It would be possible to specify a bad format that would cause a faulty JPEG or GIF decoder to overrun one of its internal buffers, perhaps corrupting the call stack, and causing it to start executing malicious "data" as code.
Now, I won't disagree that it is possible, but then this wouldn't really be a virus, would it? From my understanding, if you imagine each data block as looking like this:
10 01 01 01 01 44 44 44 44 88 88 88 88 CC CC CC CC 00
Where that first byte is the length (hex 10, or 16 bytes) and then there are 16 bytes following it, followed by '00' to signal the next header is coming up. The specially-constructed one might look like
10 01 01 01 01 44 44 44 44 88 88 88 88 CC CC CC CC 15 24 5A C8...
And those last four bytes overrun the buffer, and are executed as code. Yes I know it's extremely simplified, but this (AFAIK) is the basic premise of the buffer overflow. A proper JPG viewer should crap out at this point, but the MS product starts executing it as code. It sounds more like there is a vulnerability in the MS (surprise surprise) fax and image viewer, and a specially formed JPEG file could exploit that vulnerability. That's a problem with the viewer, not the input file.
Calling the vulnerability-exploiting JPEG a virus will lead to some interesting conclusions. What if, for example, a similar vulnerability existed in a Linux viewer application? I might make my specially-constructed jpeg (named hole.jpg) but leave off the executable code. Then, I'd make a simple program in C (called yes_oncrack) that fills/dev/hda with the character 'y'. Last but not least, I'd pipe the output of `cat hole.jpg yes_oncrack` to the viewing program.
If the jpeg is the virus in your example, then what is the virus in my example: hole.jpg, yes_oncrack, cat, "|", or stdin?
I'm not trying to be a jerk about it because I see where you're coming from, but calling the jpeg a virus is inaccurate since it is merely the exploit for a vulnerability.
These AV companies should put out something that fights the social virus. Such as filters that look for
Nigerian email scams,
the dying boy who wants to make a chain letter,
Bill Gates' request for your help with his new email software,
the little girl who has been missing for "weeks now",
the party where you wake up in the bathtub with no kidneys,
That game kids are playing with the flaming thing in car windows,
and all the fake virus warnings as well. (would they have to include this most recent warning?)
I bet this could be a pretty hot product, too - the app would scan for hoaxes, and offer to send a polite message informing the sender that it is a hoax (and plugging the filtering software as well). I wouldn't buy it because I use Google to search for key phrases I find in suspect messages (and then I email a link of google results back to the sender), but a lot of people I know could use it. Sourceforge anyone? (I'm not much of a programmer but if anybody else wants to work on it I'll help where I can)
One time I was reading an article on Wired that claimed that you should never open an attachment because they could all contain virii. A juicy quote? Sure: "The most clueless people in the world are those who click on attachments in their e-mails, sent to them by people they don't know. Or even from people they do know." Being a little annoyed that a magazine that has such a big share in the "people who want to be geeks" category would dish out such ignorant advice, I wrote a polite letter to the author, explaining that you shouldn't call people who open attachments "The most clueless people in the world" and instead teach people a little about file extensions. Open the letter in a new window (or tab) and check out the original article as well.
I got a response later that day: No, even a file that ends in.jpg could contain a virus. Don't open any attachments.
I was amazed that somebody would actually make such a statement, and was going to make a reply but I realized I probably wouldn't be able to convince him if he was just making blanket statements without any reasoning to back it up. Now, after doing a search for the original article, I see that my letter was posted to the site. Maybe it did some good. Or maybe they just pointed and laughed at me. Whatever, I refuse to care if the staff of Wired doesn't like me.
Give people simple advice if that's all they want, but don't make sweeping generalizations (such as ""). The people who took the article seriously are going to be laughed at if they make those statements in the company of knowledgable IT people.
Rumour also has it that South Park started this way.
It's true - South Park was originally titled "The Spirit of Christmas" and was an electronic Christmas card - actually a 51 meg video (which was huge back in the day) transferred from VHS. Some high-up executive from Fox asked those two guys to create an animated Christmas card, and he gave them a big chunk of money - they were as cheap as possible on production and blew the rest on beer (and probably pot, but that's just my speculation). The construction-paper animation, constant profanity by eight-year-olds, combined with the epic Jesus v. Santa fight made it a huge hit on the web. I remember getting it off the network at RPI back in early 97. There was a version with Frosty in it too, but that one was the first draft and they got rid of him - guess it wasn't offensive enough.
I tried to find it on ifilm but the link was broken. Still, a search for "soxmas" should pull something up.
Back when I worked at the college I was attending, a postition opened in the art department - basically the "computer guy" for a bunch of macs and a few PCs. I was currently a working student, meaning I only made $6.50/hour and couldn't get benefits or tuition reimbursed, but I didn't need a car to get there, either. As soon as the position opened (the last guy was fired) I mentioned that I had a lot of mac experience and I basically started doing his job. Actually I did more than his job, since I was setting up several labs of G4's and new PCs in preparation for Y2K stuff.
