Slashdot Mirror


User: pla

pla's activity in the archive.

Stories
0
Comments
6,765
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,765

  1. Re:They should do like the original game.. on John Woo & Metroid the Movie? · · Score: 1

    That said, inside me says it's gonna suck and be a lame combination of the Ghost Busters movies, Super Mario Brothers the movie, and the Tomb Raider movies--I think it's my colon.

    I thought more of a combination of Alien and Resident Evil, but yeah, it'll suck. Not only will Samus have companions (how else do they get to throw in a sex scene? Hey, consider me all for T&A, but I actually find it annoying as used in most movies), but she won't wear the suit for more than five minutes (if at all), she won't do anything even remotely resembling any of the games (at best, it will have a Metroid Fusion-like plot, where she goes around killing everything in sight, and happens to stumble across a secret metroid breeding program).

    If anything, I'd say we can look forward to a post-win-in-under-90-minutes Samus running around in poorly lit tunnels, blowing things up, and a few very blunt but mostly irrelevant plot points. We can almost guarantee a fight with Ridley, and possibly Kraid (though less certain). She will, of course, let a larval metroid live, and it will become either an annoyingly cute pet similar to "bit" in Tron (turning red to express a strong negative or danger, I expect), and/or it will come back to save her from certain doom at some point later in the movie by sacrificing itself to heal her.

    Overall, if this movie surprises me, that alone will surprise me. Hmm, how self-referential. But I don't have great hopes for this movie.

    Sadly, though, I'll probably go see it. At least it will require a somewhat original interpretation, rather than yet another sequel.

  2. Re:If Disney can do it, why can't Sierra? on Legal Arcade ROM Vendor Talks Business · · Score: 5, Interesting

    A copy of the entire work is hard to justify as "fair use" in any situation.

    I tend to agree, though as someone who understands why software differs from something like a book or a movie, I could also argue the opposite point...

    With a book, a one-chapter excerpt can make quite a lot of sense, and give an idea of the feel of the work as a whole. With movies, the actual advertisements just take a set of very short clips and string them together. But with a program? How do you meaningfully use only part of a program? Sure, if you have the source code, you can chop out, say, eight of ten levels in a game. But from just a binary? You just can't do it.

    So, although the entire work wouldn't normally count as fair use, with a ROM, you have no choice but to use 100% of it.


    If you can show you made some attempt to find the owner, and have an open offer to make an arrangement with them should they contact you, you would probably be reasonably safe.

    The very idea of abandonware (at least as defined by the more reputable sites) makes that rather easy - 99% of the games publishers from before the mid 1990's simply don't exist anymore. Tracking down who currently owns the "rights" to the games produced by such companies amounts to a snark hunt, as even if a legal chain of ownership does exist, in many cases, the current owner doesn't even realize it... "Yeah, I worked at Spiffware in 1987 - I designed 8x12 animated blobs that supposedly looked like aliens. What??? As the last surviving programmer who, under a bizarre contract clause, didn't go work for Nintendo, I own their entire catalog, including ZappoBlast 9000? Cool! Uhh... So what do I do with it? I don't even have a single copy of any of those games, though I do have a moldy ZB9k promo poster..."

    Now, does that excuse blatant copyright infringement? IMO, as long as the original author/publisher no longer exists, I'd say yes - With the condition, though (as you suggest) that such use include an open offer to the current owner to either stop using it, or to make an arrangement to use it legally. Though, of course, my personal opinion does not carry the weight of law, and various anti-piracy groups regularly crack down on abandonware, despite having no idea themselves as to who can currently claim ownership of such material.

  3. Re:If Disney can do it, why can't Sierra? on Legal Arcade ROM Vendor Talks Business · · Score: 4, Insightful

    Since when has making a product unavailable for purchase meant you can steal er violate copyright?

    From City University of New York's discussion on fair use:

    "The fact that a work is out of print or unavailable, or that there is no ready market for permissions weighs toward favorable to fair use."

    Not exactly a guarantee, but the fact that, for most abandonware, no legit source exists weighs positively in favor of otherwise-illegally obtaining it falling under fair use.


