I assume you mean the M10000? Cool, I didn't realize they were available yet. That's with the built-in MPEG decoder? Out of curiousity, have you tried playing raw DVD files across a network yet, and/or MPEG4/Divx?
The review basically says they can't keep up for playing DVDs or streaming video. There goes my interest in them. At least, not without some hardware assist... I suppose one could try a video card that can offload the decoding. That's how the Tivo gets away with using such a low-end CPU, right?
That doesn't seem to be a particular model of card, rather it's a family of cards with capture hardware? and a software bundle (Windows).... is there an inexpensive model in that family?
Does/can one of these cards boot the machine on the tv-out port? (I.e. it POSTs on the TV)
Actually, I was wondering about the game consoles, and was hoping someone had tried that and would reply.:)
The XBox will actually do all the video output options, including HDTV, no? I remember reading some Viewsonic scan converter review that mentioned a couple of games doing 1080i. I have no moral issues with modding one so I can run my choice of software. I don't even have any use for XBox games, that's what my Windows machine is for.:)
So what OS are you using when streaming video? The one that comes with it? Tried the XBox linux at all? I'm curious how good the video support is.
How much for an XBox with a mod & Ethernet (Fast Ethernet?) Do they have IR receivers, or any aftermarket ones?
The hardware's been availible for a really long time. Unfortunately, no software has come out to support it.
I'm kinda seeing the opposite, at least for the hardware I'm looking for (as descibed in my original post). Specifically, I'm not seeing a lot of hardware that is in a small VCR-size case, perhaps solid-state, built-in IR receiver, video chipset specifically designed for TV output. I've seen a few set-top box announcements, but I'm not seeing them make it to market. Maybe software is the reason, I don't know.
On the other hand, I see many Linux video-related software projects for general-purpose x86 PCs, if you don't mind spending the $1000 for decent hardware and having the noisy, large PC by the TV.
What DO these people do with their HTPCs? How the heck do you effectively control windows/linux with a remote (other than moving the mouse around with a joystick)?
You don't control the OS in general from a remote. (well, if you want to use your TV as a monitor, you can get wireless mice and keyboards.) For my application, you set the machine to boot with your AV application full-screen, and your remote talks to that. Think running Windows Media Player from a remote. All the functions you'd want to do could be done from a stardard universal remote, except for the naming & categorization tasks. For what I'm after, that's done on the server though, not the set-top boxes.
We simply need a tivo-like application to organize all our videos, etc. Even the Digital Media Center edition of windows doesn't come close, handles music horribly, requires hardware mpeg compression, and STILL stresses a P4 (and yet the tivo can work easily with a 50mhz PPC chip). Sure, I know about mythTV and freevo - the two projects certainly look promising, but aren't even close to ideal yet (although linux is certainly winning this race, I'd like to see something from apple).
That's what I'm talking about... In fact, the TIVO is just about exactly what I'm after, right down to running Linux. Problem is that it's not aimed at being a remote DVD player, but rather it's PVR function (duh). Plus the subscription fees and their attempts to keep it as closed as possible are really counter-productive to the kinds of projects I'd like to try. Still, the hardware base is about right, and the price would be about right without the large hard drives.
At this point, you're just being a troll, but let's give it one last shot...
First off, my DVDs are contstantly getting trashed by my small children, and yes that's the main reason for wanting a system that doesn't require physical media. However, if all I wanted to do was copy them, then why do I want the DVD-rom drive in it? The drives in my PCs will rip the movies just fine. It's because I want to play physical media that I own on them, on occasion. If all my video were just downloaded, then I'd be fine with the $200 HP box, wouldn't I?
I don't care about a TOSLink output, I have nothing that takes that as an input.. a fact that ought to be blatantly obvious if I'm only interested in NTSC, and $80 DVD players make me happy.
