Re:Rough Explanation-Bring enought for everyone?
on
HDTV via GNU Radio
·
· Score: 1
The majority of the rest of the world is not connected to network backbones that support multicast. Also, ATSC can carry MPEG-2 streams with a maxium burst of around 19.2Mbps. For a 100Mbps network or even a 55Mbps wireless, this isn't much of a limitation to retransmittion. But for most DSL/cable connections this limitation will keep retransmittion from ever occuring real-time without re-encoding.
"The actual resolution of HDTV streams transmitted will usually be 1920x1088, because MPEG-2 requires the number of lines to be in multiples of 16 (1088 lines = 68 x 16)."
Also, keep in mind that the popular CRT and projection projection TVs will purposily overscan the picture such that some of the lines are pushed outside of the viewing area. So, while 1088 lines are broadcast, a projection TV may only show 1076 of them and clip 6 lines each from top and bottom. If overscanning results in only 4 lines being clipped then you will actually see only 1080 of the 1088 lines of MPEG-2 stream.
The width of 2730 pixels appears to be intended get close to the correct aspect ratio when displayed on a computer monitor. Based on how the people's heads look on my monitor, it seems to be a little over stretched. But when I return the images to 1920x1088, they clearly look squeezed.
As an additional side note about SA not blocking content, the feedback I got regarding the default for mime_defang (a configuration option still not listed online) was that SA "might as well have deleted the HTML email" since it made it just as unreadable from their prospective.
Oh, first one other comment: SpamAssassin does not block content. SpamAssassin only flags probable spam. What the site or user does with that flag is their own business. Some mail administrators misuse SpamAssassin to block email, but we do not recommend blocking email. Really.
You may want to have a talk with the maintainers of amavisd-new about the default behavior of their program when using SA. Other contrib applications such as spamgate.py also promote the concept of a quarantie/spamtrap address which email gets redirected too. As these contributions continue to grow it will be harder for end users to figure out what is supposed to be the vanella behavior of SpamAssassin and what is behavior that is just common to contrib works for using SA.
Does SpamAssassin have any "use guidelines" for developers that want to integrate SA into their code?
When we put SpamAssassin into production, our organization decided to use it to mark email that tested postive for being in RBL. What ended up being discovered was that by not blocking RBL email, the mail server was getting swamped and back-logged. The logs showed that what normally pushed the mail servers into a snowball of back-log was not classic SPAM with a fraudulent from address but tons of email from "targetted opt-in email" systems such as vmadmin.com and MicroSoft's own Bcentral. Dealing with the latency caused by this required either getting budget approval for better email servers or blocking the targetted email. When communicating with these targetted opt-in email companies which claimed to be "different than SPAM", we found two things that remained consistent:
1) Despite charging the author of the email, they claimed that none of the charge should be passed on to the recieving company/organization since the user "opt-in"
2) The targetted e-mail company is not responsible for explaining from what IP address and when the e-mail account owner opt-in--even when presented with facts showing that the e-mail was sent to a fake/invalid e-mail account.
So, because we where not entitled to assistance in budgetting new hardware and because the companies could not provide an acceptable defination of "opt-in," our organization now explicidily rejects ALL SMTP RCPT from these companies. Oh... and the latency for processing incoming email has gone back to normal.:)
The FSF vigorously defends its copyright on code it owns; it does not own Linux. It will be up to Linus and gang to defend their own copyright, though the FSF might offer to assist.
Please give the specifics of where/when/how the FSF has "vigorously defends it's copyright on code it owns." I have never heard of any case where the FSF has ordered a company to cease distribution. For example, Dell/Red Hat continued to violate the GPL another 3 months after the FSF was informed. All they seemed to do was advise Dell what they expected and then left it up to Dell when to get around to it. You better believe if I was violating the Dell license that they would be issuing a cease and desist letter that Dell would expect honored immediately. Vigorously defending should not allow for "whenever you get around to it please follow these things which where told to you in the license in the first place" type attitude.
RMS and other folks at GNU typically respond to issues such as these. That is, when people/companies have not followed the licencsing of GPL'd software. I believe the offending party has usually changed their policies and was never actually taken to court.
