The Digital Millienium Copyright Act, while not applying to file formats or reverse engineering, DO apply to encryption. Now, you can go ahead and create and distribute your filter without a problem.
*BZZT* Nope, wrong. Encryption has nothing to do with it.
To quote the DMCA:
(2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that--
``(A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;
``(B) has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a work protected under this title;
Since the contents of the file format are copyrighted material, the file format itself "effectively prohibits access" to the work. Writing a filter that's sole purpose is to read this file format is indeed a violation of the DMCA.
Now a common misconception is that you can use the following section as an excuse:
(f ) Reverse Engineering.--(1) Notwithstanding the provisions of subsection (a)(1)(A), a person who has lawfully obtained the right to use a copy of a computer program may circumvent a technological measure that effectively controls access to a particular portion of that program for the sole purpose of identifying and analyzing those elements of the program that are necessary to achieve interoperability
But you'd be wrong - because this only allows you to reverse engineer the program - it says nothing about the file formats used by the program.
SOAP traffic is actually quite easy to detect in HTTP, just examine the Content-Type field.
Uh-huh. "SOAP is easy to detect, just throw away your simple, efficient packet filter, and install something that examines every stream, which of course requires a ton more horsepower."
Sorry, this is nothing more than an attempt to sidestep the issue.
The ability to act over plain HTTP DOES have a use.
K. Still waiting for proof..
Back in the day, you could assume that every computer on the internet had an IP address, and could deal with unfiltered TCP/IP.
In other words, a FIREWALL?
Nowadays.. we have NAT everywhere... I live in Costa Rica. The local cable company uses NAT... And stuff like video, voice, remote desktops, VPN, etc will just plain not work over nat.
Yes, but the reason that HTTP DOES work, is that it's based on TCP. The other stuff you list doesn't.
There is NO reason that SOAP has to use HTTP. It could run over another TCP port, and NAT would have no bearing at all.
If the only excuse given for SOAP's poor design is to make it work with NAT, then there is no real reason it couldn't run over it's own TCP port.
SOAP [w3.org], for the uninformed, is just an XML-based protocol carried through HTTP. It doesn't BYPASS the firewall, it passes through the port generally held open for the use of web servers.
As I would be one of the uninformed, can you tell WHY it passes through the port generally held open for web servers?
Could it because that's the easiest way to bypass a firewall?
We recommend that all protocols and interfaces used in Microsoft software be immediately published, and a one-year moratorium be placed on all non-security modifications to those protocols.
One year? One year?!? Does Linux do that? Does anyone?
Besides the point that "Linux" doesn't create standards, one year isn't a huge amount of time to wait before making changes.
expecting them to develop a protocol... and then sit on their hands for a full year while security experts diddle and competitors get a head start implementing Microsoft's ideas is just ridiculous.
Re-read what you're responding to. Where does it say that MS has to wait for a year before they implement a protocol?
Once a protocol (which might also include file formats) is published, waiting a year before extending-and-embracing it sounds like a good idea to me.
they obviously didnt have a clue on the security side of things to begin with, the MS project managers preaching security over all. this is the blind leading the blind and the deaf.
This is 100% true, although I would have phrased it differently.
I saw an interview with Scott Culp, who said that security for Win2K was a "show stopper" (yes, I know he's using the term incorrectly) - any developer who spotted a security bug could stop the release so that the bug could be fixed.
When this was mentioned to people in the security community, the response was generally "I'm skeptical about this".. but I believe Mr. Culp.
The problem isn't that MS doesn't take security seriously, it's that they don't know how to write secure code. It's one thing to say "If you see a securty problem, report it", but what if the person doesn't know how to recognize a security problem in the first place?
A TCP packet has a header area and a data area. The header has a number of fields in it; the ones that are important here are the source and destination MAC addresses, the source and destination TCP/IP addresses, and the source and destination Port numbers.
