So your average data stream already has (or you may hope so) a rather high entropy. And the compression test does not work well.
The entroupy in a compressed data stream isn't as high as you think. Remember that you have additional data at the beginning of the stream (and possibly at the end) that indicates which compression program/algorithm is used.
A good way to add entropy would be to compress the data, then encrypt it, then compress it again, then transmit it. Most decent encryption software tries to compress the plaintext first anyway to reduce redundancies.
"We've been hearing about adding crypto back doors for the govement to snoop on us, but how would they work? Would there be one key that could be cracked opening up all such traffic? Also, how would/does the government know wether a bitstream is random bits, or encrypted data?"
There is no such thing as "random bits of data" streaming through the network. All data has redundancies and self-imposed structure in order to convey information. Read Shannon for details on information theory.
Most currently available cyphers create a data stream that appears extremely randomized. This, in itself, could be a way for the government snoops to detect encryption: A sample of data that is more random than other data.
You can try the "compression test" for encryption. Try compressing some data. Check the file size. Now, encrypt the same data and run your compression program. You'll notice that the "compressed" file is the same size or larger than the original. This is because the encrypted data is "extremely randomized", and the compression program cannot find patterns in it to compress it. The snoops can use a similar test to detect encrypted data streams, i.e. over time, the probability of any character appearing is 1/n where n is the length of the alphabet (0-255 for bytes).
Steganography and hiding cyphertext in cyphertext (see Applied Cryptography) would be a good way around encryption back doors.
Khalid wrote: "Knuth books are the material proof that software patents are stupid."
All the basics can be found in his works, agreed. But implementing products, whether in software or hardware, involves aggregation of this knowledge into a useful form.
Remember: Knowing the periodic table and the properties of chemicals isn't enough; products such as plastics or drugs are the result of aggregating the compounds and combining them through experimentation and know-how (i.e. the art part). In the case of software, knowing algorithms and programming languages doesn't result in a new product or way of solving a software problem. This product or service only has value to *anyone* if the application of algorithms and programming skills results in solving a problem.
Many of us think that the persons who figure how to solve some problem first (or better than anyone before them) are entitled to manage the discovery and protect the know-how involved (i.e. the intellectual property) any way they consider appropriate.
This freedom of choice is what allows some of us to produce code and licence it under the GPL, or the Apache licence, or patent it, or copyright it, or assign it to a third party, or whatever.
I tend to agree that most (perhaps all?) business methods and quite a few service patents are stupid. I don't agree when it comes to software. Then, I am primarily a technologist and make my living creating software products. If I were a business person I'd may have a more informed opinion of their stance on patents.
This is not a draft of volume IV. This is a draft of a section of one chapter in volume IV, namely section 7.2.1.1.
Dr. Knuth writes: "This is a section of a long, long chapter on combinatorial algorithms. Chapter 7 will eventually fill three volumes (namely Volumes 4A, 4B and 4C), assuming that I'm able to remain healthy."
This particular section deals with generation of combinatorial patterns and was released for public review in hope to winnow the most egregious errors before it's released; the subject is so extense that Dr. Knuth felt this was one of the best ways to improve this 67-page section.
I've read the first four or five pages and it's impressive, as always. Heavy on the math from the first page. Either way this will make for very enjoyable reading (if you're in hyper-nerd mode).
I learned more this afternoon about PostScript, Ghostview, Paint Shop Pro, Photoshop and Acrobat than in the last two years. I appreciate your comments and suggestions.
I used Distiller to convert the document. It was the easiest thing to do. I always wondered what the little "Distiller" icon did besides vectorizing my fonts; now I know.
I just downloaded Ghostscript and it looks like I'd have to compile, build, etc. etc.
I also have a licensed copy of Photoshop 5.0. I'm lazy when it comes to printing stuff. I just fed it the.ps file.
Crunch... crunch... crunch... parsing generic EPS format... more crunching...
Damn! It read the file but I can only see the cover page in a single layer. Oh, well... I'll fsck with it some more. Anyone know how to read more than one page using Photoshop?
If this doesn't work I'll follow the JASC Paint Shop Pro route. I have a copy laying around somewhere (I was using it until our graphics designer decided that we needed Photoshop -- "professionals use this" she said, so we bought it for her).
Yes, I'm lame when it comes to text formatting. I am a PDF/RTF/Word (yuck)/ASCII kind of guy.
Can someone please advise me as to either one of the following? Thanks in advance.
A.ps reader for Windows andLinux/KDE
A.ps => RTF or.ps => PDF conversion utility (I have a licensed copy of Acrobat Exchange 3.0 but don't really know how to use it beyond printing PDF documents)
I own The Art of Computer Programming vols. I, II, and III. I bought the first two back in 1987 while attending the university; the third I bought two years ago. I fondly remember saving my pennies to buy the first two; I can't wait to have a look at IV.
Some people in this forum think that ASN.1 is a replacement for XML; others think of it as a "lossy" compression algorithm. ASN.1 is neither. Read the article and learn a bit about ASN.1 before forming an opinion. Most important, ASN.1 has been an interoperability standard for at least 10 years prior to the introduction of XML.
ASN.1 is a standard interoperability protocol (ISO IS 8824 and 8825) that defines a transfer syntax irrespective of the local system's syntax. In the scenario described in the article, the local syntax is XML and the transfer syntax is ASN.1. ASN.1 is a collection of data values with some meaning associated with them. It doesn't specify how the values are to be encoded. The semantics of those values are left to the application to resolve (i.e. XML). ASN.1 defines only the transfer syntax between systems.
ASN.1 codes are defined in terms of one or more octets (bytes) joined together in something called an encoding structure. This encoding structure may have values associated with it in terms on bits rather than bytes. An encoding structure has three parts: Identifier, Length, and Contents octets. Id octects are used for specifying primitive or constructor data types. Length octets define the size of the actual content. A boolean is thus represented by a single bit, and digits 0-9 could be BCD encoded. Each encoding structure carries with it it's interpretation.
An XML document could thus be encoded by converting the tags into a lookup table and a single octect code. If the tags are too many, or too long (i.e. FIRST-NAME) then there are significant savings by replacing the whole tag with an ASN.1 encoded datum. If we assume there are up to 255 different potential tags in the XML document definition, then each could be assigned to a single byte. Thus, encoding the tag <FIRST-NAME> would only take two bytes: One for the ID, one for the length octet, and zero for the contents (the tag ID could carry its own meaning).