IIRC, RMS has actually been anticipating for a serious GPL breach to rear its head, so it can provide an actual legal acid test of the GPL. I don't believe any organization/company has ever gone to court over GPL violations. Winning any courtroom legal victory would be a huge boon to for the GPL, as it would demonstrate it's legal resiliance. IANAL, of course.
The Free Software Foundation makes every effort to make sure a GPL violation case never makes it to court all the way to the point of doing nothing for long periods of time. There was a case where the Dell/Red Hat alliance violating the GPL since Feburary 2002. When I notified the FSF about it in July of 2002, I was asked not to go public with this GPL violation that spanned an entire GNU/Linux distribution worth of packages. When I confirmed the violation was continuing in October of 2002, they still sat on the same request to do nothing. It was not until around December that the companies got around to honoring the written word of the license and they still have not truely honored the spirit of GPL.
I find it interesting how much Slashdot has love/hate relationships over different things. Take for example the war of words that went on with Slashdot about KDE. People where talking about how KDE programs broke from the true faith. There was flaimbaits about Troll Tech. And bashing of the QPL. Then discussion on "Project Harmony" to bring the community back together. And finally Troll Tech going GPL with Qt.
But now we have Apple with Aqua API and Carbon API. Apple has put their legal dogs on the Free Software and Open Source community time and time again. You would have thought that the legal "look-and-feel" wars would have ended when the courts got done with Lotus vs. Borland, but Apple is ready to show it can bully every little guy over look-and-feel all over again. In the past, we have worked towards compatiblity and portablity by cloning the API and look-and-feel. With OSI's Motif, we produced Lesstif that follows the same API and look-and-feel. When the license of Qt was in question, the Harmony project cloned the API and look-and-feel. Winelib makes porting Win32 apps easier because it clones the API and the look-and-feel. But, Apple has made it clear by drawing a line in the sand when it comes to both the API and the look-and-feel of Aqua and Carbon. Porting Aqua applications to an OS that doesn't have Aqua is non-trival. Porting Carbon applications to an OS that doesn't have Carbon is non-trival. And if we ever so slightly cross that line that Apple has drawn to try to make it easier in the long run to port application back then they will bully us again. Regardless of what percentage of modern KHTML is Apple contribution, I still see Apple as a bully and a leech. They do not play fair and it is by being a bully they hope to ensure that the MacOS X desktop becomes a superset of any other *nix desktop. Just like in a certain company's commerical about 1984, we are being told with lawyers that Aqua and Carbon can only be done one way from one company. If we continue the route that Apple being "friends" will lead us then we will see why 2004 will be like Orwell's 1984. We are now facing a much bigger threat than "QPL."
Well, for those of us that got sold on the Slashdot article on the Creative Labs VoIP Blaster, I have good new! The diary for Damien Sandras (the author of the GnomeMeeting project) indicates that GnomeMeeting supports VoIPBlaster which provides GM access to the patented G.723.1 audio codec without having to buy a $100+ LinuxJack card. If only MicroTelco could convince SB to mass produce the VoIP Blaster again...
Ever wonder why slashdot won't fire his ass? I know that he is Chris Burke from Life goes on. But I still expect better.
That is not funny. Chris Burke is the editor-in-chief of the NDSS quarterly magazine and does do a better editorial job. Before you go declairing to know who Timothy is, why don't you find out who you are, "Anonymous Coward." Based on how low your comment is, I think it is fairly clear that Chris Burke surpasses any level of expectation that you have for yourself.
When I see dups like this, I often wonder what gets thrown out in favor of repeating the same exact stuff? Instead of meta-moderating comments, is there anyway to get to the raw Slashdot submissions? Maybe even meta-moderate the raw submissions?
What really has me stumped, is while Slashdot acknowledges the repeation behavior of Spam and the ability to use gzip to filter spam, they can't come up with anything to locate how much Slashdot repeats.