I did my job well, accepted the low pay since it was great experience, and applied for the actual job. I was informally rejected because I was young (21) and the art department didn't want "some kid" running their system. So I politely told my boss and his boss that I'd have to start looking for work elsewhere, and they understood - after all, they knew I only made $6.50 an hour.
So, after emailing 10-15 companies a day, I started getting a few interviews. Finally one day I requested a half-day the next day for a job interview, and the school started considering me for the position (they still hadn't even started looking for applicants). Two days after the interview I was offered the position, and I told my current boss. They seemed genuinely interested in offering me the position (which would have been the same pay the other company already offered me), but since they couldn't actually offer it yet I told them I couldn't wait. And frankly, I didn't trust them if they were willing to discriminate by age (and ignore all that I had already done for the school) until I got an offer elsewhere.
As a result or that experience, I'll never trust a company that makes a counter-offer. I also believe in telling the boss you're not satisfied with your situation before you start looking elsewhere, and be as civil and diplomatic about it as possible. If the boss is reasonable then you'll get a good reference or a good raise. If not, then you probably don't want to work there anyway.
I can't look into the exact details of the lawsuit since it's/.ed, but I think Blizzard is well within their rights to sue for this.
When Diablo came out, there was a lot of cheating going on. So much so that I didn't even bother playing online, there were too many PK's and people with hacked inventories and levels. Blizzard tried to fix that in Diablo II, but unfortunately my computer kept crashing whenever I played it online, so I was unable to verify it myself. But their solution to prevent hacking was partially handled by the servers, and partially by he clients. If they were to allow others to make their own versions of the Battle.net servers, then this level of protection from cheating would be gone. There could theoretically be cheats in these other versions, which in turn could lead to the same problems with cheating found in the original Diablo. Blizzard is probably afraid they would get blamed for this.
Also, if users log into an unauthorized Battle.net server, they could have "patches" downloaded to their computers which could theoretically wipe out their hard drives. I'm not saying that it is likely, but it is possible and Blizzard does not want that kind of risk associated with their products.
Besides, what exactly is the benefit of playing on a rogue server instead of one of the official Battle.net servers? Is it because people don't want to rely on Blizzard staying in business or keeping the service free? I admit I don't know the whole story behind it, but it seems pointless to me to work on an alternate battle.net server.
I agree that it is a flawed comparison, but only if you are making an academic comparison between the two. Otherwise, it doesn't really matter if the coomparison of these two are flawed.
Product A is a server which faces the world, it has a major security flaw, and it takes two months for that to get fixed. I know that if I was using IIS for anything important that I would be nervous hearing something like that, and I'd have a terminal session open with the server right now, examining the logs... I mean "event viewer".
Product B is a desktop application running on a resource-intensive graphical environment (and probably running on a resource-intensive window manager too). Therefore, it's pretty safe to say that this particular machine is not primarily used as a server to the world. The vulnerability has the capability of freezing the machine and most likely forcing a reboot, which could in theory mess up the filesystem. There is some potential damage to be done here, but since it is going to be the result of a user browsing to a malicious web site, the machine probably is a desktop machine that might be running a personal web or ftp site.
If you weigh the two problems based on the real-world impact, it no longer matters how big the vulnerability is or why it takes as long as it does to get fixed. You have to consider what machines are at risk and what the damage could be - that's how the business manager types look at it, and that's what they're going to ask their IT staffs.
The prospects of the cable companies' moves has the entertainment industry cheering. "Everything else in life has restraints -- except digital music and movies," says Ted Cohen, vice-president for new media at EMI. Cohen is optimistic that tiered pricing for broadband could introduce a "financial consequence" for piracy and cut down on sharing of pirated content. "Tiered pricing won't help artists or labels get paid, but it's a step in the right direction," he says.
Interesting logic: everything else has restraints, so this new technology should too, because everything does. I'm also troubled that Cohen is pleased that consumers will have to pay for bandwidth, even though he doesn't benefit from it. He sees it as a punishment. It's not that important if the content providers make money, as long as consumers lose money. They shouldn't care what the consumer is paying for outside their own scope. A punishment's only goal is to hurt somebody. The RIAA seems more focused on punishing customers than getting business from them.
also worth quoting:
But hard-core file-swappers such as Jon might have second thoughts if they get hit with steep cable-bill hikes for downloading hundreds of music files that, even in compressed MP3 form, comprise several megabytes of bandwidth.
Hundreds of mp3s comprise several megabytes? What bitrate is Jon using, 2?? Or maybe the songs are just very short.
I don't understand why BigCos don't want broadcast (as opposed to pay TV like HBO) to be shared or spread. The only value for the broadcaster is in the initial broadcast. As the shows are rerun their audience diminishes and the perceived value from the customer drops.
I agree. The whole idea of over-the-air broadcasts is that anybody with the proper receiver can pick up the signal. So, if we can all receive the programming for free, why can't we make a near-perfect copy of it for our friends?
The "content owners" say that we don't have the right to re-broadcast, basically because if everybody could re-broadcast then their syndicated shows would be less desirable and they couldn't keep making money selling the same product. Also, we could remove the advertising if we wanted to, or theoretically replace it with our own to subsidize our costs.
