And yet this is the same Nominet who is riding rough shod over user's objections to showing full addresses and phone numbers on whois on all of.uk (including.me.uk - supposed to be for individuals), the same nominet who has a shed load of money in the bank, who don't publish accounts and has hidden companies, the same nominet who can take 4 months to respond to emails, and who, in my case took 2.5 years to transfer a domain I purchased into my name.
Nominet is not run for the common good, nor are they transparent.
Re:A link to the article would have been nice...
on
.NET for Apache
·
· Score: 1
However, I can attest to the fact that with every other release, until Windows Media Player 8, the HTTP streaming component of that product was broken.
Really? So those test clientboxes I have in the office running Media Player 6.4 and Media Player 7, configued to only use HTTP as the transport aren't actually streaming video? That's damn clever of Microsoft to fake it then.
Ah, I am indeed, my apologies. It's been a long day here. However, in my case, it doesn't help. None of my clients use quicktime for delivery to end users. They all want Windows and MMS. Without MMS, the "open" Real is simply a replacement for the horribly expensive Real Server. Of course, without real's full range of codecs, even that function is severly limited.
Judging from client requests, and the end user numbers (over 1 million streams a week) for content that is available in both formats, MS is approx 85% of the end user choice, Real 15%. A lot of my clients don't even bother asking for real encoding, and we do the encoding cheap.
Looking at the server page, it's hardly ready to go. Note the open server page mentions nothing about streaming Windows media, QuickTime, MPEG2 or 4, simply Real. All it seems to support is RTSP/RTP/RTCP/SDP. No MMS support? Well that's kind of useless then, as it the lack of HTTP streaming support.
Believe me I'd love to have a central streaming system, my business is all based on streaming, but forgive me for not expecting much from a company that releases what has to be the worse media player, which drops advertising icons on your desktop and hides it's advertising engine by calling it evntsvc.exe, and which drops the start up code back into the registry each time you remove it.
The banks and brokers are being forced to do this by October. They don't have a choice.
So, what, if they use open source they won't have to? Is that your point? It may be more difficult to put that crap in, but a) Sybase arent hiding it b) That crap HAS to go in.
You know that in Europe banks have to report cash transactions over a certain size, and other "suspicous activities" to law enforcement? Europe already has that sort of "monitoring" in place to stop money laundering.
Actually it's only users with local administrative rights to the box, not Domain Admins, it just so happens, of course, that if a machine is in a domain, then Domain Administrators have admin rights to every box.
why would ripping a stream take any more (or less) of the server's bandwidth than regular streaming-playback?
That confused me too. However, think about how streaming works. Dropping packets isn't a big issue, it looks like the stream records pull multiple streams, and go forward and packet over each frame making sure nothing gets dropped. The ripper had 10 simultaneous connections (that can't be well written, if you want to reduce packet loss, you don't open multiple streams)
What's even worse is when someone on a 56k modem rips at 300kps stream. Gaaaahhhh!
Perhaps peer to peer will solve this, but I can't see my customers (who I have to admit include major labels) going for it.
a PC is that you don't have a mouse, so aiming is slow and tedious and hence no fun
I may just be a ham fisted retard, but I actually like aiming on HALO, having everything in the palm of your hand is easy enough. Took me an hour to get used to it.
If the whole network is built around security, and I'm not talking DRM, then stream ripping would be hard at least. Servlets could identify clients, XMMS and Winamp could not allow saving streams, and M$ would have to catch up.
Well they would, if the stream rippers were honest. They're not. They send the HTTP_USERAGENT equivilant of the normal players. ASF recorder identifies itself as Media Player 7.
People, as you say, should be restricted from saving copyrighted streams. Unfortunately, people don't care. It's hard to tell users that just because it's digital doesn't mean it has no value. The example I save was a charity concert by a heavy metal band. It was broadcast live, then put on line by the label for 4 days, so those who missed it could see it. It's coming on DVD eventually. But people still want to steal it.
Of course, as a streaming provider, we provide what the bill payers want, not what the consumer wants.
I would rather the client to not allow stream "ripping".
Stream ripping is a major problem on my Real and Windows Media servers. We've had people fire off stream rippers to take off a 1 hour stream ("hey it's free, I must be able to save it myself"), however stream rippers are horrible from a provider point of view. For a 1 hour stream, a user in an NYC trading bank (I traced the IP) took 40GB to get the stream. The source file was about 4Mb. As you can imagine, for that hour, other people's experience was not optimal.
