Linus is already working full time on free software under RMSes favorite license. Let him use Visual Studio, SourceSafe and Word...
OSDL should have recognized that Linux is a more important project than reverse-engineering BitKeeper and told their employees not to do that on company time/servers or get fired.
Question: If Linus HAD been using VS, SourceSafe etc, and it had been Microsoft who had been pissed off about Tridge's reverse engineering of protocols, should OSDL have layed down the law against Tridge as well?
Should they have said "Linux is more important than Samba, so Tridge has to stop working on it to make sure that Linus can keep is Visual Studio license"? Since when does a proprietary software developer get to hold the community hostage by threatening to pull its licenses? How stupid do you have to be to consider that a good thing?
Then they're not Conservatives. See also my claim about Purple Cows.
Because you decided that? To be a conservative means that you resist change in society. The only reasonable way that being a conservative means "wanting government off your back" is if you come from a country with a tradition of having government off your back. And in this day, that isn't really true anywhere.
Actually though, there is a word for somebody who wants a small government and who wants to maximize individual freedom. The word is: liberal. Look it up.// oskar
. Your only chance is to export it as a raster image and import it in OO. The result is horrible by all means. Horrible size, horrible visually, horrible in a print form and horrible to edit.
The tenacity of your attempts to replace logic with rhetoric would be impressive if it wasn't so braindead.
And casinos likewise operate without any oversight or auditing whatsoever. Millions of people play these games every day. Adding security can only benefit them.
No, adding a sense of false security does not make things better. People who play on online casinos today do not expect there to be software controling that the game is fair: to the extent they care they go by reputation and testing just like I suggested. TCP adds nothing - absolutely nothing - to make this more secure. The same thing goes for voting.
You're the one who's got to be kidding! Have you not heard of the many new forms of malware which are going after banking account numbers and infiltrating themselves into secure banking transactions? TC can stop these cold via sealed storage and remote attestation. Again, you are arguing that we should deny users access to these technologies purely for political reasons because you don't like the technology.
If the TCPA application of your bank were intended to stop malware, then it would have no problem with the EFF's proposed owner override. So once again with the lies!
I won't go through the rest of your "analysis" because it's the same kind of bullshit.
LOL. "I won't even begin to counter your arguments that the world is round because it is such bullshit."
My guess is that you are worried that TC will make it harder for you to pirate your favorate songs and movies.
No, no, try harder: what I actually care about is abudcting and sexually abusing small children. And strangling puppies. And helping the turrists!
TCPA is a technology designed from the ground up for exclusion. The fundamental question of the next century, as with the previous ones, is whether we wish to build and open society or a closed one, and TCPA is ultimate tool for those who wish to close our networks. The goal of TCPA is facilitate the handing over of control of our communication devices to others, so that our computers can decide what we cannot and cannot do with them, can and cannot run with them (if we still wish to access our data and the Internet), and ultimately dictate the parameters of all networked communication. Anyone who accepts TCPA accepts that he should live in digital prison, that his doors should be locked from the outside, that a priori restraint should be placed on his ability talk to others, and that not only the Internet, but all computing and all our data should be placed in the hands of a centralized few.
Like it or not, we should make social policy that considers the welfare of the large numbers of people over the welfare of the selfish few.
No, the central pillars of our civilization are liberty and self-determinism, not utilitarianism as you would have it. Utilitarianism has, on the other hand, been the justification for every great evil visited upon the world the last century and more.// oskar
Further see this blog entry by the same author on good uses of Trusted Computing all of which rely on the supposedly evil Remote Attestation feature.
So I shall go through these one by one:
Online Elections
Um, no. Any trusted client system relies on keeping the client from tinkering with the TCP chip, and while this might be sufficiently complicated to keep people from copying your precious MP3s, it is not nearly secure enough for an election. I will be dead before I take part in an election where any sucker with a mod-chip can rig it!