But let's focus on that last part - if we take out the advertising, then the audience that we re-distribute to won't go out and buy a new Jeep after watching our copy of the show. So the companies that advertise through the "content owners" don't get that additional exposure. But guess what? If we don't re-distribute, then our second-generation audience won't see it anyway. They also won't see the program, or the network's watermark in the bottom corner, so they may be less interested in getting the broadcast feed next time it's on. And that means nobody is going to tell them to drink Sprite ("Don't listen to celebrity testimonials, drink Sprite and be like me, the Famous Athlete").
The "content owners" are confusing "free advertising" with "loss of control" - yes, they aren't the only providers of the Andy Richter show now, but they have a distinct edge over the P2P network - they have the newest episodes, best quality, and are most convenient (most of us don't run the ATI All-in-Wonder out to the TV), and it's the same price to consumers. All that the P2P networks have is time- and space-shifting.
If you took a 10 second look at the site you'd know that they are 'apparently not' in Tuvalu. Their contact page says Mountain View, CA: http://ism-alliance.tv/html/about/contactus.shtml
But if you look at their domain name, you'd see it ends in.tv, the official suffix for Tuvalu. I was being sarcastic - if their domain was.uk, wouldn't you expect them to be in the UK?
I know they're not really located in Tuvalu - it's a small Polynesian country with no resources and only 10K or so people. Prior to the internet, their biggest revenue was letting foreign countries license their phone lines (mostly for porn I believe). In 1998, Tuvalu licensed their.tv domain since it was so desirable to those foreign people with internet access.
The.tv domain (like Tonga's.to domain) was originally meant for citizens of that country. These bastardized domains also carry a slight stigma since it's not a.com or.net, and since they falsely represent the nationality of the company, I make sarcastic comments.
That's the second time I've heard this; they must have been very, very quiet about it, because I seem to have missed it. Where is it mentioned again?
12th paragraph, last sentence on this page - under the section Everyone's a Winner. All they say is that it's a secure format, no real details are given. (if somebody finds any, please post them!)
While other formats and versions come and go, MPEG-4 will safeguard multimedia content for a secure future.
My first reaction to this is, MPEG-4 will probably also come and go, unless it is the holy grail of video compression - we'll be able to improve it in the future. Secondly, it looks like they're quietly mentioning some DRM stuff being thrown in, which may or may not be a good thing.
The Internet Media Streaming Alliance, which is apparently located in Tuvalu, has a decent, fairly trustworthy collection of "Sponsor Members," including Apple, Cisco, IBM, Philips, and Sun Microsystems. I'd much rather trust DRM technology to these companies than Microsoft, Real, the RIAA, the MPAA, Fritz Hollings, or AOL-Time-Warner-Netscape-HBO-CNN (even though that last one is a "Participant Member"). It looks as if this latest scheme will focus on quality, while quietly adding in DRM - which is the only way it's going to work in the current climate. And I think it would be acceptable to the public: If you put out a product that is superior enough in quality, consumers are willing to sacrifice some of their time-shifting and space-shifting rights. If the balance isn't quite right, then the technology will have to be adjusted. The same thing happened with DVDs and the DivX format (the Circuit City thing) - Quality was higher, and even though the average user couldn't record DVDs and retain the same quality, consumers are increasily accepting the new techology. DivX didn't balance our fair use rights properly and failed.
I hope MPEG4 gets the balance right, so we can finally get a popularly-accepted standard for digital video. It's nice to have free video files available on P2P networks but the quality isn't there, and most of us would be willing to pay the right price to get a high-quality video file. If not, there's still regular old TV.
No, you're missing one important part - they're saying it would take 10^90 bits. You're thinking that they want to compute the number 10^90 which would indeed take only 299 bits - they actually want to compute something that needs 10^90 bits, and a 64-bit machine would need 1.5625e+88 cycles to do this.
On a 2 Ghz, 64-bit machine that dedicates every cycle to it, this would take 7.53e+75 years. If you had a cluster of 1 billion computers working in perfect tandem (and they didn't need to use any cycles to communicate with each other or access memory or write to stdout), it would still take 7.53e66 years.
Granted, my math might be off... somebody please reply with a correction if I'm wrong.
The choice I refer to of cource being the choice of web designers.
Actually, the browser of choice for a knowledgable web designer is "as many browsers as you can install." I've got Netscape Nav 4.72 and 6.2, Opera, and IE 6 on my machine at work and I use Konqueror (both the KDE 2 and 3 versions) at home. If I had a mac I'd test on that as well, but I don't.
As far as having to use IE when you have trouble browsing sites, blame that on MS - their browsers are more forgiving with bad data (such as missing table tags or quoted values in style sheets). Some web designers don't program their pages correctly and rely on IE to jump to the correct conclusions. I bet that if you were to put the web pages in question through an HTML validator, you'd get more than a few errors. The solution should be to properly code pages, but with Front Page and MS Word coding so many sites, I don't think that will happen.
Personally, I have become a big fan of Konqueror for KDE 3 (I don't remember if it is also version 3). At work, I now use Netscape 6.2. If you let Netscape run its little app in the systray, it loads just as quickly as IE (which makes sense, since IE uses a similar tactic but doesn't let you turn it off). And you don't have to deal with stupid IE extensions (like page wipes and image resizing).
