Basically you want a site/service you've authenticated with to authenticate you with other sites, so the spec lays out how this should be done. From the RFC (just a snippet):
More utter clulessness, I edited the SAML specification. In the first place it is an OASIS standard, not an IETF RFC. Secondly the code fragment cited is completely bogus.
SAML is the Security Assertion Markup Language. It allows security assertions to be specified. A security assertions consists of one or more statements, which may be subject to a number of conditions and contain additional advice.
A SAML Authentication assertion may be used to specify that a subject has been authenticated using user name and password.
There was a time when Karma Whores would actually read the material they were citing.
Well, I'm sure the spec calls for encryption (as it would never get accepted otherwise)....
I suspect that I am the only person on this thread who has actually read the specification.
SAML does not 'call for' encryption. It states that if confidentiality is a requirement then some form of encryption should be used. The actual encryption services are provided by either SSL or WS-Security.
Then again, run a sniffer on your corporate/college network, and take a look at all those fools who use IMAP and POP without ssl to get their email. It's no better.
This statement is remarkably clueless if you bother to read what SAML does. It is a single sign on protocol (amongst other things). Protecting the confidentiality of authentication credentials is not something easily overlooked when designing such protocols, particularly when it is largely based on research work done by VeriSign and Netegrity which are both specialists in cryptographic security.
Seriouly, Has anyone heard of lex and yacc these days?
Yes, of course I have. But I do not believe that LR(1) grammars as constructed by yacc have any place in a computer language. Chmosky's syntax theories are designed to model human languages. A computer language that requires the power of a full LR(1) parser is almost certainly more complex than it needs to be.
lex involves processing that is only slightly simpler than yacc. Again regular expressions are great theory but using the unconstrained power of lex tends to result in specifications that are much more complex to parse than they need to be.
lex and yacc are tools for building compilers. A (non validating) xml parser can be constructed by hand without much difficulty.
Incidentally SAML does not use DTDs. In my view DTDs are an obsolete anacronism. SAML is specified using XML Schema which supports a full object oriented data model. XML Schema is unfortunately something of a beast, an XML Schema actually defines two type systems, not just one. An XML element definition defines a type of an element instance. An XML type definition actually specifies the type of a type.
Even so it is much simpler to use XML to define the data structures and then use automated toold to generate the serialization and parsing code than it is to use yacc, unless of course you start building data models arround yacc - definitively not recommended, been there, done that.
So don't jump to the conclusion that just because we did not choose to use a familliar tool we don't know what we are doing. I have written specifications based on LR(1) grammars, I have no intention of repeating the experience.
The systems do not have to be perfectly
secure to be effective. They just have to
encourage most consumers to follow the
rules set down by the copyright holders
Although that is the case it is far from clear that the 'copy deterence' systems achieve this.
All the systems are doing is to attempt to introduce junk data that confuses buggy CDROM drivers. Solution fix the CDROM drives.
Of course this will simply mean that people who want to play the discs on one of the many players that are incompattible with the buggy disks will be forced to rip the disk and transfer the data to a CD that is not corrupted.
I don't see how this achieves anything unless you are selling the snake oil.
Dude, you are completely full of shit. Copyright law is a little bit viral, but the GPL is ebola viral.
Hmm, the poster must be right, he is being modded down to -1 Troll before the slashcrew can repost this story. Gotta stop those suppressive anti-GPL thoughts from getting out.
Fact is that RMS designed the GPL to be viral. If you go and talk to him you will discover pretty quickly that he lives on a completely different plane to other mortals. So when people argue that the GPL could not possibly be meant to mean anything as impractical as what it says then consider that the guy who wrote it lives in his office at MIT.
Lawyers can be a pain in the ass but I have yet to find one who read the GPL and said 'hey no problemo here'.
The only reason why the GPL works is that most people either don't read it, don't understand it or don't care. I suspect that Red Hat and VALinux fall in the latter category since the probabiliy of RMS appearing in court to sue someone over copyright is unlikely to say the least.
Odd thing is that the actual AOL announcement was actually about trolling out precisely this kind of service. The Washington post take on AOL's move is kinda wierd, employers can already monitor AIM use, what was announced was the encryption piece. The Wash post mentions this, but only mid way through:
Instead, AOL plans to offer private companies and federal agencies a premium version of the service early next year that will enable employees to send encrypted instant messages that can only be read by designated, registered recipients. America Online is developing the encrypted system in partnership with VeriSign Inc., an online security firm.