Some of the excuses is that link checking won't work since repeats are due to similar stories at complettely different URLs such as CNET and Wired both reporting on the same new advancement in electronics. Ok, that seems like a worthy excuse to explore:
On Sunday, January 26th, michael posted a linke to: http://www.guardian.co.uk/online/comment/stor y/0,1 2449,881780,00.html
On Tuesday, January 28th, timothy posted a link to: http://www.guardian.co.uk/online/comment/stor y/0,1 2449,881780,00.html
Hmmm... looks like link checking would have caught this. But lets say the links where different. How about the Slashdot search engine. If we look for the title "Why VHS Was Better Than Betamax" which was posted by Timothy and "order by score" then "Why VHS Was Better" from Jan 26th gets a score of 1.0 and is listed immediately after Timothy's new post. The next score drops down to 0.4.
So, even if link checking would have missed this duplicate, the Slashdot search engine scoring might be of assistance to an "editor."
But I really think this shows that Slashcode should allow the readers to assist in the editorial process. Users that login should be able to get ten random submissions of which they can do the following:
- Recommend to be rejected for containing a broken URL - Recommend to be reject because wording of scoop does not make sense - Recommend to be reject because the article is clearly an advertizement - Recommend to be reject because the article is a duplicate - Suggest alternative Subject wording - Suggest alternative Topic or Section area - Rank level of how interesting the article is
If I remove my video card, Netscape v2's SSL will still be insecure. Your "solution" does not solve poor algorithms for generating private keys. I have not yet run into any disk drives, video cards or SCSI host adapters that claim to be part of providing an encryption solution. I have run into two different types of network cards that claim to be part of an encryption solution, IPSec Accelrators and 802.11 cards with WEP. With every network card that does IPSec in hardware I have run into, I get to choose the algorithm that generates the encryption key so I don't have to trust a prioritary seed generator. And in terms of WEP, well... I guess WEP just goes to show why we can't trust hardware/firmware that claims to be part of a security solution. Would you recommend that I take my video card, which does not claim to be a security device at all, out of my system to fix WEP?
The TCPA is a method that would due well to get the backing of security groups. ATI and Nvidea aren't trying to get any security groups to claim that their products improve security. In fact, we have already informed them what we think about their products broadcast everything they display for a tempist attack. But while IBM seems to be "laying it all out" by promoting TCPA as an open standard with their solution useable with GPL drivers, they leave out access to a critical component that has a history of being flawed--anotherwords the source of entropy for generating the key. Since the firmware generates the key and does not accept a key from an external source, the only way to audit the strength of the key produced is to audit the firmware itself. IBM still has not made that available. Without that, I submit that the usefulness of the GPL driver for IBM TCPA is compariable with the usefulness for a GPL driver to a 802.11 card with WEP. There are other known attacks for encryption devices that we could help address with the source to the firmware but not with the source to the driver.
Part of what IBM seems to be marketing is a prioritary encryption key generator, but I think we have already learned from the seed prediction of the SSL for Netscape v2 that prioritary encryption key generators tend to weaken the strength of the encryption. No where in the entire page does it explain who was permitted to audit the firmware. While the driver is GPL, there is still a great deal of trust that the user must put in the closed source firmware when using the driver.
IBM has shown that the 1st generation of TCPA is not a threat. They have not made any promises about the long term impact of TCPA. What happens when TCPA v2 comes out? Take this for example, my IBM sales rep. pushes SSA as the next great thing since SCSI. He went on and on about how IBM purposed SSA as a "SCSI v3 standard" and blah blah blah. So, we bought into it. Now IBM is talking about how Linux can be run on several IBM servers including the IBM RS/6000 F50 that we have. Ok. We try upgrading and sure enough the install CD boots... but there is no hard drives to install on. Of all 18 drives, Linux does not recognize a single one. But this is "True Blue" so we should be able to get the programming specs for the SSA controller. And after we get bounced around *SEVERAL* times, we are told that AIX 5"L" is "just like Linux or even better." The reality turns out to be the following:
Programs written to use/dev/random do not function as expected under AIX 5L
Programs written to use the Pluggable Authentication Modules (PAM) API do not function as expected under AIX 5L
Programs written to the Linux VFS module API do not function at all under AIX 5L
The list goes on....
