"how many bugs from old slash, or new, were first discovered by trolls"
None that I know of. Maybe other sites get good trolls. Slashdot's trolls are exclusively destructive, contributing nothing to the site. We do have helpful users who find bugs and exploits (like
11233)
but they're not trolls.
Yup I know, but thanks for the reminder, I'll drop myself a note in sourceforge.
The difficulty there is that domain tags expand text, sometimes by a lot, so the famous 120 char limit is going to start looking a lot smaller if you link to verizonreallyreallyreallysucks.com...
"So let me get this straight. . . this bug only occurs if someone uses a TWO CHARACTER password (or shorter)?!? I almost think anyone that dumb deserves to be hacked."
(sigh) No.
I didn't go into technical detail in the story because space was limited. But it's interesting how the exploit works, and I figured maybe some enlightened Slashdot reader would write up an insightful comment about it. Never mind, here's what I would have put in the story...
The vulnerability is so serious because most unix operating systems use a special code in their/etc/shadow file to signify "no password should ever match on this account." On my Debian installation, it's an asterisk:
daemon:*:...
bin:*:...
sys:*:...
The problem is that this product actually reads that as if the "*" were the crypt()ed password -- that's its first mistake. Then when it compares the crypt()ed attempt against that field in/etc/shadow, it only compares up to the length of the/etc/shadow field -- that's its second mistake.
Both are colossal errors.
The result is that any password will suffice to log into such accounts, because any password, when crypt()ed with the one- or two-character salt ("*"), will have its first one or two characters match -- and that's as far as the algorithm checks.
The result is that a code intended to mean "no password can ever succeed" ends up meaning "all passwords will always succeed." Truly an amazing oversight.
"But seriously, folks, this just goes to show mistakes can happen to anybody. Open source may be your best protection, but even it's not perfect..."
Unquestionably true. But, this product appears to only make its source available if you buy the
$475 server version.
The cheaper workstation version does not come with source. I'm sure too that the licensing terms prohibit free redistribution of the server source, so (unless I'm mistaken) this is not an open source product. It looks like it's closer to what Microsoft calls "Shared Source."
I'd like to blame it on Spielberg's latest, but the fact is, movie or no movie, reporters will take any damn program that someone writes and turn it into the latest example of "artificial intelligence." Yes, this is my pet peeve. Do reporters think nobody will be interested in reading their story unless it mentions computers and "intelligence" in the same sentence?
In this case, the program reads the screen and moves the mouse to click on the proper places. Pretty clever I suppose. But once you get past the fancy I/O code, it's just applying simple formulas to decide what cards to hold. There's nothing "intelligent" about calculating that holding the pair will give an expected return of $0.21, while going for the flush will give an expected return of $0.08.
The only thing about poker vaguely related to "intelligence" is its condensation of the social relationships of zero-sum games into the formal interface of betting. Placing bets is much more amenable to mathematical analysis than the fuzzier stuff we do when we're playing similar zero-sum games, say, negotiating the price for a used car: furrowing our brows, clearing our throats, poking fingers at each other's chests, yelling, pretending to think over an offer, saying "my manager will have to approve this," and so on.
When you simplify the interface between entities to just a few operations (raise, call, fold), suddenly mathematics can play a role.
John von Neumann was one of the first to recognize this, and it was the game of poker that he focused on, in his study of game theory:
The nominal inspiration for game theory was poker, a game von Neumann played occasionally and not especially well. (A 1955 Newsweek article appriased him as "only a fair-to-middling winner" at the game.) In poker, you have to consider what the other players are thinking. This distinguishes game theory from the theory of probability, which also applies to many games. Consider a poker player who naively tries to use probability theory alone to guide his play. The player computes the probability that his hand is better than the other players' hands, and wagers in direct proportion to the strength of the hand. After many hands, the other players will realize that (say) his willingness to sick twelve dollars in the pot means he has at least three of a kind. As poker players know, that kind of predictability is bad (a "poker face" betrays nothing).
Good poker players do not simply play the odds. They take into account the conclusions other players will draw from their actions, and sometimes try to deceive the other players. It was von Neumann's genius to see that this devious way of playing was both rational and amenable to rigorous analysis.
Though much more interesting to analyze than, say, blackjack, playing a good game of poker still does not qualify as "artificial intelligence." It's been pretty well analyzed since, if I'm not mistaken, the 1920s:
[A particular type of deception] resembles bluffing in poker. Poker can be quite complex, in part because it usually has more than two players. Von Neumann analyzed a simplified form of poker. In outline, his conclusions apply to the real game. He showed that you should always bid aggressively when you have a strong hand. With a weak hand, you should sometimes bluff (bid aggressively anyway).
