I'm sure they got a million submissions about this. Why do they insist on picking the worst one?
It's Mozilla 1.7.7, there's nothing new we didn't already knew about. The update has the same security fixes (scroll down) as the new Firefox release, that's all...
Won't putting these people in jail prevent the copyright holders of collecting damages? (Isn't that the point: that they are supposed to be reimbursed for lost money?)
When you're in prison you don't need your house nor your car...
Lets create "Meta Slashdot", a site where we solicit news items. We'll have some real editors that actually weed out the dupes and check the facts. Then we submit the news to Slashdot where Cowboy Neal can rubberstamp it.
With some luck we can even bribe Slashdot's ISP to reroute their mail to us, to make sure all submissions are properly vetted.:)
So, what do you say folks? Instead of this endles bitching about how the Slashdot editors suck, let's get together and do something about it!
Dijjer requires a known "root" node for the p2p network to which clients initially connect. The current client connects by default to a root node run by the makers of Dijjer.
Bittorrent requires someone to run a tracker, Dijjer requires someone to run a root node. I don't see any big breakthroughs here. Dijjer might have a slightly more userfriendly way for the publisher to seed his file but thats about it.
And the obvious statement of the year award goes to:
A Ferrari is a very expensive car. It is not reliable. But I would bet you 1,000-to-1 that if you bought a Honda Civic that that sucker will not break down in the first year of operation.
Ofcourse! A Ferrari is built to squeeze every last bit of performance out of the machinery, sacrificing silly stuff like economy, comfort and reliabiliy.
A Honda Civic is built to be as cheap as possible, but without sacrificing reliability. If repairs ended up costing as much as the car it would be a tough sell.:)
Well, as far as I can tell the specification does not mandate that the security chip verifies the BIOS before the CPU boots.
The PC specific part of the spec does a cop-out and makes it the motherboard manufacturers problem to somehow keep the BIOS and security chip safe from tampering. But ofcourse, the data bus between the BIOS, CPU and security chip must be protected as well, or it's all a moot point.:)
Well, the GRUB thing was just an example. Since the chain starts at the BIOS, so will I.
My hacked BIOS keeps a copy of the hash of the trusted version and sends that to the TPM (or a copy of the entire BIOS in case the TPM wants to do its own hashing).
I don't even have to do all that work in the BIOS, the only thing I need to do is to remove the part that activates the security chip. When my OS is up and running I can run my own utility that starts the chip and feeds it a "fake" boot process with hashes of a trusted BIOS, bootloader and OS.
The point is, as long as TCPA isn't part of the CPU itself, it's hosed. It's not even enough to put the BIOS in an embedded tamperproof ROM on the CPU (a la microcontrollers), as long as the security chip is external I can interfere with the communications and feed it fake data.
This is the thing that I don't get. The supposedly secure boot process seems to be broken from start to finish.
The "trusted" boot functions provide the ability to store in Platform Configuration Registers (PCR), hashes of configuration information throughout the boot sequence. Once booted, data (such as symmetric keys for encrypted files) can be "sealed" under a PCR. The sealed data can only be unsealed if the PCR has the same value as at the time of sealing. Thus, if an attempt is made to boot an alternative system, or a virus has backdoored the operating system, the PCR value will not match, and the unseal will fail, thus protecting the data.
The whitepaper also mentions that in IBMs implementation the chip is connected to the SMbus.
This means that the entire security of the boot process hangs on whatever data the CPU feels like sending to the chip for hashing. I could as well make a patch for GRUB that sends the "secure" version of GRUB down the SMbus and actually executes whatever nastiness I have in store.
In the case of DRM this lets me run whatever OS I want. The only thing I have to do is to feed a copy of whatever OS Hollywood trusts to the chip and voila the chip will say I'm legit and Hollywood will give me access to their movies for me to pirate at my leisure.:)
As I see it, the only way to get this to work for real is if Intel steps up and builds TCPA support into the CPU itself such that the PCR register is continuously updated as each instruction is executed. And all existing external chips have to be blacklisted, ofcourse.
Or does the TCPA system have some other trick up their sleeve that makes this work even though it's implemented externally to the CPU?
Like 90% or so of the modules included with the basic PHP distribution are just wrappers around standard libraries, no code is duplicated nor functionality reinvented. The wrapper is there to make the libraries easy to use.
The 2 libraries you mention happen to be bundled with the distribution for convenience, but you are free to use external versions supplied by your OS installation or perhaps yourself.
What are the odds that Congress will happily enact the necessary law to mandate the broadcast flag if it turns out that the FCC ain't allowed to put it in its regulations?
I dont know what saddens me most, that they have the balls to submit an application for something so old and obvious like per employee pricing, or the fact that it actually has a pretty good chanse of beeing granted...
So whatever happened to Netscape's calendar server?
If I'm not entierly misinformed, it ended up with a company named Steltor who developed it further under the name CorporateTime. A year or two ago they in turn got bought by Oracle and it's now called Oracle Calendar. It's still actively developed.