So, IBM can prove that Linux runs on an IBM RS/6000 F50 with SCSI. But if you go to IBM's "Next Generation," anotherwords SSA, Linux is render useless and IBM promotes AIX 5"L" which falls short of everything we expect of a GNU/Linux distribution. Now IBM proves Linux runs on a current generation of TCPA. What does that mean in terms of being able to use Linux on the next generation of TCPA? Well, based on the source of this report, being IBM, and their handling of SSA technical specs, I'm pritty confident in saying that for the TCPA-NG we will be hearing alot more about how AIX 6"LL" has twice the "L" in the name as AIX 5 had so it "must" be more Linux-like.
Trust IBM and you will end up feeling "True Blue" or truely blue.
The primary page for the recall is http://www.apcc.com/rely/. The main page includes a link to perform online registration for the recall instead of waiting on hold via phone. The link is similar to the URL given in the story but without the "pressrel.cfm" at the end for going to the press release. In fact, the main page includes a link to the press release but the PR does not include a link directly to the recall main page.
Dell has been a reseller of the APC Back-UPS CS 500 as an optional accessory when buying Dell computers. The one that came with my Dell Dimension 4100 has the recall serial number on it.
The letter goes a little more something like this:
Me and "Freddy" here, don't consider us rough guys cuz we look rough. We just want to talk to you friendly like.
First, we noticed that most of your posts only have a score of 1. We don't like that too much and think you should only post when you have something worth saying.
Second, your free to use the word "Slashdot" but we don't like it too much if ya use it in the Subject of your posts.
Third, we think maybe you should continue doing your posting via your employeer instead of posting directly.
He was contributing and asking for nothing in return--he had nothing to loose and everything to gain from dropping. Making first contact with a lawyer is not a friendly or political way to recognize that the person your dealing with is giving much more than he has taken. To make the first part of that letter a statement of dislike definately sours things more. After two "warning shots across the bow" of a letter from a lawyer starting on a bad note, it really don't matter if there is a point 2 or 3. Consider how much you would want to continue contributing to Slashdot if you recieved a letter like the one above.
Like I said killed OSS projects are bad, mmmkay? But, a single, united, SUPPORTED p2p network is (maybe) worth it.
Yes! Yes! Apple iTool Licenses will become "Information Purification Directives." There will be an ideology that is "secure from the pests of any contradictory true thoughts." After all, "we are one people, with one will, one resolve, one cause."
But if this is what Apple ultimate goal then why did their advertizement feature an Apple women throwing a hammer at the person giving their "Unification of Thoughts" speech? I mean, why build a machine so that '1984 won't be like 1984' just to make 2003 like 1984?
A while back, CmdrTaco recommended a URL for AvantGo users to use to read Slashdot with. So, I add it to my AvantGo list. Look below to see what I get as my Slashdot channel in AvantGo now.
Similar to the barcode door situation website, Slashdot has choosen to ban access. Unlike the barcode door situation website, Slashdot was aware of interest by AvantGo users to "link" to Slashdot and even RECOMMENDED it to AvantGo users.
Most of the claims below do not apply to AvantGo. The AvantGo servers put a 200K cap download per channel which limits the usefulness to try to use AvantGo to perform DDoS attacks. Anyone that has used AvantGo knows it's unlikely that someone would try to use it's limited interface to post at all including attempting to formulate a post to break brower rendering. And while AvantGo is a proxy server, anyone that has used it also knows that it doesn't act like a "normal human" because it is used for offline reading. So, CmdrTaco recommended AvantGo use for reading Slashdot knowing it is an offline reader proxy and then puts up a bunch of unrelated excuses why he is blocking it. And, btw, the "proxy administrator" (anotherwords, AvantGo) could care less if Slashdot blocks it. The contact the proxy administrator to get access back to something that CmdrTaco recommended using is pure bull-dung.
I think Drew is handling the barcode door website issue much better. At least the ban explaination page is to the point why the ban was needed instead of the CmdrTaco core dump of unrelated excuses for blocking AvantGo.
