for the record, I agree with you. It completely overtakes your system, replacing home pages etc. Even the media has support for causing popups with its 'media browser' or whatever they call it.
They used to also have a screen which allowed you to sign up for newsletters.The first checkboxes would all be clear, but scroll down a bit to the ones hidden and they would all be checked!... Its some of the scummiest software I have ever seen, and unfortuantly there is no other player which plays their media.
that would require a challenge-response type system. Thus, it would have to be a transmitter and reciever with processor etc, rather than just blindly transmitting all the time.
A lot more difficult to develop, a lot less fault tolerant.
I guess it could just digitally sign todays date with a secret key and transmit that or something. However, eventually the key would be leaked or reverse engineered. Basically, if you are going to give the 'key' (the little box which does the transmitting) to anyone, then eventually that key will be figured out. No amount of encryption can avoid that. (Although tamperproof smart card type devices are a good start).
More to the point, what is to stop someone just copy'n'pasting the text into a new message? Or someone reading their email with an older client and forwading on the message?
I would never use it for security, just as a reminder to people that go to do it that they shouldnt be so they think twice. It will never be able to actually stop them (not until tcpa crap is commonplace).
uh huh. And what about those contacts that decide to send you 'greeting cards' or 'send this page to a friend' crap? (otherwise known as email harvesting scams).
What about a web page which you want to publish your contact information? What about mailing lists? Yeah, you could have hundreds of different email addresses which you cut off and add as you see fit, but the overhead, hassles and lost email is more difficult than dealing with the spam. What if you post something to a mailing list, then a year later some guy sees it in an archive and wants to send you an e-mail solving all your problems. He wouldnt be able to. Its surely a great idea to not be 'loose' with your address, but thinking you can completely avoid getting on a spammers list and still use the 'net effectively is a little ambitious.
You could buy a projector or large plasma screen for less money, and it would be roughly the same size. Or, as others suggested, make your own out of 17" LCD screens and a custom frame, would cost a lot less than the 150,000 theyre asking for their top end system.
To run that thing would also put a lot of strain on your system, (large amount of memory to hold all screen resources etc) but I guess you would only use it if you felt you needed it, and then the tradeoff would be worth it.
But yeah, just get a projector or large screen, comes with no stupid borders too.
Only cases that are hard tooled offer the best levels of quality consistency from case to case. This does not mean that cases produced using soft tooling are inferior, but consistent quality is difficult to control with soft tooling; and the additional time and labor that is required to produce quality soft tooled cases means that manufacturers must charge more for cases made with the soft tooling process to cover their production costs
So let me get this straight.. hard tooling is better and costs less, soft tooling is worse and costs more? Hmm... sounds a bit like an ad to me. "Buy hard tooling.. its better and cheaper" just a coincidence this company happens to use hard tooling. There must be some cost benifit to using soft tooling, otherwise no one would do it. "Passing on additional production costs" is bullshit IMHO.
Another problem with BT is it doesn't work through egress firewalls which allow outgoing for the proxy only, and the proxy is configured for port 80 only. This is a very common setup because it is good practice security wise where all that is meant to be allowed is web browsing. For this reason, BT should never be used as the only distribution method when you want people who can only 'browse the net' to be allowed to download.
'clip' is not a program which comes default installed with WinXP. Try it and see.
You must have it installed from somewhere else, or as part of the admin pack or whatever. Its obvioulsy just a program which puts the stdin input into the clipboard, pretty useful, but not included by default.
What everyone else said. Do you seriously hink me having a browse of the code is causing a delay? Fuck.. valve wouldn't even know that I was, and it'd make no difference whether I was or not.
Vavle has to assume that anyone going to abuse the use of the source has got a copy. Whether they do or not, and whether joe sixpack does or not is irrelevant.
The source has been leaked. _that_ is the problem, not me or anyone else having a look. _that_ makes no bloody difference.
Yeah I know its common to have those in "finished" code. There just seemed to be a hell of a lot, with comments like 'TODO: complete re-write of AI code for such and such, at the moment it just walks in circles'.. ie, the TODOs/HACKs seemed to need quite a bit of work. But maybe that code isn't entirely necessary, or is in the newer version, or exists elsewhere. whatever, I think the artwork etc would be more behind than the code anyway.
They will not even need to recode the key auth algo. From the source:// this function exported by cdkey.obj (we don't have the source code)
extern int SimpleCDCheck( const char *cdkey );
This was all commented out so they intended to change it anyway.
They might like to change the server auth code though. Currently it sends an md5 of the key to authenticate. Easy to sniff and abuse - they should be using a challenge response system where the key or usable hash isn't sent over the wire. Then again, security obviously isn't something valve is good for.
They don't even need to recode the cd key verification algo. From the source code:// this function exported by cdkey.obj (we don't have the source code)
extern int SimpleCDCheck( const char *cdkey );
All this code was commented out anyway, so were intending on modifying it anyway.
Although they perhaps might need to recode some of the networking code which sends the md5 of this to servers - this would be easy to sniff and allow people to steal 'keys' (or at least the md5 of them - which is used to auth). They should be using some challenge response instead anyway.
