Re:Interesting Lecture.
on
CPRM Lecture
·
· Score: 2
Pirates working in volume have access to industrial equipment. Hence the argument that this prevents 'perfect' copying is crap. Its aimed against copying by the consumer.
Re:The backup protection system
on
CPRM Lecture
·
· Score: 2
SDMI devices watermark content for you when you add your own (non-watermarked) content. This isnt a line of defence, its a means of tracking who created the content. That being said:
It would be virtually impossible to sell users a system which does not play their existing non-watermarked content. I own >300 CDs, which would cost me £3-4000 to replace (and that's just CDs!). The cost of a PC is sub £1000, and a CD player is peanuts. Hence I (and others) would far rather buy an alternative device to play on than replace my media. So, you're not going to get rid of non-CPRM data for a long time yet.
Attempts to introduce uncopyable CDs as a stopgap, like Gmbh did, have foundered on peoples unwillingness to buy media which might not play on their own machine (10% of players in Gmbhs case).
The bottom line is, theres nothing here for consumers. Unless theres something in it for me, why would I buy CPRM hardware? To turn your argument around, 'few consumers will bother with having a special nonstandard system (CPRM?) to NOT PLAY their content'
The internet (IP protocol) has _never_ had a single point of failure (or at least, not for a long time now). DNS has _always_ had a single point of failure, and via the TLDs, a single point of control (which is why its become a cash cow for Verisign).
If you want a different model, look at freenet, where there is an essentially flat namespace, and required information gets cached near to folk who request it (much as DNS caches do). However, being fully distributed means that there is no longer an 'authority' to ensure this 'freeDNS' hasn't been poisoned. You then end up looking at scalable trust management architectures (SPKI, SDSI?) to ensure that you can still trust the DNS info.
Theres some discussion of systems like this here: http://www.advogato.org/article/188.html
I can't see distributed DNS getting anywhere now as Verisign would be able to claim IETF were preventing them from doing business.
If this really is just a hobby thing and you're not looking at building thousands you might look at hooking up a tini board to a serial mag stripe reader.
There's instructions on the tini board website:
http://www.ibutton.com/TINI/applications/sertoet h/ index.html
showing serial-to-ethernet conversion. Unlike the embedded ethernet card someone else mentioned tini comes with a jvm onboard, javaComm and networking support.
Add to this a port-powered swipe reader eg
http://www.magtek.com/products/card_readers/card al l.htm
and you're off. The whole lot should cost you well under $300.
Havent tried this myself yet but a coworker has a tini on order I'm going to be programming for.
(this got a mention in a previous article today, talking about using it in schools)
Anyway http://www.ltsp.org/ is a good place to start looking. They have a list of links which includes http://www.disklessworkstations.com/ (which sells parts and premade). This isnt quite what you're looking for as you want _fanless_ as well as diskless - all of those are basically cut down PCs and have a normal processor with a fan.
They also have instructions for building your own:
http://www.ltsp.org/contrib/fanless_howto.html
as you might guess from the link this is for fanless too. This discusses mostly normal form factor diskless, but a biscuit PC (search for PC-104) might be more like what you're after. As the author says, these are likely to have hardware that's so nonstandard as to be unusable for diskless operation, but its worth a try. Given how these things are used its _very_ likely that someone has built a linux kernel for some PC-104 boards out there. They also usually seem to be very very slow in comparison to similarly priced AT motherboards (because the sales volume is low), but don't let this put you off: your machine doesnt need to be fast.
This lot: http://www.supertek.com.tw/home.htm do thin clients too. Their site is v e r y s l o w.
I took a look at the site, and while the goals are laudable, the benefits are buried several clicks through. If this is to take off they need press coverage so every PTA knows the relative cost of the systems their kids use.
They could really do with a 'press release' page, which plugs the cost angle mercilessly, since that is what this one comes down to for most schools.
At least in the UK, the phrase used in the industry is 'blowing fibre' - since compressed air is used to move the cable through the ducts.
Keeping up with everybody elses poor taste jokes: I reckon there's plenty of folk blowing fibre into the sewers already...
Anyway what I'd like to know is, what do they do about the rats? Rats are a major problem for cables, they have a taste for indigestible plastic. I can't remember the figures but in a large chunk of maintenance was because of rats chewing through cables. And if theres one thing I'd expect to find in sewers, its rats. Though seeing as its New York, maybe the alligators have eaten them all....
Unless you have an awful lot of processor power to spare, why would you even think about doing this processing in real-time?
Theres several advantages to this approach:
- you don't have to have such a fast machine
- the data collection software can be *simple*
- you don't alter the data collection software when you alter your analysis
- you have the raw data to hand for applying more analysis if you need to do a second pass.