    Of course, considering the four points that determine whether or not a given activity falls under fair use, I'd say the idea of abandonware scores at best a 50:50 shot. For the "purpose and character", noncommercial preservation of culturally relevant materials weighs as a positive. For "nature of the copyrighted word", a game purely for entertainment scores a negative. For the "substantiality of the portion used", I'd call 100% a definite strike against abandonware. And for the "potential market", that could go either way... Currently unavailable would count as a positive, but by infringing copyrights to get the ROMs, one could argue that downloading them would tend to reduce the potential market (though, I would personally say it increases the market, when a friend comes over and plays Pac-Man via MAME and then goes out and blows $1500 on a vintage machine...).


    PS - IANAL, as if it needs saying.

  4. A dead badger? on Installing Linux on a Dead Badger · · Score: 1

    Oh, gimme a break. Anyone can install new software on a dead badger. You might as well call that wimpy "attenuated" Polio an actual virus, if we want to play these sort of games.

    Not, a live badger... Those suckers have big long pointy teeth. And don't underestimate their small but very fast and sharp claws! A pissed (living) badger will put a serious hurtin' on your average penguin.


    Okay, totally unrelated (so fire away with those -1's), but then, I'd have to vote the FP "offtopic" in the first place, if we could vote on the articles themselves... Hmm, so does that make this on topic? How... Curious. Anyway...

    Check out "Beatallica" (check the thread on Metafilter for both a torrent and a web link), a band that, ala DJ Danger Mouse (available via Illegal Art), has chosen to blend the Beatles and, in this case, Metallica. Really quite a good blend - While DJDM only used actual Jay Z lyrics to actual Beatles loops in the background, Beatallica has done a "real" double-covering, with entirely new (though strongly derivative) lyrics and music actually played anew. Definately worth checking out, for all fans of music soon to get sued into oblivion.

    As the one downside, the vocalist, while not all that bad at sounding like James Hetfield, just has a certain slightly annoying twinge to his voice. In another genre, it wouldn't show up, but it gives him a sort of Wierd-Al feel when trying to do Metallica.

  5. Re:Ok I am always confused about the difference. on Are Computers Ready to Create Mathematical Proofs? · · Score: 1

    but I can't wrap around my head around the difference DK and DD to the person in question.

    Think of it in terms of knowing something in hindsight (not the only possibility, but the easiest to understand)... For example, every indication in the intelligence community just prior to the WTC attack pointed to a major attack somewhere in the US. But, no one managed to put 2 and 2 together until after the fact. Thus, they didn't know that they knew.

  6. Re:BOFH on Train Your Own Replacement · · Score: 3, Funny

    You forgot the most useful option...

    "Okay, now, log in to our CVS archive server... Oh, you don't have an account yet? Well, just use root for now, with password blah".

    Now, have them do some random crap until the right moment comes up (namely, a nearby coworker, while composing an email, missed a space between two words and didn't catch it).

    "Okay, now very carefully follow my next few instructions, because you can do some serious damage on this machine... We need to clear out some junk on /tmp, so type 'r', 'm', 'space', 'slash' [pause here a moment, reach over to your coworker, point at their typo, and say...] 'SPACE' [pause another moment, then describe some harmless path off of /tmp]. Okay, now hit return. This might take a minute, the crap can really build up there..."

    And, you can consider your replacement well trained, with plausible deniability that your trainee simply "misheard" you giving a suggestion to a coworker, and took it too literally.


    Train my replacement... Yeah, right. Cold day in Hades I'll train my replacement!

  7. Digital Rights Management Management... on Real Problems · · Score: 4, Interesting

    I prefer good old MP3 or OGG streaming like the feeds offered at WCPE but I'm sure no 'serious' company would consider it because they don't have their digital rights preserved.

    Do a Google search for "Net Transport". Only runs on Windows, AFAIK, but it allows you to download almost all MMS (WM) and RTSP (Real) streams. Not exactly easy to use (unless you use MSIE, in which case it integrates seamlessly - But personally, I'd rather suffer through it's awkward interface than use MSIE), but it works.

