Yeah, that is a little interesting because there's nothing in the GPL that allows for you to dictate who your downstream recipients can distribute your software to. In other words if Qt is truly GPLed then it should be perfectly acceptable to write a GPL application for internal use -- naturally if anyone inside the company wanted to give the software to any third party they must be allowed, so I suppose there is the case that you'd have no control over "business secrets" in such code. But, if that's not a concern then it's still GPL software, even if you don't actively try to spread it to anyone but yourself. Now, I'm not saying that's the moral thing to do, but going by the GPL it's fine.
That's just a misleading thing to say. There's nothing preventing you from doing commercial development with a GPL library without buying a license. It just means that you have to offer to provide the complete source to the people that you give binaries to. A lot of companies do tons of development on in-house systems that never leave the company, and they would be under no obligation to pay fees to anyone. Likewise, some companies develop specialized systems for other companies or small numbers of clients. In these cases where you're essentially building something to spec, something that you're only going to give to a couple of people, it's not showstopper that you have to give them source as well. Some companies would want to retain their source so that they can be in control, and so they'd need the commercial license. But in other cases they may be glad to hand over the source, in which case they owe nothing to Trolltech.
So there are certainly situations where GPL and commercial software can work together.
True. They were so secretive with their planes that they would only fly them in front of potential customers who had signed the equivalent of a NDA (non-disclosure agreement.) They had gradiose plans to license their patents they had acquired on the control methodology, and they kept trying to convince the military (as well as foreign governments) to place orders. The problem was that no one actually believed their claims (distance, maneuverability, agility, etc.) because hardly anyone had actually seen the planes fly. Some inventors in France had achieved flight with a less-capable machine, but they got a lot of attention as they did everything in public.
The Wright Bros were methodical and scientific, but they were terrible at running a business. By the time they got their heads out of their asses there were already competitors that were offering planes with comparable features for less than the Wright Bros $25,000/plane asking price. They took their patent case to court and eventually won (I think) but it really didn't have the effect they were hoping for. Within a dozen years or so the Wright company essentially vanished, and was acquired/merged with one of its competitors.
That's really not true. This may not be a remotely-exploitable hole, but any good cracker will tell you that most intrusions are built upon a chain of vulnerabilities. Maybe you use a SQL injection or other common php error to get access as the user which the Apache process is running. Then you use this one to get root access. The chain of these two would result in a remote attacker having root privileges, even if you don't have any local user accounts other than yourself. Just because this is not remotely expoitable doesn't mean it's not dangerous and shouldn't be patched.
I think that widow would ask you why the US had supported Saddam for decades while he went on these barbaric killing sprees. She would ask you why the US government provided guns, weapons, money, and direct support to Saddam while he was committing all of these atrocities. The notion that the US government is somehow appauled by his actions is ludicrous. If that were the case, why has Saddam had US support for the whole time until recently?
Ah yes. I remember the days of trying out raytracing on an old 386sx. It wasn't even a full fledged 'dx', it was the crippled 'sx' version. And for those of you that don't remember, the 386 didn't have an hardware floating point unit (it was a very expensive add-on.) So raytracing for FOREVER. You could sit there and watch each pixel appear, at least for the complex parts of the scene. It was really painful but certainly entertaining at the time.
The point is that this gets you the data in its original, unmolested format. All the other methods you mentioned amount to decoding the AAC compression to an uncompressed waveform and then re-encoding it again in whatever unrestricted format of choice. If you care at all about the quality of your files you'd know that doing this is a really Bad Thing.
I liken this to the debate of analogue cassette tapes and VHS. It had always been possible to copy them, but no one was especially worried as it entailed some degredation in quality. When CDs came out though, there was some consternation as these could be exactly copied bit-for-bit with no loss in quality.
Of course it's "circumventing a copy-protection mechanism." It takes a file that cannot be copied and played freely and outputs a file that has no such restrictions. That sounds almost exactly like the textbook definition of the term.
Just because a device or method has both infringing and non-infringing uses doesn't mean it's not a method for circumventing copy-protection.