The main point, which you've managed to avoid through a couple of posts now, is that I want a box that can play audio and video from across a network as well as physical disks. If you know of such a box, I'd like to hear about it. Otherwise, your opinion on whether what I'm trying to do is legitimate is of no use to anyone.
Ever consider buying... (wait for it)... a $200-$300 DVD player?
Well...no. First off, I haven't seen much on a $300 DVD player that interests me more than the $80 ones... and second, I'm under the impression that DVD players do a poor job of streaming ripped DVDs and MP3s from the local Ethernet. If you know of a DVD player that does the latter bit, then that's what I'm after...
Close, but not quite enough... I want a similar box with a DVD (ROM) drive in it, so one can walk up and play physical DVDs in it, too. I was all set to buy a GoVideo D2730, but SonicBlue decided to go bankrupt and sell off the product lines instead of releasing them.
Yeah, I know, I DO plan to build a HTPC, but I'd like to have a box available in the $200-300 range that the wife and children can use as simply as a DVD player. I can take care of the media server behind the sceens myself. I'm not going to build a $1000 HTPC for each TV in the house...
Ideally, the box would do 100bT (the HP box says it's 10), and I'd like it to run an OS that I get source for, so I can customize it. Oh, and a pony, I'd like a pony.
Seriously though, I'd love to have the proverbial Linux set-top box, with maybe a 5 1/4 bay to accept a DVD drive (that could cost extra, I don't care that much.) The important bits are that it be AV-style casing, be in the $200-300 range, and have flawless, standard NTSC output. Doesn't need to be HDTV yet. Just composite and s-video, maybe component would be nice. Needs an IR input for remote as well. I'm actually willing to put up with the endless software upgrade cycle and small glitches that represent an immature or beta software base. I can upgrade/try other progs as needed.
Anyone know of such a boxen that meets my criteria?
Probably because they are about two different vulns. Since the webdav hole is known to have an exploit already being used in the wild, it's pretty safe for Russ to say that it will be used.:)
He's probably also not too far off with the jscript integer overflow either. It's usually difficult to write an exploit that will work for all the different OS and jscript.dll versions, without simply crashing on a mismatched version. That makes an effective worm a lot less likely.
The webmail sites usually do some javascript filtering, but there have been bypasses for those filters in the past, and probably will be in the future. If you're using IE to read mail on those sites, there's always a chance this bug might bite you.
The one mirror of the article I read kept referring to "Ethernet cable", and it's got Xilinx and 3com involved, but is what is coming down the wire actually 802. anything? I would tend to assume it's some proprietary digital 8-channel sound stream, that just happens to use CAT5.
Deepsight gets their information from various IDS systems around the world. They get alert logs, not actual packet samples or code samples. (At least not from that mechanism, they also manually collect the other stuff.)
Probably what happened is that they picked up enough of an increase in UDP Port 1434 activity ahead of time that they felt it warranted an alert and issued it. For the reasons you've noted, they probably wouldn't have been able to indicate that a worm was coming, or even that it was going to be a particularly serious problem in the near future. They would have been able to point to the vulnerability associated with that port. They probably would have recommened firewalling and patching.
That is the sort of report they issue every day. At the time, they probably wouldn't have had any reason to issue it publicly. By the time anyone knew what was really up, it was over, and everyone was already informed.
And of course, after the fact the PR people play up the initial report, with interesting results.
I might be wrong. Symantec should make a copy of the report publicly available so we can all see.
According to Caida at: http://www.caida.org/analysis/security/sapphi re/
"The worm (also called Slammer, SQLSlammer, W32.Slammer) began at almost exactly 5:30 AM (UTC) on Saturday January 25th and spread by infecting copies of Microsoft SQL Server and MSDE 2000 (Microsoft SQL Server Desktop Engine) that were exposed to the Internet."
Which (I think) would be 12:30 AM Eastern. 9:30 Pacific, the night before.
They show 74K infected hosts within 30 minutes of that time.