    Also, you might want to look into Real Alternative and QuickTime Alternative. These don't always work, but when they do, you get to play the content through WMP classic (6.something), which doesn't disable the "save" option.

    Finally, for those difficult newer QuickTime streams, set your TMP and TEMP environment variables to a network share on a Linux box - Although Windows will lock the files so you can't copy them, Linux won't honor that lock (meaning, from a shell on the Linux box, you can just watch as the file appears, wait for it to finish, then copy it to "blah.mov" to keep a copy.


    And, AFAIK, none of these violate the DMCA. Simply by virtue of having the ability to play such files over the net, you already have "access" to them. This just enhances the flexibility of what you do with that access.


    Okay, I've shared my Tips of the Day... Now, anyone know a way to save RealOne streams? I have yet to find a way to do so...

  8. Re:how exactly do they crash Mozilla? on Mozilla 1.7 to Become New Long-Lived Branch · · Score: 2, Insightful

    Buy an SMP machine and just surf and/or read mail a lot. Works every time for me.

    Y'know, I've never seen anyone else mention that, but I too have noticed it...

    In applications that make no attempt at all to use more than one CPU, numerous programs seem to crash on my dual that run rock-solid on a single CPU machine.

    Flash, for example, dies within about five minutes if I don't set the affinity to one CPU. Same with most classic console emulators (Snes9x, as one example).

    As an SE myself, I seriously question what these programs have done to make them so unstable with a second CPU. I can only make a guess, but I'd speculate they use non-async-safe multithreaded code, which IMO makes no sense whatsoever - Why use multithreading at all, if you don't hope to make use of more than one CPU? Okay, a very small number of situations require it (Windows services, for example, wherein I have yet to find a good way to keep the SCM from tweaking without tossing it a thread), but other than such rare reasons, if you don't plan to support more than one CPU, just skip the single most bug-ridden programming concept ever created.

    But, so it goes, and I seem to have started ranting. Forgive. Anyway, as much of a hassle as it seems to need to bind a process to a given CPU each time I use it, the drastically improved responsiveness of a dual CPU machine more than makes up for it.

  9. Re:Bandwidth? on Netflix to Offer Movie Downloads · · Score: 2, Insightful

    Not that I support the RIAA or their actions, but it is important to remember that things WERE all rosy and DRM free at one time and it got abused.

    Perhaps, then, you could explain Macrovision to us, in light of this "rosy" world of the past?

    Or why DAT uses 48KHz, while CDs use 44.1KHz?

    Or why Jack Valenti uttered his now-famous quote, "The VCR is to the American film producer and the American public as the Boston Strangler is to the woman alone"?


    Sorry, but that mythical rosy world simply does not, did not, and will never, exist. Content producers have fought with the public over control issues since the very first round of suits involving Edison himself. And before that, even Gutenberg took quite a lot of heat, from both the church and governments, for making mass-distribution of media possible. I suppose I have to grant you that, before Gutenberg, we didn't have problems with the idea of copyrights (though I have little doubt isolated incidents still arose on occasion). But since then? We have lived in a literally epic struggle between over who has the right to make copies of what.

    The "digital age" has simply brought this problem into the spotlight - With luck, perhaps that means we can look forward to some solution to the issue in the next few decades, rather than another 600+ years of little-known skirmishes.


    Until fairly recently, audio CDs had no protection on them whatsoever.

    Disingenuous, at best. True, CDs didn't start having copy protection until recently (actually, they still don't - Because Phillips refuses to allow "broken" audio discs to call themselves CDs). But that had nothing to do with trusting the consumers, and everything to do with the simple infeasibility of copying them until a few years ago. Sure, we had the ability to rip a CD for perhaps 15 years, but to do what? Even as a geek myself, I didn't get a burner until perhaps 5-7 years ago (I suppose they existed before then, but for a pretty hefty price... I bought mine when they finally broke $250). And without the ability to copy a CD, what would we have done with a rip? You couldn't fit a lot of MP3s on a 1.5GB HDD. You can'd download them very fast at 28.8kbps. So what threat did the technical feasibility of copying a CD pose, when practical issues made it irrelevant?

