Last time I read up on iris scanners they debunked the whole idea of someone stealing eyes to fool the scanner. It is really easy to see if an eye is alive because of how it reacts to light. I assume the same could easily be done for fingerprints -- detect the pulse in the thumb as you're taking the fingerprint. It's not 100% foolproof but it's probably more foolproof than looking at someone's driver's license to ascertain their identity.
Then out of protest, don't use "make xconfig" if you rebuild a kernel. That is done using "tkparse":
'scripts/tkparse' is a C program with an ad hoc parser which translates a Config Language script to a huge TCL/TK program. 'make xconfig' then hands this TCL/TK program to 'wish', which executes it.
Naah, remember this is Kalifornia. First there'd be a "grassroots" campaign by some wealthy "concerned citizen" trying to recall Kinkerbody. Then, as the recall attempt succeeds, Macho Hardbody (the movie star) would enter the race. The circus would ensue... but Winkerbody would never be impeached for hacking into the system. That's just far too simple for a democracy as advanced as Kalifornia.
Guess you've never had a prof give the class an unfinished textbook, so we could be the guinea pigs. I had that happen a lot actually. Instead of using a good textbook, off the shelf, we had to use a horrible, unfinished, badly written book the prof was currently writing.
I agree people will probably fall over if hit by a shotgun blast. I also agree that the person shooting it has to be standing in a position so they don't get knocked over by the recoil.
What I'm criticizing is the typical action movie shooting, where the person firing the shotgun is not braced, and doesn't get knocked back at all, and the person being hit is knocked off their feet, flying back 5m. Just because you might stumble for a few feet after being shot doesn't make it "small artistic license" to fly through the air for the same distance. The recoil from a gun is somewhat equivalent to a hard punch or kick. I don't think there's anybody who can punch someone 5 metres through the air.
As for the absorption of energy by the target, it's all about conservation of momentum. The fairly light fast moving bullet (or shot) hits a stationary target, and their total momentum when combined has to stay unchanged. It doesn't matter if the acceleration happens over a 1ns or 100ms timespan.
Especially when it comes to guns. Somehow someone standing straight up with a shotgun can make someone else fly back 5 metres, however they're not thrown back at all.
Open Range is a great, traditional-seeming western, that gets high marks for realism, until someone shoots a shotgun. Somehow this shotgun not only punches a hole in a wooden wall, it also throws the person it hits across an alley into another wall. The person firing the shot, on the other hand, seems to have no recoil to deal with.
Did this improve the movie? No. Did it distract me? Yes. Why do they do it? I just don't know.
Good points. I still don't think you should use the term "theft of service" for people who buy a TiVo and then don't subscribe. Avoidance of service, maybe, but not theft. How can it be theft if you're not buying or receiving something?
Anyhow, I think TiVo should have found a better balance with the Series 2 and beyond units. What they want is to make sure that nobody is going to casually avoid their service. It's pretty likely that no matter what happens, there will be somebody who will find a way to hack the device, and will do so. If it is hard enough, the average user won't do it. But if TiVo maintains a good relationship with the hacker community, it is unlikely that the people who figure out how to hack it will do something to endanger TiVo's business model.
It is this balance between not making them so easy to hack that anybody can do it, and still staying friendly with the hacker community that they should be trying to maintain. If they could make sure the only way to "hack" the device was to actually open it up and plop a hard drive into another computer, then that would probably have been enough. Most people won't risk violating their warranty to open up the unit.
If they didn't want to do this, another option would have been to release a "hacker's TiVo". One that they didn't sell at a loss, that was designed to be hackable. Even if the extra cost of that unit was more than the cost of a lifetime subscription, a lot of people would have gone for it if it meant they could have a fun unit to play with. I just don't think TiVo is willing to take the business risk to do this. It is to unconventional.
Instead, I predict it will be just like modchips and satellite cards. TiVo will crack down more on hackers, hackers will lose respect for them and stop restricting who can use what they develop, and the war will be on.