I don't see how checking temperature could possibly help. The tip of your finger is about the most extreme in terms of extremities and blood flow, and it will never be anywhere close to core body temperature. How many times have you shaken someone's hard and reeled back at their cold fingers? Or how many times have you messed with someone by putting your cold hand on the back of their neck? Are we to make everyone in line keep their hands in their pockets at all times, so that no one has cold hands? Will mittens be government issue and required when going anywhere so that the fingerprint readers don't get confused?
Good god are you fucking insane? This is the dumbest thing I've ever heard.
You cannot trust the From line in spam! It is ALWAYS fake!
If you replied to every spam the ONLY thing you are doing is filling some complete innocent's mailbox with more crap -- google for "joe job" for more information. Spammers put whatever they want in the From line, and it almost never is a legitimate email address that they have control of. If it doesn't bounce, it's just going to annoy someone completely unrelated to the spam.
Please learn how email works before you make up these ridiculous plans.
"There's a lot of romance associated with blimps and dirigibles, and now that they have access to nonflammable fuels, it's a little more feasible.
Why, just the other day I was saying, "Gee honey, wouldn't you like to do it in a blimp? Just thinking about it makes me hot!"
If we were talking about hot air balloons then I could see the "romance" in that, but I just have never found myself romanticising about a ride in a blimp in any form.
I'd say it's less like an IDS and more like a hardware accelerated iptables-meets-ngrep. If this is being done entirely in hardware I seriously doubt that it would work at the application level, as that would require a lot of processing, especially for the speeds claimed. I'm guessing that this knows how to reassemble basic sequences of packets and scan for certain patterns, perhaps with some form of wildcarding or regular expression matching. I would imagine that it simply drops the matching packets outright, it would really take a lot of work to deal with it a more graceful manner. I think they're counting on the fact that a lot of worms can be detected by simple pattern matching. But it wouldn't be able to catch anything sophisticated, like polymorphic viruses or anything that requires a sequence of seperate events to occur in a specific order.
Right, this goes above and beyond simple port filtering or firewalling, in that it actively deletes material from the wire. It's kind of like the case with spam. If you reject the mail at delivery-time then at least the sender of a legitimate false-positive knows to resend. But if you silently delete things, no one is ever the wiser.
I don't really like the notion of my ISP actively grepping every packet I send and selectively deleting some of them that match some rules. Sure, I don't care if it ONLY messes with malware, as that would never affect me since I keep a tight ship. But, what if someone programs a really sloppy or poorly written rule, and there are false positives? What if the ISP decides that it wants to start deleting other things, like p2p traffic that's taking up all that bandwidth? Again, this is different from blocking p2p ports outright, which, while still repulsive, would at least alert you to the fact that something's being blocked since you wouldn't be able to establish a connection on the blocked ports.
Now, on a corporate/university LAN I can see a lot fewer issues. For one thing, it's a case of "their net, their rules" in that you really have no rights (in the case of the workplace) to complain about what's filtered and what isn't. But workplaces tend to already have some form of firewall or other preventative measures in place. Not that this wouldn't help, but the real case for something like this is a consumer broadband ISP, where a single installation could potentially isolate and neuter thousands of infected home boxes of people running a stock Windows 98 with no updates and no firewall.
Why are you people still falling for and modding up this troll?
Since when does the lack of posts on BugTraq relating to MacOS 9 have ANYTHING to do with its security? Maybe no one is seriously interested in using OS 9 for a server because its support for the most basic of Web scripting and common web server applications is rudimentary at best. If no one is interested in using it as a server then no one is going to be interested in spending time looking for exploits for it, and thus there will be no posts about it in BugTraq.
I don't see any C64 exploits posted to BugTraq, that does not mean I want to use on as my web server. And the other arguments don't hold water either. Windows 95 has no security either, you're always running as root, and look how well that turned out. I don't see that as a "feature" at all. No command prompt? Oh yeah, that makes remote administration via SSH soooo easy. Oh, but who would want to remotely administer a server anyway. Pascal strings? That has nothing to do with the OS and everything to do with the compiler and language used to write the apps. For example, Delphi/Kylix on Windows/linux.
