If you reread your post as posted, you'll see you made the same mistake I did: Slashdot took the angle-brackets and treats them as HTML tags rather than as Java code. I was in fact using generics, but they disappeared in the Slashdot posting process. The same thing happened to your post.
If you put back the generics in both your post and mine, as somebody corrected for me in a sub-post, I think you and I are talking about the same thing.
I don't know why somebody would cast a List<Integer> to a plain List, but it's legal, and that's a problem that other parameterized languages don't have. But doing it that way preserved a lot of other nice features of the Java Virtual Machine, and with the right warnings turned on the compiler can spot it as a probable error, so I'm not really complaining. I'm just concurring with an ancestor-post that Java's generics don't truly introduce new types but are instead merely a compile-time hack.
Argh. Thank you. It's not very interesting without the generics.
I'd also meant to add the generic to the definition of s, so that it should be:
List<Integer> s = new ArrayList<Integer>();
So when you pull the element out:
Integer i = s.get(0);
it can be done without an explicit cast. But the cast occurs anyway and generates a ClassCastException if you've put a non-Integer into the array. That's far later than it ought to be; the error occurred long ago and far away, so debugging it can be a real pain.
There is no free speech on the radio, or on TV. There never has been. There is only a limited amount of bandwidth, and the US government regulates its use. It leases out that bandwidth at an absurdly low rate in exchange for it being used nominally for the public good. In the US Government's opinion that means no swearing and being careful about whom you insult.
Imus is perfectly free to say all of this in his living room, on a soap box in the park, and just about anywhere else. That's the first amendment. He's not free to broadcast it on the air. That's regulating the air waves.
It's time for you all to worry less about (heavens to betsy!) Political Correctness and start lobbying to take back the air waves. They go to a very limited set of very rich corporations who reap enormous profits, especially when they push the FCC's regulations as far as they will go. These airwaves are a lot more valuable than that.
Use them for Internet access, which IS a true free speech zone. Connect it to landlines and you can reach the whole world with your offensive crap. Everybody, not just some overpaid asshole.
It's more like he pissed off one too many groups one too many times and got fired. The FCC has been fining Imus for years, and it's getting expensive for CBS. Advertisers were getting afraid of being associated with him, and pulled their slots.
So let's be clear: he wasn't fired because he was offensive. He was fired because he was no longer profitable.
Exactly. It also prevents the anti-virus from scanning the contents of the zip file. The "the password is:" bit acts like a CAPTCHA; it takes a human being to recognize where the password is in the text.
(It seems to me that it would be worth the trouble for a virus scanner to try every word in the file as a password, and then scan the results.)
WARNING! Your computer is infected with a virus. This virus could be transmitted to you, and you will die within 24 hours.
Please forward this email to everybody you know, then smash your computer with a sledgehammer. NOTE: you must forward the email BEFORE smashing the computer, not after.
###
I swear to God I think people would actually do that. What the hell can the operating system do if people are willing to save a zip file, type in the password, and then run the contents?
Maybe Microsoft should refuse by default to run any software that didn't arrive on a CD. But then the virus will just include instructions to burn it onto a CD before running, and people will probably do that, too.
I was actually speaking mostly to be funny; I have no idea why anybody would mod me "insightful".
I don't read his column. I only know it from Slashdot, which tends to post only his most outlandish stuff, usually about Apple. In fact in this case I really do agree with him; nobody ever guaranteed you "net neutrality" in the first place. And I am extremely doubtful that any law Congress passes on the subject would do more harm than good, even if they meant well by it.
Nonetheless, I saw an opportunity for a joke, and I took it.
Yes, they do. GP had a bad example. But there are other cases of things with similar smell and very different shapes that are not well handled by the classic lock-and-key theory (e.g. enantiomers).
The resonance theory is a good and interesting alternative, despite serious difficulties understanding the mechanism.
I wasn't aware that Fair Use was one of those holy rights, like life, liberty, & pursuit of happiness.
So playing the same game, if even a single person who would buy a BloodRayne DVD decides to download it instead, that's a failure of Copyright, and is therefore unacceptable.
We have a conflict of rights. Have you got a better solution other than "my right trumps everybody else's"?
At the risk of going completely offtopic, can you elaborate on what led you to vote for Bush in 2004?