Online Gambling
See the last comment. The financial incentive for rip-off casinos to hack the TC chips would be huge - so huge that I almost smile when I think about this use since it makes me more sure than ever that there will be modchips available. A much better system to secure against this is to play at reputable casinos and are tested by indpendents doing statistical analysis.
Financial Transactions
You've got to be kidding! I'm suppose to trust my bank to take care of my money if they cannot write a banking interface that doesn't rely on controling the client to keep it safe? You may claim Internet banking is in it's infancy, but I have been using it for five years and I cannot think of a single security threat against it caused by me being able to use Mozilla rather than IE to access the bank.
VPNs
The use attestation described here would not be the slightest affected by EFFs "owner override" suggestion.
P2P
P2P systems are not exactly suffering at the moment... Bittorrent has showed that tit-for-tat type trust systems work very well to keep clients in line, without sacrificing interopterability between different clients and the ability for people to develop clients on their own.
Remailers
This is pure speculation. I would like to see the remailer user who would think that trusting that TCPA will hide the message from the owner of the computer (jesus! that people cannot see what is wrong with this!) is better than a secure system.
Corporate DRM
See the first two objections. But we are getting closer to the true purpose!
Online Shopping Privacy
Because certified sites have never broken their statements, and certified operating systems like Windows have never been cracked. The idea that the problem with online shopping privacy is that you cannot trust that store is running Windows (or, yes, the single certified version of Linux that will be three years behind current development) is silly.
There are a couple of entries that are at least somewhat true:
Multi-player Games Selling CPU Cycles
but they hardly make a good case for implementing an Internet covering lock-out system. I very much doubt anyone will bother with the latter, and the former is best done on games consoles anyways.
Conclusion
The author of that blog is full of shit. And the worst thing is that he is obviously intelligent and informed, so he most likely knows that he is completely full of shit. I can't for the life of me understand why people like that wish to sell out our digital future to one of exclusion and centralized control, but hey, it is a free Internet (so far...)
Think again, the manufacturers of TCPA have admitted that they are not secure against hardware manipulation. It is likely that we will begin to see TCPA mod-chips hitting the market soon after TCPA takes hold (that is right people TCPA means you will have mod-chip your PC). The whole point is to make sure that circumvention of DRM requires more effort than the masses will spend - requiring an expensive and illegal modchip to be attained is considered enough.
It has been said a million times, yet apparently it bairs repeating. The "security" aspects of TCPA are redundant, unnecessary, and at best useful but could be made a lot better if the chip was designed for security rather than DRM. The whole system really exists only for one purpose: as a trojan horse to implement something called "remote attestation" in PCs.
What is remote attestation? Basically, it means that the TCPA chip, which you cannot control, can read what operating system you have loaded, and send a reponse proving that you are running a certain operating system to others on the Internet. The purpose of this, of course, is so that the operating system can be verified not to have it's DRM functions cracked, so that the RIAA and MPAA can send you data and make sure that they get to decide what you do with it.
The people pushing TCPA will claim that it is not for DRM, but that is a smokescreen and only a smokescreen. While TCPA does not do DRM itself, it is the enabling component that is needed so that software can implement DRM without being circumventable.
What does this mean for a "trusted Linux"? It means that while it is completely possible to have a Linux system working with TCPA, once you change anything in the system, the TCPA chip will notice you are running a modified system, and nolonger let your data. So while the software may nominally remain under the GPL, it will be the death of the free software model, because users who wish to tinker with their systems will be locked off the Internet (Cisco is already talking about systems to have ISPs demand remote attestation when TCPA is in place). TCPA and Linux can be combined in theory, but only in theory - in reality they cannot ever coexist.
Those who do not believe me (or those who are inclined to believe the MS shills who will respond saying that I am wrong), should read EFFs analysis of TCPA where they give a simple way that the chip could be changed to allow all uses except remote attestation intended to force people to use certain operating systems and enforce DRM over the user. It has been completely ignored by the manufacturers of TCPA.