Why do people cling to this retarded 'hosts' method of blocking things? It's the fucking stone age. It leaves a stupid broken image icon for every "blocked" picture. It fails even more ungracefully if you actually HAVE a web server on localhost. It has absolutely horrible granularity -- either you block everything (ad images, non-ad images, legitimate HTML, stylesheets,...) or nothing from a particular host.
Try something like privoxy, which will replace those images with a 1x1 transparent image, so that there's no disruption in the page layout. And it will be a HELL of a lot more effective at blocking ads and annoyances than playing whackamole with a stupid list of static hostnames in some file. Can you say "regular expressions"?
Here in the wonderful state of California there are no numbers on any of the exits. They're identified by the road or town or whatever the exit leads to. When I moved here I found it odd, since in other states if you were giving someone directions you could just say "go north, then take exit 291."
WIth SVG maturing, I wonder when we're going to get maps that aren't these stupid images. I want a vector map that I can pan and zoom... but it should be smart enough to only download the data that it needs for any given display. And it should be smart enough to cull enough details when I zoom out that I can get a sufficient overview of the layout of a town without downloading e.g. every street name. I'd think this would eventually be easier on the back-end, as it wouldn't have to generate all those stupid images. Although, they're probably statically generated and so the back-end just fetches the corresponding grid location at the requested zoom level. But still, that sounds like a real nightmare to maintain.
I'm guessing that we'll never really see what I described above, due to the fear of someone being able to steal all their precious cartographic data. With images, you'd have to have some pretty good algorithms if you wanted to reconstruct useful vector data. But if the whole thing is native vectors, the bad guy could conceivably steal the entire database (with some clever scripts) and setup their own business. I foresee some really stinky Adobe plug-in with horrible DRM... sigh.
Yes, the key word is "compound it" which means that you account for inflation. Also, the quote specifically said "...that a tall person enjoys" which implies it's referring to more than a couple inches of difference.
As an example, consider someone that is 3" taller than average (which is 5'9" for males) and assume a 6% rate of inflation. After 30 years this amounts to $199,009.
If you assume 4" and 8%, the 30 year result is $395,095.
You would not have that concern if you understood statistical sampling.
There are probably, what, a few hundred NBA players in the population. They represent an exceedingly small percentage, since the vast majority (hundreds of millions) of the working population is NOT an NBA player.
When you take a sample-set, it must be representative of the whole. Therefore, if you had e.g. 500 people in your study and even one of them were an NBA player, then you no longer have a representative sample. 1 in 500 is much greater than several hundred in hundreds of millions.
In other words, if the sample set was chosen properly, it would not contain any NBA players -- unless the set contained many thousands of people. And if that were the case then the extremely high NBA salary would not have much of an effect on the average, given that it's an average of many thousands.
Your accusation that "NBA players throw everything off" is much like saying the following: The census has determined that the average household income in America is $50,000 per year. Since a few people in this country make an obscene amount of money per year, they obviously must be skewing that average up. No, it does not, because the census is very careful to select a representative sample of the whole.
And lord help us if the RIAA were to discover the evil nasty "netstat -an" command that works on most every computer! Worse yet, if they were to download TCPView from sysinternals.com. Heavens forbid -- IP addresses all over the place! Nobody's safe!
In all seriousness, anyone that thinks you can "scramble" an IP address and still use a protocol like TCP is full of shit. I'm sure you could think of all sorts of bizarro schemes to bounce packets around using raw sockets and UDP spoofed source addresses or whatever... but all of the methods of doing that sort of thing are absolutely hideous as far as throughput is concerned, and they're connectionless and stateless. I.e. completely useless for transferring files.