What use is it to have a connection "anywhere", when most conference rooms and what have you have a cord connection nearby which is infinitly more secure
First off convenience, you don't need to mess with wires. Secondly if you have the system configured right ie using the revised scheme done by the A team after the B team messed, then wireless can be more secure than ethernet. Network access can be restricted to NIC cards that are authorized to access that LAN. The basic technology was originally designed for ethernet but came out for wireless first after their 'difficulties'.
Sidenote: Perhaps this would be a good idea on airplanes...
Actually that is in the works. They are already required to be robust against microwave radiation from onboard kitchens so WiFi is not far out.
However your other comments about WiFi being on its way out suggest to me that either you have never used the technology or you are a troll.
Same thing that the original article means, the author is speaking out the back of his trousers.
Microsoft has no intention to make Windows free, the anonymous comment came from a Linux weenie in need of a clue, the revenue comment was a deliberate troll.
The Microsoft decision means only that the states lost and in the process the cases brought by Sun et al were gutted. Sure they can rely upon the monopoly findings by Jackson, but the appeals court threw out the singificant ones. In particular CK-K found that Microsoft had a right to bundle an incompatible VM. Microsoft has a right to rely on that finding of fact in the Sun suit.
Microsoft will publish a small amount of additional information about their product. That is pretty unimportant since what is really needed is for Microsoft to write an architecture guide for Windows. VMS used to be like Windows, a vast operating system with an amazing amount of complexity. The key to understanding the 'gray wall' was a single volume called the VMS architecture guide. If you read that you knew how to use the rest of the documentation. There is no single similar guide for Windows, there are twenty partial attempts.
My experience of programmers set to work on Windows stuff is that they frequently cry 'Microsoft is the fault' when the real problem is that they can't be bothered to read the manual. Blaming Microsoft is a great excuse for the lazy or incompetent programmer. Now Microsoft certainly does not put out all the info it should, but don't think that it is any different out there in Redmond. If you work with those guys you will soon hear them complaining of having to do the type of reverse engineering that non Microsofties complain of.
With Sun, you get the same business practices, but with virtually unusable (unless your IT dept happens to be greatly overstaffed and rich) technology behind it.
How true that is... When I was at MIT I got a nice new Solaris box with multimedia sound and video conferencing built in.
Only thing was that nobody in the building could get the things to work. The manual had no information and the install disk did nothing. I have brought million dollar mainframes online with less fuss than that machine.
At the same time the Dec and SGI machines booted from CDROM to install... Lame Lame Lame, but the idiots in the market bought sun for the kewl Java stuff even though suns were overriced and unreliable.
The Mozilla browser was a complete rewrite from the ground up. Why? Because the Netscape code was a convoluted mess of spaghetti. It was badly designed and hard to enhance or maintain
The problem there was the way Netscape went about things. They tried to out code Microsoft by adding features. Huge mistake.
I kept trying to tell Marc the parable of the tiger, you walk away from the tiger because as long as you walk he walks and you both walk at the same pace. As soon as you start to run he runs and since he runs twice as fast you are soon caught. Instead Marc went off and told Microsoft that he was going to reduce them to a baddly debugged set of device drivers.
Netscape was not run by the visionaries they billed themselves as. Marc chose engineering talent by avoiding anyone who might rivial his own claims to greatness. Since Mosaic was actually written by Eric Binna using a library from CERN there was much less greatness there than Marc's pr flacks claimed.
Incidentally Netscape made the browser effectively free with the objective of running Spyglass out of the market. The idea was to be a 'server' company the browser was the give away.
What really sunk Netscape was Apache. Apache ate into the Netscape server market which was the intended revenue stream.
Of course nonone ever complained about Aache being given away for free or about IIS being integrated with Windows.
In the case of java, going after MS is a significant part of improving Sun's product. The main value of java is as a "network" language. It is only useful if all versions of java can be kept compatible.
Only useful to whom?
Seriously, most languages do not run on every platform without code modifications. There is every reason why a programmer would want a language with object features without the syntactic crap associated with Stroustrup's dog.
So Sun has 'won' that fight, they now get to keep Java pure and Microsoft have their own language C Sharp. Incidentally the Kotelly judgement notes that Microsoft has the right to make an incomatible VM if it chooses under the appeals court findings, they simply have to ensure that developers are aware that their stuff is incompatible.
So the ongoing case appears to be flawed at best. Microsoft has ceased all sale of Java products. In fact Suns argument is now that having sued Microsoft to stop distribution of Java Microsoft are now doing something illegal by refusing to distribute Java
Sun will die and Java may die with it. McNeally is Sun's Ken Olsen. There is simly no real value left in the company. IBM have handed their ass to them on Java code. Intel have handed them their ass on performance. Apple has a much better Unix based O/S . Linux has the mindshare.