Now, imagine on a peer to peer network, some anti-social little sod stealing your stream. All your DSL bandwidth gone.
Of course, someone will write a stream ripper anyway, and people will use it, not caring about other users.
The p2p protocols are very suitable for multicasting
Except of course, the internet at large doesn't support multicasting very well. Sure, you can multicast internally on a small network, assuming your switches support it, but once you start to involve routers, you find very quickly ISPs don't support it. Some DSL providers are starting to consider allowing multicast within their own blocks, so a streaming server sitting in their DSL space will use up less bandwidth, but what currently happens is they are all running Inktomi caches which cache streams within their own network. Of course, its only Windows Media or Real Media streams that are supported.
(Disclaimer : My employeer is a large provider of streaming services in Europe)
That's the thing. The spammer DOES pay for them. If they buy a dedicated T-1 for 1000$ a month (unlimited usage) (cost based on data transfer) , fine, let him spam.
Yes the spammer pays, but so do those who recieve the spew. Why does a spammer paying for a T1 have the right to connect to my network? Or any other network he hasn't paid for? It's a priviledge, and no way in hell does his paying for his connection allow him to block up my connection and my mail server.
Junk post mailers pay to send those, but you don't pay to recieve them. With spam you do pay. You pay for the bandwidth on your mail server, the bandwidth to get the mails, the disk space on the server and client, and the time taken to hit delete. Are you willing to pay for the physical junkmail you get? Are you willing to pay for advertisments showing "REAL RAPE PHOTOS", "ANIMAL SEX" or "MAKE YOUR DICK BIGGER" in your physical post box every day?
For example xbconnect (Gamespy have another one), and there's even a Linux version somewhere.
Basically people have produced a tunneling application that fakes the local LAN facility for multiplayer games and pushes it over the net. Nothing nasty happening yet (well, expect getting my ass kicked in Halo by 9 year old kids, but that's depressing, not nasty)
Request.ServerVariables("HTTP_REFERER")?
Exactly what good would checking the referring web site do?:)
Kew Gardens
on
Project Eden
·
· Score: 3, Informative
Kew Gardens, in the centre of London, is probably the Victorian version of this. It has glass houses for tropical, hothouse and desert landscapes, and even managed to get a titan arum flowering last month for the second time. (I went to see it, damn it was huge)
Not as big a scale of course, but the Millenium Seed Bank project gives it a well defined purpose other than a simple tourist attraction; to collect and conserve 10%, over 24,000 species, of the world's seed-bearing flora, principally from the drylands by 2010 and to collect and conserve seeds of the entire UK native seed-bearing flora by 2000.
I've just mailed this to a couple of security lists I take part in. Posting here seems like a good idea (although now, of course, I am outed as a SQL Server user)
Please feel free to forward these recommendations to any other lists as you see fit. However, as with all system changes, things can go wrong. Make sure you have backups. I take no responsibility if your SQL server dies. Or if the sun fails to come up:)
You can safely (well ish) drop the xp_cmdshell stored procedure from your servers. There's very little valid use for this (smug mode - I had mentioned this in a presentation to SQL-PASS 2 years ago!) This can kill some things, like BCP. Don't hold me responsible if something stops working:)
use master
exec sp_dropextendedproc 'xp_cmdshell'
Don't run mixed mode security if you can help it. MSDN has details.
You can of course, change the port SQL listens on. Not ideal, but for those that want a wide open to the world SQL database, it's an option. (Run the Server Network Utilities program on the server, and choose properties for TCP/IP - don't forget to tell the client machines the new port)
I want to restate - SQL does not log logins (failed or otherwise by default). Turn it on. (Enterprise manager, right click your server, choose Properties, then the security tag. Login events go to the Application log.
From what I see the worm adds a password to guest and moves it into the admin groups. It's done using the username, not a SID, so renaming your guest accounts would stop this. Always a good idea to enforce this at a domain policy level.
You may also wish to consider dropping the ActiveX stored procedures. Do you want/need sa to be able to create ActiveX objects?