A TCP header does not include anything like MAC addresses. The TCP header contains EXACTLY the following fields:
Source Port (16bit)
Destination Port (16 bit)
Sequence Number (32 bit)
Acknowledgement Number (32 bit)
Header Length (4 bit)
reserved (6 bits - currently unused)
TCP Flags (6 bits)
Window size (16 bits)
TCP Checksum (16 bits)
Urgent pointer (16 bits)
Anyone who tells you the TCP HEADER holds anything else is WRONG.
The IP HEADER doesn't even contain MAC information:
Version (4 bits)
Header Length (4 bits)
Type Of Service (8 bits)
Total length (16 bits)
ID (16 bits)
Fragmentation info (16 bits)
TTL (8 bits)
Protocol (8 bits)
Header Checksum (16 bits)
Source IP Address (32 bits)
Destination IP Address (32 bits)
when I switched computers I needed to call them and have them make some adjustment somewhere. I did this 3 or 4 times. Adelphia (current provider) doesn't do this. Any ideas on what mediaone was doing?
Yes, their gear was caching ARP entries; or they bound your MAC address to the modem.
Just slightly ahead of our time." [Panasonic] - No, Billy you can't travel into the future I don't care what the Panasonic commercial said.
Sure you can..
I invented this amazing time machine - it allows you to travel short distances into the future.
It consists of a rectangular frame, approximately 7' long by 5' wide, by 2' high, topped with a soft cushiony layer; the controls stand on a separate module, to one side of main unit. Controls are simple - you set the chronometer for the time in the future you wish to go to, and lie down on the main unit and close your eyes.
So far, it's only been successful for short trips - the device has a maximum distance of 8 or 9 hours into the future, but if you send me enough VC money, I'm sure I can continue my research, and make it able to travel longer distances.
Try Reg.ca the only problem I've had with them was the link to renew the domain asks you to log in first (you have to create an account to register the domain name in the first place.)
There is a page that allows you to renew without logging on, but they don't advertise it.
Other than that, their service has been second-to-none.. the one time I did have a problem (which wasn't even their fault - my browser crashed after registering a domain, before I could get confirmation to go to CIRA) they straightened it out within an hour.
Just look at any business IP telephone...they grab their operating voltage straight off the network cable.
Really?
I have a 3com IP telephone sitting right on my desk - in addition to the ethernet cable, it has a brick that plugs into the power outlet. If I unplug that brick, the phone stops working.
Basically, an IPv6 node picks an address at random and broadcasts a message to see if anybody else has claimed that address. If so, it choses another address at random and tries to claim that one instead.
OK, maybe it's just me, but doesn't this open up a big DoS possibility?
A trojan (say on a Windows machine) could sit quietly listening for such requests, and NACK every one that comes along..
There are API's on the Windows's plateform for all of this
No, there isn't.
Text file -> editor
WinRegistry -> custom program to extract to text -> editor -> custom program to replace -> Winregistry
If your system is hosed with the first one, you load up your rescue floppy, use VI on the text file, and you're done.
If your system is hosed with the second one, your system is hosed. All the APIs in the world won't fix it, because the system has to boot before you can use them.
binary databases are corruption prone -- that's why all of the terabyte-sized database systems use flat text files. Thanks for your insight.
I think the original poster phrased that incorrectly..
Flat text files are no more prone to corruption than binary ones - but when it DOES become corrupt, you can fix a text file with VI, or any other text editor.
While it leverages filesystem tools, it isn't user friendly: one still needs some kind of app to tie it all together
Depends entirely on how friendly you consider the command line:o)
(and answer questions like, "Under what other keys is this image also indexed?"). I call this the "reverse-symlink" problem: what are the symlinks to a given cannonical file name?
In that case, you can always use hard links instead of symlinks.. then a (maybe not-so) simple :
will tell you.. (of course with this scenario, all the files must be on the same partition..)
Incidentally, I do this (the symlink method) with my MP3 collection - the main folder contains artists/ albums/ years/
the songs are linked by the artist name, album (which don't necessarily correspond 1:1), and decade the song was recorded.. original songs are placed under the artist, with links in the other folders.. (there is the occasional link in the artist folder, pointing to a file under another artist - for collaborations, etc..)