Anyway, try it out. In the long run, it kicks my butt. I try to make 'random' decisions, but still go below.500 -- which is interesting, because that implies that perhaps subconsciously we're always applying patterns...
There are many tricks you can use to generate random data in your head. In this case, you can divide the alphabet into three parts (begining = rock, middle = paper, end = scissors). Now think of words using free association, and use the last letter of the word to decide what to do. It isn't a statistically perfect technique (unless you are careful) but I had no trouble playing that machine using it (up ten over a hundred games).
The problem is, I guess, that people equate choosing randomly with "choosing without thinking about it".
It means if you replace the current style of bodywork by a box, the car will be 75% slower.
Isn't that rather arbitrary. I mean, if you replace it with a full rig sail the car will hardly be able to move. So then it must be 99.99% of performance really?
Yes, it is impossible to for two hosts behind stateful NAT firewalls to communicate if they do not have some third party "matchmaker" to tell them: "start sending packets from this port to that port at that host". But the point is that this matchmaker still has a very low load, and can exit once the connection is established, so that is not that bad compared to what would happen if he served as a proxy for all the data instead.
This definitely an ugly hack, but all NAT is really just an ugly hack, so it isn't that surprising.
"UDP hole punching" is a simple technique, already used by many games, to allow two computers behind NAT firewalls to talk directly to one another.
Basically it works because UDP doesn't work very well with NATs, and so the NAT has to have a very general policy on what it forwards. UDP is a packet (datagram) based protocol. Each UDP packet is actually just an IP packet with two extra headers added - the source port and the destination port, and then just the data. So how can a NAT know which host on the local network it should send a UDP packet to? It can't really, so it is forced to guess, and the classical way to do this simply to forward incoming UDP packets with a given source port to a host that recently sent an outgoing UDP packet from that source port.
This allows hosts behind the NAT to open something like a server port, by simply sending packets from a certain source port out to the Internet regularly, thus making sure that packets sent to that destination port from the Internet will be sent to them. Note though that this also reveals the scalability problem with UDP and NATs: if you have many machines sending UDP packets from the same ports you get a problem.
On modern, stateful, firewalls, the NATs are slightly smarter, and will only forward the UDP packet to a node in the internal network if that recently sent a packet from the destination port of the incoming packet, and to the host that the incoming packet was sent from. This makes it impossible to act as a general "server", but UDP hole punching is still possible if you have an intermediary who can tell two NATed hosts to start sending UDP packets to each other with certain port values. This means that a non-NATed host is still needed, but it doesn't need to forward all the traffic between the two others, like it would with a proxy solution.
Blah, I meant this to be short, but instead I wasted my time writing a long slashdot post, and now there is probably already a +5 with a shorter description. Everybody mock me...
Re:I would have thought that the Internet had more
on
Wal-Mart's Data Obsession
·
· Score: 4, Informative
People who call themselves "experts" but are really just talking out of their asses do. Consider that The Internet Archive alone contains more than a petabyte (1024 terrabyte) of data, all of it accessible, and that they are adding on the order of 20 terrabyte a day, and you start realizing how much bigger the Web is.
Essentially, the objection to this is, as with the RIAA suits, that they are attempting to solve a problem of massive civil disobediance by going after a few peple and making examples of them with disproportional punishments.
Tax avoidance is illegal and it isn't wrong for the government to enforce those laws, but I think we can all agree that it is wrong for the government to sieze all assets of somebody who missed declaring a couple of thousand dollars of income. The philosophy behind these lawsuits is: millions of people are breaking the law, and we can solve this by taking a couple of hundred of them and fucking them over in a way they nowhere near deserve, in order to scare everybody else. That is not how a society built on justice should work.
So you have done this have you, or did you just decide that talking out of your ass would probably get you moderated up?