    Or to add to my above comments, perhaps you have a good explanation (other than assuming their target market as thieves) for the RIAA tax on blank cassette tapes?

  10. Re:eSpam versus snailSpam on Attorney Mike Godwin Answers 'Cyberlaw' Questions · · Score: 1

    Also note that snailSpam is alleged the primary source of revenue to the USPS. So there's an economic incentive to NOT treat it like eSpam.

    You mean, the same USPS currently trying to get a government bailout on their $67 billion shortfall, resulting directly from their habit of giving business- and bulk-class mail huge discounts compared to actual individuals?

    Sorry, but that nicely provides its own evidence that even snail-spam has a cost - $67 billion to the taxpayers, in fact. Now, I don't like getting (physical) junkmail, but I like having to pay to receive it a whole lot less.

    "Sender pays" model? Yeah, right.

  11. Re:disk space is cheap. on Speculating About Gmail · · Score: 1

    I'm curious what the cost in disk-space of a hotmail account was back when hotmail launched. I wouldn't be surprised if it's comparable to what Google's offering now.

    True enough, fair point.

    Although, in hindsight, we know Microsoft had ulterior motives, namely, getting the kinks out of their whole "Passport" scheme (which seems to have flopped anyway).
    ;-)

  12. Re:Only one? on Speculating About Gmail · · Score: 4, Insightful

    How many people are seriously going to back up their hard drives in 10MB chunks?

    The whole HDD? Probably not many (although I suppose you could zip it and span into floppy-sized chunks... <shudder> I remember doing that back in the days of mere 40MB HDDs, and it sucked. Don't even want to imagine it now).

    But, imagine this - Upload your entire Ogg/MP3 collection, as a set of email attachments. Poof, instant access to your entire music library from anywhere on the planet. Not exactly "instant" access, but good enough over broadband to stream in realtime.

    Which leads to another point - Will Google bother making it difficult to get files into and out of your storage, or just let us basically abuse it however we want?

  13. Re:disk space is cheap. on Speculating About Gmail · · Score: 5, Insightful

    I've seen Fry's have 200GB drives on sale for $79 before; and I'm sure if you're buying them in units of 10,000 they're even cheaper than that.

    True. However, 1PB would require over 5200 of them. Which would in turn require over 650 machines to stick them in (at 8 drives per node, itself probably a tad high since the bus would grind to a crawl in such a machine). All that adds up to at least half of a million dollars.

    And for what - Something that amounts to a community service project? Hey, I'll give Google full credit for their current image in the geek community, but this seems a tad ridiculous.

    So, I'd say they must have some sort of ulterior motive behind this. Either using huge numbers of people as guinnea pigs to test their new infrastructure (as the topic poster suggests), or something we haven't thought of yet. But just for the hell of it? Probably not.

  14. Re:WTF???? on Canadian Minister Promises to Fix Copyright Law · · Score: 5, Interesting

    So in what world is putting a file ... in a publicly shared folder for others to obtain _not_ a violation of the copyright act?

    The actual ruling read more like an extreme interpretation of "plausible deniability". Basically, while we geeks might laugh at the idea of "accidentally" leaving files in a shared directory, the masses of computer users often really don't understand the difference between what makes the choice of where to keep their music legal or illegal. Additionally, as several of the RIAA's suits showed, some people believe that paying for Kazaa means they have paid for access to the music.

    Sounds stupid? Sure, to us. But if the majority of people doing this honestly do not understand whether or not they have broken the law, the law becomes essentially unenforceable. As one possible Devil's Advocate situation, I can imagine someone installing Kazaa for some random legal purpose, then deciding to store all their own legally ripped music in the directory Kazaa conveniently made for them.


    Downloading copyrighted materials may be perfectly legal in Canada (albeit unethical

    Actually, I'd disagree about the "unethical". Canada has really quite high taxes on all blank recording media, a sort of "we assume you'll copy our stuff, so get your money in the blanks" approach to piracy. Thus, since the punishment comes built-in to the media itself (whether or not they use it to pirate music doesn't change the "tax"), you could reasonably call it perfectly moral to go ahead and commit a crime already paid for.