You offer a number of proposals for keeping the layers of the Internet and the software world independent. The U.S. tried to pursue these same goals in the early part of the 1900s
OK, maybe it's just me, but I didn't think that the Internet and software existed in the early part of the 1900s.
This raises some constitutional issues - Do I have the right of freedom of speech ( as code has been found to be in some cases ) to utter an incorrect program?
This is pretty simple:
Source code is speech, binaries aren't.
OSS authors would be exempted, both for first amendment concerns, and because giving the source to the client allows them to fix the problem themselves when problems are found.
It's important to distinguish the exchange of labour for money from the rental of a good for money. Rental always ends up being money for nothing at the end of the period.
Not quite.
Suppose I need a cube van, so that I can move..
I don't have the money to buy one outright, and even if I did, I have no day-to-day use for one.
Now, I can go down to U-Haul and rent one for the weekend. I have a drivers license, and the $50 for the rental.. The end result is that I can move my apartment for net cost of $50 + my time (which doesn't cost me money, as I don't work weekends.) I would hardly call this "money paid for nothing" - unless you're suggesting that the furniture would have moved itself if I had just waited long enough.
If I had to hire movers, I'd be looking at several hundred dollars just for labour - why should I have to do that when I'm willing and capable of doing the work myself?
The Digital Millienium Copyright Act, while not applying to file formats or reverse engineering, DO apply to encryption. Now, you can go ahead and create and distribute your filter without a problem.
*BZZT* Nope, wrong. Encryption has nothing to do with it.
To quote the DMCA:
(2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that--
``(A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;
``(B) has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a work protected under this title;
Since the contents of the file format are copyrighted material, the file format itself "effectively prohibits access" to the work. Writing a filter that's sole purpose is to read this file format is indeed a violation of the DMCA.
Now a common misconception is that you can use the following section as an excuse:
(f ) Reverse Engineering.--(1) Notwithstanding the provisions of subsection (a)(1)(A), a person who has lawfully obtained the right to use a copy of a computer program may circumvent a technological measure that effectively controls access to a particular portion of that program for the sole purpose of identifying and analyzing those elements of the program that are necessary to achieve interoperability
But you'd be wrong - because this only allows you to reverse engineer the program - it says nothing about the file formats used by the program.
SOAP traffic is actually quite easy to detect in HTTP, just examine the Content-Type field.
Uh-huh. "SOAP is easy to detect, just throw away your simple, efficient packet filter, and install something that examines every stream, which of course requires a ton more horsepower."
Sorry, this is nothing more than an attempt to sidestep the issue.
The ability to act over plain HTTP DOES have a use.
... I live in Costa Rica. The local cable company uses NAT ... And stuff like video, voice, remote desktops, VPN, etc will just plain not work over nat.
K. Still waiting for proof..
Back in the day, you could assume that every computer on the internet had an IP address, and could deal with unfiltered TCP/IP.
In other words, a FIREWALL?
Nowadays.. we have NAT everywhere
Yes, but the reason that HTTP DOES work, is that it's based on TCP. The other stuff you list doesn't.
There is NO reason that SOAP has to use HTTP. It could run over another TCP port, and NAT would have no bearing at all.
If the only excuse given for SOAP's poor design is to make it work with NAT, then there is no real reason it couldn't run over it's own TCP port.
SOAP [w3.org], for the uninformed, is just an XML-based protocol carried through HTTP. It doesn't BYPASS the firewall, it passes through the port generally held open for the use of web servers.
As I would be one of the uninformed, can you tell WHY it passes through the port generally held open for web servers?
Could it because that's the easiest way to bypass a firewall?
One year? One year?!? Does Linux do that? Does anyone?
Besides the point that "Linux" doesn't create standards, one year isn't a huge amount of time to wait before making changes.
expecting them to develop a protocol
Re-read what you're responding to. Where does it say that MS has to wait for a year before they implement a protocol?
Once a protocol (which might also include file formats) is published, waiting a year before extending-and-embracing it sounds like a good idea to me.
Or have I just been trolled?
they obviously didnt have a clue on the security side of things to begin with, the MS project managers preaching security over all. this is the blind leading the blind and the deaf.
