Similar techniques are in use already
on
Javascrypt
·
· Score: 5, Interesting
Have a look at Yahoo Mail's login page (you may have to log out of Yahoo services completely to see it). If you view source on that, you'll see:
/*
* A JavaScript implementation of the RSA Data Security, Inc. MD5 Message
* Digest Algorithm, as defined in RFC 1321.
* Copyright (C) Paul Johnston 1999 - 2000.
* Updated by Greg Holt 2000 - 2001.
* See http://pajhome.org.uk/site/legal.html for details.
*/
They're using a JS implementation of the MD5 algorithm to calculate client-side hashes of user passwords before form submittal.
It's definitely an interesting approach especially of a site that size, when you look at how much server CPU usage a full SSL login connection would take. And in the event that someone compromises a secure server, your password wouldn't be available to the attacker, only the hash.
Plus, JS is free to implement (unlike a SSL cert) so hopefully if this technique catches on, more mom-n-pop sites will wind up using it instead of a totally unencrypted login connection.
And lots of them. IBM holds a whole load of patents on pretty much anything even vaguely software related (MS and SCO both know about that:).
The GPL places quite stringent rules on distributing patented software -- if IBM is going to distribute Linux, they must license those patents for everyone's use. Which, given that patents are the tactical nuclear arms of the software litigation industry, is not likely to please the higher-ups at Big Blue.
Hence, IBM contracts out the OS supply to other companies like RedHat/SuSE/etc for their hardware, while tacitly ignoring the patent situation. So this means that IBM can't really put together a Linux distribution themselves, as cool as that would be (they would probably be the one player in the industry able to create and enforce desktop linux standards, hopefully with the input of the freedesktop.org folks too).
I'm also certain you're missing something :)
on
New VOIP App. Profiled
·
· Score: 2, Informative
The OSS community already has developed an IM protocol that is decentralised, secure, open, free, does messaging and file transfer, etc. etc., known as Jabber.
Check it out. Sure, it doesn't yet have audio/video support as part of the main standard, but it's based on XML so anyone can extend it with their own "many and splendid" apps, and uses transporst to connect to other messaging systems like ICQ or IRC. I recommend Exodus as a good basic Windows client, the Jabber website lists many more.
As we've seen with the impending MSN shutout, we use proprietry IM systems at their owner's leisure. The sooner there's an open and decentralised IM standard the better, regardless of whether it's Jabber or not.
Yeah, so I'm late to this discussion, but I've been thinking about a crazy idea for a parent license of sorts.
Why not apply the spirit of the GPL to patent law? The GPL's been pretty successful at creating a library of free software (ignoring the current SCO mess), so technically something similar for patents should be doable. I'm thinking:
The Patent Public License (PPL)
"Patent Name & Number" is licensed under this License, and remains the intellectual property of Inventor.
Inventor hereby grants a permanent, royalty-free, and worldwide right to apply the Patent in devices that comply with all terms of this License.
A device may utilise the Patent only if all Patents the device utilises are licensed under terms compatible with this License.
OK, I'm not a lawyer, but if you've seen something like the Adobe Acrobat 6.0 splash screen, that lists hundreds of patents used in the product. If someone could patent a blindingly obvious idea under a Public License (let's say clickable links) then they should be able to start the snowball rolling, and gather up the other patents a software package uses under the terms of the License, and so on with more and more programs and companies...
It'd be using patent law against itself:). Either you'd have millions of obvious software patents in the public domain, or patent law would have to be revised, either way it's a victory for the slashdot crowd.
Sure, it'd take a lot of captial to patent one or two initial ideas and press the initial lawsuits, but with some support (EFF/FSF?) it'd be doable. Any downsides people can see?
...how the company sees this in terms of immediate practical applications.
I could understand if this was one of those long-sighted DARPA projects that hails from an unlimited budget and a mandate to invent, but a company like this has shareholders to whom they must justify their actions. So what's the immediate market for this device? Even with the "War On Terrah" progressing at a rapid pace, I can't see implanted GPS's being compulsory anytime soon.