Anyways, the Slashdot channel via AvantGo is as follows:
Either your network or ip address has been banned from this site
due to script flooding that originated from your network or ip address -- or this IP might have been used to post comments designed to break web browser rendering. If you feel that this is unwarranted, feel free to include your IP address (64.157.224.70) in the subject of an email, and we will examine why there is a ban. If you fail to include the IP address (again, in the Subject!), then your message will be deleted and ignored. I mean come on, we're good, we're not psychic.
Since you can't read the FAQ because you're banned, here's the relevant portion:
Why is my IP banned?
- Perhaps you are running some sort of program that loaded thousands of Slashdot Pages. We have limited resources here and are fairly protective of them. We need to make sure that everyone shares. If your IP loads thousands of pages in a day, you will likely be banned. Please note that many proxy servers load large quanitites of pages, but we can usually distinguish between proxy servers being used by humans, and IPs running software that is hammering our servers.
- Your IP might have been used to perform some sort of denial of service attack against Slashdot. These range from simple programs that just load a lot of pages, to programs that attempt to coordinate an avalanche of posts in the forums (often through misconfigurated "Open Relay" proxy servers).
- You might be using a proxy server that is also being used by another person who did something from the above list. You should have your proxy server administrator contact us.
- Your IP might have been used to post comments designed to break web browser rendering.
Answered by: CmdrTaco Last Modified: 7/02/02
How do I get an IP Unbanned?
Email banned@slashdot.org. Make sure to include the IP in question, and any other pertinent information. If you are connecting through a proxy server, you might need to have your proxy server's admin contact us instead of you.
Slashdot Mirror
The majority of the rest of the world is not connected to network backbones that support multicast. Also, ATSC can carry MPEG-2 streams with a maxium burst of around 19.2Mbps. For a 100Mbps network or even a 55Mbps wireless, this isn't much of a limitation to retransmittion. But for most DSL/cable connections this limitation will keep retransmittion from ever occuring real-time without re-encoding.
Also, keep in mind that the popular CRT and projection projection TVs will purposily overscan the picture such that some of the lines are pushed outside of the viewing area. So, while 1088 lines are broadcast, a projection TV may only show 1076 of them and clip 6 lines each from top and bottom. If overscanning results in only 4 lines being clipped then you will actually see only 1080 of the 1088 lines of MPEG-2 stream.
The width of 2730 pixels appears to be intended get close to the correct aspect ratio when displayed on a computer monitor. Based on how the people's heads look on my monitor, it seems to be a little over stretched. But when I return the images to 1920x1088, they clearly look squeezed.
As an additional side note about SA not blocking content, the feedback I got regarding the default for mime_defang (a configuration option still not listed online) was that SA "might as well have deleted the HTML email" since it made it just as unreadable from their prospective.
You may want to have a talk with the maintainers of amavisd-new about the default behavior of their program when using SA. Other contrib applications such as spamgate.py also promote the concept of a quarantie/spamtrap address which email gets redirected too. As these contributions continue to grow it will be harder for end users to figure out what is supposed to be the vanella behavior of SpamAssassin and what is behavior that is just common to contrib works for using SA.
Does SpamAssassin have any "use guidelines" for developers that want to integrate SA into their code?
When we put SpamAssassin into production, our organization decided to use it to mark email that tested postive for being in RBL. What ended up being discovered was that by not blocking RBL email, the mail server was getting swamped and back-logged. The logs showed that what normally pushed the mail servers into a snowball of back-log was not classic SPAM with a fraudulent from address but tons of email from "targetted opt-in email" systems such as vmadmin.com and MicroSoft's own Bcentral. Dealing with the latency caused by this required either getting budget approval for better email servers or blocking the targetted email. When communicating with these targetted opt-in email companies which claimed to be "different than SPAM", we found two things that remained consistent:
:)
1) Despite charging the author of the email, they claimed that none of the charge should be passed on to the recieving company/organization since the user "opt-in"
2) The targetted e-mail company is not responsible for explaining from what IP address and when the e-mail account owner opt-in--even when presented with facts showing that the e-mail was sent to a fake/invalid e-mail account.