Notice that Microsoft does not appear in the to four reasons why Sun is going to die. The only reason that Microsoft is a threat to Sun is that the Sun employees are all far too busy minding Microsoft's business and spending almost none minding their own.
Besides, just because I haven't read the specification itself, does not mean I am totally ignorant of the subject. There have been many reviews and summaries that have detailed bluetooth's security features.
Ah so your reading of a review as a non security expert who has written zero security protocols gives a better security assement of the protocol than my reading of the actual specifications even though I have been the lead design and author of security secifications in IETF, WC and OASIS?
By 'not at all clear', I mean that my reading of the specification sugests to me several ways that the Bluetooth security can be broken. If I was an enterprising postgrad looking to make a name for myself I would look at Bluetooth vulnerabilities. I have suggested to several people that they look at it.
Empirically I have seen many security protocols that looked impressive that were quickly broken. I have yet to see one that looked like botch work that was robust.
For one thing, your inability to understand their security, and your assumptions based on that, are certainly not evidence.
Most people involved in the design of security protocols know my work. I was the person who broke SSL 1.0 before Marc finished describing it.
I have always considered 'I don't understand' to be a very significant criticism of a specification document, whether security related or not.
Besides that, bluetooth is not meant to be the next 802.11. It is meant to transfer files to your printer from your handheld, and similiar tasks... It does not need 128bit encryption to do so. Perhaps bluetooth will not be terribly secure, but I'd bet it is far more secure than any other small-device wireless communication method utilized now.
Strange that you would make that assertion without any knowledge of the specifications. I have read the specs. The number of keying bits is practically irrelevant in a well designed security protocol. 128bit WEP is hopelessly insecure, IPSEC with 56 bit DES can be broken with very expensive hardware.
The bluetooth specs are full of dubious statements regarding security.
There was an avi titled "LH3683PreviewLong-WinBeta" that showed him moving around on the desktop. I suppose you might be able to doctor that, but it seems really unlikely.
Seems very easy to me, the UI design is pure XP with a smal number of tweaks that can probably be kludged up from existing applets by changing the background gif.
The launch bar looks like a hack someone wrote in VB.
If the Founders felt the common man or woman was too stupid to pick the President, they wouldn't have permitted a popular vote at all. The Founders did think the electorate was ill-equipped to select Senators, and made special provisions in the Constitution for Senators to be elected by State legislatures as opposed to the people.
The founders did think the common man was unable to pick the President. The states made their own election laws. The founders were mostly aristocrats who were attempting to establish a Republic, not a democracy.
Democracy had a bad reputation at the time, which got considerably worse after the French Revolution.
Early on the Vice President was even the runner up in the Presidential election. People started to see that this might be a problem after the election of Burr as Vice President.
It was only in terms of pure popular vote that Gore nudged ahead. But, as it turns out, pure popular vote doesn't matter in Presidential elections. It's pure electoral vote that matters.
Historically Presidents who have failled to win the popular vote have been considered failures. I have little doubt Bush mkII will be considered a failure too. In two years he has broken every campaign promise with the exception of his vast tax cut for the very richest. While many promises were outside his power, his promise to be a 'uniter not a divider' was not, instead of keeping his promise he was so divisive he split his own party and lost control o0f the senate.
At the end of the day this president is going to be remembered for his cynical exploitation of 9-11 for his own political ends, his attacks on veterans injured in Vietnam as being 'not interested in national security', turning a surplus into a deficit and an economic recession. That is unless he can start a war in Iraq in which case he may be remembered for that. Given his talent for turning things into fiascos I suspect he is more likely to be remembered for America's second Vietnam. What Bush has either forgotten or never realised about Afgahnistan is that the Russians captured Kabul in considerably less time than the US took. The problem was not invading a country armed with obsolete light arms, the problem was holding the country against a bunch of fanatical loonies. The importance of US stinger missiles is greatly exaggerated by both the US and the ex-USSR, the real problem was inability to hold the supply lines.
Before following the mirrors thread too far note that the few people to have seen the shots appear to think they are fake.
I finaly got them up, they are clearly fake and the folk saying 'it looks more like Mac' are clearly speaking through their trousers.
The screenshots look like Windows XP with a very small number of minor tweaks, a new clock and some bars showing how much of the disk is used. Both look like something you could add with photoshop. The main way they make it look different is that they put the menu bar at the side of the screen - the way most Microsofties seem to do. It actually does seem to work better on the side but I don't think the usability folk would move it. But the bar is clearly fake because it duplicates the functions already there in the start bar, you can drag and drop shortcuts to applications and use them as quicklaunch buttons already. Microsoft conceal this feature from ordinary users by describing it in the manual.