For real-time processing I would look at using an offline analysis to generate state machines for recognizing events. And I would get these machines to *generate* events into the stream as well. That way you can build your analysis hierarchically by recognizing subpatterns and building patterns from them.
In any case, from a practical standpoint 'real-time' processing would not spot some of the most interesting things - such as an event pattern recurring close to a regular period of minutes,hours,days,weeks... - eg network failures due to load and due to incorrect scheduled jobs have a differnt appearance - both occur regularly but the schedule failure would have a more precisely regular period. Unless you plan to accumulate state over long periods of time and watch for such things I reckon you'll miss a lot of important recurrences.
All the XML parsers I've tried have been fine (apart from one - guess whose? see below). Other posted have already pointed out that SAX/DOM/JDOM are not parsers as such but theres a couple of other things you should know:
- if you write your code using the JAXP api you should be independent of your choice of parser (it lets you get hold of one, which you then use SAX or DOM with, without explicitly mentioning the other package)
- Beware of non-standard features. For example, some XML parsers (like Oracle's) let you reparent a DOM node to a different document. This is not supposed to be legal. (because the underlying representations of the nodes may differ; eg you could have just attached part of a (text) document to a one-row-per-element database representation)
- The DOM is chock full of gotchas. Like, you MUST remember to normalize an element before grabbing the first child node and expecting it to be text (you see this mistake made *a lot*). Some parsers will e.g. split lines of text into separate text nodes, each of which must be retrieved separately if you havent normalized the element.
- upshot is that SAX is very easy to use in comparison. You can also very easily build an application in terms of SAX filters; with the DOM you can find yourself spending all your time writing stuff to traverse bits of the tree.
So what was the bad XML parser? Consider the following scenario: an XML document gets stored as a string in a database. An application reads the string back, and tries to parse the document. Its supposed to infer the character encoding by looking at the chars or the explicit 'encoding=' attribute of the xml PI. However, in VB, the msxml parser will only respect encodings when reading from _files_. Strings are stored internally in MS-land as DBCS, and it will silently convert the characters in your XML as it reads from the DB. Thus, as soon as it sees an encoding of (eg) ISO-8859-1 in the XML string, it barfs and dies. The original data was stored by the DB in the correct charset, it seems to be the internal conversion to DBCS that screws up. Neat. not.
Its true that there are a lot of people providing these kinds of services via http (another is Worldpay for credit card validation). And the OS aspect doesnt matter that much as long as there is an open API. Whats bugging is that there is no standard for:
1) submitting your data to them
2) getting their response back
3) formatting direct-to-user responses
4) TESTING!!! (worldpay don't provide anything you can test with from inside a firewall)
(the 3rd category happens in one of Worldpay's payment models - the user fills their details directly on Worldpay, they send you an email so you can fulfil the order; but their pages are butt-ugly and you only have a limited set of tags for customising their content.) So you end up having to rewrite everything to use a different payment clearing house.
Put the pages through a normalisation stage first. - e.g. the HTML Tidy utility at
http://www.w3.org/People/Raggett/tidy/
Unless what you are searching for is broken html, your life will be improved by this step...
BTW, using a regular expression matcher to pull out information from HTML is not the smartest idea. You should use a parser to do the job. I can see why you would do what you've done - e.g. the html doesn't parse, and you don't want to guess all the tricks that MS/NS use to fix luser code - but still, you're better off passing the html through a tidying step, then using a proper parser. It's not like you can't get HTML parser code for free these days. Since you use java, look at javax.swing.text.html.parser .
Actually that idea IS patented. Its #US6137498. (http://www.delphion.com/details?&pn=US06137498__) See http://photomosaic.com/p/about.htm for the guy who did it first.
I've been looking with avarice at Bluetooth stuff for a while, but can't see any kit that comes even close to the $5 (USD) per module price they originally aimed at.
Ericsson don't quote a price for their module (the one IBM used), but StoneStreetOne (http://stonestreetone.com/bluetooth/) sell something closer to a bit of kit you could actually use, and its a THOUSAND DOLLARS. Heck at least they give a price!
According to at least one article (http://inf2.pira.co.uk/top040.htm#bt) the price of the Ericsson SDK+2 boards is £9000 (Uk Pounds). CSR apparently quote $8/unit for quantities >1m, but their SDK+2 is $8000 too (http://www.cambridgesiliconradio.com/develop.htm)
With prices still this high can the forecasts of 50-100 million shipped products by mid 2001 be anything but pie in the sky? (http://www.the-arc-group.com/reports/future_mobil e_handsets/presentation/sld008.htm) . I reckon it'll be more like 5-10 million, consisting wholly or mainly of Ericsson phones.
It looks like Bluetooth development will be out of the question for anyone but corporates for at least another year...:o(
That just isnt good enough. Unless its in the treaty theres bugger all chance of the explanatory report being reflected in law. My response to the coe (which I copied on to/.) asks that they include in the wording of article 6 that intent to commit offense must be proved.