  15. Re:Don't celebrate yet. on Music Industry Loses In Canadian Downloading Case · · Score: 1

    A few days late, so I doubt anyone will respond, but...


    It seems as if they didn't present compelling enough evidence to the judge.
    ...
    They merely placed personal copies onto shared directories on their computers which were accessible by other computer users via an online download service

    Now, I agree that superficially you have the right idea. Given evidence of intent, the same judge might well decide differently.

    But look at what he specifically says does not establish intent - Pretty much the only way the CRIA could win under those terms would require an outright admission. People can place files in a share, actually have them go out, and it doesn't count as having authorized the distribution of those files... How do you top that, short of a signed confession?

    Okay, I suppose if someone named the share directory "please_steal_these_files-stick_it_to_the_CRIA", and used a handle like "5t3v3z 0-d@y MP3z" it might not exactly help his case, but beyond nabbing the truly braindead, this ruling pushes "plausible deniability" to a near-absurdity (which I consider a good thing in this situation, but will watch carefully for possible non-good applications of the same idea to other situations... "Well, we can't prove that he intended to mug you, just because he accidentally whacked you with a baseball bat and his hand slipped into your coat pocket, causing your wallet to fall into his own pocket, while trying to help you up").


    As an aside, I look forward to someone making a "Canadian Kazaa Proxy" in the near future. Since the Canadian courts will at the very least make it difficult (if not impossible) to track file sharers, just make sure all such traffic passes through Canada, and enjoy virtual immunity from the RIAA and other such groups around the world.

  16. Re:When will they learn.... on Microsoft Preps 'Janus' Music Copy-Prevention Scheme · · Score: 1

    It makes we wonder why a crack for Apple's AAC format (used in iTunes/iPods) hasn't really been much of an issue.

    First, a crack for Apple's AACs already exists. Check out VideoLan, which can unprotect them for you (without transcoding, as I understand it, thus no loss of quality from the original AAC).

    Second, you still need to pay, per-song (or per album, but not much difference), for iTunes music. Yes, a rather small between-friends potential for piracy exists there, but they still need to buy them up-front.

    Compare the second point to truly unlimited music, for a flat monthly rate. Crack that and you basically have free and superficially legal (ie, it doesn't "look" like stealing to the RIAA) access to the entire active catalog of every major record label on the planet. So, for example, saturate your DSL/cable modem for a month or two, fill a few 200Gb drives, and for the cost of the drives plus one month's subscription ($10 or so?), you will have every not-completely-obscure song ever released in your private collection.


    Now, personally, I wouldn't go that far, but I'll admit I would seriously consider filling in all the "one hit wonder" gaps in my music collection - Stuff that you'd never get around to buying, but has one or two really catchy songs. A few hundred of those, and I could consider my back-catalog buying done forever.

    Very tempting. Even more so becase it does include paying for the service - No, most people couldn't actually claim ignorance of breaking the law to do what I describe above, but the fact that people pay for it (even if they pay for something technically unrelated to the music itself, ie, a "subscription" to a service), it makes rationalizing the "mere" keeping of what they download all that much easier.

  17. Re:--No-Deps on Build From Source vs. Packages? · · Score: 1

    Anyone hiring you after this must either be insane or desperately seeking.

    Y'know, the number of negative resposes I received to this really surprises me. I seriously expected more people to speak up agreeing with me, complaining about the overabundance of semi-competant hacks who can "make it work", with no clue how, by pulling in a dozen random libraries that do all the work. "Look, I wrote this program! 250 calls to 3rd party libraries, and 15 lines of my own code (since I couldn't find a library that would specifically search for the letter "Q" in an RTF document)". Sad.


    Not only do you need more time than anyone else

    False. First of all, I don't need to reinvent the wheel if I already have the blueprints in my head. And second, I can rebuild the wheel faster than most people can pull one off the shelves.


    This is pure vanity speaking out of you.