Other indications that scream fake include the fact that most of the shots come up 'XP Professional'. I have never seen a Microsoft beta that mentioned or used the codename. Longhorn would be NT7 (2000 is NT5, XP is NT6). The most likely name for Longhorn would be Windows.NET
Of course, don't forget to tell them that it could be Bill Gates fucking with their computer - he's mad that they diden't forward the Windows 95 Beta email. He really wanted to give them $1000 and he's pissed his knickers.
UNIX has had that feature for years. Microsoft is only playing catchup here.
Under X11 the security scheme was practically non-existant and easily subverted. So you could capture someone else's screen.
Of course if someone knows that wireless keyboards interfere you can use the fact to provide bogus information, "Re the takeover of Apple, talked to Bill today and he says its a go", "Re: 2nd Ammendment, It's all arranged we will start the gun collection program next week", "Newt is nervous about going after Clinton for adultery since he is having an affair of his own", etc.
Although bluetooth is going to be a wireless technology, it does not compare to anything else we have right now. It is designed with reasonable security in mind.
I read the specs after the Stanford folk gave me some advance notice on the WEP/802 thing. I was not at all impressed. Only reason that the scheme has not been broken is that it is not yet important enough to try.
The Bluetooth folk have done several things that just scream amateur time. They have invented their own encryption algs, there is no requirements analysis. I find the documents very hard to follow and I write security standards
I can't work out from the documents how the keying scheme works. I suspect that that is because it does not.
Unfortunately the most common security argument on slashdot appears to be 'X is insecure, therefore Y is secure'.
The problem is that the Bluetooth people tried to get reasonable security. They did not go to security specialists.
Tivo sells software. People pay for because it rocks. i>
No, Tivo rents software at grossly inflated prices.
You're pissed because you didn't think of it and your too proud at this point to admit you could be wrong.
Actually the idea of the video recorder that thinks for itself is one of the things that Nicky Negroponte and Co have been talking about for years - long before Tivo existed or filed any patents.
As for intellectual jealosy, wait until Tivo has as many users as the stuff I have designed. I don't think that is likely to happen any time soon. Tivio is nothing more than incremental engineering improvement made possible by advances in disk drive technology and hardware compression. I don't do that stuff, I rarely work on a problem until after it has been called impossible.
Oh and from a business perspective, the company I helped build makes more money each year than Tivo has lost in its entire history (which is a lot).
1. Who's this competition giving away the service for free? I hope you don't mean ReplayTV, where the cost is built-in up-front, do you? (Likewise, you can get a TiVo with lifetime service for about the same as the ReplayTV of similar stature.)
I pay no more for my dishplayer satelite subscription than for either the same subscription without the PVR or for the local cable. In fzct I pay less than the cable charges. The dishplayer unit was free.
PVRs will be a commodity item in a couple of years costing no more than $250-$400 all in with no subscription.
2. You are assuming all things are equal. If the service is better, people may pay more for it. Consider the Mach3 razorblades -- far more expensive than the other brands, and far more popular!
Tivo are reselling TV timetable information which costs them nothing at $10+ per month. The dishplayer reads the satelite program guide.
The only possible leverage that Tivo has in this market is to patent the blatantly obvious and try to bully competition out of the market. That is the type of behaviour that is generally objected to on Slashdot. Tivo is an exception, Apple tends to be the other exception.
Tivo will be deservedly roadkill when the XBox II and Playstation III come on the market offering PVR technology with no strings attached.
Why? because, again, there is a public good involved, but this one is subtler. It's the public good of a business climate where companies make products and services using a variety of business models and people buy them and use them in a manner consistent with widely-held notions of fairness.
I find it amazing that Tivo appologists fall for this type of tactic. The only reason they do is that they have not woken up to the fact that Tivo is not the only maker of PVRs.
I do not expect Tivo to survive. The clueless business model only works if there is no competition. There is plenty of competition in the space and that is only going to increase. Nobody succeeds with a razor and blades business model (the Tivo subscription) when there is a cheaper option flat fee.
Every one of the clueless 'I just want 0.01% of every transaction on the net' payment schemes failled miserably.
But every time we have a Tivo story the Tivo heads rush in to explain why everyone should pay twice the going rate for the technology. It is as pathetic as the Apple appologists, 'Macs are fastest, speed is what matters, buy a Mac, oops they are no longer fastest, well it isn't just CPU power that matters, its benchmarks, no its the pretty case'. Apple's price gouging and constant interface changing games to make old peripherals obsolete should be criticised as much as if not more than Microsoft's tactics. But they get away with it.