If there are TiVo people reading this forum (and I hope there are), think about what I said about the hackable TiVo. All you'd have to do is make it more expensive, and easier to hack. Easier to hack is important because that way nobody will have to figure out how to bypass the controls you put on the consumer TiVos, so that knowledge won't be shared. Sure, you'd still have people trying to hack to regular TiVos just for the challenge, but most technically savvy people would go for the developer option. This would also be a great way to make a profit from all the current and potential TiVo users outside the US and UK. And don't make the mistake that Sony made with the Playstation Linux kit. Don't restrict access to the hardware, or anything. Just make it a cool Linux based digital media device. Even if this new unit was only for sale in the US, I'm sure you'd see a lot more sales, and since the two groups (hackers and regular users) don't overlap much, it wouldn't cost much for your subscription service either. C'mon! Do it! It will work out!
Actually, if you read the article, you'll see that he mentions that when he talks about how their hardware is proprietary and they want to use closed drivers. The issue is the non GPLed kernel modules, if I read things correctly.
The TiVo Client Device is of necessity a closed system. As a service provider, we must prevent theft of service, so TiVo pays a great deal of attention to security of the device and resistance to hacking. Additionally, we sell the TCD at a price that provides a net margin to retailers, but no profit to us. Our profits come from providing service to each device over time, rather than from up-front costs.
I think it is interesting that TiVo says they pay a lot of attention to the security of the device. That is true now, but with the first TiVo devices, getting a BASH prompt on the device turned out to be relatively easy. On boot a menu was available on the serial port with a hardcoded password. Using that password you could make all kinds of changes to the way the machine started up.
He also metions talks about people getting around using the service. For years, the TiVo hacking community has known how to partially emulate the service by creating slice files and manually loading them onto the device. Recently hackers have figured out how to get an unmodified TiVo to use a service emulator. What's interesting about these development efforts is that they are not putting TiVo out of business.
In the article, he makes no mention of the goodwill that TiVo has fostered with their users, even their hackers. Soon after TiVo was created, Richard Bullwinkle, their former "Chief Evangelist" started talking to people on bulletin boards. He was always very helpful and forthcoming, with only minor exceptions. He wouldn't talk about bypassing the TiVo service and he wouldn't talk about extracting video from the device. If you didn't talk about those things, he was perfectly happy to help out. Although TiVo was in business to make money through their service, they
didn't screw over people who didn't want to subscribe. That's such a treat from a for-profit company. Imagine Microsoft, who also sells their set-top device at a loss, treating customers who don't want to use theirs for gaming without hostility.
When
Andrew Tridgell, (the same guy who created Samba and rsync) figured out how to create TiVo slice files so he could use the machine in Australia, it was probably this goodwill which made him choose to not release the info to the general public. Instead, it remained a closely guarded secret.
Today, years later, the people who have followed in Tridge's footsteps, have refused to destroy TiVo's revenue stream. They have been very careful to try to make sure that only people who can't get TiVo service in their area are allowed to get around it.
I think the goodwill that TiVo has is partly because of their general attitude towards their customers (and towards the hacker community) and partly the fact they used open-source software, and followed the license requirements. And, it is this, not their security measures, which have ensured that they've maintained a revenue stream -- despite using the "razor and razor blades" pricing model.
I just wish Mr. Barton hadn't used a loaded term "service theft" to describe people who are using their TiVos without subscribing to the service. That term would be appropriate if people were downloading TiVo data without having a subscription, but not people who are simply choosing not to subscribe and are finding alternatives.
Because the 2.6 kernel Sold Out man! They used to be about the developers, with all the crunchy hacks... Now they're trying to go mainstream! It's pop man! Nothing more!
But seriously, the analogy works because you might find configuring the new kernel a pain because it is more popular, more platforms are supported, etc. Originally the kernel was for one processor the Intel 386. Since then they've "sold out" and work with lots more hardware. If you were hanging out on comp.lang.minix when Linus announced his project, and haven't changed since then, maybe it seems like he sold out to you. That 386 you're still using is largely ignored for the new kernel. It has all these new things like "PCI" which are useless to you. Sure, you can choose not to compile them in, but the final kernel isn't as perfectly tweaked to your 386 as the original was.
What about the people who should have reviewed it, the people who should have tested it, etc.?