So, because we where not entitled to assistance in budgetting new hardware and because the companies could not provide an acceptable defination of "opt-in," our organization now explicidily rejects ALL SMTP RCPT from these companies. Oh... and the latency for processing incoming email has gone back to normal.
Please give the specifics of where/when/how the FSF has "vigorously defends it's copyright on code it owns." I have never heard of any case where the FSF has ordered a company to cease distribution. For example, Dell/Red Hat continued to violate the GPL another 3 months after the FSF was informed. All they seemed to do was advise Dell what they expected and then left it up to Dell when to get around to it. You better believe if I was violating the Dell license that they would be issuing a cease and desist letter that Dell would expect honored immediately. Vigorously defending should not allow for "whenever you get around to it please follow these things which where told to you in the license in the first place" type attitude.
The Free Software Foundation makes every effort to make sure a GPL violation case never makes it to court all the way to the point of doing nothing for long periods of time. There was a case where the Dell/Red Hat alliance violating the GPL since Feburary 2002. When I notified the FSF about it in July of 2002, I was asked not to go public with this GPL violation that spanned an entire GNU/Linux distribution worth of packages. When I confirmed the violation was continuing in October of 2002, they still sat on the same request to do nothing. It was not until around December that the companies got around to honoring the written word of the license and they still have not truely honored the spirit of GPL.
I find it interesting how much Slashdot has love/hate relationships over different things. Take for example the war of words that went on with Slashdot about KDE. People where talking about how KDE programs broke from the true faith. There was flaimbaits about Troll Tech. And bashing of the QPL. Then discussion on "Project Harmony" to bring the community back together. And finally Troll Tech going GPL with Qt.
But now we have Apple with Aqua API and Carbon API. Apple has put their legal dogs on the Free Software and Open Source community time and time again. You would have thought that the legal "look-and-feel" wars would have ended when the courts got done with Lotus vs. Borland, but Apple is ready to show it can bully every little guy over look-and-feel all over again. In the past, we have worked towards compatiblity and portablity by cloning the API and look-and-feel. With OSI's Motif, we produced Lesstif that follows the same API and look-and-feel. When the license of Qt was in question, the Harmony project cloned the API and look-and-feel. Winelib makes porting Win32 apps easier because it clones the API and the look-and-feel. But, Apple has made it clear by drawing a line in the sand when it comes to both the API and the look-and-feel of Aqua and Carbon. Porting Aqua applications to an OS that doesn't have Aqua is non-trival. Porting Carbon applications to an OS that doesn't have Carbon is non-trival. And if we ever so slightly cross that line that Apple has drawn to try to make it easier in the long run to port application back then they will bully us again. Regardless of what percentage of modern KHTML is Apple contribution, I still see Apple as a bully and a leech. They do not play fair and it is by being a bully they hope to ensure that the MacOS X desktop becomes a superset of any other *nix desktop. Just like in a certain company's commerical about 1984, we are being told with lawyers that Aqua and Carbon can only be done one way from one company. If we continue the route that Apple being "friends" will lead us then we will see why 2004 will be like Orwell's 1984. We are now facing a much bigger threat than "QPL."
Well, for those of us that got sold on the Slashdot article on the Creative Labs VoIP Blaster, I have good new! The diary for Damien Sandras (the author of the GnomeMeeting project) indicates that GnomeMeeting supports VoIPBlaster which provides GM access to the patented G.723.1 audio codec without having to buy a $100+ LinuxJack card. If only MicroTelco could convince SB to mass produce the VoIP Blaster again...
That is not funny. Chris Burke is the editor-in-chief of the NDSS quarterly magazine and does do a better editorial job. Before you go declairing to know who Timothy is, why don't you find out who you are, "Anonymous Coward." Based on how low your comment is, I think it is fairly clear that Chris Burke surpasses any level of expectation that you have for yourself.
I don't think even MacroVision can stop the
When I see dups like this, I often wonder what gets thrown out in favor of repeating the same exact stuff? Instead of meta-moderating comments, is there anyway to get to the raw Slashdot submissions? Maybe even meta-moderate the raw submissions?
r y/0,1 2449,881780,00.html
r y/0,1 2449,881780,00.html
What really has me stumped, is while Slashdot acknowledges the repeation behavior of Spam and the ability to use gzip to filter spam, they can't come up with anything to locate how much Slashdot repeats.