Von Neumann distinguished two reasons for bluffing. A player who never bluffs misses many chances to call the other player's bluffs. Suppose that both you and your opponent have bad hands. You don't bluff; your opponent does. That means you fold and your opponent wins without a showdown. Had you also bluffed, your lousy hand would have been compared with his lousy hand, and you might have won. The bluffer can exploit the nonbluffer; ergo, von Neumann's rational player must bluff. [...]
At the most abstract level, game theory is about tables with numbers in them -- numbers that entities are efficiently acting to maximize or minimize. It makes no difference whether you picture the entities as poker players who want to win as much money as possible...
(Quotes from Prisoner's Dilemma, William Poundstone, 1992, pp. 40, 60-61.)
A program that applies von Neumann's minimax theorem to place poker bets is still just doing simple math. But Apostolik's program -- cool though it is -- doesn't even do that. He hasn't incorporated betting yet. "That would be an interesting thing to play around with," he says. True! But even that still wouldn't be A.I.
I think the Anne Tomlinson post was a particularly brilliant troll.... His good humored response makes me think it was a troll.
Of course it's a troll. This conspiracy crap is just a bunch of idiots. Don't they have anything better to do?
Sun is ceasing its open-source program, which now turns out to be an experiment. DirecTV is being hacked to possibly allow open content. And for Chrissakes, Microsoft floated a trial balloon about "shared source" and is waiting to see the community's reaction before they decide on the terms of the license.
And what will be the Microserf's report to his boss about Slashdot's reaction? "Boss, we floated the shared-source balloon, and nobody seems to care -- they're awful concerned about a woman named Anne someone who doesn't even seem to exist." "Excellent. Deploy the death ray, oops I mean the we-share-our-source meme."
Open your fucking eyes and look at the big picture. Don't get dragged into this pedantic navel-gazing meta-meta-meta bullshit. Some days I think our readership really has gone to hell. You all suck. Bah.
"how could a person EVER discover something that they like themselves unless they were to actually discover it firsthand (e.g. meet a band you like in person before anyone else knows about them)"
How often does that happen really? Don't you usually hear something on the radio, or on a friend's stereo, or at a party?
"Discovery" is an interesting word. If you do "discover" a local band at a local venue, you're closer to the source but still are relying on someone else to filter your preferences for you. The booking agent wouldn't have scheduled that band for that night unless s/he thought they were at least some good. You're quite a bit closer to the source, true, but there are still intermediaries between you and the act of creation.
The only way to truly break free from the cycle is to create something yourself.
"If we can only keep track of 150 human beings in our heads... why would we let a computer confuse us with the names of millions?"
You wouldn't have to worry about the opinions of those whose interests aren't at least somewhat in line with your own. Someone who rates Britney highly just wouldn't going to show up on any of my queries (unless I ask for the vector most opposed to my own!).
The database could be used to set up virtual communities, following their own trends -- in effect, groups of people with similar interests as large or as small as their attention span demands. The 150 number was just a guess of a good average size.
Jamie mentions "recommendation systems" and then points out the grassroots dot orgs that have been proponents of them - well mp3.com and a ton of other corporate ventures have used the same technique, so the value of your point is muddled.
It'd be hard to find a system less open than mp3.com's (unless they've completely changed around in the few months since I've been there). I found a lot of top-40 lists genre-by-genre, and artists recommending other artists, but nothing like the listener-based network that I'm trying to get at.
Plus, it only tracks artists and music who are hosted on mp3.com; it makes you sign in before you can even hear a preview; etc. I have absolutely no objection to helping small-time artists make money, but insular, proprietary systems don't help solve the real problem.
And just because somebody proposes an alternative to the existing commodified culture makes them neither utopian nor socialist. I'm talking about voluntary cooperative efforts leveraged by technology; it's just as doable as, say, Gnutella. Next you'll be telling me the GPL is un-American...
"How is this system an improvement on what is presently available, other than the fact that it seems to elevate the author's own 'coolness' for suggesting it?
That was a big factor of course:)
I see it as the difference between democracy and plutocracy. I want to be governed by people who were put in place by democratic votes, not money. I'd like their decisions to be rooted in democratic accountability, not money.