    A few people have mentioned something like that. Now, I consider myself a "good" programmer, but not one of the true gods of coding. But based on these responses, it makes me wonder - Do most people really need the crutch of using even known buggy libraries (as one fellow mentioned) to get the job done in a timely manner? If so, it makes a lot more sense why so many US companies have started outsourcing. Absolutely pathetic! If you use an FFT, or a least-squares regression, or do some audio or video processing, you damn well better understand how it works. Same for any technique. Yes, sometimes a library makes a better choice, if and only if it both provides a performance advantage and exists in near ubiquity (zlib, for example, I would say makes a good example of a library I would use - I can, and have, written my own version of its core functionality, but since every system will already have it, and it runs very well, no good reason not to use it exists). But to pull something into a code base without a good reason, IMO, makes for a very bad employee. To do so introduces liabilities into the code over which the supposed "author" has no control.


    you also make it difficult for others to find their way into your code, especially when you have left the company

    Do I really give a rat's derriere about a company that had so little loyalty to me that it decided to ship my job to India? Yeah, right, whatever. Welcome to the 21st century definition of "job security". Not that I would deliberately make my code harder to read, but if I use a technique that most people have never heard of (which again, I would do for efficiency, not for the sake of deliberately obscuring my code), good luck finding a drop-in replacement for me when HR decided to do the next random "noncritical" (ie, highest paid) employee reduction.

  18. Re:Does it count all the episodes I download. on You're Watching Less TV · · Score: 1

    Don't get me wrong, but I fit smack into that bracket and I don't get cable or sat. I just use my broadband connection to download all the shows I need.

    A number of people have mentioned this, with a plethora of responses about copyright infringement. I won't go there.

    Rather, I will point out the model of "TV" viewing that I prefer - Ads? No. TiVo? No. I watch one or two shows per season. maybe two hours per week. And I can get those on season collection DVDs for less than one month's cable bill each. Net change, I end up with a permanant better-than-broadcast-quality copy of the shows I like, at a savings of 8 months' worth of cable bills.

    That, I believe, will end up the new model of media distribution. Live TV will all but cease to exist as we know it now, with news coming from the internet, and content coming from the video store.

    Offhand, I don't see any other economically viable model. Really, even products such as TiVo have the potential to completely gut TV as an advertiser-supported medium. And I highly doubt enough people will actually pay for a subscription model wherein they only watch one or two shows. Now, perhaps once we get another order of magnitude in bandwidth on the internet, we may see an explosion in pay-per-view content (though at drastically reduced rates from what we have now - Perhaps $3-$5 per episode, any more and it would cost less to just buy the season collections on DVD). But for now, I'd start squirming in my seat if I worked as an exec for a broadcasting company.

  19. Re:--No-Deps on Build From Source vs. Packages? · · Score: 1

    Why would anyone need to rewrite md5?

    Because my entire point centers on a different question - Why would anyone need to pull in libMD5 as a dependancy, to get what amounts to three functions in under 100 lines of code?


    If someone pays you by the hour, and you are not 10x fast as everyone else, they're wasting their money.

    If an employer wants a code-monkey, sure, speed means everything. But when the code-monkey has a problem because a call that "can't" fail does, I can keep going. A bit more time up-front, in exchange for a lot less time debugging. And as I mention, the ability to debug parts of the code that many programmers consider an inviolable black box - Sure, a 3rd party library should have no bugs. In the real world, they do, and take immensely more effort to track down than bugs in the "local" codebase.

    What if something I linked statically has a security update?

    That goes back to the idea of how critical to the project a given dependancy seems - If you use libssl, hell no, don't statically link. If you use BillsStringsLib, first of all just don't, and second, you too can release a security update. But looking at that from another angle - You have a package deployed on a few million, mostly slightly different, systems. A bug report comes in, where an intruder apparently used your program to gain entry. If you statically linked, you can immediately reproduce and eliminate the problem, releasing a fix of your own. If you dynamically linked, customers rarely like to hear "No, it just looks like our program, you actually need to download a new version of libBlah".