I used to work with OSI networks at IBM. All the traffic was ASN.1-encoded. I personally think this is an excellent idea because ASN.1 parsers are simple and straightforward to implement, fast, their output is architecture independent, and the technology is very stable. Most important, this is a PRESENTATION LAYER protocol, not an APPLICATION LAYER protocol. The semantics of the encoding are left to the XML program. Carefully encoded ASN.1 will preserve the exact format of the original XML document while allowing its fast transmission between two systems.
http://www.bgbm.fu-berlin.de/TDWG/acc/Documents/as n1gloss.htm has an excellent overview if you're interested.
I've been discussing a wild theory with some of my acquintances: Sklyarov may simply be a pawn in a game played by the US Department of State.
During the Cold War we exchanged spies. Recently, two private citizens were accused of spying (Pope and Tobin) and unjustly sent to the slammer in Russia. Could the DoJ attitude toward Dmitri Sklyarov have been encouraged by the Department of State?
If you think about it, it makes a twisted sort of sense. There is plenty of spy paranoia left over in Russia, so it's almost natural for them to aprehend someone on espionage charges. Try getting a visa to go to Russia, particularly somewhere other than Moscow or St. Petersburg, and you'll understand what I'm talking about. Here in the US we have plenty of business interests, and the Almighty Dollar is what dictates how justice is carried out (remember that Al Capone was nailed for tax evasion in spite of all the other crimes attributed to him).
When Pope and Tobin were originally caught and convicted the State Department and everyone else under the sun claimed they were innocent. The Russian judicial system ignored these pleas and convicted both (and both were freed shortly after). Could the handling of Sklyarov's case be no more than tit-for-tat?
I live in San Francisco; many of my friends are Russians and I speak the language. I'd be game for an event like this and/or to offer him a place to crash for a couple of days.
I agree with you completely. If you see my post elsewhere off the main article, I said roughly the same thing about cell phones. I think you're right about the laptop as well; even the Palm V could be disposed of...
Why not solve your paranoia with one-time passwords?
Thanks for the reminder. We thought about doing this a couple of times, but never implemented it. I really appreciate your suggestion and will implement it next time I go somewhere.
Something else I was thinking about: Carrying one or more private keys on a diskette with me, kind of a one-time-key. That way there is no typing involved, and I can easily dispose/destroy the diskette.
Just wondering: do you trust those pc's? I mean, how do you know there is not a trojan or other keystroke logger on it?
I don't trust anyone's PC, including mine, when it comes to security::wink::.
I avoid Internet cafes and other entities where I may run into people who actually know what they are doing. They're more likely to be monitoring what you're doing in the computer. In all cases I aimed for busy places, with lots of terminals, no CCTV cameras, and I gauged people's knowledge by social engineering. Too much knowledge on their part raises my awareness of how deeply I may check into what the computer is doing.
Once I decided that I was to use a given establishment's computers, I'd sit down and study their set up for a bit. I would check for loggers, active ports (using netstat), other kinds of spyware. They had it installed in some cases, but it's easy to disable, particularly if you take into account that most I-cafes are running Windows. I avoided the one Internet cafe running UNIX that I found (in Dusseldorf) because right there they're more likely to know what they're doing.
Last, I never use their software. Every time I needed access to something I'd log on to www.openssh.org, get a copy of PuTTY or whatever, install it, run it, and dispose of it. A healthy three-finger salute after finishing (Ctrl-Alt-Delete) and wait for the machine to reboot. Check to see if the computer retained any of my data, close the session, and walk away.
(Yes, I pissed off at least one cafe person because they'd have to come an enter a password to boot the machine. I played dumb with something like "the screen went blue and then this happened" and then continue checking if they computer retained any of my data)
I'm aware that if someone really wanted to they'd be able to hack us. All I can say is that vigilance is the only antidote against that. Street smarts applied to surfing are a boon.
During my last trip to Europe I resolved that I wouldn't take my Compaq notebook (it's a light machine but it requires carrying an extra bag). As an experiment, I tried taking with me only the following:
Standard Palm V
Palm V folding keyboard (same footpring as Palm V)
The Palm V universal recharger (110 - 220 VAC)
The Palm V analog modem
A set of wall adapters for Russian, German, and French wall and telephone outlets
Special software? A copy of Top Gun SSH for the Palm
Anything I was bound to need while meeting with customers (presentations, product samples, etc.) was pre-copied to a secure HTTP site in our network so I could download it upon my arrival using my customer's equipment.
This was a 2-week trip. During this time, I scheduled things so that I didn't have to look at e-mail every single day. Added a vacation e-mail auto-reply just in case. Any notes that I might've needed for the duration of the trip were downloaded to the Palm as Memo documents (no extraneous formatting).
I carried all these things in the external zippered pockets of my traveling leather jacket:
Palm V and passport: Left breast pocket
Keyboard: Right breast pocket
Modem: Left hip pocket
AC recharger and adapters: Right hip pocket
I had excellent results. During the trip I had the option of connecting with the Palm and sending quick replies, or heading to an Internet café, install a copy of SSH, check my e-mail and optionally review documents on my server(s), etc. Not carrying a lot of stuff, and having a device with only limited capabilities allowed me to be more productive about what I was doing during the trip. I only had my carry-on bag with 2 weeks worth of clothes, so I was in-and-out of every airport I visited (SFO, DeGaulle, Frankfort, Sheremetyevo, Cheboksari, and Toronto [I can't remember its name]) in less than 20 minutes, including customs.
I've been traveling for business for 12 years doing consulting and installing the software we produce worldwide. This trip taught me that it's not the quantity of what you carry but the quality and the planning what count. It was the first trip without my laptop/notebook since 1992.
The hardest part was synchronizing all the materials I produced while I was gone with the rest of the work at the company. It took a lot of cutting and pasting and a couple of revisions.
This experiment was an extension to my habit of not carrying a mobile phone. I own one but I don't even know the number, and I only carry it when I think I may have to call someone that I couldn't reach at any other time. I used to carry my phone at all times and spend lots of time using it. I realized then that my time is very precious and so is my customers's. No phone calls at all times means no interruptions while I'm taking care of business, dining out with my friends, at the movies or theatre, etc. I've never lost a deal because I couldn't take a call right that minute. If I'm expecting something critical, then I stay at my office where the phone and all other resources (including people in my staff) are available to take care of business.