Our government and many others' constantly struggle back and forth on the spectrum between one-person-one-vote and one-dollar-one-vote. I'll do what I can to push it back to the people.
The best politicians are those who serve their country out of love, not money. Same basic idea here. The question is what system can be put in place, not to destroy the capitalist music machine, but to allow some of us to step outside it and have an efficient alternative. Only then will musicians who are in it for love, not money, be able to connect with their audience.
"Erik Barnouw describes the effect of the radio -- a distribution channel which gave away music for free, remind you of anything? -- on the record industry"
"Yeah, its one sentence outta the whole shebang, but it goes to prove the level of understanding Jamie has on the whole topic. I'm not going to pretent to have read the whole thing because the first article bugged me and showed how little of understanding he had and I only skimmed this one.
Radio has to pay for every damn song they play."
Not at the time they didn't. This was "within months of the start of the broadcasting boom," circa 1920 or 1921. There were no royalties being paid at the time.
In 1922 the American Society of Composers, Authors and Publishers began contacting radio stations and demanding royalties, under the 1909 copyright law which said they controlled the right to perform works publicly for a profit. As Barnouw writes, "Broadcasters were, at first, incredulous. Could the song writers be serious? Wasn't radio helping to popularize their music?" (p. 119) The broadcasters protested that they were not playing the music for profit, that it was an act of charity (the exact term is "eleemosynary").
In 1923 ASCAP sued WEAF in New York and in August won their case; radio stations were indeed for-profit enterprises. That sparked the creation of the National Association of Broadcasters which eventually hammered out the payment deal you allude to.
But there was no such deal in the early months; records were bought once and played on the air without royalty payment.
"it sounds like Jamie would like to have his music for free"
"I thought the music box arrived well before the piano player -- in 1776."
OK, you got me.
The first player piano -- which was, actually, more like a piano player -- was invented in 1825 by a Mr. Courcell, who called it the "Cylindrichord." You actually wheeled it up to a piano and it hit the keys. And a pneumatic device called the "pianista" appeared at the Philadelphia Centennial Exposition in 1876, too.
I didn't count them either because, well, they weren't popular.
"While I might believe that they offer it as a service to some of their customers, I just can't see one of the world's top five IP carriers [Teleglobe] refusing to route any part of the Internet."
Here's their part of the traceroute from the Slashdot submittor from Greece who reported being unable to access www.macromedia.com. This is as reported to me on Friday, after macromedia.com was taken off the RBL:
5 310 ms 311 ms 250 ms oteny-otenet2.ote.otenet.gr
[194.153.81.13]
6 311 ms 310 ms 310 ms if-2-0-0.bb3.NewYork.Teleglobe.net
[207.45.199.2
25]
7 300 ms 311 ms 310 ms if-3-1.core2.NewYork.Teleglobe.net
[207.45.221.9
8]
He also reported that many of his friends in Greece were unable to access the site, writing: "Every person in business (I am web developer/designer) couldn't not see Macromedia server for the past 4 days. They 'see' internet from different ISPs. I am very certain." This meshes with your pointing out that Teleglobe often is the primary access provider for entire countries.
Teleglobe is a
licensed subscriber
to the RBL, but as for whether they use it to block traffic other than mail, a quick Google search on
"teleglobe MAPS RBL"
turns up good leads. See e.g.
"JANET, Teleglobe and the RBL,"
in which one of Teleglobe's clients -- itself a well-known internet provider -- explains to its own customers the situation which has been forced upon them:
Does this affect things other than mail?
Yes. No connections of any kind will work in either direction between JANET and a blackholed address -- not Web, FTP, telnet or anything else.
On
another page,
they hopefully claim "it is not likely that any valid use of JANET requires access to such networks." Well, maybe that page needs to be updated.
I support Peacefire, the EFF, the ACLU, and other online civil-liberties organizations. If you think this makes me unqualified to write about online civil-liberties issues that affect and are affected by these organizations, you need to rethink what "conflict of intrest" [sic] means.
"Macromedia could have fixed this 'censorship' problem in 10 minutes by separating the mail and web services on their server, and assigning the web server a new IP address."
You completely missed the point. Macromedia's mail server and web server were separate. Their mail server was blocked for alleged spam, OK, fine. But their web server, on a totally different IP number, was deliberately targeted for blocking anyway.
Since (presumably) no spam comes from the webserver, the only point of putting it on the RBL is to annoy Macromedia by having the BGP-subscribed backbone providers like Above.net cut off their web traffic.
"...by referencing 'nazis' in your first paragraph, you've already lost your argument..."