Slashdot Mirror
Yeah, that is a little interesting because there's nothing in the GPL that allows for you to dictate who your downstream recipients can distribute your software to. In other words if Qt is truly GPLed then it should be perfectly acceptable to write a GPL application for internal use -- naturally if anyone inside the company wanted to give the software to any third party they must be allowed, so I suppose there is the case that you'd have no control over "business secrets" in such code. But, if that's not a concern then it's still GPL software, even if you don't actively try to spread it to anyone but yourself. Now, I'm not saying that's the moral thing to do, but going by the GPL it's fine.
That's just a misleading thing to say. There's nothing preventing you from doing commercial development with a GPL library without buying a license. It just means that you have to offer to provide the complete source to the people that you give binaries to. A lot of companies do tons of development on in-house systems that never leave the company, and they would be under no obligation to pay fees to anyone. Likewise, some companies develop specialized systems for other companies or small numbers of clients. In these cases where you're essentially building something to spec, something that you're only going to give to a couple of people, it's not showstopper that you have to give them source as well. Some companies would want to retain their source so that they can be in control, and so they'd need the commercial license. But in other cases they may be glad to hand over the source, in which case they owe nothing to Trolltech.
So there are certainly situations where GPL and commercial software can work together.
True. They were so secretive with their planes that they would only fly them in front of potential customers who had signed the equivalent of a NDA (non-disclosure agreement.) They had gradiose plans to license their patents they had acquired on the control methodology, and they kept trying to convince the military (as well as foreign governments) to place orders. The problem was that no one actually believed their claims (distance, maneuverability, agility, etc.) because hardly anyone had actually seen the planes fly. Some inventors in France had achieved flight with a less-capable machine, but they got a lot of attention as they did everything in public.
The Wright Bros were methodical and scientific, but they were terrible at running a business. By the time they got their heads out of their asses there were already competitors that were offering planes with comparable features for less than the Wright Bros $25,000/plane asking price. They took their patent case to court and eventually won (I think) but it really didn't have the effect they were hoping for. Within a dozen years or so the Wright company essentially vanished, and was acquired/merged with one of its competitors.
Sufficive to say (man that sounds too Star Trek),
s/Sufficive/Suffice it/
as in, "It is sufficient to say..."
That's really not true. This may not be a remotely-exploitable hole, but any good cracker will tell you that most intrusions are built upon a chain of vulnerabilities. Maybe you use a SQL injection or other common php error to get access as the user which the Apache process is running. Then you use this one to get root access. The chain of these two would result in a remote attacker having root privileges, even if you don't have any local user accounts other than yourself. Just because this is not remotely expoitable doesn't mean it's not dangerous and shouldn't be patched.
I think that widow would ask you why the US had supported Saddam for decades while he went on these barbaric killing sprees. She would ask you why the US government provided guns, weapons, money, and direct support to Saddam while he was committing all of these atrocities. The notion that the US government is somehow appauled by his actions is ludicrous. If that were the case, why has Saddam had US support for the whole time until recently?
Ah yes. I remember the days of trying out raytracing on an old 386sx. It wasn't even a full fledged 'dx', it was the crippled 'sx' version. And for those of you that don't remember, the 386 didn't have an hardware floating point unit (it was a very expensive add-on.) So raytracing for FOREVER. You could sit there and watch each pixel appear, at least for the complex parts of the scene. It was really painful but certainly entertaining at the time.
The point is that this gets you the data in its original, unmolested format. All the other methods you mentioned amount to decoding the AAC compression to an uncompressed waveform and then re-encoding it again in whatever unrestricted format of choice. If you care at all about the quality of your files you'd know that doing this is a really Bad Thing.
I liken this to the debate of analogue cassette tapes and VHS. It had always been possible to copy them, but no one was especially worried as it entailed some degredation in quality. When CDs came out though, there was some consternation as these could be exactly copied bit-for-bit with no loss in quality.
Of course it's "circumventing a copy-protection mechanism." It takes a file that cannot be copied and played freely and outputs a file that has no such restrictions. That sounds almost exactly like the textbook definition of the term.
Just because a device or method has both infringing and non-infringing uses doesn't mean it's not a method for circumventing copy-protection.
B19? Good lord, you're kidding right? That's frikkin ANCIENT. :-) Cygwin has advanced light years since B19.