I don't want the video to decide what to record, I do that. I want a recorder with a removable disk so that the thing is not always full. There is an interesting port on the back of my DishPlayer PVR, anyone know what it does?
I am sure it will do what it is designed for from a tech POV. Business (read: AOL MSN Yahoo, etc) don't want it. They more than don't want it, they are probably keeping an eye on it out of concern. AOL is the best example of this.
Disagree here slightly. AOL don't want interoperability. They are the gorilla in this space. Everyone else wants interoperability for the reason that AOL do not.
Passport began as a plot to dislodge AOL's monopoly hold in the IM space. If Microsoft can do that then AOL is simply another ISP, only with a crippleware browser designed for newbies.
So don't count out the possibiliy that you can get Microsoft and Yahoo to help dislodge AOL here. Yahoo is going to be a tough one because they don't really play in the IETF much. But Microsoft does.
Slashdot Mirror
More utter clulessness, I edited the SAML specification. In the first place it is an OASIS standard, not an IETF RFC. Secondly the code fragment cited is completely bogus.
SAML is the Security Assertion Markup Language. It allows security assertions to be specified. A security assertions consists of one or more statements, which may be subject to a number of conditions and contain additional advice.
A SAML Authentication assertion may be used to specify that a subject has been authenticated using user name and password.
There was a time when Karma Whores would actually read the material they were citing.
I suspect that I am the only person on this thread who has actually read the specification.
SAML does not 'call for' encryption. It states that if confidentiality is a requirement then some form of encryption should be used. The actual encryption services are provided by either SSL or WS-Security.
Then again, run a sniffer on your corporate/college network, and take a look at all those fools who use IMAP and POP without ssl to get their email. It's no better.
This statement is remarkably clueless if you bother to read what SAML does. It is a single sign on protocol (amongst other things). Protecting the confidentiality of authentication credentials is not something easily overlooked when designing such protocols, particularly when it is largely based on research work done by VeriSign and Netegrity which are both specialists in cryptographic security.
Yes, of course I have. But I do not believe that LR(1) grammars as constructed by yacc have any place in a computer language. Chmosky's syntax theories are designed to model human languages. A computer language that requires the power of a full LR(1) parser is almost certainly more complex than it needs to be.
lex involves processing that is only slightly simpler than yacc. Again regular expressions are great theory but using the unconstrained power of lex tends to result in specifications that are much more complex to parse than they need to be.
lex and yacc are tools for building compilers. A (non validating) xml parser can be constructed by hand without much difficulty.
Incidentally SAML does not use DTDs. In my view DTDs are an obsolete anacronism. SAML is specified using XML Schema which supports a full object oriented data model. XML Schema is unfortunately something of a beast, an XML Schema actually defines two type systems, not just one. An XML element definition defines a type of an element instance. An XML type definition actually specifies the type of a type.
Even so it is much simpler to use XML to define the data structures and then use automated toold to generate the serialization and parsing code than it is to use yacc, unless of course you start building data models arround yacc - definitively not recommended, been there, done that.
So don't jump to the conclusion that just because we did not choose to use a familliar tool we don't know what we are doing. I have written specifications based on LR(1) grammars, I have no intention of repeating the experience.
Although that is the case it is far from clear that the 'copy deterence' systems achieve this.
All the systems are doing is to attempt to introduce junk data that confuses buggy CDROM drivers. Solution fix the CDROM drives.
Of course this will simply mean that people who want to play the discs on one of the many players that are incompattible with the buggy disks will be forced to rip the disk and transfer the data to a CD that is not corrupted.
I don't see how this achieves anything unless you are selling the snake oil.
Hmm, the poster must be right, he is being modded down to -1 Troll before the slashcrew can repost this story. Gotta stop those suppressive anti-GPL thoughts from getting out.
Fact is that RMS designed the GPL to be viral. If you go and talk to him you will discover pretty quickly that he lives on a completely different plane to other mortals. So when people argue that the GPL could not possibly be meant to mean anything as impractical as what it says then consider that the guy who wrote it lives in his office at MIT.
Lawyers can be a pain in the ass but I have yet to find one who read the GPL and said 'hey no problemo here'.
The only reason why the GPL works is that most people either don't read it, don't understand it or don't care. I suspect that Red Hat and VALinux fall in the latter category since the probabiliy of RMS appearing in court to sue someone over copyright is unlikely to say the least.