Well, regarding which one is best, I think FlexWiki wins the/. effect test, showing a 503 Service not available. Compared to Kwiki that doesn't respond at all...:)
The problem is that with the new entities, things can go wrong. They can simply be down (keeping me from sending or receiving e-mail!). Or their security can be compromised.
The bottomline is: this is too complicated.
Or the escrow can become the new VeriSign, charging a truckload of money for a service that costs nothing to provide.
Slashdot Mirror
It's Mozilla 1.7.7, there's nothing new we didn't already knew about. The update has the same security fixes (scroll down) as the new Firefox release, that's all...
/greger
3. Profit!
In Soviet Russia
Imagine a Beowulf cluster...
to all posts.
/greger
When you're in prison you don't need your house nor your car...
/greger
Yea, but it's kinda hard to sell it when you already gave it away for free.
Lets create "Meta Slashdot", a site where we solicit news items. We'll have some real editors that actually weed out the dupes and check the facts. Then we submit the news to Slashdot where Cowboy Neal can rubberstamp it.
With some luck we can even bribe Slashdot's ISP to reroute their mail to us, to make sure all submissions are properly vetted. :)
So, what do you say folks? Instead of this endles bitching about how the Slashdot editors suck, let's get together and do something about it!
/greger
Bittorrent requires someone to run a tracker, Dijjer requires someone to run a root node. I don't see any big breakthroughs here. Dijjer might have a slightly more userfriendly way for the publisher to seed his file but thats about it.
/greger
A Ferrari is a very expensive car. It is not reliable. But I would bet you 1,000-to-1 that if you bought a Honda Civic that that sucker will not break down in the first year of operation.
Ofcourse! A Ferrari is built to squeeze every last bit of performance out of the machinery, sacrificing silly stuff like economy, comfort and reliabiliy.
A Honda Civic is built to be as cheap as possible, but without sacrificing reliability. If repairs ended up costing as much as the car it would be a tough sell. :)
/greger
The PC specific part of the spec does a cop-out and makes it the motherboard manufacturers problem to somehow keep the BIOS and security chip safe from tampering. But ofcourse, the data bus between the BIOS, CPU and security chip must be protected as well, or it's all a moot point. :)
/greger
My hacked BIOS keeps a copy of the hash of the trusted version and sends that to the TPM (or a copy of the entire BIOS in case the TPM wants to do its own hashing).
I don't even have to do all that work in the BIOS, the only thing I need to do is to remove the part that activates the security chip. When my OS is up and running I can run my own utility that starts the chip and feeds it a "fake" boot process with hashes of a trusted BIOS, bootloader and OS.
The point is, as long as TCPA isn't part of the CPU itself, it's hosed. It's not even enough to put the BIOS in an embedded tamperproof ROM on the CPU (a la microcontrollers), as long as the security chip is external I can interfere with the communications and feed it fake data.
/greger
This means that the entire security of the boot process hangs on whatever data the CPU feels like sending to the chip for hashing. I could as well make a patch for GRUB that sends the "secure" version of GRUB down the SMbus and actually executes whatever nastiness I have in store.
In the case of DRM this lets me run whatever OS I want. The only thing I have to do is to feed a copy of whatever OS Hollywood trusts to the chip and voila the chip will say I'm legit and Hollywood will give me access to their movies for me to pirate at my leisure. :)
As I see it, the only way to get this to work for real is if Intel steps up and builds TCPA support into the CPU itself such that the PCR register is continuously updated as each instruction is executed. And all existing external chips have to be blacklisted, ofcourse.
Or does the TCPA system have some other trick up their sleeve that makes this work even though it's implemented externally to the CPU?
/greger
I guess Apple decided to give all those nerds that insist on "upgrading" their Macs with a PC mobo a challenge. :) /greger
Like 90% or so of the modules included with the basic PHP distribution are just wrappers around standard libraries, no code is duplicated nor functionality reinvented. The wrapper is there to make the libraries easy to use.
The 2 libraries you mention happen to be bundled with the distribution for convenience, but you are free to use external versions supplied by your OS installation or perhaps yourself.
/greger
My guess is that someone read that MS patent really carefully and concluded that it only covers horizontal subpixels. :)
The novelty would be that it's implemented in the display driver chip thus I guess it can move any pixel around, not only when rendering fonts.
/greger
/greger
/greger
So whatever happened to Netscape's calendar server?
If I'm not entierly misinformed, it ended up with a company named Steltor who developed it further under the name CorporateTime. A year or two ago they in turn got bought by Oracle and it's now called Oracle Calendar. It's still actively developed.
/greger
/greger
Besides, don't we reboot Windows enough as it is today?
/greger
Bart: How could you Krusty, I'd never lend my name to an inferior product.
Krusty: Oh! They drove a dumptruck full of money up to my house. I'm not made of stone!
/greger
/greger
/greger
Or the escrow can become the new VeriSign, charging a truckload of money for a service that costs nothing to provide.
/greger
/greger
/greger
/greger