Some of the excuses is that link checking won't work since repeats are due to similar stories at complettely different URLs such as CNET and Wired both reporting on the same new advancement in electronics. Ok, that seems like a worthy excuse to explore:
On Sunday, January 26th, michael posted a linke to:
http://www.guardian.co.uk/online/comment/sto
On Tuesday, January 28th, timothy posted a link to:
http://www.guardian.co.uk/online/comment/sto
Hmmm... looks like link checking would have caught this. But lets say the links where different. How about the Slashdot search engine. If we look for the title "Why VHS Was Better Than Betamax" which was posted by Timothy and "order by score" then "Why VHS Was Better" from Jan 26th gets a score of 1.0 and is listed immediately after Timothy's new post. The next score drops down to 0.4.
So, even if link checking would have missed this duplicate, the Slashdot search engine scoring might be of assistance to an "editor."
But I really think this shows that Slashcode should allow the readers to assist in the editorial process. Users that login should be able to get ten random submissions of which they can do the following:
- Recommend to be rejected for containing a broken URL
- Recommend to be reject because wording of scoop does not make sense
- Recommend to be reject because the article is clearly an advertizement
- Recommend to be reject because the article is a duplicate
- Suggest alternative Subject wording
- Suggest alternative Topic or Section area
- Rank level of how interesting the article is
If I remove my video card, Netscape v2's SSL will still be insecure. Your "solution" does not solve poor algorithms for generating private keys. I have not yet run into any disk drives, video cards or SCSI host adapters that claim to be part of providing an encryption solution. I have run into two different types of network cards that claim to be part of an encryption solution, IPSec Accelrators and 802.11 cards with WEP. With every network card that does IPSec in hardware I have run into, I get to choose the algorithm that generates the encryption key so I don't have to trust a prioritary seed generator. And in terms of WEP, well... I guess WEP just goes to show why we can't trust hardware/firmware that claims to be part of a security solution. Would you recommend that I take my video card, which does not claim to be a security device at all, out of my system to fix WEP?
The TCPA is a method that would due well to get the backing of security groups. ATI and Nvidea aren't trying to get any security groups to claim that their products improve security. In fact, we have already informed them what we think about their products broadcast everything they display for a tempist attack. But while IBM seems to be "laying it all out" by promoting TCPA as an open standard with their solution useable with GPL drivers, they leave out access to a critical component that has a history of being flawed--anotherwords the source of entropy for generating the key. Since the firmware generates the key and does not accept a key from an external source, the only way to audit the strength of the key produced is to audit the firmware itself. IBM still has not made that available. Without that, I submit that the usefulness of the GPL driver for IBM TCPA is compariable with the usefulness for a GPL driver to a 802.11 card with WEP. There are other known attacks for encryption devices that we could help address with the source to the firmware but not with the source to the driver.
Part of what IBM seems to be marketing is a prioritary encryption key generator, but I think we have already learned from the seed prediction of the SSL for Netscape v2 that prioritary encryption key generators tend to weaken the strength of the encryption. No where in the entire page does it explain who was permitted to audit the firmware. While the driver is GPL, there is still a great deal of trust that the user must put in the closed source firmware when using the driver.
IBM has shown that the 1st generation of TCPA is not a threat. They have not made any promises about the long term impact of TCPA. What happens when TCPA v2 comes out? Take this for example, my IBM sales rep. pushes SSA as the next great thing since SCSI. He went on and on about how IBM purposed SSA as a "SCSI v3 standard" and blah blah blah. So, we bought into it. Now IBM is talking about how Linux can be run on several IBM servers including the IBM RS/6000 F50 that we have. Ok. We try upgrading and sure enough the install CD boots... but there is no hard drives to install on. Of all 18 drives, Linux does not recognize a single one. But this is "True Blue" so we should be able to get the programming specs for the SSA controller. And after we get bounced around *SEVERAL* times, we are told that AIX 5"L" is "just like Linux or even better." The reality turns out to be the following:
/dev/random do not function as expected under AIX 5L ....