Two questions.
1) Am I clean or is there something else that I need to deinstall?
2) I didn't know what KaZaA was, and have not installed it. Does anybody know what other programs could have installed eZula/TopText?
I cannot answer that. We deselected the TOPtext installation during the KaZaA setup so it never got to my system in the first place. If possible, get a copy of the Norton System Doctor (NSD) and have it inspect your HD. NSD can usually find dangling registry entries, orphan DLLs, and other nasties that may help you troubleshoot what else may be lurking in your system.
I just had an idea: Go to eZula.com and check their list of partners. Perhaps you downloaded something in the past few weeks/months that you missed. Also, since they get along so well with IE, there is a possibility that they used IE or Outlook (is that what you use for e-mail?) to sneak the TOPtext program into your system.
It's late... I'll let my subconscious work on other ideas. If I come up with something else I'll post it in the morning.
I've been using KaZaA for several weeks without intrusions or undesireable software running on my Windoze box.
The latest upgrade for KaZaA, including all the "enhancements" came over the wires either last Sunday or Monday. Neither TOPText, nor any of the other "intrusionware" were installed.
I believe "intrusionware" became a problem for us in 1998 or so with QuickBooks Pro and its desire to install AOL (Corel Draw! also installed some unnecessary crap by default). We realized that most default configurations of shrinkwrapped software tended to install things we didn't want in our (or our customers') systems. Ever since we follow these steps to prevent the introduction of undesirable code:
Never use the default installation. Always click on "customize install"
Always take a snapshot of the registry prior to installing the software and one immediately after running it for the first time. We use both Norton Registry Tracker and Remove-It for that. Remove-it also does a before/after snapshot of the contents of every directory on the HD.
Ensure that the after snapshot in the previous step is taken after you run the program. Yeah, I like repeating it because it's important.
Make sure (in your C:/AUTOEXEC.BAT) that the TMP and TEMP environment variables point to the same directory so you can view what temporary files were created during the installation.
We found that, 95% of the time, our desktops (and those of our customers still using Windows) were easily rolled back to a known "clean" state by using these tools. The other 5% we had to manually remove one or two registry entries, or DLLs/VxDs loaded during Windows start up. If we absolutely must run a piece of Windows software (i.e. QuickBooks), we can usually pick and choose what to remove and what to leave installed by following this procedure.
About the KaZaA installation
In the case of KaZaA, it drops an upgrade program in its download/share folder. That program gives the option for a "custom install". Deselect (is that a verb?) the options that you don't want such as TOPtext. Watch your registry. No changes to the system.
KaZaA installs some banners and other annoyware under C:/WINDOWS/SYSTEM/adcache. KaZaA's UI is a modified version of Internet Exploiter. It's a web browser with a custom UI. You can disable the annoying ads at the bottom of the screen by:
Using the junkbuster proxy for filtering the sites where KaZaA is getting its banners from. The default banners come from www.qksrv.net. Block it. There may be others down the line. Block them as they appear.
Unloading KaZaA and manually erasing all the GIF and JPEG files in that directory. Lave the two HTML/JavaScript files in place (B_416800.HTM and B_416900.HTM), though, or KaZaA won't work.
This process sounds like a lot of work, but in reality it only adds about 2 minutes to every new software installation. It saves us from endless hours of grief at a later time.
Annoyware aside, I really like KaZaA. It's quick, and I've been able to find everything I searched for on it.
(If you see my previous posts, we're a mostly-UNIX shop. We (and several of our customers) run a hybrid UNIX+Samba+Windoze environment. No flames on this, OK? I'm a realist, and business demands that we use Windows under certain circumstances)
I couldn't agree more with you. It's disheartening discovering that many people in the Open Source and a great many in the Free Software movement lack the maturity to approach this as a real-world problem. They don't realize that they could take the cause further by showing some restraint where appropriate and focusing their energy in their creativity.
I personally agree with the term and precepts of Open Source rather than Free Software. There is a rather childish quality to their public announcements (tantrums?) that I don't see as often in people adhering to the more open-minded people in the OSS movement. In general I can present something produced by a non-GNU but open sourced group to a customer and have it accepted. I cannot always do that with GNU products, Linux itself included. I think it's a shame that hollering distracts the intended audiences from the substance.
Portable.net and Mono don't validate Microsoft's.Net. They are a reaction to it, and perhaps the only chances we've got to wrestle control of the Internet from Microsoft.
Many Open Source projects tend to be re-implementations of someone's commercial products. In this case, Microsoft designed a framework that is likely to become the standard in years to come. It's not a matter of whether we like it or not. It's simple economics. Microsoft has the following advantages going for it:
Market penetration
PR mindshare
A coherent plan
An almost endless supply of cash
Rather than complaining about "validating Microsoft's position", we should all take this as an opportunity to do what Microsoft does best: Embrace and extend. The products from DotGNU meta project, and every subproject or related effort, can be leveraged by us to wrestle control from Microsoft.
It won't be an easy battle, but we may win it. We need to achieve the following:
Participate in a coordinated, constructive and coordinated manner. The in-fighting only hurts our chances.
Focus on delivering products and services as fast as possible.
Companies have evangelists; some of us will get to evangelize (and educate) the uncultured IT masses. Are we up to the task? We need to create mindshare, high-visibility commercial projects, and promote our success stories.
Most important, don't fight with Microsoft. Let them get comfortable. Focus our energy on improving our results, not on pissing contests with the Redmond Giant. Remember: If you wrestle with a pig, the pig just has fun and you just get dirty.
Remember also that this is not only a technology fight. Hailstorm/passport are services. That means that, after we implement the technology, we must convince real world organisations (businesses, non-profits, government, whatever) to adopt it instead of.Net et. al.
Would converting her to reiserfs fix the poweroff/fsck problem?
Thanks for the suggestion::grin::. Basically all we had to do was teach her to use Logout/Halt. The problem is over.
Also, I've tried StarOffice (on Mandrake 8) but the fonts really suck. Any help here?