So who's got ideas for the potential use/market for these devices? Paranoid parents wanting to know their children's location at all times? A replacement for medic-alert type bracelets or similar? I somehow can't see this returning on its initial investment in terms of sales, given the risks associated with anaesthetics/implantation in non-subcutaneous tissues weighed against such a trivial funcionality gain.
With the KHTML engine still undergoing internal tweaking for better DOM/CSS/etc support, I think Apple should look to the Mozilla project for their approach to browser development. Why not publicly release nightly betas, so users can post feedback on development as with BugZilla? Users don't expect the nightlies to be perfect, but it would keep the tweakers (and web designers like me) happy, and the developers would get a lot more feedback on their progress, whereas most casual users can happily download milestone releases.
Otherwise, the standards compliance of the browser will possibly be delayed (all the esoteric little implementation issues, especially with CSS and DHTML). After all, many eyeballs results in better code, especially with something as complex as a web browser.
...the drive will use a scanner like method to read the entire CD...
You mean, data storage like that planned by IBM's Millipede Project? No wonder they're quitting the hard drive business... rotating media might be a thing of the past.
Re:Uh, none of these comments are about the story
on
Perl 5.8.0 Released
·
· Score: 2
It's like arguing which pop band is better than another. Who cares? It's all opinion and hearsay.
I haven't heard any of Opinion's songs yet, but Hear'Say definitely suck.
They won't stand a snowball's chance of running DOOM 3 at full res unless you want them to double as central heating. And OpenGL for a cellphone UI would be overkill, and hard to use -- remember how VRML was going to take over the web?
But I can think of at least one valid use for this - streaming videoconferencing. Why stream 24fps video when you can run facial-recognition software, break a face up into polygons like a game model, and transmit the facial movements to be rendered on a screen. Lots of cellphones now come with cameras built in, so it wouldn't be that great a step up. Or perhaps if it was too cheesy for live conferencing you could have a face "read" text messages to you.
Any more ideas, or is this just another flash in the pan?
Given our tendency to blow the daylights out of each other at the slightest provocation, I don't blame any sentient alien species for keeping quiet.
Either that, or they could just have a "Prime Directive" law of their own, which would also make sense. When considering ET contact theorems, who says that the aliens in question actually want to talk to us?
IE4+ allow you to embed JavaScript in CSS statements using the "expression" parameter to evaluate it, and return a value to a CSS class. It's obscure, but the syntax is:
(Hopefully this doesn't get munged by Slashdot's own filtering code). So it's a potentially serious security breach for anyone considering parsing HTML documents and allowing STYLE="" attributes to persist (most mail clients do), especially because it is not well known amongst most coders. Further info is available from MSDN for anyone interested. Seriously, filtering out scripts is a good idea -- anyone else remember when the trolls here managed to insert onMouseOver code into paragraph tags using a Cross-Site Scripting attack, resulting in many goat-themed redirects?
Anyway, a while ago I used Yahoo Mail as my main account and sent quite a few JavaScripts back and forward related to my website, and noticed "onmouseover" was changed to "onfilterchange" and similar replacements in the body of the mail. This was about 6 months back at least, so it's nothing new. Personally, I think they could probably come up with better filtering methods, but then again stealing a Yahoo! account's details using JS could be a lot more dangerous (finance sections etc) than your average Slashdot trollery -- so perhaps the extra caution is warranted.
Perhaps the original JavaScript designers should have included a META tag to disable all scripting in the current document, so you could include that in all your static CGI documents and not have to worry about the details. It would certainly improve the security of many sites if it was adopted by most browsers even now.
If they do go ahead with this, you can't help but wonder what WiFi encryption and authorisation routines will be used here. Given that big businesses have had such trouble securing their own networks (leading to practises like warchalking), the average home user will probably have a lot more trouble unless decent encryption is in place out of the box. It could well become the script kiddy sport of the future, watching the neighbourhood from their basement.
However the most interesting bit of the article is this:
a neighborhood with many 802.11-equipped cable boxes could become one large wireless network in which each house serves as a node.
If set up right, this could provide neighbourhoods with sufficient 802.11 densities to make the often-mooted idea of a peer-to-peer ISP feasible. Provided, of course, the DMCA isn't used to prevent customisation of the cable boxes, the cable companies could be contributing to the demise of commerical ISPs as we know them...