Odd thing is that the actual AOL announcement was actually about trolling out precisely this kind of service. The Washington post take on AOL's move is kinda wierd, employers can already monitor AIM use, what was announced was the encryption piece. The Wash post mentions this, but only mid way through:
Instead, AOL plans to offer private companies and federal agencies a premium version of the service early next year that will enable employees to send encrypted instant messages that can only be read by designated, registered recipients. America Online is developing the encrypted system in partnership with VeriSign Inc., an online security firm.
Actually it is quite easy to spoof a MAC which is the ONLY way you can filter by card.
Which is why the new cards will have RSA keys embedded in them during manufacture with digital certificates to authenticate the MAC address.
What use is it to have a connection "anywhere", when most conference rooms and what have you have a cord connection nearby which is infinitly more secure
First off convenience, you don't need to mess with wires. Secondly if you have the system configured right ie using the revised scheme done by the A team after the B team messed, then wireless can be more secure than ethernet. Network access can be restricted to NIC cards that are authorized to access that LAN. The basic technology was originally designed for ethernet but came out for wireless first after their 'difficulties'.
Sidenote: Perhaps this would be a good idea on airplanes...
Actually that is in the works. They are already required to be robust against microwave radiation from onboard kitchens so WiFi is not far out.
However your other comments about WiFi being on its way out suggest to me that either you have never used the technology or you are a troll.
Proof positive that nobody at slashdot reads slashdot.
I think it is all really some mega=mind fuck organized by the Redmond club.
It comes to something when you have to be fast to get the first 'its been posted before' post.
Same thing that the original article means, the author is speaking out the back of his trousers.
Microsoft has no intention to make Windows free, the anonymous comment came from a Linux weenie in need of a clue, the revenue comment was a deliberate troll.
The Microsoft decision means only that the states lost and in the process the cases brought by Sun et al were gutted. Sure they can rely upon the monopoly findings by Jackson, but the appeals court threw out the singificant ones. In particular CK-K found that Microsoft had a right to bundle an incompatible VM. Microsoft has a right to rely on that finding of fact in the Sun suit.
Microsoft will publish a small amount of additional information about their product. That is pretty unimportant since what is really needed is for Microsoft to write an architecture guide for Windows. VMS used to be like Windows, a vast operating system with an amazing amount of complexity. The key to understanding the 'gray wall' was a single volume called the VMS architecture guide. If you read that you knew how to use the rest of the documentation. There is no single similar guide for Windows, there are twenty partial attempts.
My experience of programmers set to work on Windows stuff is that they frequently cry 'Microsoft is the fault' when the real problem is that they can't be bothered to read the manual. Blaming Microsoft is a great excuse for the lazy or incompetent programmer. Now Microsoft certainly does not put out all the info it should, but don't think that it is any different out there in Redmond. If you work with those guys you will soon hear them complaining of having to do the type of reverse engineering that non Microsofties complain of.
With Sun, you get the same business practices, but with virtually unusable (unless your IT dept happens to be greatly overstaffed and rich) technology behind it.
How true that is... When I was at MIT I got a nice new Solaris box with multimedia sound and video conferencing built in.
Only thing was that nobody in the building could get the things to work. The manual had no information and the install disk did nothing. I have brought million dollar mainframes online with less fuss than that machine.
At the same time the Dec and SGI machines booted from CDROM to install... Lame Lame Lame, but the idiots in the market bought sun for the kewl Java stuff even though suns were overriced and unreliable.
The problem there was the way Netscape went about things. They tried to out code Microsoft by adding features. Huge mistake.
I kept trying to tell Marc the parable of the tiger, you walk away from the tiger because as long as you walk he walks and you both walk at the same pace. As soon as you start to run he runs and since he runs twice as fast you are soon caught. Instead Marc went off and told Microsoft that he was going to reduce them to a baddly debugged set of device drivers.
Netscape was not run by the visionaries they billed themselves as. Marc chose engineering talent by avoiding anyone who might rivial his own claims to greatness. Since Mosaic was actually written by Eric Binna using a library from CERN there was much less greatness there than Marc's pr flacks claimed.
Incidentally Netscape made the browser effectively free with the objective of running Spyglass out of the market. The idea was to be a 'server' company the browser was the give away.
What really sunk Netscape was Apache. Apache ate into the Netscape server market which was the intended revenue stream.
Of course nonone ever complained about Aache being given away for free or about IIS being integrated with Windows.
Only useful to whom?
Seriously, most languages do not run on every platform without code modifications. There is every reason why a programmer would want a language with object features without the syntactic crap associated with Stroustrup's dog.
So Sun has 'won' that fight, they now get to keep Java pure and Microsoft have their own language C Sharp. Incidentally the Kotelly judgement notes that Microsoft has the right to make an incomatible VM if it chooses under the appeals court findings, they simply have to ensure that developers are aware that their stuff is incompatible.