    And to address the obvious response to "you too can release an update"... IMO, that tends to support my position. Statistically speaking, if a given library has a 10% chance of someone finding a major problem per week, and you don't use any external dependancies, that simply doesn't affect you. If, however, you use ten external dependancies, while each of them may have only a 10% chance of a major bug, your own code as a result has a 65% ( = 1-(0.9^10)) chance per week of a major bug appearing. And from the customer's perspective, telling them "install their new version of blah" sounds exactly the same as telling them "install our new version of blah" - With the not inconsiderable difference that in such a situation, I can control whether or not I release an update, but can't control whether or not a 3rd party releases a fix.


    But I do mean this within reason - If you take my opinion on this to an absurd degree, every program I write would need to include its own OS, compiler, libc, and so on. But just because you need to use a few off-the-shelf parts doesn't mean you need to use all off-the-shelf parts. And the fewer you use, the more you have control over.

  20. Re:--No-Deps on Build From Source vs. Packages? · · Score: 1, Informative

    My biggest grievance against packages is the dependacy fiasco.

    Ah, thank you! Someone said it. I always thought only I had that problem, due to my preference for building most things myself.

    I think, though, that this problem doesn't so much result from the whole RPM (or whatever package management tool a person uses), as a philosophy in programmers in general. I say this due to an observation at a recent job interview... They wanted someone who "knew" some (still) video processing techniques, and I rattled off some work I've done in that area. The next question really threw me - "What library/API do you use for that?". Well, none, of course - I wouldn't claim I know how to, for example write a JPEG, if my knowledge of that task extended only to calling libjpeg's jpeg_start_compress(), jpeg_write_scanlines(), and jpeg_finish_compress(). Sure, knowing that doesn't hurt, but it does't require any understanding about the structure of a JPEG in general.

    In my own code, I try to produce as few dependancies as possible. If you have GCC installed and nothing else, my code will generally build and work as I intended it. I need to write a compressed bitmap? Okay, then I include code to do so. I need to read a wav file ripped from a CD? Yup, my own code. Calculate an MD5? Inspired heavily on the RFC reference code, but essentially my own. I think more programmers need to do similarly. Don't say you "know" how to do something, if you couldn't write it yourself. And with the exception of very large packages that count as critical for a given task (OpenGL as an example), try to avoid pulling in a library just to do some trivial task.

    Now, as I mentioned, for some tasks, you really need to pull in a library. OpenGL, for example, where not only do you have a lot of code in there, but also a number of hardware optimizations that would take years to reimplement. But even then, when I say I "know" OpenGL, I mean that I could, if necessary, implement it from scatch (and have done so, for most of the primatives, just to prove to myself that I could do it).

    Okay, I've gone off on a large tangent here. My point - Just that programmers need to stop depending so much on relatively minor libraries, and implement more in their own code. And when a program does depend on a non-ubiquitous library, at least for binary distributions, they should statically link against it. Perhaps "Bill's Custom C-Strings Library" offers some great features. But when a package links against it for the sake of using a single function that the programmer could have reproduced in under ten lines of code... Well, that just screams "laziness" to me. Yet, I see situations like that all too often.

  21. Re:Social Evolution of Corporate Power on PIRATE Act Introduced in Congress · · Score: 2, Insightful

    Congradulations, are you happy being part of the problem?

    Although I agree with your response, you have missed the bigger picture, the one that allows people like us to keep living rather than decorating SCO's or the RIAA's lawn with our ritually-suicided corpse...

    The law may side with the corporations (and why wouldn't it, they paid a lot for those laws!), but the current trend in P2P (as well as numerous other areas) shows that, put simply, the average citizen doesn't really give a damn about the law.

    I consider this unfortunate, since I consider myself an "anarchist except that governments keep us all from killing one another". But I can't get around it - people consider the "law" the joke it has worked to make itself into. Sad but true.

    Corporations have bought laws the same that we might buy the Far Side collection. No less, no more. Well, not quite true - The so-called "law" has the power to imprison those of us who violate corporate profit-rules. But aside from that, look at California. DEA? They've all but started an outright revolution against the federeal government over medical marijuana. Don't feel too surprised to see "fair use" come under similar terms in the next few years.

    And corporate-vs-indiviual laws will follow a similar trend in the near future. The DEA just represents on form of that (pharmaceutical companies vs individuals). Next the RIAA will move into the next "necessary evil" position, then perhaps Microsoft. We greatly benefit from their products, but that does not place them above actual humanity.