Well the, shouldn't it be a simple case of renaming and/or reimplementing the extensions over which MS claims to have IP rights for the final OpenGL2.0 spec?
As it is, the spec is still currently under work. If John Carmack (I suspect you're reading this) can use the new, shiny XYZ_vertex_program extension or simliar (which is of course very different to the Microsoft one) in Doom III, driver writers will naturally include it to make their cards run the Doom 3 engine, and we'll be home free.
Of course, although it might not be part of the official 2.0 spec they'd be free to include the old extension too, at their call. So, everyone wins except Microsoft, which should please the Slashdotters greatly.
In any case they've offered RAND licensing terms, so it doesn't look like they're out for blood this time. Since this whole article is based off a vaguely worded paragraph from the minutes of a meeting with no legal opinions offered, I somehow don't think that this will mean the death of OpenGL as we know it.
The meter, for instance, was originally defined as one ten-millionth of the distance between the north pole and the south pole. Although now the Earth has been measured more accurately so it's off by a bit, and it's now defined by the length light travels in a vacuum in a very short time.
But really, why are we basing measurements on all these arbitrary values anyway? Like the Imperial system originated from the dimensions of some king's thumb or similar, pretty much every measurement ever devised and in common everyday use is derived from non-universal values, which have no practical upshot -- if we want to measure the Earth, we're going to include some decimal places anyway.
Personally I think this, if adopted, would make scientific calculations a bit easier. It's annoying to have to remember several different conversion constants for gravity, charge, gas constant (8.314 or similar?), and so on. And perhaps without all the continual conversions, relationships between different physical principles might become more readily apparent...?
But I guess the downside is that some calculations are always going to have funny conversion constants, especially in the non-Physics world (Avogadro's number in chemisty perhaps for instance?). So even though the metric system isn't perfect, it's the standard so we might as well use it (although this could be the web developer in me speaking). It would be too much change for too little benefit to rescale the entire number system -- convincing the general populace would be just about impossible, especially considering how much trouble some countries are still having adjusting to the metric system;).
...picture phones are being plastered all over TV advertisements.
VodaFone are marketing a service called PXT (like txt messages, but pictures, haha). It uses the Sony Ericsson T68i mobile, but apart from that seems pretty similar.
Granted, I don't think any of these are of sufficient quality to grace the pages of National Geographic magazine anytime soon, but they do seem pretty useful for a quick "hey, look at this!". I only hope that carriers can agree on an decent interoperability protocol, and don't charge high data rates for transmitting pictures, which would really shoot this in the foot.
I'm not sure these combination devices are all that they're cracked up to be. We've had the technology to do it for ~20 years, as this article points out, so why haven't they caught on?
Personally I own both a wristwatch and a cellphone, and am not planning to ditch either. When I just want to know the time, I don't really want to be interrrupted by new text messages in a furious cascade of beeps - especially in a boring (and quiet) lecture theatre:). Or when out sailing and the gun goes off, you want to start your countdown timer without navigating through a pretty GUI menu.
I'm not saying it's impossible to build smaller devices -- you're right, batteries and also keyboard sizes are the only real limitations (although this would be cool on a mobile), and some are probably economically feasible.
But they all run up against the K.I.S.S principle -- most people prefer devices to have single, simple functions, so they can be used and upgraded/replaced easily on their own. And if one breaks or runs out of batteries, you still have other toys to pass the time:).
Not quite correct. Many clients such as BearShare (at least, last I tried it, I find the open-source Gnucleus far superior) support "gnutella websites".
That is, you can visit the IP address of the host in question in a web browser, and if they have the option configured, you are handed a nice HTMLified list of all shared files sorted alphabetically.
One thinks the xxAA and similar organisations could find a use for this... it shouldn't be too dissimilar to their successful legals pursuit of AudioGalaxy/MP3Board and other similar web-based-MP3-linking sites.
Slashdot Mirror
It's definitely an interesting approach especially of a site that size, when you look at how much server CPU usage a full SSL login connection would take. And in the event that someone compromises a secure server, your password wouldn't be available to the attacker, only the hash.