There is no "directory" that holds the music, the iPod is purposely crippled to split it into something like 100 directories, and spreads the files randomly around them with random file names. The only way to find the song you wish to copy, or, God forbid, the album, is to have an app that reads the iPod's proprietary database file and finds the filenames that way.
Such apps have been written, and Apple is busy breaking them for no good reason other than making life worse for its customers.
This would be a very good theory except that in the US sales tax is added to the advertised price, so buying something costing $1.95 you pay the cashier $2.06 or something anyways (this is also the reason why you pockets inevitably fill up with change in America, when they do not in Europe).
I'm not blowing off the fact that the open source browsers did not pass this test, I'm just saying that it does not say that much about IE's security that it passes a test it was optimized for. If security were about responding well to random data, then it would not be so difficult.
Furthermore, this kind of test is standard within Microsoft (feed random inputs to all possible input locations).
So what you are saying is that this article consists of a Microsoft employee applying one type of stability test, one that happens to be used inside Microsoft, to their own browser, which has been patched against exactly this test, and others. Permit me to say I am somewhat underwhelmed by IEs amazing performance.
This is the security equivalent of Microsoft's "benchmarks" where the benchmark is decided first, then just those operations are optimized, and, wow and amazement, Micrsoft's products perform great.
While it is bad that the open source browsers crash on random input, this is only one, rather limited, test of security. Security against targetted attacks is a much harder, different problem. (CRC32 performs great at spotting random changes in Inputer - want to use to digitally sign your payments?)
Slashdot Mirror
Linus is already working full time on free software under RMSes favorite license. Let him use Visual Studio, SourceSafe and Word ...
OSDL should have recognized that Linux is a more important project than reverse-engineering BitKeeper and told their employees not to do that on company time/servers or get fired.
Question: If Linus HAD been using VS, SourceSafe etc, and it had been Microsoft who had been pissed off about Tridge's reverse engineering of protocols, should OSDL have layed down the law against Tridge as well?
Should they have said "Linux is more important than Samba, so Tridge has to stop working on it to make sure that Linus can keep is Visual Studio license"? Since when does a proprietary software developer get to hold the community hostage by threatening to pull its licenses? How stupid do you have to be to consider that a good thing?
Then they're not Conservatives. See also my claim about Purple Cows.
// oskar
Because you decided that? To be a conservative means that you resist change in society. The only reasonable way that being a conservative means "wanting government off your back" is if you come from a country with a tradition of having government off your back. And in this day, that isn't really true anywhere.
Actually though, there is a word for somebody who wants a small government and who wants to maximize individual freedom. The word is: liberal. Look it up.
This clearly has no hacker cred what so ever if Visual Studio won't compile it!
(Real men use visual basic!!!!)
To make it even better, imagine John Cleese reading it:
"pr0n": An anagram of "porn," possibly indicating the use of pornography.
I appreciate the effort, but in real life she is 19, so you can stop rationalizing...
. Your only chance is to export it as a raster image and import it in OO. The result is horrible by all means. Horrible size, horrible visually, horrible in a print form and horrible to edit.
What about eps?
That is nothing. This post has been encrypted with an unbreakable one-time-pad! TWICE!
The tenacity of your attempts to replace logic with rhetoric would be impressive if it wasn't so braindead.
And casinos likewise operate without any oversight or auditing whatsoever. Millions of people play these games every day. Adding security can only benefit them.
No, adding a sense of false security does not make things better. People who play on online casinos today do not expect there to be software controling that the game is fair: to the extent they care they go by reputation and testing just like I suggested. TCP adds nothing - absolutely nothing - to make this more secure. The same thing goes for voting.
You're the one who's got to be kidding! Have you not heard of the many new forms of malware which are going after banking account numbers and infiltrating themselves into secure banking transactions? TC can stop these cold via sealed storage and remote attestation. Again, you are arguing that we should deny users access to these technologies purely for political reasons because you don't like the technology.