Check the login tables for null passwords (mixed mode). Run the following SQL
use master
select name, Password
from syslogins
where password is null
order by name
Use a low access user account for SQL Server service not LocalSystem or Administrator. This account should only have minimal rights (Run as a Service Right IS required). If you use Enterprise Manager to make this change, the ACLs on files, the registry, and user rights are done for you.
Check the other extended stored procedures, delete as you see fit.
Don't run SQLMail unless you have to.
Don't use TCP/IP as a network protocol unless you have to.
Slashdot Mirror
Both A, J and G roots are in Virginia. A and J is at NSI, and G is at DoD.
The F root is in Palo Alto
The K root is run by RIPE NCC, and is housed in London
The L root is at ISI in California
I cannot remember or find locations for the others :)
And yet this is the same Nominet who is riding rough shod over user's objections to showing full addresses and phone numbers on whois on all of .uk (including .me.uk - supposed to be for individuals), the same nominet who has a shed load of money in the bank, who don't publish accounts and has hidden companies, the same nominet who can take 4 months to respond to emails, and who, in my case took 2.5 years to transfer a domain I purchased into my name.
Nominet is not run for the common good, nor are they transparent.
However, I can attest to the fact that with every other release, until Windows Media Player 8, the HTTP streaming component of that product was broken.
Really? So those test clientboxes I have in the office running Media Player 6.4 and Media Player 7, configued to only use HTTP as the transport aren't actually streaming video? That's damn clever of Microsoft to fake it then.
Ah, I am indeed, my apologies. It's been a long day here. However, in my case, it doesn't help. None of my clients use quicktime for delivery to end users. They all want Windows and MMS. Without MMS, the "open" Real is simply a replacement for the horribly expensive Real Server. Of course, without real's full range of codecs, even that function is severly limited.
Judging from client requests, and the end user numbers (over 1 million streams a week) for content that is available in both formats, MS is approx 85% of the end user choice, Real 15%. A lot of my clients don't even bother asking for real encoding, and we do the encoding cheap.
Pieces? "Aye, now there's the rub"
Looking at the server page, it's hardly ready to go. Note the open server page mentions nothing about streaming Windows media, QuickTime, MPEG2 or 4, simply Real. All it seems to support is RTSP/RTP/RTCP/SDP. No MMS support? Well that's kind of useless then, as it the lack of HTTP streaming support.
Believe me I'd love to have a central streaming system, my business is all based on streaming, but forgive me for not expecting much from a company that releases what has to be the worse media player, which drops advertising icons on your desktop and hides it's advertising engine by calling it evntsvc.exe, and which drops the start up code back into the registry each time you remove it.
OK how would open source help here?
The banks and brokers are being forced to do this by October. They don't have a choice.
So, what, if they use open source they won't have to? Is that your point? It may be more difficult to put that crap in, but
a) Sybase arent hiding it
b) That crap HAS to go in.
OK, sorry, EU countries. Except Liechtenstein and Switzerland :)
You know that in Europe banks have to report cash transactions over a certain size, and other "suspicous activities" to law enforcement? Europe already has that sort of "monitoring" in place to stop money laundering.
I use Bitvise WinSSHD.
Aside from dropping you straight to the Win2k command prompt, it has
Actually it's only users with local administrative rights to the box, not Domain Admins, it just so happens, of course, that if a machine is in a domain, then Domain Administrators have admin rights to every box.
That confused me too. However, think about how streaming works. Dropping packets isn't a big issue, it looks like the stream records pull multiple streams, and go forward and packet over each frame making sure nothing gets dropped. The ripper had 10 simultaneous connections (that can't be well written, if you want to reduce packet loss, you don't open multiple streams)
What's even worse is when someone on a 56k modem rips at 300kps stream. Gaaaahhhh!
Perhaps peer to peer will solve this, but I can't see my customers (who I have to admit include major labels) going for it.
I may just be a ham fisted retard, but I actually like aiming on HALO, having everything in the palm of your hand is easy enough. Took me an hour to get used to it.
Why wouldn't Microsoft just write an XBOX->DX8 wrapper?
No need, the graphics API on the XBox is DirectX.
See
As an added bonus the networking APIs are the same DirectPlay APIs on the PC.
The only drawback is NTSC consoles cannot play against PAL ones.
Well they would, if the stream rippers were honest. They're not. They send the HTTP_USERAGENT equivilant of the normal players. ASF recorder identifies itself as Media Player 7.