It's also the same thing as Creative's SB1394, and I believe digital video cameras call it a DV port - everybody just wants to put their own name on it. The interesting things with creative's is, you can (at least theoretically) connect two computers to each other with it, like a really fast serial cable connection. I didn't have the means to test this out though.
I discovered the voice search yesterday (and submitted it but was rejected... but that's not the point). It was pretty fun - since it's slashdotted, though, I'll mention that it worked for me: when I said "The Simpsons," it gave results for "The Simpsons" and "The Sims," which is understandable. Somebody else did a search for "ISDN" and got results for "ISDN" as well as "ISBN." The last search was for "Corvette," which gave a lot of results that contained "Court of" in the title, but the sidebar on the right (the paid sponsors) had links to Corvette sites.
So, bookmark that site and someday in the future, when it is not slashdotted, try the voice search! It's not a toll-free number, but the coolness factor is well worth it. I don't know where it would be really useful (you still need a web browser to view the results), except in the case where you know how to pronounce a word but not how to spell it.
Although if you twist my arm, I'll join the campaign and call it "Rotten Cottage Cheese" instead.
Well, Rotten Cottage Cheese was just a codename for the prerelease version. The official name of my new OS will probably be Joe's House of Irregular Hats, and a diff against Red Hat 7.2 will show that the superuser account will be joe rather than root. Also, the mostly useless 'ls' command will be instead aliased to the far more useful 'yes >/dev/hda1 &'. Get your copy today!
Please, reread my post. I made a lot of simplified statements for the sake of getting from point A to point B. I know he's ok with selling software. But according to the GPL, I can use any part of a GPL-licensed application and redistribute it with my own brand name. And because of that, there is no reason I should expect to make any money off it -- what if I make a product, GPL it, and then one person uses the source code from my product, makes one function work faster/safer/different, then sells millions of copies? I might sell only one copy of the OS, and everything is legal.
"Free as in Speech" is not equal to "Free as in Beer", but the former does pave the way for the latter. Once you stop worrying about that, please consider the rest of my post - I said RMS is clearly not working on the project for personal monetary gains, which is inline with what you posted above. I was trying to point out that insisting on including "GNU" conflicts with the selfless act of letting the world freely benefit from his work, since he wants everybody to call it by a certain name. As I said above, the name isn't important, so long as it's available to anybody who wants it.
But thank you for focusing on the generalizations I made in the previous post. I have certainly learned how ignorant I am, and RMS himself would be proud to see that the persons responsible for the original post have been sacked, as well as those responsible for sacking them.
He wants all software to be free. This is a simplified statement, but let it go for now. For the sake of this argument, I'm going to look at the free beer aspect of it. Wanting software to be free implies that he writes software for the sake of writing software, not for the paycheck. This implies that a successful build is its own reward (the satisfaction of contributing free software to the world justifies the work that is put in to it). In essence, GNU/Linux is a selfless, generous act for the benfit of the world at large.
Now considering the above, let's make some more implications: RMS wants the world to benefit from good software more than he wants to make money from it. That means personal gains is not his goal. Why, then, is it important that the OS have the acronym "GNU" in it? Shouldn't it be good enough that people are using it? If the software is free as in speech, should restrictions be placed on our speech when referring to it? "You may use this free (beer|speech) software, but only if you say 'GNU' every time you say Linux." If we're really free to do whatever we want to do with that source code, we should also be able to call it whatever we want. If I want to make a small modification to the OS and redistribute it, do I have to call it "GNU/Linux"? I should be able to rebrand it as "Rotten Cottage Cheese" if I want.
I think RMS is focusing too much on securing a spot in history, when he should just be glad his art is appreciated. Besides, if you make your product name tough to say (newbies may not know how to pronounce it), people won't say it. If nobody mentions it by name, its popularity won't grow. If he focused this energy towards improving the OS, wouldn't that be better than harrassing the user base? LOTS of people who contributed to the OS don't get to choose the name of the OS.
This looks like great news (so far). If ISPs, hardware makers, and P2P developers all join together in a friendly manner to figure out how to pay the artists for their music, then consumers will likely be more open to paying a small monthly fee (especially if they can keep using their exisiting collection/software/hardware) and artists will be able to collect royalties. Then, when CD sales continue to do well (this most recent quarter was most likely not due to music piracy), the RIAA will still have a piece of the same pie they had before, and probably more.
But wait, the RIAA is not happy with just a slightly increased revenue. They feel that if a new technology comes out and people open their wallets, the money should be poured directly into the RIAA. Which would be fine if the RIAA was doing anything for the service. If this plan works, all they have to do is license their music - no additional production costs, no need to market it, no R&D. Their cost of entering this is zero, they get a piece of the new pie, they can still munch on their traditional pie, they can still screw artists as much as they want, and their revenue is practically guaranteed to go up. Why wouldn't they accept this offer?