If the TCPA application of your bank were intended to stop malware, then it would have no problem with the EFF's proposed owner override. So once again with the lies!
I won't go through the rest of your "analysis" because it's the same kind of bullshit.
LOL. "I won't even begin to counter your arguments that the world is round because it is such bullshit."
My guess is that you are worried that TC will make it harder for you to pirate your favorate songs and movies.
No, no, try harder: what I actually care about is abudcting and sexually abusing small children. And strangling puppies. And helping the turrists!
TCPA is a technology designed from the ground up for exclusion. The fundamental question of the next century, as with the previous ones, is whether we wish to build and open society or a closed one, and TCPA is ultimate tool for those who wish to close our networks. The goal of TCPA is facilitate the handing over of control of our communication devices to others, so that our computers can decide what we cannot and cannot do with them, can and cannot run with them (if we still wish to access our data and the Internet), and ultimately dictate the parameters of all networked communication. Anyone who accepts TCPA accepts that he should live in digital prison, that his doors should be locked from the outside, that a priori restraint should be placed on his ability talk to others, and that not only the Internet, but all computing and all our data should be placed in the hands of a centralized few.
You, sir, disgust me.
Like it or not, we should make social policy that considers the welfare of the large numbers of people over the welfare of the selfish few.
// oskar
No, the central pillars of our civilization are liberty and self-determinism, not utilitarianism as you would have it. Utilitarianism has, on the other hand, been the justification for every great evil visited upon the world the last century and more.
Further see this blog entry by the same author on good uses of Trusted Computing all of which rely on the supposedly evil Remote Attestation feature.
So I shall go through these one by one:
Online Elections
Um, no. Any trusted client system relies on keeping the client from tinkering with the TCP chip, and while this might be sufficiently complicated to keep people from copying your precious MP3s, it is not nearly secure enough for an election. I will be dead before I take part in an election where any sucker with a mod-chip can rig it!
Online Gambling
See the last comment. The financial incentive for rip-off casinos to hack the TC chips would be huge - so huge that I almost smile when I think about this use since it makes me more sure than ever that there will be modchips available. A much better system to secure against this is to play at reputable casinos and are tested by indpendents doing statistical analysis.
Financial Transactions
You've got to be kidding! I'm suppose to trust my bank to take care of my money if they cannot write a banking interface that doesn't rely on controling the client to keep it safe? You may claim Internet banking is in it's infancy, but I have been using it for five years and I cannot think of a single security threat against it caused by me being able to use Mozilla rather than IE to access the bank.
VPNs
The use attestation described here would not be the slightest affected by EFFs "owner override" suggestion.
P2P
P2P systems are not exactly suffering at the moment... Bittorrent has showed that tit-for-tat type trust systems work very well to keep clients in line, without sacrificing interopterability between different clients and the ability for people to develop clients on their own.
Remailers
This is pure speculation. I would like to see the remailer user who would think that trusting that TCPA will hide the message from the owner of the computer (jesus! that people cannot see what is wrong with this!) is better than a secure system.
Corporate DRM
See the first two objections. But we are getting closer to the true purpose!
Online Shopping Privacy
Because certified sites have never broken their statements, and certified operating systems like Windows have never been cracked. The idea that the problem with online shopping privacy is that you cannot trust that store is running Windows (or, yes, the single certified version of Linux that will be three years behind current development) is silly.
There are a couple of entries that are at least somewhat true:
Multi-player Games
Selling CPU Cycles
but they hardly make a good case for implementing an Internet covering lock-out system. I very much doubt anyone will bother with the latter, and the former is best done on games consoles anyways.
Conclusion
The author of that blog is full of shit. And the worst thing is that he is obviously intelligent and informed, so he most likely knows that he is completely full of shit. I can't for the life of me understand why people like that wish to sell out our digital future to one of exclusion and centralized control, but hey, it is a free Internet (so far...)