I had clicked it... I didn't see the bit you just highlighted, I guess. So, that's cool.. you can get the command-line compiler stuff. I think this is also the first time one now could release some MS C code made with MS tools, and be sure that everyone out there could build it without having to buy something. It's not the same as VC++ though, is it? Sounds like it's missing the IDE.
All of what you've said about markoff's libelous reporting is fine & dandy... But, do you have any way to prove it?
"Where were you during the early 80's when you are accused of having hacked into NORAD? Do you have any witnesses that can confirm your whereabouts and actions during that time period?"
I actually think this feature could be useful, if done "right". Along the lines of my idea of right... will I be able to, say, install my own set of public keys in the BIOS so that I can have a system that will only boot the software that I have signed?
It's pretty well thought out. Each of the sections in the XBE (analogous to the Win32 PE format, EXE) is checksummed using SHA-1. Each hash is stored in the header along with the byte offsets of each section. The entire header is then checksummed again with SHA-1, and the resulting hash is signed using 2048-bit RSA. The public key is stored in the XBox's BIOS.
In that case, it sounds like one would be better off trying to find a hash collision, and replacing one section of an already-signed program... say, a boot loader? That reduces the problem to "only" 160 bits or thereabouts.
(Of course, now that I'm looking... I can't find one of those handy charts that tells me how many symmetric bits 2048 asymmetric is equivalent to... checking half of 160 bits may be worse that sieving 2048 bits...)
Slashdot Mirror
Do you also mean the M10000, or is there a M1000 I don't know about? What OS are you using?
I assume you mean the M10000? Cool, I didn't realize they were available yet. That's with the built-in MPEG decoder? Out of curiousity, have you tried playing raw DVD files across a network yet, and/or MPEG4/Divx?
The review basically says they can't keep up for playing DVDs or streaming video. There goes my interest in them. At least, not without some hardware assist... I suppose one could try a video card that can offload the decoding. That's how the Tivo gets away with using such a low-end CPU, right?
That doesn't seem to be a particular model of card, rather it's a family of cards with capture hardware? and a software bundle (Windows).... is there an inexpensive model in that family?
Does/can one of these cards boot the machine on the tv-out port? (I.e. it POSTs on the TV)
Actually, I was wondering about the game consoles, and was hoping someone had tried that and would reply. :)
:)
The XBox will actually do all the video output options, including HDTV, no? I remember reading some Viewsonic scan converter review that mentioned a couple of games doing 1080i. I have no moral issues with modding one so I can run my choice of software. I don't even have any use for XBox games, that's what my Windows machine is for.
So what OS are you using when streaming video? The one that comes with it? Tried the XBox linux at all? I'm curious how good the video support is.
How much for an XBox with a mod & Ethernet (Fast Ethernet?) Do they have IR receivers, or any aftermarket ones?
The hardware's been availible for a really long time. Unfortunately, no software has come out to support it.
I'm kinda seeing the opposite, at least for the hardware I'm looking for (as descibed in my original post). Specifically, I'm not seeing a lot of hardware that is in a small VCR-size case, perhaps solid-state, built-in IR receiver, video chipset specifically designed for TV output. I've seen a few set-top box announcements, but I'm not seeing them make it to market. Maybe software is the reason, I don't know.
On the other hand, I see many Linux video-related software projects for general-purpose x86 PCs, if you don't mind spending the $1000 for decent hardware and having the noisy, large PC by the TV.
What DO these people do with their HTPCs? How the heck do you effectively control windows/linux with a remote (other than moving the mouse around with a joystick)?
You don't control the OS in general from a remote. (well, if you want to use your TV as a monitor, you can get wireless mice and keyboards.) For my application, you set the machine to boot with your AV application full-screen, and your remote talks to that. Think running Windows Media Player from a remote. All the functions you'd want to do could be done from a stardard universal remote, except for the naming & categorization tasks. For what I'm after, that's done on the server though, not the set-top boxes.