-1, Redundant:)
The submittor sent that in, I didn't edit it, we generally do very light editing of submissions (grammar and spelling, if anything).
"I don't suppose Jamie checked the RBL evidence files before writing
the article, did he?"
I did. I saw documentation of one statement of one incident from one
person alleging spam from Macromedia. Perhaps there were more
somewhere, but I did not see them. I would really like to go back and
read exactly what it said, but when I asked MAPS if I could link to it
or just read it for myself, they said no.
MAPS removed their documentation from public view when they took the
site off the RBL -- and in several communications with them, they made
it clear that (although they presumably had this information archived
somewhere) they would refuse to let me look at it again.
"The only comment's from Macromedia PR..."
Correct. This is because Above.net and MAPS were unavailable for,
and refused to, respectively, comment.
"What the RBL administrators will have done would be to list the entire
Macromedia netblock in which the spewing mailserver exists - NOT just
two IPs, as Jamie says."
I am not sure why you say that. Thursday, I checked the RBL and
these were the only two IPs that were blocked (I spot-checked up and
down from those two to see if others nearby were blocked; nope).
"Peacefire, your favoured 'hey, there's another example', is collateral
too - it is in the middle of a netblock containing a load of spam
support sites (Sam Al's Samco, in this case) and was MOVED there by
Media3 in August 2000, after the RBL listing for that particular
netblock was in place (the listing is dated June). And Media3 is suing
MAPS, and so MAPS is not going to remove the listing. I wonder whether
Media3 was trying a publicity stunt, and using Bennett as a
figurehead?"
As Bennett Haselton wrote me when I asked him about this:
It was August 2000, but it was planned months before it happened, and
months before MAPS started complaining to Media3 about the content of
the other sites. But all that the public knew was that the scheduled
date of the transfer fell after the date of the RBL listing; that's
why a bunch of people were screaming that Media3 must have done it on
purpose to cause trouble.
However, there were dozens of other sites that were moved, as a group,
all at the same time. And Media3 knew that we were not using the
server to send email, so the idea that they moved it into an RBL'ed
range to cause trouble, doesn't make any sense -- they host a lot of
sites that are (1) more popular, and (2) send more mail to their
users, and those sites would have made a much better "human shield"!
In fact, Media3 they found out that an application on our server *did*
need to send mail to people, and was being blocked, they configured
the server to route outgoing mail through another, non-RBL'ed machine,
without me even asking them. They obviously wouldn't have done that
if they were trying to cause trouble.
When the discussion started on UseNet, I posted this information many,
many, many times. And then I stopped.
"The RBL only block MAIL!!... Jamie should learn a few things about the how things work before allowed to post things again."
Readers said the same thing last December; go check the story
MAPS RBL is now Censorware,
its updated section, the information about the BGP and so on.
Trust me on this. I read it very carefully in December: some ISPs use the RBL to block all traffic, not just mail. Not all ISPs. But one ISP is enough, if that ISP is a
major backbone provider.
The Slashcode guys would guess that you're alternating between www.slashdot.org and slashdot.org. Stick with just plain slashdot.org. Because of the way the cookie spec was implemented, one cookie cannot cover both IP names; we consider this pretty much a bug, but it's in the spec and there's nothing we (or your browser) can do about it.
Last I heard, someone was going to set up www.slashdot.org so it just did a 301 redirect to slashdot.org, thus avoiding the problem... apparently not. Hm, slashcode.com is doing that, but not slashdot.org. I'll ask whether someone's going to pick that back up.
If you think the bug is something else besides what I've described here,
let me know
and I'll see whether it happens on
Slash 2.0/2.2
(the only versions being actively developed, though 2.0 will freeze any day now).
Further questions about alleged bugs in Slash should be directed to
slashcode.com:)
That's a local (not remote) root exploit in a not-commonly-installed tool.
"Bugzilla shell exploit (updated info available)"
That's a remote unprivileged-user (not root) exploit in a not-commonly-installed application.
"Iplanet calendar server exposes netscape admin password"
That's a local (not remote) non-root exploit in a not-commonly-installed application.
"DoS against Novell Border Manager"
That's, um, a DoS against Novell Border Manager.
"But it's not news unless it's Microsoft, eh, folks?"
I know it's fun and easy to bash Slashdot for being anti-Microsoft,
especially when we report security news, but
we
don't ignore open-source problems
and we only report vulnerabilities which are of pressing and
widespread concern.