I can completely understand why a Republican would vote for Bush over Gore in 2000. But part of what made Democrats so suicidally distraught after the November 2004 was that they were sure that nobody, not even John Kerry, could lose to Bush after the PATRIOT Act, Abu Ghraib, etc.
So I'm curious about what made you change your mind between then and now.
Do you really think that there's this enormous market of people buying replacements of DVDs that they've already bought but lost or broke?
Or buying a second copy on iTunes because they can't play the DVD on their iPod?
I mean, I'm sure these things happen, but I can't imagine that it's a significant percentage of the market. It seems to me that if they removed the DRM entirely and stopped trying to shut down P2P sharing software, so that you'd have no difficulty downloading anything you wanted, they'd lose far, far more potential sales to people downloading rather than buying.
The summary is not quite correct. It's not so much that the SiteKey is being bypassed, as that the attacker is able to get their hands on the user's SiteKey. They can only do this by getting the user's password and security code, which they do with a conventional man-in-the-middle attack. Once they've got that, getting the SiteKey seems the least of their worries.
The obvious problem with SiteKey is the chicken-and-egg problem of getting the image to the server in the first place. There's some step where you're communicating in a fashion where you trust the server enough to give them your SiteKey, which they later show back to you. It's tied to a single computer, via a cookie, so if you log in from a different computer you need to send a new SiteKey or get them to send yours back to you, on the new computer.
So this attack only works if you can get the user to give up not only the password but also the "security question" (one of the dumbest bits of security I've ever seen; it's like a password only you can look it up.) Easy enough, if the user isn't alert (and they usually aren't.)
SiteKey depends on users to expect the key image, but the absence of the image doesn't usually trigger warning bells because they're not very common. You need some sort of phishing detector which says, "Hey, this site is known to require a SiteKey and isn't sending it to you."
Re:Why do this?
on
AMD's New DRM
·
· Score: 2, Insightful
In particular, it's pointless without support from the higher-ups (the OS drivers and the video players).
Perhaps there's some new layer of DRM in the offing. Here's a possible scenario: Apple's movie downloads are of limited quality, perhaps partly because the studios don't want high-resolution rips made. (They already know that you can get low-resolution rips off the DVD.)
So Apple says to AMD, "We'll start supporting your chips if you give us something to take to the studios so they'll let us have high-resolution movies."
That's just a guess, but it highlights exactly what your question is bringing up: this is a useless feature without a lot of support. So I've got to assume that somebody has plans to use it to offer content that they wouldn't otherwise release for fear of having it ripped.
(Or, alternatively, somebody had threatened to pull their existing content unless future computers are made more secure against this mode of ripping.)
That's still odd. You'd expect this to come from an OS vendor, who tells both AMD and Intel what to do about it. Which implies that Intel is planning something similar soon, and that both will offer a driver so that the OS can use it to enforce whatever DRM scheme they have in mind.
Concrete = a building material composed of aggregates and cement
Concrete is used for buildings, roads, sidewalks, etc. The aggregate in that case is usually rocks. The cement is usually Portland cement. It's not correct to call it "cement", though people will usually understand what you mean.
But judging from the comments so far, not in this case. This isn't a replacement for Portland cement, and they're not talking about building materials. This is the kind of cement used to glue bits of LCD screens to each other.
Yes indeed. This is presumably of some minor interest to those working in the field. Actually, probably a bit more than that, since it was published in Science rather than in some more specialized journal.
But by the time it hits the press release phase, and then the press release hits the breathless-Slashdot-summary phase, you get a minor accomplishment turned into the Second Coming. We saw the same thing last week with the solar-cell pigments, and many times before that.
I've always imagined that the scientists who wrote the paper are a bit embarrassed by the unwarranted attention paid to their work, but probably just as happy if it makes their lives easier in the next grants cycle. But I honestly don't know if a widely-reported press release counts for more than an article in Science (which is actually a pretty big accomplishment.)
Huh. I'm using GMail to host my domain. My email addresses are pretty slutty (a combination of supporting the catchall, some public "info@" addresses that get forwarded to me, and a few mailing lists with lousy privacy or security policies.)
I do see perhaps three spams a day that actually make it into the inbox, and about 300 or so that are shunted to the spam folder.
There may be false positives in there, but with 300 per day I'm not going to find out. I've never noticed one in there, or had a friend tell me about an email that never reached me.