Could be useful for electronic voting.
Think again, the manufacturers of TCPA have admitted that they are not secure against hardware manipulation. It is likely that we will begin to see TCPA mod-chips hitting the market soon after TCPA takes hold (that is right people TCPA means you will have mod-chip your PC). The whole point is to make sure that circumvention of DRM requires more effort than the masses will spend - requiring an expensive and illegal modchip to be attained is considered enough.
It has been said a million times, yet apparently it bairs repeating. The "security" aspects of TCPA are redundant, unnecessary, and at best useful but could be made a lot better if the chip was designed for security rather than DRM. The whole system really exists only for one purpose: as a trojan horse to implement something called "remote attestation" in PCs.
What is remote attestation? Basically, it means that the TCPA chip, which you cannot control, can read what operating system you have loaded, and send a reponse proving that you are running a certain operating system to others on the Internet. The purpose of this, of course, is so that the operating system can be verified not to have it's DRM functions cracked, so that the RIAA and MPAA can send you data and make sure that they get to decide what you do with it.
The people pushing TCPA will claim that it is not for DRM, but that is a smokescreen and only a smokescreen. While TCPA does not do DRM itself, it is the enabling component that is needed so that software can implement DRM without being circumventable.
What does this mean for a "trusted Linux"? It means that while it is completely possible to have a Linux system working with TCPA, once you change anything in the system, the TCPA chip will notice you are running a modified system, and nolonger let your data. So while the software may nominally remain under the GPL, it will be the death of the free software model, because users who wish to tinker with their systems will be locked off the Internet (Cisco is already talking about systems to have ISPs demand remote attestation when TCPA is in place). TCPA and Linux can be combined in theory, but only in theory - in reality they cannot ever coexist.
Those who do not believe me (or those who are inclined to believe the MS shills who will respond saying that I am wrong), should read EFFs analysis of TCPA where they give a simple way that the chip could be changed to allow all uses except remote attestation intended to force people to use certain operating systems and enforce DRM over the user. It has been completely ignored by the manufacturers of TCPA.
Darn. I could compile it from source, but I have been avoiding that ever since I switched to Ubuntu.
Any chance you could point us at where you got the source to this completely proprietary, closed source application?
(PS Use alien.)
Well, that's it, I'm not working on Firefox... ever...
------- Additional Comment #91 From Blake Ross 2004-11-17 11:49 PST [reply] -------
Verified, I watched it with my own eyes. But if I recall correctly, it was only $49.
If there are any "hyatt should give ben a lap dance" bugs, those can be resolved
too. What a crazy night it was.
Anyway, try it out. In the long run, it kicks my butt. I try to make 'random' decisions, but still go below .500 -- which is interesting, because that implies that perhaps subconsciously we're always applying patterns...
There are many tricks you can use to generate random data in your head. In this case, you can divide the alphabet into three parts (begining = rock, middle = paper, end = scissors). Now think of words using free association, and use the last letter of the word to decide what to do. It isn't a statistically perfect technique (unless you are careful) but I had no trouble playing that machine using it (up ten over a hundred games).
The problem is, I guess, that people equate choosing randomly with "choosing without thinking about it".
It means if you replace the current style of bodywork by a box, the car will be 75% slower.
Isn't that rather arbitrary. I mean, if you replace it with a full rig sail the car will hardly be able to move. So then it must be 99.99% of performance really?
Yes, it is impossible to for two hosts behind stateful NAT firewalls to communicate if they do not have some third party "matchmaker" to tell them: "start sending packets from this port to that port at that host". But the point is that this matchmaker still has a very low load, and can exit once the connection is established, so that is not that bad compared to what would happen if he served as a proxy for all the data instead.
This definitely an ugly hack, but all NAT is really just an ugly hack, so it isn't that surprising.
"UDP hole punching" is a simple technique, already used by many games, to allow two computers behind NAT firewalls to talk directly to one another.