Plus, JS is free to implement (unlike a SSL cert) so hopefully if this technique catches on, more mom-n-pop sites will wind up using it instead of a totally unencrypted login connection.
Patents.
:).
And lots of them. IBM holds a whole load of patents on pretty much anything even vaguely software related (MS and SCO both know about that
The GPL places quite stringent rules on distributing patented software -- if IBM is going to distribute Linux, they must license those patents for everyone's use. Which, given that patents are the tactical nuclear arms of the software litigation industry, is not likely to please the higher-ups at Big Blue.
Hence, IBM contracts out the OS supply to other companies like RedHat/SuSE/etc for their hardware, while tacitly ignoring the patent situation. So this means that IBM can't really put together a Linux distribution themselves, as cool as that would be (they would probably be the one player in the industry able to create and enforce desktop linux standards, hopefully with the input of the freedesktop.org folks too).
The OSS community already has developed an IM protocol that is decentralised, secure, open, free, does messaging and file transfer, etc. etc., known as Jabber.
Check it out. Sure, it doesn't yet have audio/video support as part of the main standard, but it's based on XML so anyone can extend it with their own "many and splendid" apps, and uses transporst to connect to other messaging systems like ICQ or IRC. I recommend Exodus as a good basic Windows client, the Jabber website lists many more.
As we've seen with the impending MSN shutout, we use proprietry IM systems at their owner's leisure. The sooner there's an open and decentralised IM standard the better, regardless of whether it's Jabber or not.
Why not apply the spirit of the GPL to patent law? The GPL's been pretty successful at creating a library of free software (ignoring the current SCO mess), so technically something similar for patents should be doable. I'm thinking:
The Patent Public License (PPL)
OK, I'm not a lawyer, but if you've seen something like the Adobe Acrobat 6.0 splash screen, that lists hundreds of patents used in the product. If someone could patent a blindingly obvious idea under a Public License (let's say clickable links) then they should be able to start the snowball rolling, and gather up the other patents a software package uses under the terms of the License, and so on with more and more programs and companies...
It'd be using patent law against itself
Sure, it'd take a lot of captial to patent one or two initial ideas and press the initial lawsuits, but with some support (EFF/FSF?) it'd be doable. Any downsides people can see?
...how the company sees this in terms of immediate practical applications.
I could understand if this was one of those long-sighted DARPA projects that hails from an unlimited budget and a mandate to invent, but a company like this has shareholders to whom they must justify their actions. So what's the immediate market for this device? Even with the "War On Terrah" progressing at a rapid pace, I can't see implanted GPS's being compulsory anytime soon.
So who's got ideas for the potential use/market for these devices? Paranoid parents wanting to know their children's location at all times? A replacement for medic-alert type bracelets or similar? I somehow can't see this returning on its initial investment in terms of sales, given the risks associated with anaesthetics/implantation in non-subcutaneous tissues weighed against such a trivial funcionality gain.
(BTW: a working link)
scoring each sentence and facial expression on such measures as disgust (-3), affection (+4), whining (-1), and contempt (-4).
Aargh! They've discovered the Slashcode 3.0 moderation system! Someone stop them before it's too late!
So what have the Aussies done recently to deserve such harsh punishment as telco executives? :).
With the KHTML engine still undergoing internal tweaking for better DOM/CSS/etc support, I think Apple should look to the Mozilla project for their approach to browser development. Why not publicly release nightly betas, so users can post feedback on development as with BugZilla? Users don't expect the nightlies to be perfect, but it would keep the tweakers (and web designers like me) happy, and the developers would get a lot more feedback on their progress, whereas most casual users can happily download milestone releases.
Otherwise, the standards compliance of the browser will possibly be delayed (all the esoteric little implementation issues, especially with CSS and DHTML). After all, many eyeballs results in better code, especially with something as complex as a web browser.
As merger season is apparently upon us, here's some other possible additions to the merger club:
Hale Business Systems, Mary Kay Cosmetics, Fuller Brush, and W.R. Grace Company merge to become Hale Mary Fuller Grace.
Polygram Records, Warner Brothers, and Keebler Crackers merge to become Polly-Warner-Cracker.
3M and Goodyear merge to become MMMGood.