TV is actually much the same way. TV executives aren't in the entertainment business. They're in the ad-delivery business. Their customers aren't the viewers, because the viewers don't give them money. Their customers are the advertisers. The viewers are the product, delivered up to the customers. The entertainment is the way they farm viewers.
Personally, I mind web site advertising less than I mind TV advertising. As long as the web site ads are polite, they don't take up any of my time, just the corner of my eye. That's why I use NoScript and eliminate animated GIFs but I don't use AdBlock.
So I don't think of it as a scam, per se. They're offering content, and their price is a bit of screen space which (at least for me) isn't distracting attention from the content. I'll even click on a polite ad, if it's actually something I'm interested in. And if the site isn't polite (and dividing up an article into an unreadable number of pieces isn't polite) I'll simply go elsewhere.
Good to know. I've occasionally noticed problems on pages where I thought I had the NoScript settings proper; perhaps this is the same problem. Most of the time I decide it's just not worth the trouble, or occasionally bring it up in IE instead.
I've noticed that there have been updates to NoScript lately. I wonder if they fix those problems. It's one thing when some obscure site has managed to confuse the thing into mis-parsing the DHTML or something, but Digg is too well-known for NoScript's developers to have ignored.
There are good uses of JavaScript. Google uses it pretty well; I use Google Maps and GMail continually. The latter really doesn't NEED JavaScript, but it does add some nice features (like the inline autocomplete for addresses.)
But it's a lot of rope for a web site to hang itself with, and more often than not it's evil.
I use NoScript not for security but because it cuts out one more way that web sites can annoy me, with their javascripted pop-up ads.
Yeah, it takes a moment to re-enable JavaScript for sites which insist on using it for navigation (which is itself annoying, but sometimes a site has content I want.) But it's less than the aggravation of having the text I'm trying to read covered with a pop-up layer.
I don't mind polite advertising, but anything that moves (Java, Flash, and most recently Javascript) is going to be worthless unless I absolutely require it.
Slashdot Mirror
If you reread your post as posted, you'll see you made the same mistake I did: Slashdot took the angle-brackets and treats them as HTML tags rather than as Java code. I was in fact using generics, but they disappeared in the Slashdot posting process. The same thing happened to your post.
If you put back the generics in both your post and mine, as somebody corrected for me in a sub-post, I think you and I are talking about the same thing.
I don't know why somebody would cast a List<Integer> to a plain List, but it's legal, and that's a problem that other parameterized languages don't have. But doing it that way preserved a lot of other nice features of the Java Virtual Machine, and with the right warnings turned on the compiler can spot it as a probable error, so I'm not really complaining. I'm just concurring with an ancestor-post that Java's generics don't truly introduce new types but are instead merely a compile-time hack.
Argh. Thank you. It's not very interesting without the generics.
I'd also meant to add the generic to the definition of s, so that it should be:
List<Integer> s = new ArrayList<Integer>();
So when you pull the element out:
Integer i = s.get(0);
it can be done without an explicit cast. But the cast occurs anyway and generates a ClassCastException if you've put a non-Integer into the array. That's far later than it ought to be; the error occurred long ago and far away, so debugging it can be a real pain.
This code generates no warning for me (I'm using Eclipse rather than the JDK, so YMMV):
List s = new ArrayList();
List l = s;
l.add("foo");
Further, if you do:
Integer i = s.get(0);
you get a runtime class cast exception.
There is no free speech on the radio, or on TV. There never has been. There is only a limited amount of bandwidth, and the US government regulates its use. It leases out that bandwidth at an absurdly low rate in exchange for it being used nominally for the public good. In the US Government's opinion that means no swearing and being careful about whom you insult.
Imus is perfectly free to say all of this in his living room, on a soap box in the park, and just about anywhere else. That's the first amendment. He's not free to broadcast it on the air. That's regulating the air waves.
It's time for you all to worry less about (heavens to betsy!) Political Correctness and start lobbying to take back the air waves. They go to a very limited set of very rich corporations who reap enormous profits, especially when they push the FCC's regulations as far as they will go. These airwaves are a lot more valuable than that.
Use them for Internet access, which IS a true free speech zone. Connect it to landlines and you can reach the whole world with your offensive crap. Everybody, not just some overpaid asshole.
It's more like he pissed off one too many groups one too many times and got fired. The FCC has been fining Imus for years, and it's getting expensive for CBS. Advertisers were getting afraid of being associated with him, and pulled their slots.