    A revolution has already started. You can ignore it, or fight in it, but if "we" lose (by which "we" means "humans"), you can look forward to a 1984-like future.

    Pick a side, because "neutral" means the same as "pro-corporate", whether you like it or not.

  22. Re:Or... You Could Just Get The Non-DRM MP3s on BusinessWeek on Opening Apple's iTunes DRM · · Score: 1

    Or, you could just remove the FairPlay DRM from your iTunes purchases.

    VLC, courtesy of the already-infamous "DVD-Jon", can already do this.

    Really surprses me that with 400 posts, no one has mentioned this yet. Enjoy.

  23. Re:Drop MD5? No. It depends on the intended use. on Slashback: Flashmob, Currency, Verification · · Score: 1

    Almost forgot your comment about speed. SHA-1 is slightly slower then MD5. SHA-256 is slightly slower then SHA-1.

    By the numbers you gave (which running the suggested test on my own system more-or-less supported), for more than 16 byte blocks (ie, anywhere you'd use it, otherwise the idea of a "hash" doesn't mean a whole lot), MD5 performs roughly twice as fast as SHA-1.

    I do not consider that insignificant. Perhaps not enough of a difference to matter in most cases, but why make a program slower for no good reason?

    I do completely agree with your statement about the improved security of SHA; I don't believe I ever claimed otherwise. But I think you may have missed my entire point - Namely, "better" counts as a relative term. Better for crypto does not necessarily mean better for something like verifying a file, or even for a packet on an already-secure network. Yes, I most certainly want my bank using SHA, preferably even SHA512. No, a datafile from my mathematical recreation program of the week doesn't need an untamperable hash, it just needs a quick way to detect errors.

  24. Drop MD5? No. It depends on the intended use. on Slashback: Flashmob, Currency, Verification · · Score: 5, Informative

    I frequently use MD5 in my code, for verifying a file's integrity. I do not use SHA-1 or SHA256, because they run a lot slower than MD5, without providing a realistically better guarantee that a file contains what it did at the time of its creation (if 128 bits leaves a significant chance of collision, you have bigger problems than choice of hashing algorithms... Such as how to store over a trillion yottabytes, which corresponds to one bit per 10 picograms assuming you used the entire Earth as a storage device).

    Now, cryptographically, MD5 does not have the same "strength" as the SHA256. If you want to prevent tampering, you should most certainly switch to an SHA. But to just check the validity of a large block of data (such that a mere CRC doesn't suffice), MD5 works beautifully.

    Additionally, I would point out to those who seem to believe finding a single MD5 collision would invalidate the whole algorithm - BS. For SHA256, going though every possible 257 bit block, you can guarantee a collision. For any hashing algorithm, that will hold true. I don't care if someone came up with a quantum hash (pulled from my posterior, since quantum-blah seems like the word of the day for magical guarantees of computational perfection), you'll still have at least one collision in N+1 bits, where the hash generates N bits.


    So can we drop the SHA elitism that seems to have infected people lately? If you want to waste time in your code, go right ahead. But don't fault those of us who actually understand that, outside the realm of hard cryptography, MD5 more than suffices as an all around good hashing algorithm.

  25. Wonderful, we finally have the motivation... on SpamHaus Behind .mail Top-Level Domain · · Score: 2, Insightful

    for a major schizm of internet mail protocols.

    Which will leave "companies able to pay $2k/year" on one side, and "individuals capable of installing their own mail server" on the other.

    This will cause a bit of disruption at first, as a few competing standards emerge, but in the long run, it will make blocking corporate traffic far easier (yeah, I get soooo much legit email from non-individuals... I think I can count the past year's on one hand). And with a bit of care, the non-corporate protocol will finally include several of the oft-discussed but as-yet-unimplemented techniques for completely locking out spam (or at least making it trivial to identify the source).

    And encryption. Don't forget encryption. The non-corporate protocol should include end-to-end crypto, now that Big Brother can watch us on a whim right from the privacy of our own ISP's back door.