So the ongoing case appears to be flawed at best. Microsoft has ceased all sale of Java products. In fact Suns argument is now that having sued Microsoft to stop distribution of Java Microsoft are now doing something illegal by refusing to distribute Java
Sun will die and Java may die with it. McNeally is Sun's Ken Olsen. There is simly no real value left in the company. IBM have handed their ass to them on Java code. Intel have handed them their ass on performance. Apple has a much better Unix based O/S . Linux has the mindshare.
Notice that Microsoft does not appear in the to four reasons why Sun is going to die. The only reason that Microsoft is a threat to Sun is that the Sun employees are all far too busy minding Microsoft's business and spending almost none minding their own.
Ah so your reading of a review as a non security expert who has written zero security protocols gives a better security assement of the protocol than my reading of the actual specifications even though I have been the lead design and author of security secifications in IETF, WC and OASIS?
By 'not at all clear', I mean that my reading of the specification sugests to me several ways that the Bluetooth security can be broken. If I was an enterprising postgrad looking to make a name for myself I would look at Bluetooth vulnerabilities. I have suggested to several people that they look at it.
Empirically I have seen many security protocols that looked impressive that were quickly broken. I have yet to see one that looked like botch work that was robust.
Most people involved in the design of security protocols know my work. I was the person who broke SSL 1.0 before Marc finished describing it.
I have always considered 'I don't understand' to be a very significant criticism of a specification document, whether security related or not.
Besides that, bluetooth is not meant to be the next 802.11. It is meant to transfer files to your printer from your handheld, and similiar tasks... It does not need 128bit encryption to do so. Perhaps bluetooth will not be terribly secure, but I'd bet it is far more secure than any other small-device wireless communication method utilized now.
Strange that you would make that assertion without any knowledge of the specifications. I have read the specs. The number of keying bits is practically irrelevant in a well designed security protocol. 128bit WEP is hopelessly insecure, IPSEC with 56 bit DES can be broken with very expensive hardware.
The bluetooth specs are full of dubious statements regarding security.
Seems very easy to me, the UI design is pure XP with a smal number of tweaks that can probably be kludged up from existing applets by changing the background gif.
The launch bar looks like a hack someone wrote in VB.
The founders did think the common man was unable to pick the President. The states made their own election laws. The founders were mostly aristocrats who were attempting to establish a Republic, not a democracy.
Democracy had a bad reputation at the time, which got considerably worse after the French Revolution.
Early on the Vice President was even the runner up in the Presidential election. People started to see that this might be a problem after the election of Burr as Vice President.
It was only in terms of pure popular vote that Gore nudged ahead. But, as it turns out, pure popular vote doesn't matter in Presidential elections. It's pure electoral vote that matters.
Historically Presidents who have failled to win the popular vote have been considered failures. I have little doubt Bush mkII will be considered a failure too. In two years he has broken every campaign promise with the exception of his vast tax cut for the very richest. While many promises were outside his power, his promise to be a 'uniter not a divider' was not, instead of keeping his promise he was so divisive he split his own party and lost control o0f the senate.
At the end of the day this president is going to be remembered for his cynical exploitation of 9-11 for his own political ends, his attacks on veterans injured in Vietnam as being 'not interested in national security', turning a surplus into a deficit and an economic recession. That is unless he can start a war in Iraq in which case he may be remembered for that. Given his talent for turning things into fiascos I suspect he is more likely to be remembered for America's second Vietnam. What Bush has either forgotten or never realised about Afgahnistan is that the Russians captured Kabul in considerably less time than the US took. The problem was not invading a country armed with obsolete light arms, the problem was holding the country against a bunch of fanatical loonies. The importance of US stinger missiles is greatly exaggerated by both the US and the ex-USSR, the real problem was inability to hold the supply lines.
I finaly got them up, they are clearly fake and the folk saying 'it looks more like Mac' are clearly speaking through their trousers.
The screenshots look like Windows XP with a very small number of minor tweaks, a new clock and some bars showing how much of the disk is used. Both look like something you could add with photoshop. The main way they make it look different is that they put the menu bar at the side of the screen - the way most Microsofties seem to do. It actually does seem to work better on the side but I don't think the usability folk would move it. But the bar is clearly fake because it duplicates the functions already there in the start bar, you can drag and drop shortcuts to applications and use them as quicklaunch buttons already. Microsoft conceal this feature from ordinary users by describing it in the manual.