So let's be clear: he wasn't fired because he was offensive. He was fired because he was no longer profitable.
I'm tempted to go out and write a trojan that uses this, just to see how many people would actually do that.
Exactly. It also prevents the anti-virus from scanning the contents of the zip file. The "the password is:" bit acts like a CAPTCHA; it takes a human being to recognize where the password is in the text.
(It seems to me that it would be worth the trouble for a virus scanner to try every word in the file as a password, and then scan the results.)
WARNING! Your computer is infected with a virus. This virus could be transmitted to you, and you will die within 24 hours.
Please forward this email to everybody you know, then smash your computer with a sledgehammer. NOTE: you must forward the email BEFORE smashing the computer, not after.
###
I swear to God I think people would actually do that. What the hell can the operating system do if people are willing to save a zip file, type in the password, and then run the contents?
Maybe Microsoft should refuse by default to run any software that didn't arrive on a CD. But then the virus will just include instructions to burn it onto a CD before running, and people will probably do that, too.
I was actually speaking mostly to be funny; I have no idea why anybody would mod me "insightful".
I don't read his column. I only know it from Slashdot, which tends to post only his most outlandish stuff, usually about Apple. In fact in this case I really do agree with him; nobody ever guaranteed you "net neutrality" in the first place. And I am extremely doubtful that any law Congress passes on the subject would do more harm than good, even if they meant well by it.
Nonetheless, I saw an opportunity for a joke, and I took it.
I don't really know anything about the subject, but it's Cringely, so I'm going to assume that the opposite of whatever he said was true.
Yes, they do. GP had a bad example. But there are other cases of things with similar smell and very different shapes that are not well handled by the classic lock-and-key theory (e.g. enantiomers).
The resonance theory is a good and interesting alternative, despite serious difficulties understanding the mechanism.
I wasn't aware that Fair Use was one of those holy rights, like life, liberty, & pursuit of happiness.
So playing the same game, if even a single person who would buy a BloodRayne DVD decides to download it instead, that's a failure of Copyright, and is therefore unacceptable.
We have a conflict of rights. Have you got a better solution other than "my right trumps everybody else's"?
At the risk of going completely offtopic, can you elaborate on what led you to vote for Bush in 2004?
I can completely understand why a Republican would vote for Bush over Gore in 2000. But part of what made Democrats so suicidally distraught after the November 2004 was that they were sure that nobody, not even John Kerry, could lose to Bush after the PATRIOT Act, Abu Ghraib, etc.
So I'm curious about what made you change your mind between then and now.
Do you really think that there's this enormous market of people buying replacements of DVDs that they've already bought but lost or broke?
Or buying a second copy on iTunes because they can't play the DVD on their iPod?
I mean, I'm sure these things happen, but I can't imagine that it's a significant percentage of the market. It seems to me that if they removed the DRM entirely and stopped trying to shut down P2P sharing software, so that you'd have no difficulty downloading anything you wanted, they'd lose far, far more potential sales to people downloading rather than buying.
The summary is not quite correct. It's not so much that the SiteKey is being bypassed, as that the attacker is able to get their hands on the user's SiteKey. They can only do this by getting the user's password and security code, which they do with a conventional man-in-the-middle attack. Once they've got that, getting the SiteKey seems the least of their worries.
The obvious problem with SiteKey is the chicken-and-egg problem of getting the image to the server in the first place. There's some step where you're communicating in a fashion where you trust the server enough to give them your SiteKey, which they later show back to you. It's tied to a single computer, via a cookie, so if you log in from a different computer you need to send a new SiteKey or get them to send yours back to you, on the new computer.
So this attack only works if you can get the user to give up not only the password but also the "security question" (one of the dumbest bits of security I've ever seen; it's like a password only you can look it up.) Easy enough, if the user isn't alert (and they usually aren't.)
SiteKey depends on users to expect the key image, but the absence of the image doesn't usually trigger warning bells because they're not very common. You need some sort of phishing detector which says, "Hey, this site is known to require a SiteKey and isn't sending it to you."
In particular, it's pointless without support from the higher-ups (the OS drivers and the video players).
Perhaps there's some new layer of DRM in the offing. Here's a possible scenario: Apple's movie downloads are of limited quality, perhaps partly because the studios don't want high-resolution rips made. (They already know that you can get low-resolution rips off the DVD.)