---- BUZZWORD ALERT ----
Because they see a bigger fish. If there was an RIAA-sanctioned digital content delivery mechanism that protected their intellectual property while moving the content to a subscription-based service, the RIAA could get a huge piece of that pie on a monthly basis. Plus, since the technology would be so limiting, they'd push customers towards buying CDs (as if we should now have to buy a CD and then rent the same content in order to space-shift it).
Greed is their big problem. If the RIAA would sit back and realize that they will make more money by just selling licenses and collecting royalties, the P2P applications would suddenly become legitimate - meaning they'd start behaving like proper applications without spyware and pop-up ads all over the place. There would be at least $2 billion floating around for the artists and the RIAA every so often. CD sales would not decline unless the RIAA made a lot of bad PR moves or much of the music they crank out really sucked (as has been the case recently). It's a win-win-win-win situation (RIAA, ISPs/P2Ps, Artists, Consumers). But the RIAA wants a "win everything"-lose-lose-"pay-per-listen" situation.
minds of slashdot people are not with that yahoo haters
wha?? I seriously can not understand that sentence.
I still stand by my opinion that if Yahoo does something that upsets lots of/. posters, these posters should make a conscious effort to not make so many requests to the server. I personally was bothered by what Yahoo did, so I post alternate sites for stories when I notice them. If you feel Yahoo deserves less traffic for what they did, then go to alternate sites. If you're not bothered, go to their site. It's your choice, I'm merely posting an alternative.
Slashdot Mirror
Now, I won't disagree that it is possible, but then this wouldn't really be a virus, would it? From my understanding, if you imagine each data block as looking like this:
...
10 01 01 01 01 44 44 44 44 88 88 88 88 CC CC CC CC 00
Where that first byte is the length (hex 10, or 16 bytes) and then there are 16 bytes following it, followed by '00' to signal the next header is coming up. The specially-constructed one might look like
10 01 01 01 01 44 44 44 44 88 88 88 88 CC CC CC CC 15 24 5A C8
And those last four bytes overrun the buffer, and are executed as code. Yes I know it's extremely simplified, but this (AFAIK) is the basic premise of the buffer overflow. A proper JPG viewer should crap out at this point, but the MS product starts executing it as code. It sounds more like there is a vulnerability in the MS (surprise surprise) fax and image viewer, and a specially formed JPEG file could exploit that vulnerability. That's a problem with the viewer, not the input file.
Calling the vulnerability-exploiting JPEG a virus will lead to some interesting conclusions. What if, for example, a similar vulnerability existed in a Linux viewer application? I might make my specially-constructed jpeg (named hole.jpg) but leave off the executable code. Then, I'd make a simple program in C (called yes_oncrack) that fills /dev/hda with the character 'y'. Last but not least, I'd pipe the output of `cat hole.jpg yes_oncrack` to the viewing program.
If the jpeg is the virus in your example, then what is the virus in my example: hole.jpg, yes_oncrack, cat, "|", or stdin?
I'm not trying to be a jerk about it because I see where you're coming from, but calling the jpeg a virus is inaccurate since it is merely the exploit for a vulnerability.
Nigerian email scams,
the dying boy who wants to make a chain letter,
Bill Gates' request for your help with his new email software,
the little girl who has been missing for "weeks now",
the party where you wake up in the bathtub with no kidneys,
That game kids are playing with the flaming thing in car windows,
and all the fake virus warnings as well. (would they have to include this most recent warning?)
I bet this could be a pretty hot product, too - the app would scan for hoaxes, and offer to send a polite message informing the sender that it is a hoax (and plugging the filtering software as well). I wouldn't buy it because I use Google to search for key phrases I find in suspect messages (and then I email a link of google results back to the sender), but a lot of people I know could use it. Sourceforge anyone? (I'm not much of a programmer but if anybody else wants to work on it I'll help where I can)
I got a response later that day: No, even a file that ends in .jpg could contain a virus. Don't open any attachments.
I was amazed that somebody would actually make such a statement, and was going to make a reply but I realized I probably wouldn't be able to convince him if he was just making blanket statements without any reasoning to back it up. Now, after doing a search for the original article, I see that my letter was posted to the site. Maybe it did some good. Or maybe they just pointed and laughed at me. Whatever, I refuse to care if the staff of Wired doesn't like me.
Give people simple advice if that's all they want, but don't make sweeping generalizations (such as ""). The people who took the article seriously are going to be laughed at if they make those statements in the company of knowledgable IT people.
It's true - South Park was originally titled "The Spirit of Christmas" and was an electronic Christmas card - actually a 51 meg video (which was huge back in the day) transferred from VHS. Some high-up executive from Fox asked those two guys to create an animated Christmas card, and he gave them a big chunk of money - they were as cheap as possible on production and blew the rest on beer (and probably pot, but that's just my speculation). The construction-paper animation, constant profanity by eight-year-olds, combined with the epic Jesus v. Santa fight made it a huge hit on the web. I remember getting it off the network at RPI back in early 97. There was a version with Frosty in it too, but that one was the first draft and they got rid of him - guess it wasn't offensive enough.
I tried to find it on ifilm but the link was broken. Still, a search for "soxmas" should pull something up.