We simply need a tivo-like application to organize all our videos, etc. Even the Digital Media Center edition of windows doesn't come close, handles music horribly, requires hardware mpeg compression, and STILL stresses a P4 (and yet the tivo can work easily with a 50mhz PPC chip). Sure, I know about mythTV and freevo - the two projects certainly look promising, but aren't even close to ideal yet (although linux is certainly winning this race, I'd like to see something from apple).
That's what I'm talking about... In fact, the TIVO is just about exactly what I'm after, right down to running Linux. Problem is that it's not aimed at being a remote DVD player, but rather it's PVR function (duh). Plus the subscription fees and their attempts to keep it as closed as possible are really counter-productive to the kinds of projects I'd like to try. Still, the hardware base is about right, and the price would be about right without the large hard drives.
At this point, you're just being a troll, but let's give it one last shot...
First off, my DVDs are contstantly getting trashed by my small children, and yes that's the main reason for wanting a system that doesn't require physical media. However, if all I wanted to do was copy them, then why do I want the DVD-rom drive in it? The drives in my PCs will rip the movies just fine. It's because I want to play physical media that I own on them, on occasion. If all my video were just downloaded, then I'd be fine with the $200 HP box, wouldn't I?
I don't care about a TOSLink output, I have nothing that takes that as an input.. a fact that ought to be blatantly obvious if I'm only interested in NTSC, and $80 DVD players make me happy.
The main point, which you've managed to avoid through a couple of posts now, is that I want a box that can play audio and video from across a network as well as physical disks. If you know of such a box, I'd like to hear about it. Otherwise, your opinion on whether what I'm trying to do is legitimate is of no use to anyone.
Ever consider buying ... (wait for it) ... a $200-$300 DVD player?
Well...no. First off, I haven't seen much on a $300 DVD player that interests me more than the $80 ones... and second, I'm under the impression that DVD players do a poor job of streaming ripped DVDs and MP3s from the local Ethernet. If you know of a DVD player that does the latter bit, then that's what I'm after...
Close, but not quite enough... I want a similar box with a DVD (ROM) drive in it, so one can walk up and play physical DVDs in it, too. I was all set to buy a GoVideo D2730, but SonicBlue decided to go bankrupt and sell off the product lines instead of releasing them.
Yeah, I know, I DO plan to build a HTPC, but I'd like to have a box available in the $200-300 range that the wife and children can use as simply as a DVD player. I can take care of the media server behind the sceens myself. I'm not going to build a $1000 HTPC for each TV in the house...
Ideally, the box would do 100bT (the HP box says it's 10), and I'd like it to run an OS that I get source for, so I can customize it. Oh, and a pony, I'd like a pony.
Seriously though, I'd love to have the proverbial Linux set-top box, with maybe a 5 1/4 bay to accept a DVD drive (that could cost extra, I don't care that much.) The important bits are that it be AV-style casing, be in the $200-300 range, and have flawless, standard NTSC output. Doesn't need to be HDTV yet. Just composite and s-video, maybe component would be nice. Needs an IR input for remote as well. I'm actually willing to put up with the endless software upgrade cycle and small glitches that represent an immature or beta software base. I can upgrade/try other progs as needed.
Anyone know of such a boxen that meets my criteria?
Right, which is why they just made the SOL announcement.
Probably because they are about two different vulns. Since the webdav hole is known to have an exploit already being used in the wild, it's pretty safe for Russ to say that it will be used. :)
He's probably also not too far off with the jscript integer overflow either. It's usually difficult to write an exploit that will work for all the different OS and jscript.dll versions, without simply crashing on a mismatched version. That makes an effective worm a lot less likely.
The webmail sites usually do some javascript filtering, but there have been bypasses for those filters in the past, and probably will be in the future. If you're using IE to read mail on those sites, there's always a chance this bug might bite you.
Which stories are you reading?