There is also the thorny issue of article 11 - which as written makes it illegal to submit patches to security software, if you did not realise that the intent of the author was black hat ('cos if they are later prosecuted you are in the shit for aiding and abetting). D'oh!
Thirdly, there equally profound implications later in the document. Whilst posession of kiddie porn is evil, the provisions of article 9 make it illegal to *cache* transmissions including kiddie porn. They also make it illegal for companies to collect surfed material in order to provide proof for a tribunal or prosecution that the employee surfed kiddie porn. They make it impossible to develop tools that would be capable of classifying images as kiddie porn.
I can't believe someone rated that a troll. It is a good idea to comment on this treaty. Ok, so I've now done so. So shoot me down for proposing changes instead of asking that it be scrapped....
Sirs:
the current draft of the cybercrime treaty is, as you must be well aware by now, greatly objectionable to computer security practitioners. I am writing to suggest a small number of changes which would make the treaty as drafted less objectionable.
I would suggest that Article 6 - 1 be changed to read:
a device, including a computer program, designed or adapted [specifically] [primarily] [particularly] for the purpose of committing any of the offences established in accordance with Article 2 - 5 [with the intent to cause such an offence];
(The last bracketed text is new). This is the only identified offence in the treaty where the prosecution is not required to prove intent, yet it is clearly not the intent of researchers, computer security professionals, and hobbyist computer security experts (such as the author of 'nmap'[1]) to cause such offence.
The inclusion of an exemption where intent does not exist would also enable the contribution of 'patches'[2] to existing 'open source'[3] security software under article 11(b), which would also become illegal under the terms of the draft treaty.
Article 9(b) and (c), as currently drafted, would explicitly prevent the development of software intended to monitor or prevent access to material banned under article 9. Specifically software programs, currently available, intended for use by corporations collecting evidence against employees accessing such material to back up a case for an industrial tribunal, would become illegal[4]. Similarly it would become impossible to develop software that attempts content blocking by image recognition, as use of a 'training' image database would become illegal[5]. Finally, it would make illegal the practice of 'cacheing'[6] internet traffic for performance reasons, in that passively storing temporary copies of such material would also become illegal. Such action would have an immediate deleterious effect on the performance of the internet.
With the exception of cacheing (which deserves specific exemption) it would not be onerous for software developers or corporations to register for exemption under article 9 with national regulatory bodies, such as currently happens in the UK under the Data Protection Act (1998)[7]. Such provision in the treaty would make it possible to produce software intended to help enforce the treaty, without which enforcement will be difficult if not impossible.
Yours,
[Name witheld from Slashdot]
The opinions in this message do not necessarily accurately
reflect those of my employer.
[1] http://www.insecure.org/nmap/
[2] http://earthspace.net/jargon/jargon_31.html#TAG133 5
[3] http://www.opensource.org/osd.html
[4] for example, http://www.websense.com/internet-filtering.cfm
[5] eg, using work described in http://inst.augie.edu/~swets/ACCV95.html
[6] http://webopedia.internet.com/Hardware/Data_Storag e/Caches/cache.html
[7] http://www.hmso.gov.uk/acts/acts1998/19980029.htm
The only thing that is objectionable (but is pretty damn objectionable) in the treaty is the two lines making illegal:
"the production, sale, procurement for use, import, distribution or otherwise making available of a device, including a computer program, designed or adapted [specifically] [primarily] [particularly] for the purpose of committing any of the offences established in accordance with Article 2 - 5;"
Everywhere else in the treaty actions are qualified so that you must also have had the _intent_ to break the law (breaking the law in this case is essentially causing criminal damage).
If that qualification was added to this particular clause the whole thing would be pretty unobjectionable, viz:
"the production, sale, procurement for use, import, distribution or otherwise making available of a device, including a computer program, designed or adapted [specifically] [primarily] [particularly] for the purpose of committing any of the offences established in accordance with Article 2 - 5, with the intent of causing such an offence;"
The lawyers would (as usual) have a field day with proving intent, though, but researchers/hobbyists/security specialists would be safe.
I can't understand why anyone would want to use a cuecat. You need to be tied down to the berloody computer. Try using one when you spot an interesting ad in the paper when you're on the train.
Contrast the C-Pen (http://www.cpen.com/). You can cut and paste plain text, so you're not limited to companies who've signed up with DC.