People, as you say, should be restricted from saving copyrighted streams. Unfortunately, people don't care. It's hard to tell users that just because it's digital doesn't mean it has no value. The example I save was a charity concert by a heavy metal band. It was broadcast live, then put on line by the label for 4 days, so those who missed it could see it. It's coming on DVD eventually. But people still want to steal it.
Of course, as a streaming provider, we provide what the bill payers want, not what the consumer wants.
I would rather the client to not allow stream "ripping".
Stream ripping is a major problem on my Real and Windows Media servers. We've had people fire off stream rippers to take off a 1 hour stream ("hey it's free, I must be able to save it myself"), however stream rippers are horrible from a provider point of view. For a 1 hour stream, a user in an NYC trading bank (I traced the IP) took 40GB to get the stream. The source file was about 4Mb. As you can imagine, for that hour, other people's experience was not optimal.
Now, imagine on a peer to peer network, some anti-social little sod stealing your stream. All your DSL bandwidth gone.
Of course, someone will write a stream ripper anyway, and people will use it, not caring about other users.
The p2p protocols are very suitable for multicasting
Except of course, the internet at large doesn't support multicasting very well. Sure, you can multicast internally on a small network, assuming your switches support it, but once you start to involve routers, you find very quickly ISPs don't support it. Some DSL providers are starting to consider allowing multicast within their own blocks, so a streaming server sitting in their DSL space will use up less bandwidth, but what currently happens is they are all running Inktomi caches which cache streams within their own network. Of course, its only Windows Media or Real Media streams that are supported.
(Disclaimer : My employeer is a large provider of streaming services in Europe)
Yes the spammer pays, but so do those who recieve the spew. Why does a spammer paying for a T1 have the right to connect to my network? Or any other network he hasn't paid for? It's a priviledge, and no way in hell does his paying for his connection allow him to block up my connection and my mail server.
Junk post mailers pay to send those, but you don't pay to recieve them. With spam you do pay. You pay for the bandwidth on your mail server, the bandwidth to get the mails, the disk space on the server and client, and the time taken to hit delete. Are you willing to pay for the physical junkmail you get? Are you willing to pay for advertisments showing "REAL RAPE PHOTOS", "ANIMAL SEX" or "MAKE YOUR DICK BIGGER" in your physical post box every day?
Except they already have.
For example xbconnect (Gamespy have another one), and there's even a Linux version somewhere.
Basically people have produced a tunneling application that fakes the local LAN facility for multiplayer games and pushes it over the net. Nothing nasty happening yet (well, expect getting my ass kicked in Halo by 9 year old kids, but that's depressing, not nasty)
Request.ServerVariables("HTTP_REFERER")? Exactly what good would checking the referring web site do? :)
Kew Gardens, in the centre of London, is probably the Victorian version of this. It has glass houses for tropical, hothouse and desert landscapes, and even managed to get a titan arum flowering last month for the second time. (I went to see it, damn it was huge)
Not as big a scale of course, but the Millenium Seed Bank project gives it a well defined purpose other than a simple tourist attraction; to collect and conserve 10%, over 24,000 species, of the world's seed-bearing flora, principally from the drylands by 2010 and to collect and conserve seeds of the entire UK native seed-bearing flora by 2000.
Simply oh dipshitted one, don't let SQL use TCP/IP and used named pipes to connect to the database. A lot easier if they are on the same machine.
I've just mailed this to a couple of security lists I take part in. Posting here seems like a good idea (although now, of course, I am outed as a SQL Server user)
Please feel free to forward these recommendations to any other lists as you see fit. However, as with all system changes, things can go wrong. Make sure you have backups. I take no responsibility if your SQL server dies. Or if the sun fails to come up :)
use master
exec sp_dropextendedproc 'xp_cmdshell'
sp_OACreate sp_OADestroy sp_OAGetErrorInfo sp_OAGetProperty sp_OAMethod sp_OASetProperty sp_OAStop
The same goes for registry sps
xp_regaddmultistring xp_regdeletekey xp_regdeletevalue xp_regenumvalues xp_regremovemultistring
use master
select name, Password
from syslogins
where password is null
order by name
Finally, MS have released a bulletin
SQL 2000's default install warns you and asks you to check a box to confirm you want to be an idiot with a blank sa password.
The later SQL7 service packs also nagged you.