This is 100% true, although I would have phrased it differently.
I saw an interview with Scott Culp, who said that security for Win2K was a "show stopper" (yes, I know he's using the term incorrectly) - any developer who spotted a security bug could stop the release so that the bug could be fixed.
When this was mentioned to people in the security community, the response was generally "I'm skeptical about this".. but I believe Mr. Culp.
The problem isn't that MS doesn't take security seriously, it's that they don't know how to write secure code. It's one thing to say "If you see a securty problem, report it", but what if the person doesn't know how to recognize a security problem in the first place?
This truly is the blonde leading the blonde.
Sorry, this is complete bullshit.
i de.pdf
A TCP packet has a header area and a data area. The header has a number of fields in it; the ones that are important here are the source and destination MAC addresses, the source and destination TCP/IP addresses, and the source and destination Port numbers.
A TCP header does not include anything like MAC addresses. The TCP header contains EXACTLY the following fields:
Source Port (16bit)
Destination Port (16 bit)
Sequence Number (32 bit)
Acknowledgement Number (32 bit)
Header Length (4 bit)
reserved (6 bits - currently unused)
TCP Flags (6 bits)
Window size (16 bits)
TCP Checksum (16 bits)
Urgent pointer (16 bits)
Anyone who tells you the TCP HEADER holds anything else is WRONG.
The IP HEADER doesn't even contain MAC information:
Version (4 bits)
Header Length (4 bits)
Type Of Service (8 bits)
Total length (16 bits)
ID (16 bits)
Fragmentation info (16 bits)
TTL (8 bits)
Protocol (8 bits)
Header Checksum (16 bits)
Source IP Address (32 bits)
Destination IP Address (32 bits)
A diagram of the TCP and IP headers can be found at http://www.utdallas.edu/~cantrell/ee6345/pocketgu
for any email coming out of a NATed box (Outlook, Eudora, whatever), it will have the source ip and hostname stuffed in the Received headers.
Only if you're running your own SMTP server - which would probably be a violation of the TOS anyway.
If the NATted client sends direct to your ISP's SMTP server, the Received: header will show your external IP address.
when I switched computers I needed to call them and have them make some adjustment somewhere. I did this 3 or 4 times. Adelphia (current provider) doesn't do this. Any ideas on what mediaone was doing?
Yes, their gear was caching ARP entries; or they bound your MAC address to the modem.
This has nothing to do with NAT.
I had thought that one symptom of NAT was a plethora of high numbered ports being used.
First, that depends on the NAT implementation being used.. (Some NAT implementations don't change the port number.)
Second, this would also be a "symptom" of using NetBSD (NetBSD uses high ports for outbound connections.)
on their webpage that can only be accessed when you'r on their network, there's a client script that send back your browser IP.
Then don't go to that page from a natted machine.
"It hurts when I do this..."
"Then don't do that."
Just slightly ahead of our time." [Panasonic] - No, Billy you can't travel into the future I don't care what the Panasonic commercial said.
Sure you can..
I invented this amazing time machine - it allows you to travel short distances into the future.
It consists of a rectangular frame, approximately 7' long by 5' wide, by 2' high, topped with a soft cushiony layer; the controls stand on a separate module, to one side of main unit. Controls are simple - you set the chronometer for the time in the future you wish to go to, and lie down on the main unit and close your eyes.
So far, it's only been successful for short trips - the device has a maximum distance of 8 or 9 hours into the future, but if you send me enough VC money, I'm sure I can continue my research, and make it able to travel longer distances.
when the audience watching a play or movie knows more then the character(s) speaking the lines on stage.
No, ironic is getting a lecture on proper usage of an English word by someone who couldn't pass a grade two English course.
Canadian domain registries just plain suck!
Try Reg.ca the only problem I've had with them was the link to renew the domain asks you to log in first (you have to create an account to register the domain name in the first place.)
There is a page that allows you to renew without logging on, but they don't advertise it.