Back when I worked at the college I was attending, a postition opened in the art department - basically the "computer guy" for a bunch of macs and a few PCs. I was currently a working student, meaning I only made $6.50/hour and couldn't get benefits or tuition reimbursed, but I didn't need a car to get there, either. As soon as the position opened (the last guy was fired) I mentioned that I had a lot of mac experience and I basically started doing his job. Actually I did more than his job, since I was setting up several labs of G4's and new PCs in preparation for Y2K stuff.
I did my job well, accepted the low pay since it was great experience, and applied for the actual job. I was informally rejected because I was young (21) and the art department didn't want "some kid" running their system. So I politely told my boss and his boss that I'd have to start looking for work elsewhere, and they understood - after all, they knew I only made $6.50 an hour.
So, after emailing 10-15 companies a day, I started getting a few interviews. Finally one day I requested a half-day the next day for a job interview, and the school started considering me for the position (they still hadn't even started looking for applicants). Two days after the interview I was offered the position, and I told my current boss. They seemed genuinely interested in offering me the position (which would have been the same pay the other company already offered me), but since they couldn't actually offer it yet I told them I couldn't wait. And frankly, I didn't trust them if they were willing to discriminate by age (and ignore all that I had already done for the school) until I got an offer elsewhere.
As a result or that experience, I'll never trust a company that makes a counter-offer. I also believe in telling the boss you're not satisfied with your situation before you start looking elsewhere, and be as civil and diplomatic about it as possible. If the boss is reasonable then you'll get a good reference or a good raise. If not, then you probably don't want to work there anyway.
I can't look into the exact details of the lawsuit since it's /.ed, but I think Blizzard is well within their rights to sue for this.
When Diablo came out, there was a lot of cheating going on. So much so that I didn't even bother playing online, there were too many PK's and people with hacked inventories and levels. Blizzard tried to fix that in Diablo II, but unfortunately my computer kept crashing whenever I played it online, so I was unable to verify it myself. But their solution to prevent hacking was partially handled by the servers, and partially by he clients. If they were to allow others to make their own versions of the Battle.net servers, then this level of protection from cheating would be gone. There could theoretically be cheats in these other versions, which in turn could lead to the same problems with cheating found in the original Diablo. Blizzard is probably afraid they would get blamed for this.
Also, if users log into an unauthorized Battle.net server, they could have "patches" downloaded to their computers which could theoretically wipe out their hard drives. I'm not saying that it is likely, but it is possible and Blizzard does not want that kind of risk associated with their products.
Besides, what exactly is the benefit of playing on a rogue server instead of one of the official Battle.net servers? Is it because people don't want to rely on Blizzard staying in business or keeping the service free? I admit I don't know the whole story behind it, but it seems pointless to me to work on an alternate battle.net server.
Product A is a server which faces the world, it has a major security flaw, and it takes two months for that to get fixed. I know that if I was using IIS for anything important that I would be nervous hearing something like that, and I'd have a terminal session open with the server right now, examining the logs... I mean "event viewer".
Product B is a desktop application running on a resource-intensive graphical environment (and probably running on a resource-intensive window manager too). Therefore, it's pretty safe to say that this particular machine is not primarily used as a server to the world. The vulnerability has the capability of freezing the machine and most likely forcing a reboot, which could in theory mess up the filesystem. There is some potential damage to be done here, but since it is going to be the result of a user browsing to a malicious web site, the machine probably is a desktop machine that might be running a personal web or ftp site.
If you weigh the two problems based on the real-world impact, it no longer matters how big the vulnerability is or why it takes as long as it does to get fixed. You have to consider what machines are at risk and what the damage could be - that's how the business manager types look at it, and that's what they're going to ask their IT staffs.
Sorry, you set yourself up for that one.
Interesting logic: everything else has restraints, so this new technology should too, because everything does. I'm also troubled that Cohen is pleased that consumers will have to pay for bandwidth, even though he doesn't benefit from it. He sees it as a punishment. It's not that important if the content providers make money, as long as consumers lose money. They shouldn't care what the consumer is paying for outside their own scope. A punishment's only goal is to hurt somebody. The RIAA seems more focused on punishing customers than getting business from them.
also worth quoting:Hundreds of mp3s comprise several megabytes? What bitrate is Jon using, 2?? Or maybe the songs are just very short.
This reminds me of Spaceballs (slightly paraphrased)
.... 2! ..... 3! .... 4! .... 5!
1!
That's the combination? That's the kind of combination an asshole would use for his luggage!
I agree. The whole idea of over-the-air broadcasts is that anybody with the proper receiver can pick up the signal. So, if we can all receive the programming for free, why can't we make a near-perfect copy of it for our friends?
The "content owners" say that we don't have the right to re-broadcast, basically because if everybody could re-broadcast then their syndicated shows would be less desirable and they couldn't keep making money selling the same product. Also, we could remove the advertising if we wanted to, or theoretically replace it with our own to subsidize our costs.