So Apple says to AMD, "We'll start supporting your chips if you give us something to take to the studios so they'll let us have high-resolution movies."
That's just a guess, but it highlights exactly what your question is bringing up: this is a useless feature without a lot of support. So I've got to assume that somebody has plans to use it to offer content that they wouldn't otherwise release for fear of having it ripped.
(Or, alternatively, somebody had threatened to pull their existing content unless future computers are made more secure against this mode of ripping.)
That's still odd. You'd expect this to come from an OS vendor, who tells both AMD and Intel what to do about it. Which implies that Intel is planning something similar soon, and that both will offer a driver so that the OS can use it to enforce whatever DRM scheme they have in mind.
Cement = anything used to glue things together
Concrete = a building material composed of aggregates and cement
Concrete is used for buildings, roads, sidewalks, etc. The aggregate in that case is usually rocks. The cement is usually Portland cement. It's not correct to call it "cement", though people will usually understand what you mean.
But judging from the comments so far, not in this case. This isn't a replacement for Portland cement, and they're not talking about building materials. This is the kind of cement used to glue bits of LCD screens to each other.
And thanks for that. I'd have modded you up if I had mod points, but I ran out yesterday.
Yes indeed. This is presumably of some minor interest to those working in the field. Actually, probably a bit more than that, since it was published in Science rather than in some more specialized journal.
But by the time it hits the press release phase, and then the press release hits the breathless-Slashdot-summary phase, you get a minor accomplishment turned into the Second Coming. We saw the same thing last week with the solar-cell pigments, and many times before that.
I've always imagined that the scientists who wrote the paper are a bit embarrassed by the unwarranted attention paid to their work, but probably just as happy if it makes their lives easier in the next grants cycle. But I honestly don't know if a widely-reported press release counts for more than an article in Science (which is actually a pretty big accomplishment.)
Huh. I'm using GMail to host my domain. My email addresses are pretty slutty (a combination of supporting the catchall, some public "info@" addresses that get forwarded to me, and a few mailing lists with lousy privacy or security policies.)
I do see perhaps three spams a day that actually make it into the inbox, and about 300 or so that are shunted to the spam folder.
There may be false positives in there, but with 300 per day I'm not going to find out. I've never noticed one in there, or had a friend tell me about an email that never reached me.
I didn't notice the "top-level sites" option. I'm going to give that a try. Thanks.
TV is actually much the same way. TV executives aren't in the entertainment business. They're in the ad-delivery business. Their customers aren't the viewers, because the viewers don't give them money. Their customers are the advertisers. The viewers are the product, delivered up to the customers. The entertainment is the way they farm viewers.
Personally, I mind web site advertising less than I mind TV advertising. As long as the web site ads are polite, they don't take up any of my time, just the corner of my eye. That's why I use NoScript and eliminate animated GIFs but I don't use AdBlock.
So I don't think of it as a scam, per se. They're offering content, and their price is a bit of screen space which (at least for me) isn't distracting attention from the content. I'll even click on a polite ad, if it's actually something I'm interested in. And if the site isn't polite (and dividing up an article into an unreadable number of pieces isn't polite) I'll simply go elsewhere.
Good to know. I've occasionally noticed problems on pages where I thought I had the NoScript settings proper; perhaps this is the same problem. Most of the time I decide it's just not worth the trouble, or occasionally bring it up in IE instead.
I've noticed that there have been updates to NoScript lately. I wonder if they fix those problems. It's one thing when some obscure site has managed to confuse the thing into mis-parsing the DHTML or something, but Digg is too well-known for NoScript's developers to have ignored.
There are good uses of JavaScript. Google uses it pretty well; I use Google Maps and GMail continually. The latter really doesn't NEED JavaScript, but it does add some nice features (like the inline autocomplete for addresses.)
But it's a lot of rope for a web site to hang itself with, and more often than not it's evil.
I use NoScript not for security but because it cuts out one more way that web sites can annoy me, with their javascripted pop-up ads.
Yeah, it takes a moment to re-enable JavaScript for sites which insist on using it for navigation (which is itself annoying, but sometimes a site has content I want.) But it's less than the aggravation of having the text I'm trying to read covered with a pop-up layer.
I don't mind polite advertising, but anything that moves (Java, Flash, and most recently Javascript) is going to be worthless unless I absolutely require it.