"I wonder what the future of microbroadcasting would be like were this to happen. What would you do if you could buy a little slice of your local spectrum?"
You won't, of course, be able to buy anything. You may, if you're very wealthy, be able to lease a small portion of the spectrum, over which you can transmit a small wattage to a localized area.
Forget about a protected band of public communications being used by
hackers
or
do-gooders
to provide a public internet to everyone. Such projects are only possible because the government has set aside those bands for the public good.
If such bands are owned by corporations, which have the choice between selling your entire city wireless internet access on their own terms, and leasing you a bandwidth license so that you can provide the net for free, which do you think they will prefer? How long do you think your lease will last?
And even if you do get a lease, do you honestly think it won't include terms like "lessee agrees that no illegal information shall be transmitted across the leased spectrum, including but not limited to MP3s whose copyright cannot be verified, pirated software, all digitally encoded movies, other intellectual property not owned by the transmittor, nor any decryption programs which are illegal under the DMCA. No access to FreeNet or other encrypted piracy havens shall be allowed, and the license shall be revoked if any unauthorized data transmission is detected."
I mean, we're talking about selling off the internet of the future to companies like Viacom, who owns both MTV and its "competitor" VH1, to Sony and other record labels, to Disney who owns Touchstone, Miramax, and Buena Vista Films.
These are the companies that own all the good data.
Why would you want to let them set up tollbooths and checkpoints at the on-ramps of the information superhighway?
I'm being silly, of course, because no sane company would lessen its stranglehold of control anyway, unless forced to by the government, but even if they did, do you honestly think that Sony would not bother to park a van outside your home office, monitoring your wireless communications to make sure you aren't trading encrypted MP3s?
For the record, orangutans eat mostly fruit, leaves, bark, and other plant material and, if you had to choose dangerous animals to release into a daycare, orangs would be way down the list. The name does sound fierce, though, doesn't it?, and like all primates except our species, they do have that creepy image to overcome. Come to think of us, our species does too.
But
as you can see,
they don't really have claws (they seem to have nails, just like we do).
They are the only so-called "great ape" from Asia, living in Borneo and Indonesia. They are endangered (duh) and if
clear-cutting
continues, you may live longer than this species does.
That doesn't get you any closer to winning the contest or overturning the laws of information theory.
Because squaring it gets you close to n, your variable a will have approximately half the bits of n. But there's no guarantee that b will be smaller than (the other) half of n's size. In fact, with large n, the probability is overwhelming that b will be larger than half n's size, so together a and b will occupy more bits than n.
I just tried this for fun with a 15-digit number I pecked in at random (482837578298375), and got an 8-digit a (21973565) and a 9-digit b (19489150).
Because the gap between primes increases according to a simple formula, there's probably a simple proof of the average size of b, given n. But I don't feel like calculating it.:)
Slashdot Mirror
None that I know of. Maybe other sites get good trolls. Slashdot's trolls are exclusively destructive, contributing nothing to the site. We do have helpful users who find bugs and exploits (like 11233) but they're not trolls.
Yup I know, but thanks for the reminder, I'll drop myself a note in sourceforge.
The difficulty there is that domain tags expand text, sometimes by a lot, so the famous 120 char limit is going to start looking a lot smaller if you link to verizonreallyreallyreallysucks.com...
yupyupyup
hm my default posting format seems to be plain old text, that's not what the doctor ordered
(sigh) No.
I didn't go into technical detail in the story because space was limited. But it's interesting how the exploit works, and I figured maybe some enlightened Slashdot reader would write up an insightful comment about it. Never mind, here's what I would have put in the story...
The vulnerability is so serious because most unix operating systems use a special code in their /etc/shadow file to signify "no password should ever match on this account." On my Debian installation, it's an asterisk:
daemon:*:...
bin:*:...
sys:*:...
The problem is that this product actually reads that as if the "*" were the crypt()ed password -- that's its first mistake. Then when it compares the crypt()ed attempt against that field in /etc/shadow, it only compares up to the length of the /etc/shadow field -- that's its second mistake.
Both are colossal errors.
The result is that any password will suffice to log into such accounts, because any password, when crypt()ed with the one- or two-character salt ("*"), will have its first one or two characters match -- and that's as far as the algorithm checks.
The result is that a code intended to mean "no password can ever succeed" ends up meaning "all passwords will always succeed." Truly an amazing oversight.