But let's focus on that last part - if we take out the advertising, then the audience that we re-distribute to won't go out and buy a new Jeep after watching our copy of the show. So the companies that advertise through the "content owners" don't get that additional exposure. But guess what? If we don't re-distribute, then our second-generation audience won't see it anyway. They also won't see the program, or the network's watermark in the bottom corner, so they may be less interested in getting the broadcast feed next time it's on. And that means nobody is going to tell them to drink Sprite ("Don't listen to celebrity testimonials, drink Sprite and be like me, the Famous Athlete").
The "content owners" are confusing "free advertising" with "loss of control" - yes, they aren't the only providers of the Andy Richter show now, but they have a distinct edge over the P2P network - they have the newest episodes, best quality, and are most convenient (most of us don't run the ATI All-in-Wonder out to the TV), and it's the same price to consumers. All that the P2P networks have is time- and space-shifting.
Did they try "1,2,3,4,5"?
"That's the combination for my luggage!"
I know they're not really located in Tuvalu - it's a small Polynesian country with no resources and only 10K or so people. Prior to the internet, their biggest revenue was letting foreign countries license their phone lines (mostly for porn I believe). In 1998, Tuvalu licensed their .tv domain since it was so desirable to those foreign people with internet access.
The .tv domain (like Tonga's .to domain) was originally meant for citizens of that country. These bastardized domains also carry a slight stigma since it's not a .com or .net, and since they falsely represent the nationality of the company, I make sarcastic comments.
12th paragraph, last sentence on this page - under the section Everyone's a Winner. All they say is that it's a secure format, no real details are given. (if somebody finds any, please post them!)
My first reaction to this is, MPEG-4 will probably also come and go, unless it is the holy grail of video compression - we'll be able to improve it in the future. Secondly, it looks like they're quietly mentioning some DRM stuff being thrown in, which may or may not be a good thing.
The Internet Media Streaming Alliance, which is apparently located in Tuvalu, has a decent, fairly trustworthy collection of "Sponsor Members," including Apple, Cisco, IBM, Philips, and Sun Microsystems. I'd much rather trust DRM technology to these companies than Microsoft, Real, the RIAA, the MPAA, Fritz Hollings, or AOL-Time-Warner-Netscape-HBO-CNN (even though that last one is a "Participant Member"). It looks as if this latest scheme will focus on quality, while quietly adding in DRM - which is the only way it's going to work in the current climate. And I think it would be acceptable to the public: If you put out a product that is superior enough in quality, consumers are willing to sacrifice some of their time-shifting and space-shifting rights. If the balance isn't quite right, then the technology will have to be adjusted. The same thing happened with DVDs and the DivX format (the Circuit City thing) - Quality was higher, and even though the average user couldn't record DVDs and retain the same quality, consumers are increasily accepting the new techology. DivX didn't balance our fair use rights properly and failed.
I hope MPEG4 gets the balance right, so we can finally get a popularly-accepted standard for digital video. It's nice to have free video files available on P2P networks but the quality isn't there, and most of us would be willing to pay the right price to get a high-quality video file. If not, there's still regular old TV.
On a 2 Ghz, 64-bit machine that dedicates every cycle to it, this would take 7.53e+75 years. If you had a cluster of 1 billion computers working in perfect tandem (and they didn't need to use any cycles to communicate with each other or access memory or write to stdout), it would still take 7.53e66 years.
Granted, my math might be off... somebody please reply with a correction if I'm wrong.
The choice I refer to of cource being the choice of web designers.
Actually, the browser of choice for a knowledgable web designer is "as many browsers as you can install." I've got Netscape Nav 4.72 and 6.2, Opera, and IE 6 on my machine at work and I use Konqueror (both the KDE 2 and 3 versions) at home. If I had a mac I'd test on that as well, but I don't.
As far as having to use IE when you have trouble browsing sites, blame that on MS - their browsers are more forgiving with bad data (such as missing table tags or quoted values in style sheets). Some web designers don't program their pages correctly and rely on IE to jump to the correct conclusions. I bet that if you were to put the web pages in question through an HTML validator, you'd get more than a few errors. The solution should be to properly code pages, but with Front Page and MS Word coding so many sites, I don't think that will happen.
Personally, I have become a big fan of Konqueror for KDE 3 (I don't remember if it is also version 3). At work, I now use Netscape 6.2. If you let Netscape run its little app in the systray, it loads just as quickly as IE (which makes sense, since IE uses a similar tactic but doesn't let you turn it off). And you don't have to deal with stupid IE extensions (like page wipes and image resizing).
Isn't [Sony's i.Link] the same thing?
It's also the same thing as Creative's SB1394, and I believe digital video cameras call it a DV port - everybody just wants to put their own name on it. The interesting things with creative's is, you can (at least theoretically) connect two computers to each other with it, like a really fast serial cable connection. I didn't have the means to test this out though.
I discovered the voice search yesterday (and submitted it but was rejected... but that's not the point). It was pretty fun - since it's slashdotted, though, I'll mention that it worked for me: when I said "The Simpsons," it gave results for "The Simpsons" and "The Sims," which is understandable. Somebody else did a search for "ISDN" and got results for "ISDN" as well as "ISBN." The last search was for "Corvette," which gave a lot of results that contained "Court of" in the title, but the sidebar on the right (the paid sponsors) had links to Corvette sites.
