-all" absent, or some other open ended SPF record)
SPF is absent
Depending on how spammers continue to implement SPF, I think it's very likely that only the first one is going to be a serious indicator, but that's fine because that's enough to kill Joe-Jobs.
It's not too late for Microsoft to change their mind, relax the license terms and waive any patent issues to get Sender-ID accepted. Their problem is that they need to do so quickly or they will be trying to push a proprietary standard onto a group that have already stated they don't want to know and will not implement it. Also, standard or not, adoption of Classic-SPF is proceeding apace and is already functional in most FOSS MTAs and anti-spam systems - for a lot of people the herd mentality is all that applies in selecting a solution.
Actually, while "starving" is probably not accurate, several of the reports from back in May did make mention of Sven claiming his motivation was to drum up business for his mother's PC Help business.
Not at all. Since it doesn't say what level of compression was used on the one hour of video, I think it's reasonable to assume it's the one with the most. If so, and the thing can store 709 hours of video in 400GB, then that's just over half a GB of data, or about 10MB/s.
Equipped with two TV tuners, the DMR-E330H and DMR-E220H can record alternate television programs simultaneously onto the hard disk drive.
Meanwhile, the article a little light on the two details that matter most; "how much?" and "where from?". Anyone?
As the law stands now, companies try and remain ignorant of any patents filed by their competitors, thus (in theory) minimising their liability while enabling business as usual. The contingency plan in the event of being accused of patent infringement seems to be to be one of trying to fight the patent first, and if that looks like failing enter into a cross licensing deal with your own patent portfolio. Given that stance, even if patents are open for public review prior to approval, I doubt many companies would be willing to review and submit challenges if doing so might negate their claim to ignorance in the process. Sure, they might get patent application X annulled, but if they are found to be infringing upon approved patent application Y then they are going to find it much harder to show they were unaware if they are demonstrably reviewing patents.
The current situation with patents at the USPTO has gotten way too far out of hand, probably so much so that recovery isn't likely to happen no matter what is done. Even so, it's going to be better to at least make an attempt at reigning things back in than doing nothing at all, but I don't think that patent lawyers raking in the dollars are going to be too happy with that idea...
Gah! I meant "not to discard" of course...
It doesn't take much digging to find out. The ASF is still supporting Meng Wong's "Classic SPF" via a plugin in SpamAssassin, I'd assume something similar will apply to JAMES. I don't see any licensing concerns that would stop Debian and the rest adopting a similar stance. Also, since Classic SPF is appears to be gaining momentum at a considerable rate, even if it is most by spammers, it would be sensible to discard all that effort in the official standard.
I have to admit, I'm in two minds about this. On the one hand it's long overdue for Microsoft to be seriously given the finger by a collective group that it is unlikely to be able to bully or "embrace and extend" around. On the other, Sender-ID does seem to be the most sophisticated of the sender validation technologies proposed to the MARID group at the IETF, it would be a shame to lose it to corporate greed if Microsoft doesn't resolve the patent issues soon.
If you've castrated the spammer properly, shouldn't that have been "fuckee" and not "fucker"? ;)
Sorry, but you are wrong on the first count. SPF does absolutely nothing to stop a spammer from either:
What SPF will do, if enough people and ISPs in particular implement it, is help prevent spammers (and mass mailing worms etc.) from using domains they do not directly own - as you say. Even so, that is still dependant on the ISPs etc. handling SPF failures properly and not generating a bounce message. Given how many people who should know better quite happily send a bounce when their email virus scanner detects an trojan *known* to spoof the sender, I'm not holding my breath.
And no, I'm not opposed to SPF; all my domains have had SPF records for months, and they all have the "-all" flag in them too. Every little helps, as anyone who has been the victim of a Joe Job can testify.
Nope, sorry. It benefits anyone that owns a domain that is used for mail, more so infact than it does the big operators of email services. A friend of mine is currently being Joe Jobbed on her personal domain; adding an SPF entry made a significant impact on the number of bounce messages she is getting. SPF will not really do much to stop spam; the spammers can always use disposable domains or the domain of who ever's PC is being used as a spambot. It does however have the potential to prevent people's domains being hijaaked by spammers.
While it's still not certain whether a similar jump might be made in the case of the MD5 and SHA-1 hashing algorithms, you can bet that a lot of crypto people are looking. What's that OSS saying about many eyes making flaws shallow again? Even if there is a fatal flaw though, I doubt it's not going to be the show stopper for hashes some people seem to think; you just use more of them. RPM supports DSA, SHA1, MD5 *and* GPG checksums for example, even if all four algorithms were broken, I doubt there is a method for generating an equivalent file that matches all four checksums at the same time.
You should probably check out the product description anyway though; there are some quite interesting hardware design decisions in there!
So I think they know the difference at least...