Other indications that scream fake include the fact that most of the shots come up 'XP Professional'. I have never seen a Microsoft beta that mentioned or used the codename. Longhorn would be NT7 (2000 is NT5, XP is NT6). The most likely name for Longhorn would be Windows.NET
UNIX has had that feature for years. Microsoft is only playing catchup here.
Under X11 the security scheme was practically non-existant and easily subverted. So you could capture someone else's screen.
Of course if someone knows that wireless keyboards interfere you can use the fact to provide bogus information, "Re the takeover of Apple, talked to Bill today and he says its a go", "Re: 2nd Ammendment, It's all arranged we will start the gun collection program next week", "Newt is nervous about going after Clinton for adultery since he is having an affair of his own", etc.
Notepad would be much less credible than mail.
I read the specs after the Stanford folk gave me some advance notice on the WEP/802 thing. I was not at all impressed. Only reason that the scheme has not been broken is that it is not yet important enough to try.
The Bluetooth folk have done several things that just scream amateur time. They have invented their own encryption algs, there is no requirements analysis. I find the documents very hard to follow and I write security standards
I can't work out from the documents how the keying scheme works. I suspect that that is because it does not.
Unfortunately the most common security argument on slashdot appears to be 'X is insecure, therefore Y is secure'.
The problem is that the Bluetooth people tried to get reasonable security. They did not go to security specialists.
No, Tivo rents software at grossly inflated prices.
You're pissed because you didn't think of it and your too proud at this point to admit you could be wrong.
Actually the idea of the video recorder that thinks for itself is one of the things that Nicky Negroponte and Co have been talking about for years - long before Tivo existed or filed any patents.
As for intellectual jealosy, wait until Tivo has as many users as the stuff I have designed. I don't think that is likely to happen any time soon. Tivio is nothing more than incremental engineering improvement made possible by advances in disk drive technology and hardware compression. I don't do that stuff, I rarely work on a problem until after it has been called impossible.
Oh and from a business perspective, the company I helped build makes more money each year than Tivo has lost in its entire history (which is a lot).
Um, Gillette seems to be doing fine...
Hmm, looks rather different when you read what I actually wrote rather than the deliberately out of context quotation:
Nobody succeeds with a razor and blades business model (the Tivo subscription) when there is a cheaper option flat fee.
I pay no more for my dishplayer satelite subscription than for either the same subscription without the PVR or for the local cable. In fzct I pay less than the cable charges. The dishplayer unit was free.
PVRs will be a commodity item in a couple of years costing no more than $250-$400 all in with no subscription.
2. You are assuming all things are equal. If the service is better, people may pay more for it. Consider the Mach3 razorblades -- far more expensive than the other brands, and far more popular!
Tivo are reselling TV timetable information which costs them nothing at $10+ per month. The dishplayer reads the satelite program guide.
The only possible leverage that Tivo has in this market is to patent the blatantly obvious and try to bully competition out of the market. That is the type of behaviour that is generally objected to on Slashdot. Tivo is an exception, Apple tends to be the other exception.
Tivo will be deservedly roadkill when the XBox II and Playstation III come on the market offering PVR technology with no strings attached.
I find it amazing that Tivo appologists fall for this type of tactic. The only reason they do is that they have not woken up to the fact that Tivo is not the only maker of PVRs.
I do not expect Tivo to survive. The clueless business model only works if there is no competition. There is plenty of competition in the space and that is only going to increase. Nobody succeeds with a razor and blades business model (the Tivo subscription) when there is a cheaper option flat fee.
Every one of the clueless 'I just want 0.01% of every transaction on the net' payment schemes failled miserably.
But every time we have a Tivo story the Tivo heads rush in to explain why everyone should pay twice the going rate for the technology. It is as pathetic as the Apple appologists, 'Macs are fastest, speed is what matters, buy a Mac, oops they are no longer fastest, well it isn't just CPU power that matters, its benchmarks, no its the pretty case'. Apple's price gouging and constant interface changing games to make old peripherals obsolete should be criticised as much as if not more than Microsoft's tactics. But they get away with it.
I don't want the video to decide what to record, I do that. I want a recorder with a removable disk so that the thing is not always full. There is an interesting port on the back of my DishPlayer PVR, anyone know what it does?
Disagree here slightly. AOL don't want interoperability. They are the gorilla in this space. Everyone else wants interoperability for the reason that AOL do not.
Passport began as a plot to dislodge AOL's monopoly hold in the IM space. If Microsoft can do that then AOL is simply another ISP, only with a crippleware browser designed for newbies.
So don't count out the possibiliy that you can get Microsoft and Yahoo to help dislodge AOL here. Yahoo is going to be a tough one because they don't really play in the IETF much. But Microsoft does.