Basically it works because UDP doesn't work very well with NATs, and so the NAT has to have a very general policy on what it forwards. UDP is a packet (datagram) based protocol. Each UDP packet is actually just an IP packet with two extra headers added - the source port and the destination port, and then just the data. So how can a NAT know which host on the local network it should send a UDP packet to? It can't really, so it is forced to guess, and the classical way to do this simply to forward incoming UDP packets with a given source port to a host that recently sent an outgoing UDP packet from that source port.
This allows hosts behind the NAT to open something like a server port, by simply sending packets from a certain source port out to the Internet regularly, thus making sure that packets sent to that destination port from the Internet will be sent to them. Note though that this also reveals the scalability problem with UDP and NATs: if you have many machines sending UDP packets from the same ports you get a problem.
On modern, stateful, firewalls, the NATs are slightly smarter, and will only forward the UDP packet to a node in the internal network if that recently sent a packet from the destination port of the incoming packet, and to the host that the incoming packet was sent from. This makes it impossible to act as a general "server", but UDP hole punching is still possible if you have an intermediary who can tell two NATed hosts to start sending UDP packets to each other with certain port values. This means that a non-NATed host is still needed, but it doesn't need to forward all the traffic between the two others, like it would with a proxy solution.
Blah, I meant this to be short, but instead I wasted my time writing a long slashdot post, and now there is probably already a +5 with a shorter description. Everybody mock me...
People who call themselves "experts" but are really just talking out of their asses do. Consider that The Internet Archive alone contains more than a petabyte (1024 terrabyte) of data, all of it accessible, and that they are adding on the order of 20 terrabyte a day, and you start realizing how much bigger the Web is.
Essentially, the objection to this is, as with the RIAA suits, that they are attempting to solve a problem of massive civil disobediance by going after a few peple and making examples of them with disproportional punishments.
Tax avoidance is illegal and it isn't wrong for the government to enforce those laws, but I think we can all agree that it is wrong for the government to sieze all assets of somebody who missed declaring a couple of thousand dollars of income. The philosophy behind these lawsuits is: millions of people are breaking the law, and we can solve this by taking a couple of hundred of them and fucking them over in a way they nowhere near deserve, in order to scare everybody else. That is not how a society built on justice should work.
So you have done this have you, or did you just decide that talking out of your ass would probably get you moderated up?
There is no "directory" that holds the music, the iPod is purposely crippled to split it into something like 100 directories, and spreads the files randomly around them with random file names. The only way to find the song you wish to copy, or, God forbid, the album, is to have an app that reads the iPod's proprietary database file and finds the filenames that way.
Such apps have been written, and Apple is busy breaking them for no good reason other than making life worse for its customers.
When the Facts are clearly biased against the poster!
This would be a very good theory except that in the US sales tax is added to the advertised price, so buying something costing $1.95 you pay the cashier $2.06 or something anyways (this is also the reason why you pockets inevitably fill up with change in America, when they do not in Europe).
I'm not blowing off the fact that the open source browsers did not pass this test, I'm just saying that it does not say that much about IE's security that it passes a test it was optimized for. If security were about responding well to random data, then it would not be so difficult.
Furthermore, this kind of test is standard within Microsoft (feed random inputs to all possible input locations).
So what you are saying is that this article consists of a Microsoft employee applying one type of stability test, one that happens to be used inside Microsoft, to their own browser, which has been patched against exactly this test, and others. Permit me to say I am somewhat underwhelmed by IEs amazing performance.
This is the security equivalent of Microsoft's "benchmarks" where the benchmark is decided first, then just those operations are optimized, and, wow and amazement, Micrsoft's products perform great.
While it is bad that the open source browsers crash on random input, this is only one, rather limited, test of security. Security against targetted attacks is a much harder, different problem. (CRC32 performs great at spotting random changes in Inputer - want to use to digitally sign your payments?)