John Deere and Abitibi-Price merge to become Deere Abi.
Zippo Manufacturing, Audi Motors, Dofasco, and Dakota Mining merge to become Zip Audi Do Da.
Honeywell, Imasco, and Home Oil merge to become Honey I'm Home.
Denison Mines, and Alliance and Metal Mining merge to become Mine All Mine.
Xerox and Wurlitzer will merge and begin manufacturing reproductive organs.
Fairchild Electronics and Honeywell Computers will merge and become Fairwell Honeychild.
3M, J.C. Penney and the Canadian Opera Company will merge and become 3 Penney Opera.
Knott's Berry Farm & National Organization of Women will merge and become Knott NOW!
...the drive will use a scanner like method to read the entire CD...
You mean, data storage like that planned by IBM's Millipede Project? No wonder they're quitting the hard drive business... rotating media might be a thing of the past.
It's like arguing which pop band is better than another. Who cares? It's all opinion and hearsay.
I haven't heard any of Opinion's songs yet, but Hear'Say definitely suck.
They won't stand a snowball's chance of running DOOM 3 at full res unless you want them to double as central heating. And OpenGL for a cellphone UI would be overkill, and hard to use -- remember how VRML was going to take over the web?
But I can think of at least one valid use for this - streaming videoconferencing. Why stream 24fps video when you can run facial-recognition software, break a face up into polygons like a game model, and transmit the facial movements to be rendered on a screen. Lots of cellphones now come with cameras built in, so it wouldn't be that great a step up. Or perhaps if it was too cheesy for live conferencing you could have a face "read" text messages to you.
Any more ideas, or is this just another flash in the pan?
Given our tendency to blow the daylights out of each other at the slightest provocation, I don't blame any sentient alien species for keeping quiet.
Either that, or they could just have a "Prime Directive" law of their own, which would also make sense. When considering ET contact theorems, who says that the aliens in question actually want to talk to us?
Actually, "expression" is not so obvious.
IE4+ allow you to embed JavaScript in CSS statements using the "expression" parameter to evaluate it, and return a value to a CSS class. It's obscure, but the syntax is:
<span style="margin-top: expression(JavaScript code here)">
(Hopefully this doesn't get munged by Slashdot's own filtering code). So it's a potentially serious security breach for anyone considering parsing HTML documents and allowing STYLE="" attributes to persist (most mail clients do), especially because it is not well known amongst most coders. Further info is available from MSDN for anyone interested. Seriously, filtering out scripts is a good idea -- anyone else remember when the trolls here managed to insert onMouseOver code into paragraph tags using a Cross-Site Scripting attack, resulting in many goat-themed redirects?
Anyway, a while ago I used Yahoo Mail as my main account and sent quite a few JavaScripts back and forward related to my website, and noticed "onmouseover" was changed to "onfilterchange" and similar replacements in the body of the mail. This was about 6 months back at least, so it's nothing new. Personally, I think they could probably come up with better filtering methods, but then again stealing a Yahoo! account's details using JS could be a lot more dangerous (finance sections etc) than your average Slashdot trollery -- so perhaps the extra caution is warranted.
Perhaps the original JavaScript designers should have included a META tag to disable all scripting in the current document, so you could include that in all your static CGI documents and not have to worry about the details. It would certainly improve the security of many sites if it was adopted by most browsers even now.
What? You still ride a bicycle?
;).
Your Segway must be broken then
If they do go ahead with this, you can't help but wonder what WiFi encryption and authorisation routines will be used here. Given that big businesses have had such trouble securing their own networks (leading to practises like warchalking), the average home user will probably have a lot more trouble unless decent encryption is in place out of the box. It could well become the script kiddy sport of the future, watching the neighbourhood from their basement.
However the most interesting bit of the article is this: If set up right, this could provide neighbourhoods with sufficient 802.11 densities to make the often-mooted idea of a peer-to-peer ISP feasible. Provided, of course, the DMCA isn't used to prevent customisation of the cable boxes, the cable companies could be contributing to the demise of commerical ISPs as we know them...
I hope none of these Roman Prosecutors ever try browsing Slashdot at -1... going by the posts so far on this article we'd be censored in no time :).