I am not familiar with the Mandrake distributions. We use Red Hat 7.x with the latest KDE and whichever fonts get installed with it. StarOffice brings a few fonts of its own, if memory serves me. For all our documents we use only Helvetica/Sans Serif and Times Roman/Serif fonts. I'll look into it and see if one of my guys knows how to set other fonts in StarOffice.
(The reason we only use those two fonts is because I read somewhere that those are the two easiest on the eyes. I found that out through one of my customers in Switzerland.)
You make a good argument, but fail to consider 2 things:
Macs are more expensive than Intel-based systems. If I were to buy a Mac right now, I would end up spending around $3000. A roughly equivalent Intel system would be no more than half that. Cost is a major issue for people who are not serious computer users, and sometimes even for those who are.
Linux-based systems are difficult to maintain. Using Linux can be easy, as you have demonstrated with the case of your mother. However, there's little doubt that she could not have installed new software--let alone the operating system itself--without your assistance. Unfortunately, not all users have someone to hold their hand and maintain their systems for them.
On the contrary, I am considering those aspects for these types of users:
iMacs are marginally more expensive than equivalent Compaq or Dell systems. When you factor downtime and optional peripherals, they come costing about the same. My argument for these people is always Peace of Mind. They may be saving about $300 on buying a PC, but they'll pay for it in down time and/or tech support visits and/or additional peripherals or software to stabilize the system (i.e. Norton Utilities and other). Last, a $3,000 Mac is not for an entry-level level user; such a system is comparable to a Win2000 rather than an XP system.
In the case of my Mother we were testing if the newbie could work and accomplish newbie things using Big Scary Linux and she could. I was ready to buy the iBook if it didn't work out. For a professional organization, including TCO, Linux proves to be a better value. In the case of the CEO, they found that, on average, 70% of their bills paid to us (after the cost of the support contract) were related to problems in his computer or caused by his computer (i.e. the ILoveYou virus hiting his machine and renaming all the JPEG files in a shared directory). The cost of ownership and operation quickly offsets the learning curve. Business people understand $$$. Use that as an argument.
This is disgusting. I'm an advocate of laissez faire capitalism. This move by Microsoft and Windows XP is downright criminal because it abuses those users who know the least. A knowledgeable user won't fall for this. A newby, on the other hand...
Can we offer alternatives? I think so. For the last couple of years I'd advised people to go either of two routes (including my customers):
Buy a Macintosh
If you're a newbie there still isn't a computer as easy to use as the Mac. It's more attractive than a PC, it doesn't break as often (i.e. DLL or hardware conflicts), and it requires overall less attention than Windows systems do. All the common applications are available in it, and it delivers better performance for a smaller configuration (i.e. a Mac running MS Office requires half the RAM as a PC for accomplishing the same task).
Use Linux Systems
While it's common to hear "my application X only runs under Windows!" I found that either a filter/converter exists for the application or that they can use StarOffice and carry on. There have been very few instances in which a given piece of software was Windows-specific (i.e. QuickBooks Pro); in those instances we suggest deploying a single Windows system used for that activity and sharing all resources from the Samba network.
I have two anecdotes related to this.
The CEO of a company we rolled out refuses to move off Windows/Outlook/Office. Every mayor virus and worm out there has hit him alone since we converted the rest of the network (30+ people). Yes, we installed VirusScan and Norton Utilities and everything else. On Monday he called to ask for a quote for converting his system to Linux. He's seen that we can fix everyone else's system without even having to physically go to their office, they have almost no downtime, and they can do their business with Linux/Solaris applications.
The other anecdote is about my 66 year old Mother. She's as computer illiterate as they come, having retired a few years ago and having had admin assistants all her professional life to take care of things for her. She wanted a computer so I gave her one of my old Compaq Presarios. The catch? We installed Linux + KDE + Netscape. She's happy web surfing, exchanging e-mail, visiting newsgroups, etc. We set an idiot-proof configuration for her, and if she wants a new program we install it remotely (i.e. we recently installed StarOffice and Mozilla 0.9.2 in her system). She knows about Windows, but she uses Oscar for Instant Messaging off the AOL web site, and everything else she needs as an Internet surfer is readily available to her. Flash, Java, etc. etc. are all readily available to her.
(I was ready to buy her an iBook if this little mental experiment didn't work. It never came to that. The only problem we had with this was that, at first, she kept forgetting to shut the system down so we had a long fsck on every startup.)
Based on our experiences, we can safely say that the best way to escape the Windows XP tar pit is by educating the users. Don't rant against Windows. Take the time to explain to others why there are better options out there. Show them what the alternatives look like. Give people credit and assume they're smarter than you thought. You'll be surprised at how well they understand what you told them.
MS-DOS was an inferior product supported by a superior marketing strategy. If Gary Kildal hadn't been flying his airplane or whatever, we'd be running CP/M + GEM based computers today instead of MS-DOS/Windoze systems. Remember that MS-DOS wasn't even a Microsoft product to begin with; Gates's talent was to seize the business opportunity and then execute on the technology.
The point is really that you must have both the superior product and the marketing strategy. Microsoft uses both. Some companies have tried to survive on only one and didn't make it or made it only marginally.
The timing is too tight for this to be a coincidence.
Today we learned (here on slashdot) that AOL is opening up its instant messaging software to third parties. Then we hear Sen. Charles Schumer of New York, a member of the Senate Judiciary Committee has asked state prosecutors to seek an injunction blocking the launch of Windows XP
The article linked from the top of the slashdot presents this comment (among others) from Microsoft: Microsoft also took aim at AOL Time Warner, saying the company has steadfastly refused to open its instant messaging systems to interoperate with other systems.
It's plausible that the AOL news were a preemptive strike since they knew that Sen. Schumer was going to make the news later in the day, perhaps at the behest of lobbyists paid for by one or more corporations based in NY state.
I don't believe that the government should have a say in how companies go about doing their business. While I don't agree with several Microsoft practices, it sickens me to think that publicly elected officials may be acting on behalf of corporations. Ayn Rand warned us about this at length (see Atlas Shrugged). I believe that Microsoft should be able to release its software as they see fit. It's up to us software developers and vendors (free software, open software, commercial, whatever) to stop their hegemony. People forget that Microsoft managed to break IBM's stronghold of computer technology by offering better products and being smarter about business than the larger company.