As you may well be aware, there isn't always time to "do things right" and sometimes one's superiors ship code one knows to be buggy and flawed.
I currently have oodles of ugly, hard-coded hacks that are flagged to be fixed before the code I'm working on ships, but if I don't get the chance to fix it, what can I do? (P.S. sorry if this sounds defensive, but one of those ugly, hard-coded hacks is a set of hard-coded NTP servers. It was already scheduled to be fixed, but now I'm taking the initiative to bump up the priority)
As for spending $500 on hardware to service their own customers, as the wisconsin people can tell you, it is costing them a little more than that. It's isn't just the hardware, it's the pipe to which it's attached.
I agree that Netgear should have been the ones to provide a time server if they were going to hard-code one. On the other hand, what if they weren't the ones who wrote the code? Maybe they just bought a "router kit" from some small company, slapped a "Netgear" logo on it, and shipped it out? That small company probably wouldn't know what NTP server NetGear provides. They may also have lots of other customers who each would need their own time server. Obviously though, the answer is not to hard-code the value.
As for the Good Old Days when it was considered polite to ask, the
policy for UWisc's time server was "open access", not "open access; please send a message to notify". So... they didn't ask to be notified. Now I'm sure they're going to change that policy, and I'm also sure they would have wanted to know if their site was being set as the default on tens of thousands of routers.
Routers are standalone devices that are meant to operate without user input, so it doesn't make sense to require the user to manually configure the NTP server. On the other hand, there's currently no good way of providing a default NTP server, unless you provide it yourself. For commercial devices like a router, providing it yourself is reasonable. The bandwidth cost of providing a time server should be offset by the profits they make on the hardware. I suppose the other option is to provide a one-time service that will provide a random NTP server. Each time you hard-reset the router, and out of the box, it would check that service and then know what NTP server it should use.
This story made the front page without even the slightest attempt at fact checking
The story is still on the front page with the headline "Divx Now Adware Supported Only"
I mean, I know Slashdot isn't the New York Times. I know it's fun to laugh at the lousy jobs the editors do, and the lousy job the people submitting stories do, and how awful people's spelling and grammar are, but c'mon! This is getting ridiculous.
If OSDN can't afford to hire editors, fact checkers, or anything else, try to recruit volunteers! Do it like the moderation system. Allow random users to see stories that are about to be posted and fact check them. You could have "verified true" and "verified false", then "metaverification" to keep the fact checkers honest.
I'd be happy to check the facts and the grammar of a few stories a month for free, in exchange for others doing it the rest of the time. Isn't that the whole idea of Open Source? Many eyes, few bugs? One person's effort helping thousands more?
So now, with the correction on the front page, the story can be summarized as: "The divx site changed and for a moment it seemed like you could only use an adware-enabled version, but if you look closer you can see that you can still get the free one". This can be further summarized as: "The divx site changed".
The big question is, with Mr. Cox attending classes there, will they do him the honour of renaming it the Swansea University Computer and Kernel Society?
Or maybe he'll use OpenOffice and save it as a Word formatted document? One of the skills learned in the real world is that there's more than one way to solve a problem.
A better question is how it found its way into the kernel. From what I understand, Linus and others are notorious for rejecting bad code. Why would something submitted by "patch@hp.com", containing badly written code and an SGI copyright be accepted?
Or do what so many people in CS programs, be they BS, MS or PhD, end up doing. Contribute to Open Source projects. It gives you experience, and you can do it while you work on your degree.
The house can do anything they want. They own the building, they own the cards, and they probably own the people enforcing things too.
Gambling in a casino is generally a passtime for people with poor math skills, and poor business sense. Nearly anybody who thinks that in the long term they have any hope of winning more than they lose is deluding themselves.
Now it's true, that maybe one of every million casino visitors does actually have some means of tilting the odds in their favour. Sometimes it's a truly illegal cheat, sometimes it's just some real skills, like the ability to count cards. It's in the casino's best interest to make sure none of these people play.
If you think that this makes a casino unfair, here's a hint, casinos have never been fair. If they were fair they wouldn't make a profit! Don't worry though, in the end, nothing will change. You'll still lose 52% of the time, just like you always have.