Other than that, their service has been second-to-none.. the one time I did have a problem (which wasn't even their fault - my browser crashed after registering a domain, before I could get confirmation to go to CIRA) they straightened it out within an hour.
for Wheels of Zeus to work this way you must approach unto her in the form of a bull or a swan or something.
:o)
That would only work if her name was "Leda", and she was skinny-dipping
Just look at any business IP telephone...they grab their operating voltage straight off the network cable.
Really?
I have a 3com IP telephone sitting right on my desk - in addition to the ethernet cable, it has a brick that plugs into the power outlet. If I unplug that brick, the phone stops working.
Basically, an IPv6 node picks an address at random and broadcasts a message to see if anybody else has claimed that address. If so, it choses another address at random and tries to claim that one instead.
OK, maybe it's just me, but doesn't this open up a big DoS possibility?
A trojan (say on a Windows machine) could sit quietly listening for such requests, and NACK every one that comes along..
Or is there a mechanism to prevent this?
There are API's on the Windows's plateform for all of this
No, there isn't.
Text file -> editor
WinRegistry -> custom program to extract to text -> editor -> custom program to replace -> Winregistry
If your system is hosed with the first one, you load up your rescue floppy, use VI on the text file, and you're done.
If your system is hosed with the second one, your system is hosed. All the APIs in the world won't fix it, because the system has to boot before you can use them.
binary databases are corruption prone -- that's why all of the terabyte-sized database systems use flat text files. Thanks for your insight.
I think the original poster phrased that incorrectly..
Flat text files are no more prone to corruption than binary ones - but when it DOES become corrupt, you can fix a text file with VI, or any other text editor.
this is cause for an all-out personal defamation?
No, it's not defamation.
Everything they're posting is TRUE.
If it really was defamation, Mr. Shifman would have a good case for a lawsuit.
While it leverages filesystem tools, it isn't user friendly: one still needs some kind of app to tie it all together
:o)
Depends entirely on how friendly you consider the command line
(and answer questions like, "Under what other keys is this image also indexed?"). I call this the "reverse-symlink" problem: what are the symlinks to a given cannonical file name?
In that case, you can always use hard links instead of symlinks.. then a (maybe not-so) simple :
$ find -inum `ls -i thisfile.jpg |awk '{print $1}'`
will tell you.. (of course with this scenario, all the files must be on the same partition..)
Incidentally, I do this (the symlink method) with my MP3 collection - the main folder contains artists/ albums/ years/
the songs are linked by the artist name, album (which don't necessarily correspond 1:1), and decade the song was recorded.. original songs are placed under the artist, with links in the other folders.. (there is the occasional link in the artist folder, pointing to a file under another artist - for collaborations, etc..)
It works pretty well for me..
I don't use MS products specifically because of security concerns - and I think it's more like "better late than never."
Any commitment focus on security is always a good thing..
Of course, I'm still skeptical - considering MS's track record, the best attitude is "wait and see"..
You offer a number of proposals for keeping the layers of the Internet and the software world independent. The U.S. tried to pursue these same goals in the early part of the 1900s
OK, maybe it's just me, but I didn't think that the Internet and software existed in the early part of the 1900s.
This raises some constitutional issues - Do I have the right of freedom of speech ( as code has been found to be in some cases ) to utter an incorrect program?
This is pretty simple:
Source code is speech, binaries aren't.
OSS authors would be exempted, both for first amendment concerns, and because giving the source to the client allows them to fix the problem themselves when problems are found.
It's important to distinguish the exchange of labour for money from the rental of a good for money. Rental always ends up being money for nothing at the end of the period.
Not quite.
Suppose I need a cube van, so that I can move..
I don't have the money to buy one outright, and even if I did, I have no day-to-day use for one.
Now, I can go down to U-Haul and rent one for the weekend. I have a drivers license, and the $50 for the rental.. The end result is that I can move my apartment for net cost of $50 + my time (which doesn't cost me money, as I don't work weekends.) I would hardly call this "money paid for nothing" - unless you're suggesting that the furniture would have moved itself if I had just waited long enough.
If I had to hire movers, I'd be looking at several hundred dollars just for labour - why should I have to do that when I'm willing and capable of doing the work myself?