Think of IBM's TopView and compare it to Windows 1.0. They came out at roughly the same time. Neither one worked. IBM dropped the product. Microsoft improved the product over the years to the point where we see it today. OS/2? Good software implementation, but lousy business strategy. The current Linux revolution proves that radically different software is adopted if it (a) satisfies the user's requirements and (b) it's available.
Finally, if you aren't old enough to have witnessed the fall of IBM and the rise of Microsoft (or to know what TopView was), please abstain from flaming.
It's our turn to be smarter about distributing our wares and creating better products. We don't need government intervention to win.
SmartTags technology is obviously troublesome to most of us here, as well as to many people in the IT media. Can we start a grass roots effort to educate people in this and perhaps guide Microsoft to drop the feature? Don't laugh. Remember that, first, Microsoft is a marketing company. Make enough noise and the feature might go away.
First steps to educate people:
Share your point of view, calmly and clearly, with all the Windows users you know.
How many letters to the editor have you written lately?
How many letters to Microsoft have you written lately?
Seek out the Microsoft employees you know (come on, you must know at least one) and share your opinion in person
What is the web for? Post, post, post! I would be willing to host a web site dedicated to this subject. Make the domain something smart, not "smarttagssuck.org" or whatever. Publicize it.
Get some beta copies of XP and do an analysis of the feature.
Explain to HTML content developers the dangers of this feature, and how it will increase their work load by having to use special meta tags to prevent Explorer from steering the users out of the current page.
Can you come up with some other ways of doing this? Informing the Windows user base at large may be the best weapon against the XP SmartTags.
Slashdot Mirror
So your average data stream already has (or you may hope so) a rather high entropy. And the compression test does not work well.
The entroupy in a compressed data stream isn't as high as you think. Remember that you have additional data at the beginning of the stream (and possibly at the end) that indicates which compression program/algorithm is used.
A good way to add entropy would be to compress the data, then encrypt it, then compress it again, then transmit it. Most decent encryption software tries to compress the plaintext first anyway to reduce redundancies.
Cheers!
E
"We've been hearing about adding crypto back doors for the govement to snoop on us, but how would they work? Would there be one key that could be cracked opening up all such traffic? Also, how would/does the government know wether a bitstream is random bits, or encrypted data?"
There is no such thing as "random bits of data" streaming through the network. All data has redundancies and self-imposed structure in order to convey information. Read Shannon for details on information theory.
Most currently available cyphers create a data stream that appears extremely randomized. This, in itself, could be a way for the government snoops to detect encryption: A sample of data that is more random than other data.
You can try the "compression test" for encryption. Try compressing some data. Check the file size. Now, encrypt the same data and run your compression program. You'll notice that the "compressed" file is the same size or larger than the original. This is because the encrypted data is "extremely randomized", and the compression program cannot find patterns in it to compress it. The snoops can use a similar test to detect encrypted data streams, i.e. over time, the probability of any character appearing is 1/n where n is the length of the alphabet (0-255 for bytes).
Steganography and hiding cyphertext in cyphertext (see Applied Cryptography) would be a good way around encryption back doors.
Cheers!
EI disagree with this point of view.
Khalid wrote: "Knuth books are the material proof that software patents are stupid."
All the basics can be found in his works, agreed. But implementing products, whether in software or hardware, involves aggregation of this knowledge into a useful form.
Remember: Knowing the periodic table and the properties of chemicals isn't enough; products such as plastics or drugs are the result of aggregating the compounds and combining them through experimentation and know-how (i.e. the art part). In the case of software, knowing algorithms and programming languages doesn't result in a new product or way of solving a software problem. This product or service only has value to *anyone* if the application of algorithms and programming skills results in solving a problem.
Many of us think that the persons who figure how to solve some problem first (or better than anyone before them) are entitled to manage the discovery and protect the know-how involved (i.e. the intellectual property) any way they consider appropriate.
This freedom of choice is what allows some of us to produce code and licence it under the GPL, or the Apache licence, or patent it, or copyright it, or assign it to a third party, or whatever.
I tend to agree that most (perhaps all?) business methods and quite a few service patents are stupid. I don't agree when it comes to software. Then, I am primarily a technologist and make my living creating software products. If I were a business person I'd may have a more informed opinion of their stance on patents.
Cheers!
E
This is not a draft of volume IV. This is a draft of a section of one chapter in volume IV, namely section 7.2.1.1.
Dr. Knuth writes: "This is a section of a long, long chapter on combinatorial algorithms. Chapter 7 will eventually fill three volumes (namely Volumes 4A, 4B and 4C), assuming that I'm able to remain healthy."
This particular section deals with generation of combinatorial patterns and was released for public review in hope to winnow the most egregious errors before it's released; the subject is so extense that Dr. Knuth felt this was one of the best ways to improve this 67-page section.
I've read the first four or five pages and it's impressive, as always. Heavy on the math from the first page. Either way this will make for very enjoyable reading (if you're in hyper-nerd mode).
Cheers!
E
Greetings!
/.-ting.
I learned more this afternoon about PostScript, Ghostview, Paint Shop Pro, Photoshop and Acrobat than in the last two years. I appreciate your comments and suggestions.
I used Distiller to convert the document. It was the easiest thing to do. I always wondered what the little "Distiller" icon did besides vectorizing my fonts; now I know.
Thanks again to all, and happy
E
Greetings!
.ps file.
I just downloaded Ghostscript and it looks like I'd have to compile, build, etc. etc.
I also have a licensed copy of Photoshop 5.0. I'm lazy when it comes to printing stuff. I just fed it the
Crunch... crunch... crunch... parsing generic EPS format... more crunching...
Damn! It read the file but I can only see the cover page in a single layer. Oh, well... I'll fsck with it some more. Anyone know how to read more than one page using Photoshop?
If this doesn't work I'll follow the JASC Paint Shop Pro route. I have a copy laying around somewhere (I was using it until our graphics designer decided that we needed Photoshop -- "professionals use this" she said, so we bought it for her).
Cheers!
E
Thank you. I will go to FSF and check it out.
E
Yes, I'm lame when it comes to text formatting. I am a PDF/RTF/Word (yuck)/ASCII kind of guy.
Can someone please advise me as to either one of the following? Thanks in advance.
I own The Art of Computer Programming vols. I, II, and III. I bought the first two back in 1987 while attending the university; the third I bought two years ago. I fondly remember saving my pennies to buy the first two; I can't wait to have a look at IV.
Cheers!
ESome people in this forum think that ASN.1 is a replacement for XML; others think of it as a "lossy" compression algorithm. ASN.1 is neither. Read the article and learn a bit about ASN.1 before forming an opinion. Most important, ASN.1 has been an interoperability standard for at least 10 years prior to the introduction of XML.
ASN.1 is a standard interoperability protocol (ISO IS 8824 and 8825) that defines a transfer syntax irrespective of the local system's syntax. In the scenario described in the article, the local syntax is XML and the transfer syntax is ASN.1. ASN.1 is a collection of data values with some meaning associated with them. It doesn't specify how the values are to be encoded. The semantics of those values are left to the application to resolve (i.e. XML). ASN.1 defines only the transfer syntax between systems.
ASN.1 codes are defined in terms of one or more octets (bytes) joined together in something called an encoding structure. This encoding structure may have values associated with it in terms on bits rather than bytes. An encoding structure has three parts: Identifier, Length, and Contents octets. Id octects are used for specifying primitive or constructor data types. Length octets define the size of the actual content. A boolean is thus represented by a single bit, and digits 0-9 could be BCD encoded. Each encoding structure carries with it it's interpretation.
An XML document could thus be encoded by converting the tags into a lookup table and a single octect code. If the tags are too many, or too long (i.e. FIRST-NAME) then there are significant savings by replacing the whole tag with an ASN.1 encoded datum. If we assume there are up to 255 different potential tags in the XML document definition, then each could be assigned to a single byte. Thus, encoding the tag <FIRST-NAME> would only take two bytes: One for the ID, one for the length octet, and zero for the contents (the tag ID could carry its own meaning).
I used to work with OSI networks at IBM. All the traffic was ASN.1-encoded. I personally think this is an excellent idea because ASN.1 parsers are simple and straightforward to implement, fast, their output is architecture independent, and the technology is very stable. Most important, this is a PRESENTATION LAYER protocol, not an APPLICATION LAYER protocol. The semantics of the encoding are left to the XML program. Carefully encoded ASN.1 will preserve the exact format of the original XML document while allowing its fast transmission between two systems.
http://www.bgbm.fu-berlin.de/TDWG/acc/Documents/as n1gloss.htm has an excellent overview if you're interested.
Cheers!
EI've been discussing a wild theory with some of my acquintances: Sklyarov may simply be a pawn in a game played by the US Department of State.
During the Cold War we exchanged spies. Recently, two private citizens were accused of spying (Pope and Tobin) and unjustly sent to the slammer in Russia. Could the DoJ attitude toward Dmitri Sklyarov have been encouraged by the Department of State?
If you think about it, it makes a twisted sort of sense. There is plenty of spy paranoia left over in Russia, so it's almost natural for them to aprehend someone on espionage charges. Try getting a visa to go to Russia, particularly somewhere other than Moscow or St. Petersburg, and you'll understand what I'm talking about. Here in the US we have plenty of business interests, and the Almighty Dollar is what dictates how justice is carried out (remember that Al Capone was nailed for tax evasion in spite of all the other crimes attributed to him).
When Pope and Tobin were originally caught and convicted the State Department and everyone else under the sun claimed they were innocent. The Russian judicial system ignored these pleas and convicted both (and both were freed shortly after). Could the handling of Sklyarov's case be no more than tit-for-tat?
What do you think?
EI live in San Francisco; many of my friends are Russians and I speak the language. I'd be game for an event like this and/or to offer him a place to crash for a couple of days.
Cheers!
ZhenyaBravo!
I agree with you completely. If you see my post elsewhere off the main article, I said roughly the same thing about cell phones. I think you're right about the laptop as well; even the Palm V could be disposed of...
Good luck and best wishes,
EHi Jelle!
Why not solve your paranoia with one-time passwords?
Thanks for the reminder. We thought about doing this a couple of times, but never implemented it. I really appreciate your suggestion and will implement it next time I go somewhere.
Something else I was thinking about: Carrying one or more private keys on a diskette with me, kind of a one-time-key. That way there is no typing involved, and I can easily dispose/destroy the diskette.
Take care,
Esnake_dad wrote:
Just wondering: do you trust those pc's? I mean, how do you know there is not a trojan or other keystroke logger on it?
I don't trust anyone's PC, including mine, when it comes to security ::wink::.
I avoid Internet cafes and other entities where I may run into people who actually know what they are doing. They're more likely to be monitoring what you're doing in the computer. In all cases I aimed for busy places, with lots of terminals, no CCTV cameras, and I gauged people's knowledge by social engineering. Too much knowledge on their part raises my awareness of how deeply I may check into what the computer is doing.
Once I decided that I was to use a given establishment's computers, I'd sit down and study their set up for a bit. I would check for loggers, active ports (using netstat), other kinds of spyware. They had it installed in some cases, but it's easy to disable, particularly if you take into account that most I-cafes are running Windows. I avoided the one Internet cafe running UNIX that I found (in Dusseldorf) because right there they're more likely to know what they're doing.
Last, I never use their software. Every time I needed access to something I'd log on to www.openssh.org, get a copy of PuTTY or whatever, install it, run it, and dispose of it. A healthy three-finger salute after finishing (Ctrl-Alt-Delete) and wait for the machine to reboot. Check to see if the computer retained any of my data, close the session, and walk away.
(Yes, I pissed off at least one cafe person because they'd have to come an enter a password to boot the machine. I played dumb with something like "the screen went blue and then this happened" and then continue checking if they computer retained any of my data)
I'm aware that if someone really wanted to they'd be able to hack us. All I can say is that vigilance is the only antidote against that. Street smarts applied to surfing are a boon.
Cheers!
EGreetings!
During my last trip to Europe I resolved that I wouldn't take my Compaq notebook (it's a light machine but it requires carrying an extra bag). As an experiment, I tried taking with me only the following:
This was a 2-week trip. During this time, I scheduled things so that I didn't have to look at e-mail every single day. Added a vacation e-mail auto-reply just in case. Any notes that I might've needed for the duration of the trip were downloaded to the Palm as Memo documents (no extraneous formatting).