Well the, shouldn't it be a simple case of renaming and/or reimplementing the extensions over which MS claims to have IP rights for the final OpenGL2.0 spec?
As it is, the spec is still currently under work. If John Carmack (I suspect you're reading this) can use the new, shiny XYZ_vertex_program extension or simliar (which is of course very different to the Microsoft one) in Doom III, driver writers will naturally include it to make their cards run the Doom 3 engine, and we'll be home free.
Of course, although it might not be part of the official 2.0 spec they'd be free to include the old extension too, at their call. So, everyone wins except Microsoft, which should please the Slashdotters greatly.
In any case they've offered RAND licensing terms, so it doesn't look like they're out for blood this time. Since this whole article is based off a vaguely worded paragraph from the minutes of a meeting with no legal opinions offered, I somehow don't think that this will mean the death of OpenGL as we know it.
...and why this hasn't already happened.
;).
The meter, for instance, was originally defined as one ten-millionth of the distance between the north pole and the south pole. Although now the Earth has been measured more accurately so it's off by a bit, and it's now defined by the length light travels in a vacuum in a very short time.
But really, why are we basing measurements on all these arbitrary values anyway? Like the Imperial system originated from the dimensions of some king's thumb or similar, pretty much every measurement ever devised and in common everyday use is derived from non-universal values, which have no practical upshot -- if we want to measure the Earth, we're going to include some decimal places anyway.
Personally I think this, if adopted, would make scientific calculations a bit easier. It's annoying to have to remember several different conversion constants for gravity, charge, gas constant (8.314 or similar?), and so on. And perhaps without all the continual conversions, relationships between different physical principles might become more readily apparent...?
But I guess the downside is that some calculations are always going to have funny conversion constants, especially in the non-Physics world (Avogadro's number in chemisty perhaps for instance?). So even though the metric system isn't perfect, it's the standard so we might as well use it (although this could be the web developer in me speaking). It would be too much change for too little benefit to rescale the entire number system -- convincing the general populace would be just about impossible, especially considering how much trouble some countries are still having adjusting to the metric system
We always knew that the existing measurement system was thicker than two short Plancks :).
Q) What's red and orange, and looks good on hippies?
:)
A) Fire.
(/me ducks for cover
...picture phones are being plastered all over TV advertisements.
VodaFone are marketing a service called PXT (like txt messages, but pictures, haha). It uses the Sony Ericsson T68i mobile, but apart from that seems pretty similar.
Granted, I don't think any of these are of sufficient quality to grace the pages of National Geographic magazine anytime soon, but they do seem pretty useful for a quick "hey, look at this!". I only hope that carriers can agree on an decent interoperability protocol, and don't charge high data rates for transmitting pictures, which would really shoot this in the foot.
I'm not sure these combination devices are all that they're cracked up to be. We've had the technology to do it for ~20 years, as this article points out, so why haven't they caught on?
:). Or when out sailing and the gun goes off, you want to start your countdown timer without navigating through a pretty GUI menu.
:).
Personally I own both a wristwatch and a cellphone, and am not planning to ditch either. When I just want to know the time, I don't really want to be interrrupted by new text messages in a furious cascade of beeps - especially in a boring (and quiet) lecture theatre
I'm not saying it's impossible to build smaller devices -- you're right, batteries and also keyboard sizes are the only real limitations (although this would be cool on a mobile), and some are probably economically feasible.
But they all run up against the K.I.S.S principle -- most people prefer devices to have single, simple functions, so they can be used and upgraded/replaced easily on their own. And if one breaks or runs out of batteries, you still have other toys to pass the time
And since when did they start sending moderators into space anyway? :)
Not quite correct. Many clients such as BearShare (at least, last I tried it, I find the open-source Gnucleus far superior) support "gnutella websites".
That is, you can visit the IP address of the host in question in a web browser, and if they have the option configured, you are handed a nice HTMLified list of all shared files sorted alphabetically.
One thinks the xxAA and similar organisations could find a use for this... it shouldn't be too dissimilar to their successful legals pursuit of AudioGalaxy/MP3Board and other similar web-based-MP3-linking sites.