Jamie McCarthy
Unquestionably true. But, this product appears to only make its source available if you buy the $475 server version. The cheaper workstation version does not come with source. I'm sure too that the licensing terms prohibit free redistribution of the server source, so (unless I'm mistaken) this is not an open source product. It looks like it's closer to what Microsoft calls "Shared Source."
Jamie McCarthy
In this case, the program reads the screen and moves the mouse to click on the proper places. Pretty clever I suppose. But once you get past the fancy I/O code, it's just applying simple formulas to decide what cards to hold. There's nothing "intelligent" about calculating that holding the pair will give an expected return of $0.21, while going for the flush will give an expected return of $0.08.
The only thing about poker vaguely related to "intelligence" is its condensation of the social relationships of zero-sum games into the formal interface of betting. Placing bets is much more amenable to mathematical analysis than the fuzzier stuff we do when we're playing similar zero-sum games, say, negotiating the price for a used car: furrowing our brows, clearing our throats, poking fingers at each other's chests, yelling, pretending to think over an offer, saying "my manager will have to approve this," and so on.
When you simplify the interface between entities to just a few operations (raise, call, fold), suddenly mathematics can play a role.
John von Neumann was one of the first to recognize this, and it was the game of poker that he focused on, in his study of game theory:
Though much more interesting to analyze than, say, blackjack, playing a good game of poker still does not qualify as "artificial intelligence." It's been pretty well analyzed since, if I'm not mistaken, the 1920s:
(Quotes from Prisoner's Dilemma, William Poundstone, 1992, pp. 40, 60-61.)
A program that applies von Neumann's minimax theorem to place poker bets is still just doing simple math. But Apostolik's program -- cool though it is -- doesn't even do that. He hasn't incorporated betting yet. "That would be an interesting thing to play around with," he says. True! But even that still wouldn't be A.I.
Jamie McCarthy
Of course it's a troll. This conspiracy crap is just a bunch of idiots. Don't they have anything better to do?
Sun is ceasing its open-source program, which now turns out to be an experiment. DirecTV is being hacked to possibly allow open content. And for Chrissakes, Microsoft floated a trial balloon about "shared source" and is waiting to see the community's reaction before they decide on the terms of the license.
And what will be the Microserf's report to his boss about Slashdot's reaction? "Boss, we floated the shared-source balloon, and nobody seems to care -- they're awful concerned about a woman named Anne someone who doesn't even seem to exist." "Excellent. Deploy the death ray, oops I mean the we-share-our-source meme."
Open your fucking eyes and look at the big picture. Don't get dragged into this pedantic navel-gazing meta-meta-meta bullshit. Some days I think our readership really has gone to hell. You all suck. Bah.
Jamie McCarthy
Hope.
How often does that happen really? Don't you usually hear something on the radio, or on a friend's stereo, or at a party?
"Discovery" is an interesting word. If you do "discover" a local band at a local venue, you're closer to the source but still are relying on someone else to filter your preferences for you. The booking agent wouldn't have scheduled that band for that night unless s/he thought they were at least some good. You're quite a bit closer to the source, true, but there are still intermediaries between you and the act of creation.
The only way to truly break free from the cycle is to create something yourself.
Jamie McCarthy
You wouldn't have to worry about the opinions of those whose interests aren't at least somewhat in line with your own. Someone who rates Britney highly just wouldn't going to show up on any of my queries (unless I ask for the vector most opposed to my own!).
The database could be used to set up virtual communities, following their own trends -- in effect, groups of people with similar interests as large or as small as their attention span demands. The 150 number was just a guess of a good average size.
Jamie McCarthy
It'd be hard to find a system less open than mp3.com's (unless they've completely changed around in the few months since I've been there). I found a lot of top-40 lists genre-by-genre, and artists recommending other artists, but nothing like the listener-based network that I'm trying to get at.
Plus, it only tracks artists and music who are hosted on mp3.com; it makes you sign in before you can even hear a preview; etc. I have absolutely no objection to helping small-time artists make money, but insular, proprietary systems don't help solve the real problem.
And just because somebody proposes an alternative to the existing commodified culture makes them neither utopian nor socialist. I'm talking about voluntary cooperative efforts leveraged by technology; it's just as doable as, say, Gnutella. Next you'll be telling me the GPL is un-American...
Jamie McCarthy
That was a big factor of course :)
I see it as the difference between democracy and plutocracy. I want to be governed by people who were put in place by democratic votes, not money. I'd like their decisions to be rooted in democratic accountability, not money.