I don't see how checking temperature could possibly help. The tip of your finger is about the most extreme in terms of extremities and blood flow, and it will never be anywhere close to core body temperature. How many times have you shaken someone's hard and reeled back at their cold fingers? Or how many times have you messed with someone by putting your cold hand on the back of their neck? Are we to make everyone in line keep their hands in their pockets at all times, so that no one has cold hands? Will mittens be government issue and required when going anywhere so that the fingerprint readers don't get confused?
Good god are you fucking insane? This is the dumbest thing I've ever heard.
You cannot trust the From line in spam! It is ALWAYS fake!
If you replied to every spam the ONLY thing you are doing is filling some complete innocent's mailbox with more crap -- google for "joe job" for more information. Spammers put whatever they want in the From line, and it almost never is a legitimate email address that they have control of. If it doesn't bounce, it's just going to annoy someone completely unrelated to the spam.
Please learn how email works before you make up these ridiculous plans.
I found the following quote rather odd:
"There's a lot of romance associated with blimps and dirigibles, and now that they have access to nonflammable fuels, it's a little more feasible.
Why, just the other day I was saying, "Gee honey, wouldn't you like to do it in a blimp? Just thinking about it makes me hot!"
If we were talking about hot air balloons then I could see the "romance" in that, but I just have never found myself romanticising about a ride in a blimp in any form.
I'd say it's less like an IDS and more like a hardware accelerated iptables-meets-ngrep. If this is being done entirely in hardware I seriously doubt that it would work at the application level, as that would require a lot of processing, especially for the speeds claimed. I'm guessing that this knows how to reassemble basic sequences of packets and scan for certain patterns, perhaps with some form of wildcarding or regular expression matching. I would imagine that it simply drops the matching packets outright, it would really take a lot of work to deal with it a more graceful manner. I think they're counting on the fact that a lot of worms can be detected by simple pattern matching. But it wouldn't be able to catch anything sophisticated, like polymorphic viruses or anything that requires a sequence of seperate events to occur in a specific order.
Right, this goes above and beyond simple port filtering or firewalling, in that it actively deletes material from the wire. It's kind of like the case with spam. If you reject the mail at delivery-time then at least the sender of a legitimate false-positive knows to resend. But if you silently delete things, no one is ever the wiser.
I don't really like the notion of my ISP actively grepping every packet I send and selectively deleting some of them that match some rules. Sure, I don't care if it ONLY messes with malware, as that would never affect me since I keep a tight ship. But, what if someone programs a really sloppy or poorly written rule, and there are false positives? What if the ISP decides that it wants to start deleting other things, like p2p traffic that's taking up all that bandwidth? Again, this is different from blocking p2p ports outright, which, while still repulsive, would at least alert you to the fact that something's being blocked since you wouldn't be able to establish a connection on the blocked ports.
Now, on a corporate/university LAN I can see a lot fewer issues. For one thing, it's a case of "their net, their rules" in that you really have no rights (in the case of the workplace) to complain about what's filtered and what isn't. But workplaces tend to already have some form of firewall or other preventative measures in place. Not that this wouldn't help, but the real case for something like this is a consumer broadband ISP, where a single installation could potentially isolate and neuter thousands of infected home boxes of people running a stock Windows 98 with no updates and no firewall.
virii is not a word, Mr. Anonymous troll.
Repeat after me: virii is not a word. The plural of virus is viruses.
Whaddya talkin about? This Dave Null guy seems to be employed by thousands of ISPs to handle abuse@. He must be really good at his job...
Why are you people still falling for and modding up this troll?
Since when does the lack of posts on BugTraq relating to MacOS 9 have ANYTHING to do with its security? Maybe no one is seriously interested in using OS 9 for a server because its support for the most basic of Web scripting and common web server applications is rudimentary at best. If no one is interested in using it as a server then no one is going to be interested in spending time looking for exploits for it, and thus there will be no posts about it in BugTraq.