0 03_03_16.html
/ 2003-March/004574.html
The lockergnome one, which is the one from today:
http://www.lockergnome.com/update/archives/week_2
It makes reference to emails and html pages, which relate the the vuln I referred to.
BTW, it looks like details are available now:
http://lists.netsys.com/pipermail/full-disclosure
Half the stories linked to are for the wrong vuln. I think they're supposed to be warning us about this one:
i ns/ms03-008.asp
http://www.microsoft.com/security/security_bullet
The one mirror of the article I read kept referring to "Ethernet cable", and it's got Xilinx and 3com involved, but is what is coming down the wire actually 802. anything? I would tend to assume it's some proprietary digital 8-channel sound stream, that just happens to use CAT5.
Except that when you use the Internet, you're always using someone else's network.
Deepsight gets their information from various IDS systems around the world. They get alert logs, not actual packet samples or code samples. (At least not from that mechanism, they also manually collect the other stuff.)
Probably what happened is that they picked up enough of an increase in UDP Port 1434 activity ahead of time that they felt it warranted an alert and issued it. For the reasons you've noted, they probably wouldn't have been able to indicate that a worm was coming, or even that it was going to be a particularly serious problem in the near future. They would have been able to point to the vulnerability associated with that port. They probably would have recommened firewalling and patching.
That is the sort of report they issue every day. At the time, they probably wouldn't have had any reason to issue it publicly. By the time anyone knew what was really up, it was over, and everyone was already informed.
And of course, after the fact the PR people play up the initial report, with interesting results.
I might be wrong. Symantec should make a copy of the report publicly available so we can all see.
According to Caida at:i re/
http://www.caida.org/analysis/security/sapph
"The worm (also called Slammer, SQLSlammer, W32.Slammer) began at almost exactly 5:30 AM (UTC) on Saturday January 25th and spread by infecting copies of Microsoft SQL Server and MSDE 2000 (Microsoft SQL Server Desktop Engine) that were exposed to the Internet."
Which (I think) would be 12:30 AM Eastern. 9:30 Pacific, the night before.
They show 74K infected hosts within 30 minutes of that time.
I had clicked it... I didn't see the bit you just highlighted, I guess. So, that's cool.. you can get the command-line compiler stuff. I think this is also the first time one now could release some MS C code made with MS tools, and be sure that everyone out there could build it without having to buy something. It's not the same as VC++ though, is it? Sounds like it's missing the IDE.
Since when is VC++ free? What you linked to is the .net SDK download... does that include a compiler?
All of what you've said about markoff's libelous reporting is fine & dandy... But, do you have any way to prove it?
"Where were you during the early 80's when you are accused of having hacked into NORAD? Do you have any witnesses that can confirm your whereabouts and actions during that time period?"
So, who are you? Rosie or Mike Blaszczak?
1 914654/
http://www.amazon.com/exec/obidos/tg/detail/-/020
It's not exactly a cameo when he's the main subject. :)
BTW, he thought it was funny, and says you spelled his name wrong.
I actually think this feature could be useful, if done "right". Along the lines of my idea of right... will I be able to, say, install my own set of public keys in the BIOS so that I can have a system that will only boot the software that I have signed?
It's pretty well thought out. Each of the sections in the XBE (analogous to the Win32 PE format, EXE) is checksummed using SHA-1. Each hash is stored in the header along with the byte offsets of each section. The entire header is then checksummed again with SHA-1, and the resulting hash is signed using 2048-bit RSA. The public key is stored in the XBox's BIOS.
In that case, it sounds like one would be better off trying to find a hash collision, and replacing one section of an already-signed program... say, a boot loader? That reduces the problem to "only" 160 bits or thereabouts.
(Of course, now that I'm looking... I can't find one of those handy charts that tells me how many symmetric bits 2048 asymmetric is equivalent to... checking half of 160 bits may be worse that sieving 2048 bits...)