I carried all these things in the external zippered pockets of my traveling leather jacket:
I had excellent results. During the trip I had the option of connecting with the Palm and sending quick replies, or heading to an Internet café, install a copy of SSH, check my e-mail and optionally review documents on my server(s), etc. Not carrying a lot of stuff, and having a device with only limited capabilities allowed me to be more productive about what I was doing during the trip. I only had my carry-on bag with 2 weeks worth of clothes, so I was in-and-out of every airport I visited (SFO, DeGaulle, Frankfort, Sheremetyevo, Cheboksari, and Toronto [I can't remember its name]) in less than 20 minutes, including customs.
I've been traveling for business for 12 years doing consulting and installing the software we produce worldwide. This trip taught me that it's not the quantity of what you carry but the quality and the planning what count. It was the first trip without my laptop/notebook since 1992.
The hardest part was synchronizing all the materials I produced while I was gone with the rest of the work at the company. It took a lot of cutting and pasting and a couple of revisions.
This experiment was an extension to my habit of not carrying a mobile phone. I own one but I don't even know the number, and I only carry it when I think I may have to call someone that I couldn't reach at any other time. I used to carry my phone at all times and spend lots of time using it. I realized then that my time is very precious and so is my customers's. No phone calls at all times means no interruptions while I'm taking care of business, dining out with my friends, at the movies or theatre, etc. I've never lost a deal because I couldn't take a call right that minute. If I'm expecting something critical, then I stay at my office where the phone and all other resources (including people in my staff) are available to take care of business.
Cheers!
EAC wrote:
Two questions.
1) Am I clean or is there something else that I need to deinstall?
2) I didn't know what KaZaA was, and have not installed it. Does anybody know what other programs could have installed eZula/TopText?
I cannot answer that. We deselected the TOPtext installation during the KaZaA setup so it never got to my system in the first place. If possible, get a copy of the Norton System Doctor (NSD) and have it inspect your HD. NSD can usually find dangling registry entries, orphan DLLs, and other nasties that may help you troubleshoot what else may be lurking in your system.
I just had an idea: Go to eZula.com and check their list of partners. Perhaps you downloaded something in the past few weeks/months that you missed. Also, since they get along so well with IE, there is a possibility that they used IE or Outlook (is that what you use for e-mail?) to sneak the TOPtext program into your system.
It's late... I'll let my subconscious work on other ideas. If I come up with something else I'll post it in the morning.
Cheers!
EI've been using KaZaA for several weeks without intrusions or undesireable software running on my Windoze box.
The latest upgrade for KaZaA, including all the "enhancements" came over the wires either last Sunday or Monday. Neither TOPText, nor any of the other "intrusionware" were installed.
I believe "intrusionware" became a problem for us in 1998 or so with QuickBooks Pro and its desire to install AOL (Corel Draw! also installed some unnecessary crap by default). We realized that most default configurations of shrinkwrapped software tended to install things we didn't want in our (or our customers') systems. Ever since we follow these steps to prevent the introduction of undesirable code:
We found that, 95% of the time, our desktops (and those of our customers still using Windows) were easily rolled back to a known "clean" state by using these tools. The other 5% we had to manually remove one or two registry entries, or DLLs/VxDs loaded during Windows start up. If we absolutely must run a piece of Windows software (i.e. QuickBooks), we can usually pick and choose what to remove and what to leave installed by following this procedure.
About the KaZaA installation
In the case of KaZaA, it drops an upgrade program in its download/share folder. That program gives the option for a "custom install". Deselect (is that a verb?) the options that you don't want such as TOPtext. Watch your registry. No changes to the system.
KaZaA installs some banners and other annoyware under C:/WINDOWS/SYSTEM/adcache. KaZaA's UI is a modified version of Internet Exploiter. It's a web browser with a custom UI. You can disable the annoying ads at the bottom of the screen by:
This process sounds like a lot of work, but in reality it only adds about 2 minutes to every new software installation. It saves us from endless hours of grief at a later time.
Annoyware aside, I really like KaZaA. It's quick, and I've been able to find everything I searched for on it.
(If you see my previous posts, we're a mostly-UNIX shop. We (and several of our customers) run a hybrid UNIX+Samba+Windoze environment. No flames on this, OK? I'm a realist, and business demands that we use Windows under certain circumstances)
Cheers!
EDan,
I couldn't agree more with you. It's disheartening discovering that many people in the Open Source and a great many in the Free Software movement lack the maturity to approach this as a real-world problem. They don't realize that they could take the cause further by showing some restraint where appropriate and focusing their energy in their creativity.
I personally agree with the term and precepts of Open Source rather than Free Software. There is a rather childish quality to their public announcements (tantrums?) that I don't see as often in people adhering to the more open-minded people in the OSS movement. In general I can present something produced by a non-GNU but open sourced group to a customer and have it accepted. I cannot always do that with GNU products, Linux itself included. I think it's a shame that hollering distracts the intended audiences from the substance.
Thanks for your response to my comment.
EPortable.net and Mono don't validate Microsoft's .Net. They are a reaction to it, and perhaps the only chances we've got to wrestle control of the Internet from Microsoft.
Many Open Source projects tend to be re-implementations of someone's commercial products. In this case, Microsoft designed a framework that is likely to become the standard in years to come. It's not a matter of whether we like it or not. It's simple economics. Microsoft has the following advantages going for it:
Rather than complaining about "validating Microsoft's position", we should all take this as an opportunity to do what Microsoft does best: Embrace and extend. The products from DotGNU meta project, and every subproject or related effort, can be leveraged by us to wrestle control from Microsoft.
It won't be an easy battle, but we may win it. We need to achieve the following:
Remember also that this is not only a technology fight. Hailstorm/passport are services. That means that, after we implement the technology, we must convince real world organisations (businesses, non-profits, government, whatever) to adopt it instead of .Net et. al.
Let's charge on!
EWould converting her to reiserfs fix the poweroff/fsck problem?
Thanks for the suggestion ::grin::. Basically all we had to do was teach her to use Logout/Halt. The problem is over.
Also, I've tried StarOffice (on Mandrake 8) but the fonts really suck. Any help here?
I am not familiar with the Mandrake distributions. We use Red Hat 7.x with the latest KDE and whichever fonts get installed with it. StarOffice brings a few fonts of its own, if memory serves me. For all our documents we use only Helvetica/Sans Serif and Times Roman/Serif fonts. I'll look into it and see if one of my guys knows how to set other fonts in StarOffice.