Our government and many others' constantly struggle back and forth on the spectrum between one-person-one-vote and one-dollar-one-vote. I'll do what I can to push it back to the people.
The best politicians are those who serve their country out of love, not money. Same basic idea here. The question is what system can be put in place, not to destroy the capitalist music machine, but to allow some of us to step outside it and have an efficient alternative. Only then will musicians who are in it for love, not money, be able to connect with their audience.
Jamie McCarthy
Not at the time they didn't. This was "within months of the start of the broadcasting boom," circa 1920 or 1921. There were no royalties being paid at the time.
In 1922 the American Society of Composers, Authors and Publishers began contacting radio stations and demanding royalties, under the 1909 copyright law which said they controlled the right to perform works publicly for a profit. As Barnouw writes, "Broadcasters were, at first, incredulous. Could the song writers be serious? Wasn't radio helping to popularize their music?" (p. 119) The broadcasters protested that they were not playing the music for profit, that it was an act of charity (the exact term is "eleemosynary").
In 1923 ASCAP sued WEAF in New York and in August won their case; radio stations were indeed for-profit enterprises. That sparked the creation of the National Association of Broadcasters which eventually hammered out the payment deal you allude to.
But there was no such deal in the early months; records were bought once and played on the air without royalty payment.
You need to read more and assume less :)
Jamie McCarthy
OK, you got me.
The first player piano -- which was, actually, more like a piano player -- was invented in 1825 by a Mr. Courcell, who called it the "Cylindrichord." You actually wheeled it up to a piano and it hit the keys. And a pneumatic device called the "pianista" appeared at the Philadelphia Centennial Exposition in 1876, too.
I didn't count them either because, well, they weren't popular.
Good call on the music box, though.
Jamie McCarthy
Here's their part of the traceroute from the Slashdot submittor from Greece who reported being unable to access www.macromedia.com. This is as reported to me on Friday, after macromedia.com was taken off the RBL:
5 310 ms 311 ms 250 ms oteny-otenet2.ote.otenet.gr [194.153.81.13]
6 311 ms 310 ms 310 ms if-2-0-0.bb3.NewYork.Teleglobe.net [207.45.199.2 25]
7 300 ms 311 ms 310 ms if-3-1.core2.NewYork.Teleglobe.net [207.45.221.9 8]
He also reported that many of his friends in Greece were unable to access the site, writing: "Every person in business (I am web developer/designer) couldn't not see Macromedia server for the past 4 days. They 'see' internet from different ISPs. I am very certain." This meshes with your pointing out that Teleglobe often is the primary access provider for entire countries.
Teleglobe is a licensed subscriber to the RBL, but as for whether they use it to block traffic other than mail, a quick Google search on "teleglobe MAPS RBL" turns up good leads. See e.g. "JANET, Teleglobe and the RBL," in which one of Teleglobe's clients -- itself a well-known internet provider -- explains to its own customers the situation which has been forced upon them:
On another page, they hopefully claim "it is not likely that any valid use of JANET requires access to such networks." Well, maybe that page needs to be updated.
You see why I think this is important?
Jamie McCarthy
I support Peacefire, the EFF, the ACLU, and other online civil-liberties organizations. If you think this makes me unqualified to write about online civil-liberties issues that affect and are affected by these organizations, you need to rethink what "conflict of intrest" [sic] means.
Re your (not very clear) allegation of Media3 moving Peacefire, I addressed this already.
Jamie McCarthy
You completely missed the point. Macromedia's mail server and web server were separate. Their mail server was blocked for alleged spam, OK, fine. But their web server, on a totally different IP number, was deliberately targeted for blocking anyway.
postal.macromedia.com 216.35.148.39
www.macromedia.com 216.35.148.103
Since (presumably) no spam comes from the webserver, the only point of putting it on the RBL is to annoy Macromedia by having the BGP-subscribed backbone providers like Above.net cut off their web traffic.
-1, Redundant :)
The submittor sent that in, I didn't edit it, we generally do very light editing of submissions (grammar and spelling, if anything).
Jamie McCarthy
I did. I saw documentation of one statement of one incident from one person alleging spam from Macromedia. Perhaps there were more somewhere, but I did not see them. I would really like to go back and read exactly what it said, but when I asked MAPS if I could link to it or just read it for myself, they said no.
MAPS removed their documentation from public view when they took the site off the RBL -- and in several communications with them, they made it clear that (although they presumably had this information archived somewhere) they would refuse to let me look at it again.
Correct. This is because Above.net and MAPS were unavailable for, and refused to, respectively, comment.