I don't see any C64 exploits posted to BugTraq, that does not mean I want to use on as my web server. And the other arguments don't hold water either. Windows 95 has no security either, you're always running as root, and look how well that turned out. I don't see that as a "feature" at all. No command prompt? Oh yeah, that makes remote administration via SSH soooo easy. Oh, but who would want to remotely administer a server anyway. Pascal strings? That has nothing to do with the OS and everything to do with the compiler and language used to write the apps. For example, Delphi/Kylix on Windows/linux.
Why do people cling to this retarded 'hosts' method of blocking things? It's the fucking stone age. It leaves a stupid broken image icon for every "blocked" picture. It fails even more ungracefully if you actually HAVE a web server on localhost. It has absolutely horrible granularity -- either you block everything (ad images, non-ad images, legitimate HTML, stylesheets, ...) or nothing from a particular host.
Try something like privoxy, which will replace those images with a 1x1 transparent image, so that there's no disruption in the page layout. And it will be a HELL of a lot more effective at blocking ads and annoyances than playing whackamole with a stupid list of static hostnames in some file. Can you say "regular expressions"?
Here in the wonderful state of California there are no numbers on any of the exits. They're identified by the road or town or whatever the exit leads to. When I moved here I found it odd, since in other states if you were giving someone directions you could just say "go north, then take exit 291."
WIth SVG maturing, I wonder when we're going to get maps that aren't these stupid images. I want a vector map that I can pan and zoom... but it should be smart enough to only download the data that it needs for any given display. And it should be smart enough to cull enough details when I zoom out that I can get a sufficient overview of the layout of a town without downloading e.g. every street name. I'd think this would eventually be easier on the back-end, as it wouldn't have to generate all those stupid images. Although, they're probably statically generated and so the back-end just fetches the corresponding grid location at the requested zoom level. But still, that sounds like a real nightmare to maintain.
I'm guessing that we'll never really see what I described above, due to the fear of someone being able to steal all their precious cartographic data. With images, you'd have to have some pretty good algorithms if you wanted to reconstruct useful vector data. But if the whole thing is native vectors, the bad guy could conceivably steal the entire database (with some clever scripts) and setup their own business. I foresee some really stinky Adobe plug-in with horrible DRM... sigh.
Yes, the key word is "compound it" which means that you account for inflation. Also, the quote specifically said "...that a tall person enjoys" which implies it's referring to more than a couple inches of difference.
As an example, consider someone that is 3" taller than average (which is 5'9" for males) and assume a 6% rate of inflation. After 30 years this amounts to $199,009.
If you assume 4" and 8%, the 30 year result is $395,095.
You would not have that concern if you understood statistical sampling.
There are probably, what, a few hundred NBA players in the population. They represent an exceedingly small percentage, since the vast majority (hundreds of millions) of the working population is NOT an NBA player.
When you take a sample-set, it must be representative of the whole. Therefore, if you had e.g. 500 people in your study and even one of them were an NBA player, then you no longer have a representative sample. 1 in 500 is much greater than several hundred in hundreds of millions.
In other words, if the sample set was chosen properly, it would not contain any NBA players -- unless the set contained many thousands of people. And if that were the case then the extremely high NBA salary would not have much of an effect on the average, given that it's an average of many thousands.
Your accusation that "NBA players throw everything off" is much like saying the following: The census has determined that the average household income in America is $50,000 per year. Since a few people in this country make an obscene amount of money per year, they obviously must be skewing that average up. No, it does not, because the census is very careful to select a representative sample of the whole.
And lord help us if the RIAA were to discover the evil nasty "netstat -an" command that works on most every computer! Worse yet, if they were to download TCPView from sysinternals.com. Heavens forbid -- IP addresses all over the
place! Nobody's safe!
In all seriousness, anyone that thinks you can "scramble" an IP address and still use a protocol like TCP is full of shit. I'm sure you could think of all sorts of bizarro schemes to bounce packets around using raw sockets and UDP spoofed source addresses or whatever... but all of the methods of doing that sort of thing are absolutely hideous as far as throughput is concerned, and they're connectionless and stateless. I.e. completely useless for transferring files.