(The reason we only use those two fonts is because I read somewhere that those are the two easiest on the eyes. I found that out through one of my customers in Switzerland.)
Thanks for the tip on Insight ::grin::
Cheers!
ECatch22RG wrote:
You make a good argument, but fail to consider 2 things:
Macs are more expensive than Intel-based systems. If I were to buy a Mac right now, I would end up spending around $3000. A roughly equivalent Intel system would be no more than half that. Cost is a major issue for people who are not serious computer users, and sometimes even for those who are.
Linux-based systems are difficult to maintain. Using Linux can be easy, as you have demonstrated with the case of your mother. However, there's little doubt that she could not have installed new software--let alone the operating system itself--without your assistance. Unfortunately, not all users have someone to hold their hand and maintain their systems for them.
On the contrary, I am considering those aspects for these types of users:
Cheers!
EThis is disgusting. I'm an advocate of laissez faire capitalism. This move by Microsoft and Windows XP is downright criminal because it abuses those users who know the least. A knowledgeable user won't fall for this. A newby, on the other hand...
Can we offer alternatives? I think so. For the last couple of years I'd advised people to go either of two routes (including my customers):
Buy a Macintosh
If you're a newbie there still isn't a computer as easy to use as the Mac. It's more attractive than a PC, it doesn't break as often (i.e. DLL or hardware conflicts), and it requires overall less attention than Windows systems do. All the common applications are available in it, and it delivers better performance for a smaller configuration (i.e. a Mac running MS Office requires half the RAM as a PC for accomplishing the same task).
Use Linux Systems While it's common to hear "my application X only runs under Windows!" I found that either a filter/converter exists for the application or that they can use StarOffice and carry on. There have been very few instances in which a given piece of software was Windows-specific (i.e. QuickBooks Pro); in those instances we suggest deploying a single Windows system used for that activity and sharing all resources from the Samba network.
I have two anecdotes related to this.
The CEO of a company we rolled out refuses to move off Windows/Outlook/Office. Every mayor virus and worm out there has hit him alone since we converted the rest of the network (30+ people). Yes, we installed VirusScan and Norton Utilities and everything else. On Monday he called to ask for a quote for converting his system to Linux. He's seen that we can fix everyone else's system without even having to physically go to their office, they have almost no downtime, and they can do their business with Linux/Solaris applications.
The other anecdote is about my 66 year old Mother. She's as computer illiterate as they come, having retired a few years ago and having had admin assistants all her professional life to take care of things for her. She wanted a computer so I gave her one of my old Compaq Presarios. The catch? We installed Linux + KDE + Netscape. She's happy web surfing, exchanging e-mail, visiting newsgroups, etc. We set an idiot-proof configuration for her, and if she wants a new program we install it remotely (i.e. we recently installed StarOffice and Mozilla 0.9.2 in her system). She knows about Windows, but she uses Oscar for Instant Messaging off the AOL web site, and everything else she needs as an Internet surfer is readily available to her. Flash, Java, etc. etc. are all readily available to her.
(I was ready to buy her an iBook if this little mental experiment didn't work. It never came to that. The only problem we had with this was that, at first, she kept forgetting to shut the system down so we had a long fsck on every startup.)
Based on our experiences, we can safely say that the best way to escape the Windows XP tar pit is by educating the users. Don't rant against Windows. Take the time to explain to others why there are better options out there. Show them what the alternatives look like. Give people credit and assume they're smarter than you thought. You'll be surprised at how well they understand what you told them.
Cheers!
EMS-DOS was an inferior product supported by a superior marketing strategy. If Gary Kildal hadn't been flying his airplane or whatever, we'd be running CP/M + GEM based computers today instead of MS-DOS/Windoze systems. Remember that MS-DOS wasn't even a Microsoft product to begin with; Gates's talent was to seize the business opportunity and then execute on the technology.
The point is really that you must have both the superior product and the marketing strategy. Microsoft uses both. Some companies have tried to survive on only one and didn't make it or made it only marginally.
Cheers!
EThe timing is too tight for this to be a coincidence.
Today we learned (here on slashdot) that AOL is opening up its instant messaging software to third parties. Then we hear Sen. Charles Schumer of New York, a member of the Senate Judiciary Committee has asked state prosecutors to seek an injunction blocking the launch of Windows XP
The article linked from the top of the slashdot presents this comment (among others) from Microsoft: Microsoft also took aim at AOL Time Warner, saying the company has steadfastly refused to open its instant messaging systems to interoperate with other systems.
It's plausible that the AOL news were a preemptive strike since they knew that Sen. Schumer was going to make the news later in the day, perhaps at the behest of lobbyists paid for by one or more corporations based in NY state.
I don't believe that the government should have a say in how companies go about doing their business. While I don't agree with several Microsoft practices, it sickens me to think that publicly elected officials may be acting on behalf of corporations. Ayn Rand warned us about this at length (see Atlas Shrugged). I believe that Microsoft should be able to release its software as they see fit. It's up to us software developers and vendors (free software, open software, commercial, whatever) to stop their hegemony. People forget that Microsoft managed to break IBM's stronghold of computer technology by offering better products and being smarter about business than the larger company.
Think of IBM's TopView and compare it to Windows 1.0. They came out at roughly the same time. Neither one worked. IBM dropped the product. Microsoft improved the product over the years to the point where we see it today. OS/2? Good software implementation, but lousy business strategy. The current Linux revolution proves that radically different software is adopted if it (a) satisfies the user's requirements and (b) it's available. Finally, if you aren't old enough to have witnessed the fall of IBM and the rise of Microsoft (or to know what TopView was), please abstain from flaming.
It's our turn to be smarter about distributing our wares and creating better products. We don't need government intervention to win.
Cheers!
ESmartTags technology is obviously troublesome to most of us here, as well as to many people in the IT media. Can we start a grass roots effort to educate people in this and perhaps guide Microsoft to drop the feature? Don't laugh. Remember that, first, Microsoft is a marketing company. Make enough noise and the feature might go away.
First steps to educate people:
Can you come up with some other ways of doing this? Informing the Windows user base at large may be the best weapon against the XP SmartTags.
Cheers!
E