Right now its not as convenient but it doesnt take any brains to figure out that you can process synchronised text from a C-Pen to pull out a list of URLs, and pop these up on the screen for clicking. Yes, not one URL but ALL the ones you came across today. (I hope this message counts as prior art when C-Pen try to patent this idea;o) )
The only advantage the cuecat then has is its low cost (free in the states vs £99 (uk pounds, ) - and falling - for a C-Pen. see http://www.datamind.co.uk/Merchant/index.html)
There are competitors to the C-Pen, (http://www.scannerplace.com.au/irispen.htm) and I should hope so, 'cos like my mobile phone its trying to do far too much - it is yet another PDA, and yet another language translator...ideally I'd like a pen scanner which just scanned images and enough position info to stitch the scans together. Leave the rest to the PC. (see http://n1nlf-1.eecg.toronto.edu/orbits/orbits.html for pictures and theory behind this)
Many of the more successful OS/FS projects do have specs - RFCs, reverse engineered protocols, and so on. Think Samba, BSD IP stack, Apache, the Linux kernel, even the GNU tools. Requirements capture only really begins to cut in when you're *not* reproducing functionality that has been done (possibly worse, possibly better) elsewhere.
A second observation I have is that tool support for requirements analysis and even design is hopelessly weak. Noone in the OSS arena is going to shell for Rational's offerings (RequisitePro, Analyst Studio, and SoDA) but without using a database to track your requirements and models and document them for you, the mechanics of keeping track of things will end up taking more of your time than actually getting the work done.
If you actually have tools it can be worse (sigh) - as you spend time trying to document the undocumented and undocumentable legacy systems you are saddled with.
Right now, anyone wanting to program for the PS2 has to sign an NDA. If one person does this work for CrystalSpace, then noone need ever sign the NDA again. The NDA is dead in the water, finished, has ceased to be an issue. A small amount of pain and we are back in the realm of free software. Its not turtles all the way down, but are we ever going to get that?
Sony will find a dwindling number of people coding to the PS2 API (which I hear from folk who are coding for it, is a right pain in the arse). Instead they'll code for CrystalSpace; and if Sony tried to remove PS2 support those folk would not hurt as bad because their products will still sell on other platforms where an NDA was not required. Including their main rival-to-be, the X-Box.
'course this is an ideal. It doesnt work unless crystalspace abstracts everything you need - the WHOLE PS2 api.
If you submit a successful hack to the SDMI challenge, it becomes the intellectual property of the RIAA (this is a condition of the contest). If you don't submit your hack to them, but to a third party for verification, they can and will claim you have not passed their tests.
The only people who would be sane to submit a hack are the companies who have submitted competing watermarking technologies. They have a vested interest in breaking their rivals work.
I'd be interested in knowing if this research actually met that condition as most universities claim IPR on work by their grad students and employees.
BTW it keeps coming up in this thread, but you cannot defeat many audio watermarks by overlaying a new watermark. The way the technology works is to add 'adjusted noise' to the track, and adding a second watermark will test positive for both. As you add more you degrade both the original watermark and the original sound, the premise being that by the time you screw the watermark up you have also screwed the music.
I was just doing a search on all of/. to see if anyone had mentioned ToyBuilders yet, ooleary wins the prize (the only hit in the last 30k posts). Its not just custom toys, it is *anything* you can submit a 3d CAD file for, file formats are listed in their FAQ. Tres cool. They have a backlog of orders after the NS article but they really deserve some more attention from the/. crowd, 3d models of ourselves, our latest fusion driven car design, and a new case for our laptop/mp3player/lunch is exactly what us geeks need.
Large corporate.
We used to have 2 rates which projects could choose, with different 'time to respond' and 'time to fix' times. Both were worked as 1-week-in-4 rotas, with pay dependent on whether you had to attend in person, the length of the callout (in a half-dozen bands or so) and whether it was unsociable hours (weekends, holidays). Both also paid a retainer independent of whether you were actually called out.
The system DID NOT WORK. People took on multiple rotas (not allowed - can you really provide emergency support in 2 places at once?), claimed for attendance when they dialled in, and didn't meet the tight targets imposed by the higher rate.
Now we have a single on call arrangement. Still 1 in 4, with an intermediate retainer, time to respond (to a pager, 30min?), time to fix (2hrs before fault escalates IIRC), a reduced number of call time bands (3 I think), identical rates whether you attend in person or not (more realistic now we can all dial in), unsociable hours still count.
Things do seem a little happier and more honest now, especially as the rates were not averaged but were put in as part of an inflationary adjustment, so they're closer to the old high-paying rate.
Our rates are actually fairly generous (now - they werent before) - the retainer and a few calls can easily add up to 15-20% of your pay - but we do have substantial out of hours support anyway so on-call only really happens when the shit really hits the fan.
The high cost of on-call rotas is passed on directly to the projects who ask for it, which tends to keep the number of rotas down. You can't just ask to get put on call.
Slashdot Mirror
Pirates working in volume have access to industrial equipment. Hence the argument that this prevents 'perfect' copying is crap. Its aimed against copying by the consumer.
SDMI devices watermark content for you when you add your own (non-watermarked) content. This isnt a line of defence, its a means of tracking who created the content. That being said:
It would be virtually impossible to sell users a system which does not play their existing non-watermarked content. I own >300 CDs, which would cost me £3-4000 to replace (and that's just CDs!). The cost of a PC is sub £1000, and a CD player is peanuts. Hence I (and others) would far rather buy an alternative device to play on than replace my media. So, you're not going to get rid of non-CPRM data for a long time yet.
Attempts to introduce uncopyable CDs as a stopgap, like Gmbh did, have foundered on peoples unwillingness to buy media which might not play on their own machine (10% of players in Gmbhs case).
The bottom line is, theres nothing here for consumers. Unless theres something in it for me, why would I buy CPRM hardware? To turn your argument around, 'few consumers will bother with having a special nonstandard system (CPRM?) to NOT PLAY their content'
-Baz
The internet (IP protocol) has _never_ had a single point of failure (or at least, not for a long time now). DNS has _always_ had a single point of failure, and via the TLDs, a single point of control (which is why its become a cash cow for Verisign).
If you want a different model, look at freenet, where there is an essentially flat namespace, and required information gets cached near to folk who request it (much as DNS caches do). However, being fully distributed means that there is no longer an 'authority' to ensure this 'freeDNS' hasn't been poisoned. You then end up looking at scalable trust management architectures (SPKI, SDSI?) to ensure that you can still trust the DNS info.
Theres some discussion of systems like this here: http://www.advogato.org/article/188.html
I can't see distributed DNS getting anywhere now as Verisign would be able to claim IETF were preventing them from doing business.
-Baz
If this really is just a hobby thing and you're not looking at building thousands you might look at hooking up a tini board to a serial mag stripe reader.
t h/ index.html
d al l.htm
There's instructions on the tini board website:
http://www.ibutton.com/TINI/applications/sertoe
showing serial-to-ethernet conversion. Unlike the embedded ethernet card someone else mentioned tini comes with a jvm onboard, javaComm and networking support.
Add to this a port-powered swipe reader eg
http://www.magtek.com/products/card_readers/car
and you're off. The whole lot should cost you well under $300.
Havent tried this myself yet but a coworker has a tini on order I'm going to be programming for.
(this got a mention in a previous article today, talking about using it in schools)
Anyway http://www.ltsp.org/ is a good place to start looking. They have a list of links which includes http://www.disklessworkstations.com/ (which sells parts and premade). This isnt quite what you're looking for as you want _fanless_ as well as diskless - all of those are basically cut down PCs and have a normal processor with a fan.
They also have instructions for building your own:
http://www.ltsp.org/contrib/fanless_howto.html
as you might guess from the link this is for fanless too. This discusses mostly normal form factor diskless, but a biscuit PC (search for PC-104) might be more like what you're after. As the author says, these are likely to have hardware that's so nonstandard as to be unusable for diskless operation, but its worth a try. Given how these things are used its _very_ likely that someone has built a linux kernel for some PC-104 boards out there. They also usually seem to be very very slow in comparison to similarly priced AT motherboards (because the sales volume is low), but don't let this put you off: your machine doesnt need to be fast.
This lot: http://www.supertek.com.tw/home.htm do thin clients too. Their site is v e r y s l o w.
I took a look at the site, and while the goals are laudable, the benefits are buried several clicks through. If this is to take off they need press coverage so every PTA knows the relative cost of the systems their kids use.
They could really do with a 'press release' page, which plugs the cost angle mercilessly, since that is what this one comes down to for most schools.
Thats not a moon. Its a space station.
Disclaimer: I know they can't detect Death Star sized objects with this. That is, not until its too late!
The government provide software for this purpose.
They also provide links to other suppliers, and in an almost-open-source move, notes for developers.
Ok its not going to be much use to you as the US tax rules are so different. But it made me wonder - are the efile formats the same worldwide?
Whoops: '...in < the major telco I used to work for > a large chunk...' dammit I must use preview more.
At least in the UK, the phrase used in the industry is 'blowing fibre' - since compressed air is used to move the cable through the ducts.
Keeping up with everybody elses poor taste jokes: I reckon there's plenty of folk blowing fibre into the sewers already...
Anyway what I'd like to know is, what do they do about the rats? Rats are a major problem for cables, they have a taste for indigestible plastic. I can't remember the figures but in a large chunk of maintenance was because of rats chewing through cables. And if theres one thing I'd expect to find in sewers, its rats. Though seeing as its New York, maybe the alligators have eaten them all....
-Baz
Unless you have an awful lot of processor power to spare, why would you even think about doing this processing in real-time?
Theres several advantages to this approach:
- you don't have to have such a fast machine
- the data collection software can be *simple*
- you don't alter the data collection software when you alter your analysis
- you have the raw data to hand for applying more analysis if you need to do a second pass.
For real-time processing I would look at using an offline analysis to generate state machines for recognizing events. And I would get these machines to *generate* events into the stream as well. That way you can build your analysis hierarchically by recognizing subpatterns and building patterns from them.
In any case, from a practical standpoint 'real-time' processing would not spot some of the most interesting things - such as an event pattern recurring close to a regular period of minutes,hours,days,weeks... - eg network failures due to load and due to incorrect scheduled jobs have a differnt appearance - both occur regularly but the schedule failure would have a more precisely regular period. Unless you plan to accumulate state over long periods of time and watch for such things I reckon you'll miss a lot of important recurrences.
All the XML parsers I've tried have been fine (apart from one - guess whose? see below). Other posted have already pointed out that SAX/DOM/JDOM are not parsers as such but theres a couple of other things you should know:
- if you write your code using the JAXP api you should be independent of your choice of parser (it lets you get hold of one, which you then use SAX or DOM with, without explicitly mentioning the other package)
- Beware of non-standard features. For example, some XML parsers (like Oracle's) let you reparent a DOM node to a different document. This is not supposed to be legal. (because the underlying representations of the nodes may differ; eg you could have just attached part of a (text) document to a one-row-per-element database representation)
- The DOM is chock full of gotchas. Like, you MUST remember to normalize an element before grabbing the first child node and expecting it to be text (you see this mistake made *a lot*). Some parsers will e.g. split lines of text into separate text nodes, each of which must be retrieved separately if you havent normalized the element.
- upshot is that SAX is very easy to use in comparison. You can also very easily build an application in terms of SAX filters; with the DOM you can find yourself spending all your time writing stuff to traverse bits of the tree.
So what was the bad XML parser? Consider the following scenario: an XML document gets stored as a string in a database. An application reads the string back, and tries to parse the document. Its supposed to infer the character encoding by looking at the chars or the explicit 'encoding=' attribute of the xml PI. However, in VB, the msxml parser will only respect encodings when reading from _files_. Strings are stored internally in MS-land as DBCS, and it will silently convert the characters in your XML as it reads from the DB. Thus, as soon as it sees an encoding of (eg) ISO-8859-1 in the XML string, it barfs and dies. The original data was stored by the DB in the correct charset, it seems to be the internal conversion to DBCS that screws up. Neat. not.
Its true that there are a lot of people providing these kinds of services via http (another is Worldpay for credit card validation). And the OS aspect doesnt matter that much as long as there is an open API. Whats bugging is that there is no standard for:
1) submitting your data to them
2) getting their response back
3) formatting direct-to-user responses
4) TESTING!!! (worldpay don't provide anything you can test with from inside a firewall)
(the 3rd category happens in one of Worldpay's payment models - the user fills their details directly on Worldpay, they send you an email so you can fulfil the order; but their pages are butt-ugly and you only have a limited set of tags for customising their content.) So you end up having to rewrite everything to use a different payment clearing house.
Soap. ebXML. XSL. Come the revolution...
Put the pages through a normalisation stage first. - e.g. the HTML Tidy utility at
http://www.w3.org/People/Raggett/tidy/
Unless what you are searching for is broken html, your life will be improved by this step...
BTW, using a regular expression matcher to pull out information from HTML is not the smartest idea. You should use a parser to do the job. I can see why you would do what you've done - e.g. the html doesn't parse, and you don't want to guess all the tricks that MS/NS use to fix luser code - but still, you're better off passing the html through a tidying step, then using a proper parser. It's not like you can't get HTML parser code for free these days. Since you use java, look at javax.swing.text.html.parser .
-Baz
Actually that idea IS patented. Its #US6137498. (http://www.delphion.com/details?&pn=US06137498__)
/. articles.
See http://photomosaic.com/p/about.htm for the guy who did it first.
I think this got coverage in earlier
I've been looking with avarice at Bluetooth stuff for a while, but can't see any kit that comes even close to the $5 (USD) per module price they originally aimed at.)
l e_handsets/presentation/sld008.htm) . I reckon it'll be more like 5-10 million, consisting wholly or mainly of Ericsson phones.
:o(
Ericsson don't quote a price for their module (the one IBM used), but StoneStreetOne (http://stonestreetone.com/bluetooth/) sell something closer to a bit of kit you could actually use, and its a THOUSAND DOLLARS. Heck at least they give a price!
According to at least one article (http://inf2.pira.co.uk/top040.htm#bt) the price of the Ericsson SDK+2 boards is £9000 (Uk Pounds). CSR apparently quote $8/unit for quantities >1m, but their SDK+2 is $8000 too (http://www.cambridgesiliconradio.com/develop.htm
With prices still this high can the forecasts of 50-100 million shipped products by mid 2001 be anything but pie in the sky? (http://www.the-arc-group.com/reports/future_mobi
It looks like Bluetooth development will be out of the question for anyone but corporates for at least another year...
That just isnt good enough. Unless its in the treaty theres bugger all chance of the explanatory report being reflected in law. My response to the coe (which I copied on to /.) asks that they include in the wording of article 6 that intent to commit offense must be proved.
There is also the thorny issue of article 11 - which as written makes it illegal to submit patches to security software, if you did not realise that the intent of the author was black hat ('cos if they are later prosecuted you are in the shit for aiding and abetting). D'oh!
Thirdly, there equally profound implications later in the document. Whilst posession of kiddie porn is evil, the provisions of article 9 make it illegal to *cache* transmissions including kiddie porn. They also make it illegal for companies to collect surfed material in order to provide proof for a tribunal or prosecution that the employee surfed kiddie porn. They make it impossible to develop tools that would be capable of classifying images as kiddie porn.
I can't believe someone rated that a troll. It is a good idea to comment on this treaty. Ok, so I've now done so. So shoot me down for proposing changes instead of asking that it be scrapped....
3 5
g e/Caches/cache.html
Sirs:
the current draft of the cybercrime treaty is, as you must be well aware by now, greatly objectionable to computer security practitioners. I am writing to suggest a small number of changes which would make the treaty as drafted less objectionable.
I would suggest that Article 6 - 1 be changed to read:
a device, including a computer program, designed or adapted [specifically] [primarily] [particularly] for the purpose of committing any of the offences established in accordance with Article 2 - 5 [with the intent to cause such an offence];
(The last bracketed text is new). This is the only identified offence in the treaty where the prosecution is not required to prove intent, yet it is clearly not the intent of researchers, computer security professionals, and hobbyist computer security experts (such as the author of 'nmap'[1]) to cause such offence.
The inclusion of an exemption where intent does not exist would also enable the contribution of 'patches'[2] to existing 'open source'[3] security software under article 11(b), which would also become illegal under the terms of the draft treaty.
Article 9(b) and (c), as currently drafted, would explicitly prevent the development of software intended to monitor or prevent access to material banned under article 9. Specifically software programs, currently available, intended for use by corporations collecting evidence against employees accessing such material to back up a case for an industrial tribunal, would become illegal[4]. Similarly it would become impossible to develop software that attempts content blocking by image recognition, as use of a 'training' image database would become illegal[5]. Finally, it would make illegal the practice of 'cacheing'[6] internet traffic for performance reasons, in that passively storing temporary copies of such material would also become illegal. Such action would have an immediate deleterious effect on the performance of the internet.
With the exception of cacheing (which deserves specific exemption) it would not be onerous for software developers or corporations to register for exemption under article 9 with national regulatory bodies, such as currently happens in the UK under the Data Protection Act (1998)[7]. Such provision in the treaty would make it possible to produce software intended to help enforce the treaty, without which enforcement will be difficult if not impossible.
Yours,
[Name witheld from Slashdot]
The opinions in this message do not necessarily accurately
reflect those of my employer.
[1] http://www.insecure.org/nmap/
[2] http://earthspace.net/jargon/jargon_31.html#TAG13
[3] http://www.opensource.org/osd.html
[4] for example, http://www.websense.com/internet-filtering.cfm
[5] eg, using work described in http://inst.augie.edu/~swets/ACCV95.html
[6] http://webopedia.internet.com/Hardware/Data_Stora
[7] http://www.hmso.gov.uk/acts/acts1998/19980029.htm
The only thing that is objectionable (but is pretty damn objectionable) in the treaty is the two lines making illegal:
"the production, sale, procurement for use, import, distribution or otherwise making available of a device, including a computer program, designed or adapted [specifically] [primarily] [particularly] for the purpose of committing any of the offences established in accordance with Article 2 - 5;"
Everywhere else in the treaty actions are qualified so that you must also have had the _intent_ to break the law (breaking the law in this case is essentially causing criminal damage).
If that qualification was added to this particular clause the whole thing would be pretty unobjectionable, viz:
"the production, sale, procurement for use, import, distribution or otherwise making available of a device, including a computer program, designed or adapted [specifically] [primarily] [particularly] for the purpose of committing any of the offences established in accordance with Article 2 - 5, with the intent of causing such an offence;"
The lawyers would (as usual) have a field day with proving intent, though, but researchers/hobbyists/security specialists would be safe.
I can't understand why anyone would want to use a cuecat. You need to be tied down to the berloody computer. Try using one when you spot an interesting ad in the paper when you're on the train. ;o) )
l for pictures and theory behind this)
Contrast the C-Pen (http://www.cpen.com/). You can cut and paste plain text, so you're not limited to companies who've signed up with DC.