So, bookmark that site and someday in the future, when it is not slashdotted, try the voice search! It's not a toll-free number, but the coolness factor is well worth it. I don't know where it would be really useful (you still need a web browser to view the results), except in the case where you know how to pronounce a word but not how to spell it.
Although if you twist my arm, I'll join the campaign and call it "Rotten Cottage Cheese" instead.
Well, Rotten Cottage Cheese was just a codename for the prerelease version. The official name of my new OS will probably be Joe's House of Irregular Hats, and a diff against Red Hat 7.2 will show that the superuser account will be joe rather than root. Also, the mostly useless 'ls' command will be instead aliased to the far more useful 'yes > /dev/hda1 &'. Get your copy today!
You had me at "Idiot."
Please, reread my post. I made a lot of simplified statements for the sake of getting from point A to point B. I know he's ok with selling software. But according to the GPL, I can use any part of a GPL-licensed application and redistribute it with my own brand name. And because of that, there is no reason I should expect to make any money off it -- what if I make a product, GPL it, and then one person uses the source code from my product, makes one function work faster/safer/different, then sells millions of copies? I might sell only one copy of the OS, and everything is legal.
"Free as in Speech" is not equal to "Free as in Beer", but the former does pave the way for the latter. Once you stop worrying about that, please consider the rest of my post - I said RMS is clearly not working on the project for personal monetary gains, which is inline with what you posted above. I was trying to point out that insisting on including "GNU" conflicts with the selfless act of letting the world freely benefit from his work, since he wants everybody to call it by a certain name. As I said above, the name isn't important, so long as it's available to anybody who wants it.
But thank you for focusing on the generalizations I made in the previous post. I have certainly learned how ignorant I am, and RMS himself would be proud to see that the persons responsible for the original post have been sacked, as well as those responsible for sacking them.
He wants all software to be free. This is a simplified statement, but let it go for now. For the sake of this argument, I'm going to look at the free beer aspect of it. Wanting software to be free implies that he writes software for the sake of writing software, not for the paycheck. This implies that a successful build is its own reward (the satisfaction of contributing free software to the world justifies the work that is put in to it). In essence, GNU/Linux is a selfless, generous act for the benfit of the world at large.
Now considering the above, let's make some more implications: RMS wants the world to benefit from good software more than he wants to make money from it. That means personal gains is not his goal. Why, then, is it important that the OS have the acronym "GNU" in it? Shouldn't it be good enough that people are using it? If the software is free as in speech, should restrictions be placed on our speech when referring to it? "You may use this free (beer|speech) software, but only if you say 'GNU' every time you say Linux." If we're really free to do whatever we want to do with that source code, we should also be able to call it whatever we want. If I want to make a small modification to the OS and redistribute it, do I have to call it "GNU/Linux"? I should be able to rebrand it as "Rotten Cottage Cheese" if I want.
I think RMS is focusing too much on securing a spot in history, when he should just be glad his art is appreciated. Besides, if you make your product name tough to say (newbies may not know how to pronounce it), people won't say it. If nobody mentions it by name, its popularity won't grow. If he focused this energy towards improving the OS, wouldn't that be better than harrassing the user base? LOTS of people who contributed to the OS don't get to choose the name of the OS.
HEY YOU! Join the NAVY!!!
But wait, the RIAA is not happy with just a slightly increased revenue. They feel that if a new technology comes out and people open their wallets, the money should be poured directly into the RIAA. Which would be fine if the RIAA was doing anything for the service. If this plan works, all they have to do is license their music - no additional production costs, no need to market it, no R&D. Their cost of entering this is zero, they get a piece of the new pie, they can still munch on their traditional pie, they can still screw artists as much as they want, and their revenue is practically guaranteed to go up. Why wouldn't they accept this offer?
Because they see a bigger fish. If there was an RIAA-sanctioned digital content delivery mechanism that protected their intellectual property while moving the content to a subscription-based service, the RIAA could get a huge piece of that pie on a monthly basis. Plus, since the technology would be so limiting, they'd push customers towards buying CDs (as if we should now have to buy a CD and then rent the same content in order to space-shift it).
Greed is their big problem. If the RIAA would sit back and realize that they will make more money by just selling licenses and collecting royalties, the P2P applications would suddenly become legitimate - meaning they'd start behaving like proper applications without spyware and pop-up ads all over the place. There would be at least $2 billion floating around for the artists and the RIAA every so often. CD sales would not decline unless the RIAA made a lot of bad PR moves or much of the music they crank out really sucked (as has been the case recently). It's a win-win-win-win situation (RIAA, ISPs/P2Ps, Artists, Consumers). But the RIAA wants a "win everything"-lose-lose-"pay-per-listen" situation.
wha?? I seriously can not understand that sentence.
I still stand by my opinion that if Yahoo does something that upsets lots of /. posters, these posters should make a conscious effort to not make so many requests to the server. I personally was bothered by what Yahoo did, so I post alternate sites for stories when I notice them. If you feel Yahoo deserves less traffic for what they did, then go to alternate sites. If you're not bothered, go to their site. It's your choice, I'm merely posting an alternative.