I am not sure why you say that. Thursday, I checked the RBL and these were the only two IPs that were blocked (I spot-checked up and down from those two to see if others nearby were blocked; nope).
As Bennett Haselton wrote me when I asked him about this:
Jamie McCarthy
Readers said the same thing last December; go check the story MAPS RBL is now Censorware, its updated section, the information about the BGP and so on.
Trust me on this. I read it very carefully in December: some ISPs use the RBL to block all traffic, not just mail. Not all ISPs. But one ISP is enough, if that ISP is a major backbone provider.
Jamie McCarthy
The Slashcode guys would guess that you're alternating between www.slashdot.org and slashdot.org. Stick with just plain slashdot.org. Because of the way the cookie spec was implemented, one cookie cannot cover both IP names; we consider this pretty much a bug, but it's in the spec and there's nothing we (or your browser) can do about it.
Last I heard, someone was going to set up www.slashdot.org so it just did a 301 redirect to slashdot.org, thus avoiding the problem ... apparently not. Hm, slashcode.com is doing that, but not slashdot.org. I'll ask whether someone's going to pick that back up.
If you think the bug is something else besides what I've described here, let me know and I'll see whether it happens on Slash 2.0/2.2 (the only versions being actively developed, though 2.0 will freeze any day now).
Further questions about alleged bugs in Slash should be directed to slashcode.com :)
Jamie McCarthy
That's a local (not remote) root exploit in a not-commonly-installed tool.
That's a remote unprivileged-user (not root) exploit in a not-commonly-installed application.
That's a local (not remote) non-root exploit in a not-commonly-installed application.
That's, um, a DoS against Novell Border Manager.
I know it's fun and easy to bash Slashdot for being anti-Microsoft, especially when we report security news, but we don't ignore open-source problems and we only report vulnerabilities which are of pressing and widespread concern.
Jamie McCarthy
You won't, of course, be able to buy anything. You may, if you're very wealthy, be able to lease a small portion of the spectrum, over which you can transmit a small wattage to a localized area.
Forget about a protected band of public communications being used by hackers or do-gooders to provide a public internet to everyone. Such projects are only possible because the government has set aside those bands for the public good.
If such bands are owned by corporations, which have the choice between selling your entire city wireless internet access on their own terms, and leasing you a bandwidth license so that you can provide the net for free, which do you think they will prefer? How long do you think your lease will last?
And even if you do get a lease, do you honestly think it won't include terms like "lessee agrees that no illegal information shall be transmitted across the leased spectrum, including but not limited to MP3s whose copyright cannot be verified, pirated software, all digitally encoded movies, other intellectual property not owned by the transmittor, nor any decryption programs which are illegal under the DMCA. No access to FreeNet or other encrypted piracy havens shall be allowed, and the license shall be revoked if any unauthorized data transmission is detected."
I mean, we're talking about selling off the internet of the future to companies like Viacom, who owns both MTV and its "competitor" VH1, to Sony and other record labels, to Disney who owns Touchstone, Miramax, and Buena Vista Films. These are the companies that own all the good data. Why would you want to let them set up tollbooths and checkpoints at the on-ramps of the information superhighway?
I'm being silly, of course, because no sane company would lessen its stranglehold of control anyway, unless forced to by the government, but even if they did, do you honestly think that Sony would not bother to park a van outside your home office, monitoring your wireless communications to make sure you aren't trading encrypted MP3s?
Natural monopolies demand regulation.
Jamie McCarthy
But as you can see, they don't really have claws (they seem to have nails, just like we do).
They are the only so-called "great ape" from Asia, living in Borneo and Indonesia. They are endangered (duh) and if clear-cutting continues, you may live longer than this species does.
All about orangutans.
Jamie McCarthy
I wrote:
Typo, for "primes" read "squares." Sigh.
Jamie McCarthy
That doesn't get you any closer to winning the contest or overturning the laws of information theory.
Because squaring it gets you close to n, your variable a will have approximately half the bits of n. But there's no guarantee that b will be smaller than (the other) half of n's size. In fact, with large n, the probability is overwhelming that b will be larger than half n's size, so together a and b will occupy more bits than n.
I just tried this for fun with a 15-digit number I pecked in at random (482837578298375), and got an 8-digit a (21973565) and a 9-digit b (19489150).
Because the gap between primes increases according to a simple formula, there's probably a simple proof of the average size of b, given n. But I don't feel like calculating it. :)
Jamie McCarthy