Programs written to use
Programs written to use the Pluggable Authentication Modules (PAM) API do not function as expected under AIX 5L
Programs written to the Linux VFS module API do not function at all under AIX 5L
The list goes on
So, IBM can prove that Linux runs on an IBM RS/6000 F50 with SCSI. But if you go to IBM's "Next Generation," anotherwords SSA, Linux is render useless and IBM promotes AIX 5"L" which falls short of everything we expect of a GNU/Linux distribution. Now IBM proves Linux runs on a current generation of TCPA. What does that mean in terms of being able to use Linux on the next generation of TCPA? Well, based on the source of this report, being IBM, and their handling of SSA technical specs, I'm pritty confident in saying that for the TCPA-NG we will be hearing alot more about how AIX 6"LL" has twice the "L" in the name as AIX 5 had so it "must" be more Linux-like.
Trust IBM and you will end up feeling "True Blue" or truely blue.
The primary page for the recall is http://www.apcc.com/rely/.
The main page includes a link to perform online registration for the recall instead of waiting on hold via phone. The link is similar to the URL given in the story but without the "pressrel.cfm" at the end for going to the press release. In fact, the main page includes a link to the press release but the PR does not include a link directly to the recall main page.
Dell has been a reseller of the APC Back-UPS CS 500 as an optional accessory when buying Dell computers. The one that came with my Dell Dimension 4100 has the recall serial number on it.
The letter goes a little more something like this:
Me and "Freddy" here, don't consider us rough guys cuz we look rough. We just want to talk to you friendly like.
First, we noticed that most of your posts only have a score of 1. We don't like that too much and think you should only post when you have something worth saying.
Second, your free to use the word "Slashdot" but we don't like it too much if ya use it in the Subject of your posts.
Third, we think maybe you should continue doing your posting via your employeer instead of posting directly.
He was contributing and asking for nothing in return--he had nothing to loose and everything to gain from dropping. Making first contact with a lawyer is not a friendly or political way to recognize that the person your dealing with is giving much more than he has taken. To make the first part of that letter a statement of dislike definately sours things more. After two "warning shots across the bow" of a letter from a lawyer starting on a bad note, it really don't matter if there is a point 2 or 3. Consider how much you would want to continue contributing to Slashdot if you recieved a letter like the one above.
Yes! Yes! Apple iTool Licenses will become "Information Purification Directives." There will be an ideology that is "secure from the pests of any contradictory true thoughts." After all, "we are one people, with one will, one resolve, one cause."
But if this is what Apple ultimate goal then why did their advertizement feature an Apple women throwing a hammer at the person giving their "Unification of Thoughts" speech? I mean, why build a machine so that '1984 won't be like 1984' just to make 2003 like 1984?
Similar to the barcode door situation website, Slashdot has choosen to ban access. Unlike the barcode door situation website, Slashdot was aware of interest by AvantGo users to "link" to Slashdot and even RECOMMENDED it to AvantGo users.
Most of the claims below do not apply to AvantGo. The AvantGo servers put a 200K cap download per channel which limits the usefulness to try to use AvantGo to perform DDoS attacks. Anyone that has used AvantGo knows it's unlikely that someone would try to use it's limited interface to post at all including attempting to formulate a post to break brower rendering. And while AvantGo is a proxy server, anyone that has used it also knows that it doesn't act like a "normal human" because it is used for offline reading. So, CmdrTaco recommended AvantGo use for reading Slashdot knowing it is an offline reader proxy and then puts up a bunch of unrelated excuses why he is blocking it. And, btw, the "proxy administrator" (anotherwords, AvantGo) could care less if Slashdot blocks it. The contact the proxy administrator to get access back to something that CmdrTaco recommended using is pure bull-dung.
I think Drew is handling the barcode door website issue much better. At least the ban explaination page is to the point why the ban was needed instead of the CmdrTaco core dump of unrelated excuses for blocking AvantGo.
Anyways, the Slashdot channel via AvantGo is as follows: