Doing a simple Google search I get "In order to show you the most relevant results, we have omitted some entries very similar to the 283 already displayed." although more than 1,000,000 pages were indexed. (YMMV, all Google frontends don't yield the same results, especially with newly coined terms).
This simply means that hundreds of useless blogs or news sites use the phrase on hundreds of their pages, and that those pages are accessible through hundreds of different URLs. Typical Google pollution.
Why does Sony's DRM include code to break Apple's DRM? Are they just scanning for evidence that your code is running, staticly built the library because they were stealing some other aspect of your program, or do they actually want to decrypt Apple files?
It is likely that they are not using VLC's code but some other, smaller application that just happens to use our code (and which may or may not respect the GPL itself -- there may be unknown intermediaries in the story). The drms.c file is part of VLC's MPEG-4 / QuickTime demuxer, so it could be a music player or a media tagging utility, for instance.
I can imagine some very interesting discussions between Videolan's lawyers and Sony-BMG's lawyers in the coming days and weeks.
Well, I can't. Does everything have to be dealt with with lawyers? Any lawyer-related effort needs so much money, energy and time that I would not go through the hassle. The disastrous publicity is a strong enough blow to Sony.
I have to make sure everyone understands why this string is here. To be fair with Sony (or whoever they mandated), it is not an attempt from them to hide the code theft. Rather, it is an attempt by Apple to prevent not only code theft but also clean-room reimplementations.
Apple's encryption scheme includes the generation of a key. The important parts of this key come from the machine's unique hardware information. But to prevent (at least that's my only plausible explanation for it) people from reimplementing the scheme by using the same information, they also add this copyright string to the key generation. Reimplementing their protocol means the string has to be used.
We just store it ROT13'ed in VLC because it would be confusing to have an Apple copyright in our code. Although technically the string itself is created by Apple, it is too short to qualify for copyright.
Not that I could not before, but I can now copy and download all the Sony CDs I want without fearing a lawsuit. They apparently don't care about intellectual property.
Get a Happy Hacking Blank Key keyboard instead. It is three times the price but it is a lot smaller, doesn't have that totally useless numeric pad no one uses nowadays, or those retarded so-called Windows keys. It is a lot lighter, too. What is the use of having the best keyboard if you cannot carry it and brag around with it?
So this guy apparently thought that these massive 3 or 4 % hits were not acceptable, and learned about.htaccess to redirect them away? Wow, that is a really clever hack! And it seems he didn't even get it right, because his first referrer site now also displays the "dear Fuddruckers" message despite having nothing to do with Fuddruckers.
Also, he is replacing the original URL with shock images and popups? Dudes, there are troll groups on Slashdot who have been doing that for years...
Sorry, not really impressed. Nor even interested, to be honest.
See this analysis by a lawyer who followed the trial: http://maitre.eolas.free.fr/journal/index.php?2005/03/08/87-guillermito-condamne-mais-tres-legeremen t (quote: "Ce qui a perdu Guillermito, c'est que sa version de ViGuard était piratée", eg. "What lost Guillermito was that his version of ViGuard was pirated").
Please, read the articles before commenting. As usual on Slashdot, the news is misleading : he was not condemned for releasing exploit code, but simply for software piracy (the antivirus copy he had used was not legitimate).
This proposal totally sucks. The goal of a CAPTCHA is not only to be extremely difficult for a computer, you also need to make it simple enough for the user. Most current implementations are considered extremely inaccessible, and if you have accessibility in mind, these 3D images are a huge step backwards. The utter vanity of it all is emphasised by its vulnerability to the porn site attack (offering porn to monkeys to crack CAPTCHAs). Be assured that I and other people will devote as much time as possible to eradicate moronic CAPTCHAs from the Internet.
xine/mplayer are hardly illegal. They are indeed covered by mpeg4 patents (which only apply if you sell a certain number of units), and furthermore it is illegal (DMCA...) to distribute them with libdvdread.
Don't confuse libdvdcss and libdvdread. And AFAIK the DVD CCA has dropped all DMCA claims against DeCSS-like devices; they are now using their patent portfolio. However, the libdvdcss authors have never been threatened by DMCA or patent infrigement claims or whatever (by the way, I am the main libdvdcss author). Also note that Linspire is distributing Xine and libdvdcss with the DVD CCA's authorization, which makes them pretty legal to my eyes.
Using C# makes sense to me. It provides Rijndael and MD5 in System.Security.Cryptography out of the box. These cypher and hash algorithms are at the core of the DRMS encryption scheme. The same code in C would either use obscure libraries or 1000 extra lines of code.
As far as I can tell, this sort of thing violates the Debian Free Software Guidelines, rule number 5: No Discrimination Against Persons or Groups
Of course, any license discriminates against this special group consisting of the persons who do not respect licenses. These guidelines should be treated as such, and not abusively taken to the letter.
Show me an example of Microsoft suing anyone for patent infringement. They haven't. They don't do business that way.
Of course they do business that way. They just don't need that when they have the opportunity to buy their competitor. But when the competitor cannot be bought (think of a free software enthusiast in his garage), they don't even need to sue, intimidation is enough. See for instance the VirtualDub issue.
CSS was 'cracked' because xing left all the CSS keys in one of it's product distributions by accident. That made it about a billion times easier to reverse-engineer. I'm not betting the new system will be cracked.
No, Xing left only one CSS key (and I doubt they were even given the other keys anyway). It is Frank A. Stevenson's cryptanalysis and his playerkey test program that helped generate the list of all possible player keys.
Re:So, we're awarding wasted duplication of effort
on
Open Source Awards 2004
·
· Score: 2, Interesting
For one thing, the GPL only requires you to make source code available to the people who have the binaries. In other words, if you haven't paid, you don't have any right to complain.
I do not fully agree. If I have paid for the binary, I can only complain if the software was given to me with the GPL blurb, otherwise how am I supposed to know that the software is GPL? And even then, I cannot claim any copyright infrigement.
However, if I am the copyright holder of a part of the GPL software (funny, in the case of the Lindows DVD player, I happen to be), then I have a right to complain if the GPL terms are not respected. I asked the Lindows legal service about my concerns a few months ago but never got an answer.
Re:So, we're awarding wasted duplication of effort
on
Open Source Awards 2004
·
· Score: 3, Informative
Now we're stuck with two debuggers (Valgrind and gdb) each having stunted functionality. Why didn't the people in charge of Valgrind put their effort into improving gdb (and taking advantage of the already present infrastructure at no added cost)?
Simply because the "present infrastructure" did not allow to easily implement an x86 virtual machine into gdb. But valgrind and gdb work perfectly together, see for instance the --gdb-attach flag in valgrind.
Given how quickly the compromission was discovered, they probably did not have enough time to find an efficient way to compromise the archive. Since several machines were compromised at once, one can speculate that the crackers were not very skilled or they would have tried to hide a bit better, and that would also explain why they were unable to do anything to the archive.
Slashdot Mirror
Bad luck, you visited Slashdot the day it was vandalised.
Doing a simple Google search I get "In order to show you the most relevant results, we have omitted some entries very similar to the 283 already displayed." although more than 1,000,000 pages were indexed. (YMMV, all Google frontends don't yield the same results, especially with newly coined terms). This simply means that hundreds of useless blogs or news sites use the phrase on hundreds of their pages, and that those pages are accessible through hundreds of different URLs. Typical Google pollution.
It is likely that they are not using VLC's code but some other, smaller application that just happens to use our code (and which may or may not respect the GPL itself -- there may be unknown intermediaries in the story). The drms.c file is part of VLC's MPEG-4 / QuickTime demuxer, so it could be a music player or a media tagging utility, for instance.
I have to make sure everyone understands why this string is here. To be fair with Sony (or whoever they mandated), it is not an attempt from them to hide the code theft. Rather, it is an attempt by Apple to prevent not only code theft but also clean-room reimplementations.
Apple's encryption scheme includes the generation of a key. The important parts of this key come from the machine's unique hardware information. But to prevent (at least that's my only plausible explanation for it) people from reimplementing the scheme by using the same information, they also add this copyright string to the key generation. Reimplementing their protocol means the string has to be used.
We just store it ROT13'ed in VLC because it would be confusing to have an Apple copyright in our code. Although technically the string itself is created by Apple, it is too short to qualify for copyright.
Not that I could not before, but I can now copy and download all the Sony CDs I want without fearing a lawsuit. They apparently don't care about intellectual property.
Get a Happy Hacking Blank Key keyboard instead. It is three times the price but it is a lot smaller, doesn't have that totally useless numeric pad no one uses nowadays, or those retarded so-called Windows keys. It is a lot lighter, too. What is the use of having the best keyboard if you cannot carry it and brag around with it?
So this guy apparently thought that these massive 3 or 4 % hits were not acceptable, and learned about .htaccess to redirect them away? Wow, that is a really clever hack! And it seems he didn't even get it right, because his first referrer site now also displays the "dear Fuddruckers" message despite having nothing to do with Fuddruckers.
Also, he is replacing the original URL with shock images and popups? Dudes, there are troll groups on Slashdot who have been doing that for years...
Sorry, not really impressed. Nor even interested, to be honest.
I suggest you read this article, too, in order to get a better understanding of what the decision really means.
See this analysis by a lawyer who followed the trial: http://maitre.eolas.free.fr/journal/index.php?2005 /03/08/87-guillermito-condamne-mais-tres-legeremen t
(quote: "Ce qui a perdu Guillermito, c'est que sa version de ViGuard était piratée", eg. "What lost Guillermito was that his version of ViGuard was pirated").
Please, read the articles before commenting. As usual on Slashdot, the news is misleading : he was not condemned for releasing exploit code, but simply for software piracy (the antivirus copy he had used was not legitimate).
This proposal totally sucks. The goal of a CAPTCHA is not only to be extremely difficult for a computer, you also need to make it simple enough for the user. Most current implementations are considered extremely inaccessible, and if you have accessibility in mind, these 3D images are a huge step backwards. The utter vanity of it all is emphasised by its vulnerability to the porn site attack (offering porn to monkeys to crack CAPTCHAs). Be assured that I and other people will devote as much time as possible to eradicate moronic CAPTCHAs from the Internet.
...to carve pumpkins such as these ones?
xine/mplayer are hardly illegal. They are indeed covered by mpeg4 patents (which only apply if you sell a certain number of units), and furthermore it is illegal (DMCA ...) to distribute them with libdvdread.
Don't confuse libdvdcss and libdvdread. And AFAIK the DVD CCA has dropped all DMCA claims against DeCSS-like devices; they are now using their patent portfolio. However, the libdvdcss authors have never been threatened by DMCA or patent infrigement claims or whatever (by the way, I am the main libdvdcss author). Also note that Linspire is distributing Xine and libdvdcss with the DVD CCA's authorization, which makes them pretty legal to my eyes.
Using C# makes sense to me. It provides Rijndael and MD5 in System.Security.Cryptography out of the box. These cypher and hash algorithms are at the core of the DRMS encryption scheme. The same code in C would either use obscure libraries or 1000 extra lines of code.
However _where_ is the linux-2.4.24-mremap.patch to be found?
I extracted it from the 2.4.25 patch: mremap-patch.diff
Of course they do business that way. They just don't need that when they have the opportunity to buy their competitor. But when the competitor cannot be bought (think of a free software enthusiast in his garage), they don't even need to sue, intimidation is enough. See for instance the VirtualDub issue.
CSS was 'cracked' because xing left all the CSS keys in one of it's product distributions by accident. That made it about a billion times easier to reverse-engineer. I'm not betting the new system will be cracked.
No, Xing left only one CSS key (and I doubt they were even given the other keys anyway). It is Frank A. Stevenson's cryptanalysis and his playerkey test program that helped generate the list of all possible player keys.
I do not fully agree. If I have paid for the binary, I can only complain if the software was given to me with the GPL blurb, otherwise how am I supposed to know that the software is GPL? And even then, I cannot claim any copyright infrigement.
However, if I am the copyright holder of a part of the GPL software (funny, in the case of the Lindows DVD player, I happen to be), then I have a right to complain if the GPL terms are not respected. I asked the Lindows legal service about my concerns a few months ago but never got an answer.
Already half of last months traffic!
That is mostly because of the VLC 0.7.0 release.
Given how quickly the compromission was discovered, they probably did not have enough time to find an efficient way to compromise the archive. Since several machines were compromised at once, one can speculate that the crackers were not very skilled or they would have tried to hide a bit better, and that would also explain why they were unable to do anything to the archive.