Slashdot Mirror
Last time I read up on iris scanners they debunked the whole idea of someone stealing eyes to fool the scanner. It is really easy to see if an eye is alive because of how it reacts to light. I assume the same could easily be done for fingerprints -- detect the pulse in the thumb as you're taking the fingerprint. It's not 100% foolproof but it's probably more foolproof than looking at someone's driver's license to ascertain their identity.
Then out of protest, don't use "make xconfig" if you rebuild a kernel. That is done using "tkparse":
Naah, remember this is Kalifornia. First there'd be a "grassroots" campaign by some wealthy "concerned citizen" trying to recall Kinkerbody. Then, as the recall attempt succeeds, Macho Hardbody (the movie star) would enter the race. The circus would ensue... but Winkerbody would never be impeached for hacking into the system. That's just far too simple for a democracy as advanced as Kalifornia.
And how many of those results are sicko animal porn?
Guess you've never had a prof give the class an unfinished textbook, so we could be the guinea pigs. I had that happen a lot actually. Instead of using a good textbook, off the shelf, we had to use a horrible, unfinished, badly written book the prof was currently writing.
Um.... no.
I agree people will probably fall over if hit by a shotgun blast. I also agree that the person shooting it has to be standing in a position so they don't get knocked over by the recoil.
What I'm criticizing is the typical action movie shooting, where the person firing the shotgun is not braced, and doesn't get knocked back at all, and the person being hit is knocked off their feet, flying back 5m. Just because you might stumble for a few feet after being shot doesn't make it "small artistic license" to fly through the air for the same distance. The recoil from a gun is somewhat equivalent to a hard punch or kick. I don't think there's anybody who can punch someone 5 metres through the air.
As for the absorption of energy by the target, it's all about conservation of momentum. The fairly light fast moving bullet (or shot) hits a stationary target, and their total momentum when combined has to stay unchanged. It doesn't matter if the acceleration happens over a 1ns or 100ms timespan.
Especially when it comes to guns. Somehow someone standing straight up with a shotgun can make someone else fly back 5 metres, however they're not thrown back at all.
Open Range is a great, traditional-seeming western, that gets high marks for realism, until someone shoots a shotgun. Somehow this shotgun not only punches a hole in a wooden wall, it also throws the person it hits across an alley into another wall. The person firing the shot, on the other hand, seems to have no recoil to deal with.
Did this improve the movie? No. Did it distract me? Yes. Why do they do it? I just don't know.
And a few million others come to... er... mind.
Good points. I still don't think you should use the term "theft of service" for people who buy a TiVo and then don't subscribe. Avoidance of service, maybe, but not theft. How can it be theft if you're not buying or receiving something?
Anyhow, I think TiVo should have found a better balance with the Series 2 and beyond units. What they want is to make sure that nobody is going to casually avoid their service. It's pretty likely that no matter what happens, there will be somebody who will find a way to hack the device, and will do so. If it is hard enough, the average user won't do it. But if TiVo maintains a good relationship with the hacker community, it is unlikely that the people who figure out how to hack it will do something to endanger TiVo's business model.
It is this balance between not making them so easy to hack that anybody can do it, and still staying friendly with the hacker community that they should be trying to maintain. If they could make sure the only way to "hack" the device was to actually open it up and plop a hard drive into another computer, then that would probably have been enough. Most people won't risk violating their warranty to open up the unit.
If they didn't want to do this, another option would have been to release a "hacker's TiVo". One that they didn't sell at a loss, that was designed to be hackable. Even if the extra cost of that unit was more than the cost of a lifetime subscription, a lot of people would have gone for it if it meant they could have a fun unit to play with. I just don't think TiVo is willing to take the business risk to do this. It is to unconventional.
Instead, I predict it will be just like modchips and satellite cards. TiVo will crack down more on hackers, hackers will lose respect for them and stop restricting who can use what they develop, and the war will be on.