Right now its not as convenient but it doesnt take any brains to figure out that you can process synchronised text from a C-Pen to pull out a list of URLs, and pop these up on the screen for clicking. Yes, not one URL but ALL the ones you came across today. (I hope this message counts as prior art when C-Pen try to patent this idea
The only advantage the cuecat then has is its low cost (free in the states vs £99 (uk pounds, ) - and falling - for a C-Pen. see http://www.datamind.co.uk/Merchant/index.html)
There are competitors to the C-Pen, (http://www.scannerplace.com.au/irispen.htm) and I should hope so, 'cos like my mobile phone its trying to do far too much - it is yet another PDA, and yet another language translator...ideally I'd like a pen scanner which just scanned images and enough position info to stitch the scans together. Leave the rest to the PC. (see http://n1nlf-1.eecg.toronto.edu/orbits/orbits.htm
Many of the more successful OS/FS projects do have specs - RFCs, reverse engineered protocols, and so on. Think Samba, BSD IP stack, Apache, the Linux kernel, even the GNU tools. Requirements capture only really begins to cut in when you're *not* reproducing functionality that has been done (possibly worse, possibly better) elsewhere.
A second observation I have is that tool support for requirements analysis and even design is hopelessly weak. Noone in the OSS arena is going to shell for Rational's offerings (RequisitePro, Analyst Studio, and SoDA) but without using a database to track your requirements and models and document them for you, the mechanics of keeping track of things will end up taking more of your time than actually getting the work done.
If you actually have tools it can be worse (sigh) - as you spend time trying to document the undocumented and undocumentable legacy systems you are saddled with.
Right now, anyone wanting to program for the PS2 has to sign an NDA. If one person does this work for CrystalSpace, then noone need ever sign the NDA again. The NDA is dead in the water, finished, has ceased to be an issue. A small amount of pain and we are back in the realm of free software. Its not turtles all the way down, but are we ever going to get that?
Sony will find a dwindling number of people coding to the PS2 API (which I hear from folk who are coding for it, is a right pain in the arse). Instead they'll code for CrystalSpace; and if Sony tried to remove PS2 support those folk would not hurt as bad because their products will still sell on other platforms where an NDA was not required. Including their main rival-to-be, the X-Box.
'course this is an ideal. It doesnt work unless crystalspace abstracts everything you need - the WHOLE PS2 api.
-Baz
If you submit a successful hack to the SDMI challenge, it becomes the intellectual property of the RIAA (this is a condition of the contest). If you don't submit your hack to them, but to a third party for verification, they can and will claim you have not passed their tests.
The only people who would be sane to submit a hack are the companies who have submitted competing watermarking technologies. They have a vested interest in breaking their rivals work.
I'd be interested in knowing if this research actually met that condition as most universities claim IPR on work by their grad students and employees.
BTW it keeps coming up in this thread, but you cannot defeat many audio watermarks by overlaying a new watermark. The way the technology works is to add 'adjusted noise' to the track, and adding a second watermark will test positive for both. As you add more you degrade both the original watermark and the original sound, the premise being that by the time you screw the watermark up you have also screwed the music.
I was just doing a search on all of /. to see if anyone had mentioned ToyBuilders yet, ooleary wins the prize (the only hit in the last 30k posts). Its not just custom toys, it is *anything* you can submit a 3d CAD file for, file formats are listed in their FAQ. Tres cool. They have a backlog of orders after the NS article but they really deserve some more attention from the /. crowd, 3d models of ourselves, our latest fusion driven car design, and a new case for our laptop/mp3player/lunch is exactly what us geeks need.
Large corporate.
We used to have 2 rates which projects could choose, with different 'time to respond' and 'time to fix' times. Both were worked as 1-week-in-4 rotas, with pay dependent on whether you had to attend in person, the length of the callout (in a half-dozen bands or so) and whether it was unsociable hours (weekends, holidays). Both also paid a retainer independent of whether you were actually called out.
The system DID NOT WORK. People took on multiple rotas (not allowed - can you really provide emergency support in 2 places at once?), claimed for attendance when they dialled in, and didn't meet the tight targets imposed by the higher rate.
Now we have a single on call arrangement. Still 1 in 4, with an intermediate retainer, time to respond (to a pager, 30min?), time to fix (2hrs before fault escalates IIRC), a reduced number of call time bands (3 I think), identical rates whether you attend in person or not (more realistic now we can all dial in), unsociable hours still count.
Things do seem a little happier and more honest now, especially as the rates were not averaged but were put in as part of an inflationary adjustment, so they're closer to the old high-paying rate.
Our rates are actually fairly generous (now - they werent before) - the retainer and a few calls can easily add up to 15-20% of your pay - but we do have substantial out of hours support anyway so on-call only really happens when the shit really hits the fan.
The high cost of on-call rotas is passed on directly to the projects who ask for it, which tends to keep the number of rotas down. You can't just ask to get put on call.