If there are TiVo people reading this forum (and I hope there are), think about what I said about the hackable TiVo. All you'd have to do is make it more expensive, and easier to hack. Easier to hack is important because that way nobody will have to figure out how to bypass the controls you put on the consumer TiVos, so that knowledge won't be shared. Sure, you'd still have people trying to hack to regular TiVos just for the challenge, but most technically savvy people would go for the developer option. This would also be a great way to make a profit from all the current and potential TiVo users outside the US and UK. And don't make the mistake that Sony made with the Playstation Linux kit. Don't restrict access to the hardware, or anything. Just make it a cool Linux based digital media device. Even if this new unit was only for sale in the US, I'm sure you'd see a lot more sales, and since the two groups (hackers and regular users) don't overlap much, it wouldn't cost much for your subscription service either. C'mon! Do it! It will work out!
How does piracy come into it?
Actually, if you read the article, you'll see that he mentions that when he talks about how their hardware is proprietary and they want to use closed drivers. The issue is the non GPLed kernel modules, if I read things correctly.
I think it is interesting that TiVo says they pay a lot of attention to the security of the device. That is true now, but with the first TiVo devices, getting a BASH prompt on the device turned out to be relatively easy. On boot a menu was available on the serial port with a hardcoded password. Using that password you could make all kinds of changes to the way the machine started up.
He also metions talks about people getting around using the service. For years, the TiVo hacking community has known how to partially emulate the service by creating slice files and manually loading them onto the device. Recently hackers have figured out how to get an unmodified TiVo to use a service emulator. What's interesting about these development efforts is that they are not putting TiVo out of business.
In the article, he makes no mention of the goodwill that TiVo has fostered with their users, even their hackers. Soon after TiVo was created, Richard Bullwinkle, their former "Chief Evangelist" started talking to people on bulletin boards. He was always very helpful and forthcoming, with only minor exceptions. He wouldn't talk about bypassing the TiVo service and he wouldn't talk about extracting video from the device. If you didn't talk about those things, he was perfectly happy to help out. Although TiVo was in business to make money through their service, they didn't screw over people who didn't want to subscribe. That's such a treat from a for-profit company. Imagine Microsoft, who also sells their set-top device at a loss, treating customers who don't want to use theirs for gaming without hostility.
When Andrew Tridgell, (the same guy who created Samba and rsync) figured out how to create TiVo slice files so he could use the machine in Australia, it was probably this goodwill which made him choose to not release the info to the general public. Instead, it remained a closely guarded secret.
Today, years later, the people who have followed in Tridge's footsteps, have refused to destroy TiVo's revenue stream. They have been very careful to try to make sure that only people who can't get TiVo service in their area are allowed to get around it.
I think the goodwill that TiVo has is partly because of their general attitude towards their customers (and towards the hacker community) and partly the fact they used open-source software, and followed the license requirements. And, it is this, not their security measures, which have ensured that they've maintained a revenue stream -- despite using the "razor and razor blades" pricing model.
I just wish Mr. Barton hadn't used a loaded term "service theft" to describe people who are using their TiVos without subscribing to the service. That term would be appropriate if people were downloading TiVo data without having a subscription, but not people who are simply choosing not to subscribe and are finding alternatives.
Because the 2.6 kernel Sold Out man! They used to be about the developers, with all the crunchy hacks... Now they're trying to go mainstream! It's pop man! Nothing more!
But seriously, the analogy works because you might find configuring the new kernel a pain because it is more popular, more platforms are supported, etc. Originally the kernel was for one processor the Intel 386. Since then they've "sold out" and work with lots more hardware. If you were hanging out on comp.lang.minix when Linus announced his project, and haven't changed since then, maybe it seems like he sold out to you. That 386 you're still using is largely ignored for the new kernel. It has all these new things like "PCI" which are useless to you. Sure, you can choose not to compile them in, but the final kernel isn't as perfectly tweaked to your 386 as the original was.
What about the people who should have reviewed it, the people who should have tested it, etc.?
As you may well be aware, there isn't always time to "do things right" and sometimes one's superiors ship code one knows to be buggy and flawed.
I currently have oodles of ugly, hard-coded hacks that are flagged to be fixed before the code I'm working on ships, but if I don't get the chance to fix it, what can I do? (P.S. sorry if this sounds defensive, but one of those ugly, hard-coded hacks is a set of hard-coded NTP servers. It was already scheduled to be fixed, but now I'm taking the initiative to bump up the priority)
Actually, Netgear was using a stratum 2 time server, namely ntp1.cs.wisc.edu.
As for spending $500 on hardware to service their own customers, as the wisconsin people can tell you, it is costing them a little more than that. It's isn't just the hardware, it's the pipe to which it's attached.
I agree that Netgear should have been the ones to provide a time server if they were going to hard-code one. On the other hand, what if they weren't the ones who wrote the code? Maybe they just bought a "router kit" from some small company, slapped a "Netgear" logo on it, and shipped it out? That small company probably wouldn't know what NTP server NetGear provides. They may also have lots of other customers who each would need their own time server. Obviously though, the answer is not to hard-code the value.
As for the Good Old Days when it was considered polite to ask, the policy for UWisc's time server was "open access", not "open access; please send a message to notify". So... they didn't ask to be notified. Now I'm sure they're going to change that policy, and I'm also sure they would have wanted to know if their site was being set as the default on tens of thousands of routers.
Routers are standalone devices that are meant to operate without user input, so it doesn't make sense to require the user to manually configure the NTP server. On the other hand, there's currently no good way of providing a default NTP server, unless you provide it yourself. For commercial devices like a router, providing it yourself is reasonable. The bandwidth cost of providing a time server should be offset by the profits they make on the hardware. I suppose the other option is to provide a one-time service that will provide a random NTP server. Each time you hard-reset the router, and out of the box, it would check that service and then know what NTP server it should use.
Aww, you didn't even get my acronym joke?
I'm pretty disturbed by the fact that:
I mean, I know Slashdot isn't the New York Times. I know it's fun to laugh at the lousy jobs the editors do, and the lousy job the people submitting stories do, and how awful people's spelling and grammar are, but c'mon! This is getting ridiculous.
If OSDN can't afford to hire editors, fact checkers, or anything else, try to recruit volunteers! Do it like the moderation system. Allow random users to see stories that are about to be posted and fact check them. You could have "verified true" and "verified false", then "metaverification" to keep the fact checkers honest.
I'd be happy to check the facts and the grammar of a few stories a month for free, in exchange for others doing it the rest of the time. Isn't that the whole idea of Open Source? Many eyes, few bugs? One person's effort helping thousands more?
So now, with the correction on the front page, the story can be summarized as: "The divx site changed and for a moment it seemed like you could only use an adware-enabled version, but if you look closer you can see that you can still get the free one". This can be further summarized as: "The divx site changed".
Way to go guys!
The big question is, with Mr. Cox attending classes there, will they do him the honour of renaming it the Swansea University Computer and Kernel Society?
Or maybe he'll use OpenOffice and save it as a Word formatted document? One of the skills learned in the real world is that there's more than one way to solve a problem.
Don'tcha mean needed?
A better question is how it found its way into the kernel. From what I understand, Linus and others are notorious for rejecting bad code. Why would something submitted by "patch@hp.com", containing badly written code and an SGI copyright be accepted?
Or do what so many people in CS programs, be they BS, MS or PhD, end up doing. Contribute to Open Source projects. It gives you experience, and you can do it while you work on your degree.
The house can do anything they want. They own the building, they own the cards, and they probably own the people enforcing things too.
Gambling in a casino is generally a passtime for people with poor math skills, and poor business sense. Nearly anybody who thinks that in the long term they have any hope of winning more than they lose is deluding themselves.
Now it's true, that maybe one of every million casino visitors does actually have some means of tilting the odds in their favour. Sometimes it's a truly illegal cheat, sometimes it's just some real skills, like the ability to count cards. It's in the casino's best interest to make sure none of these people play.
If you think that this makes a casino unfair, here's a hint, casinos have never been fair. If they were fair they wouldn't make a profit! Don't worry though, in the end, nothing will change. You'll still lose 52% of the time, just like you always have.
Not to mention the taste of the charred flesh. Mmmm... Bacon!!