Yes I think this is the case. I have taken a look at the code, and I can say there is a hell of a lot of 'TODO:/BUG:' stuff in there. I'm no expert, but I would say it seemed a long way off being complete. Not to mention all the artwork, levels, scripts etc that may or may not exist in very complete form.
As for ease for creating keygens, take a look at the code - it makes an external reference to a 'cdkeycheck()' function (cdkey.obj) in which there is even comments to the effect that they (valve) don't have the source code. In other words, they have outsourced the key verification algorithm, so it doesn't exist in the source tree. (either is the cdkey.obj file).
Yeah ok, that works for web page authors, so long as they dont want to access remote data (which is quite often)... but what about all those pages out there that don't get changed? I want to be able to hack IE to display them as normal, not expect web page developers to modify their pages. This 'NOEXTERNALDATA' flag tell IE to go looking for remote data in the params and not pass it to the object if it exists - not the 'one byte hack to the client' I was hoping for.
I just hope they "accidently" make it easily hackable. ie, keep all the code for working as normal, but just have a little conditional jump which executes this patent friendly crap code. Thus you can easily restore IE to its 'better' state with a one byte hack, without getting Microsoft into trouble.
Google are aware of this problem and are working on it. I know cause I wrote to them with some example URIs and they replied they are working on some known issues with their servers.
Sounds an awful lot like usermode linux. Get a vesion of the kernel/OS which makes calls to a host virtual machine rather than directly to the hardware for privileged instructions. Everything else can run directly through the CPU without being emulated because it is running in 'usermode' (or ring 1).
No, that would be a bad idea. Spammers use their own blacklists to filter their mailing lists. They don't want to send spam to anti-spam vigilantes or *@ftc.gov etc. They also filter for things like 'nospam' etc and 'wash' their lists as its called.
If they see that e-mail address posted as being for research purposes rather than genuine, you can bet they will add it to their 'wash' list.
I think what he meant was - why is there a worm due for Microsoft Windows because of a recent exploit, but there isn't one due to Linux despite 2 recent exploits?....
It seems to be a buffer overflow, so would be executing native code. Why MS is talking about VBA and programmatic access to address books etc is beyond me. It is a BO executing native x86 code which happens to be possible by embedding a corrupt bit of VBA objects..
After reading through the couple of updates they have, I get the impression that the format is actually a standard used somewhere but these guys just haven't figured out what it is.
They seem to be wasting their time grabbing frames and converting from jpegs etc. They should just try work out what the standard is. Afterall, why would the developers of the VideoNOW spend the time and money developing some new format when there are heaps out there already. They are already using a non-standard CD size to stop people just playing the discs on their own machines, and people wouldn't pay $8 for a few b/w low res cartoons to play on their own machines anyway. - so why use a propriety format?
Yeah... except if it doesn't work. It is after all only in trials, and IMHO likely to fail cause it just isn't ready for the desktop. Then people would look at it and think "well it didn't work there. it won't work here. it will never work anywhere". then it dies.
thats 50 chars folks. which is a bit more than the parent poster would have you believe. Why he does- 'nt just use "HTML Formatted" so that it strips o- ut the unnecessary formatting is beyond me.
Just because you don't use something doesn't mean you dont have to patch it. If its on your machine, someone may be able to abuse it, especially the 'local user can do such and such' bugs (if you let other users use your machine). ie. I dont use MS windows' RPC mechanism... so I guess I dont have to patch for that either..
Slashdot Mirror
for the record, I agree with you. It completely overtakes your system, replacing home pages etc. Even the media has support for causing popups with its 'media browser' or whatever they call it.
They used to also have a screen which allowed you to sign up for newsletters.The first checkboxes would all be clear, but scroll down a bit to the ones hidden and they would all be checked!... Its some of the scummiest software I have ever seen, and unfortuantly there is no other player which plays their media.
that would require a challenge-response type system. Thus, it would have to be a transmitter and reciever with processor etc, rather than just blindly transmitting all the time.
A lot more difficult to develop, a lot less fault tolerant.
I guess it could just digitally sign todays date with a secret key and transmit that or something. However, eventually the key would be leaked or reverse engineered. Basically, if you are going to give the 'key' (the little box which does the transmitting) to anyone, then eventually that key will be figured out. No amount of encryption can avoid that. (Although tamperproof smart card type devices are a good start).
More to the point, what is to stop someone just copy'n'pasting the text into a new message? Or someone reading their email with an older client and forwading on the message?
I would never use it for security, just as a reminder to people that go to do it that they shouldnt be so they think twice. It will never be able to actually stop them (not until tcpa crap is commonplace).
uh huh. And what about those contacts that decide to send you 'greeting cards' or 'send this page to a friend' crap? (otherwise known as email harvesting scams).
What about a web page which you want to publish your contact information? What about mailing lists? Yeah, you could have hundreds of different email addresses which you cut off and add as you see fit, but the overhead, hassles and lost email is more difficult than dealing with the spam. What if you post something to a mailing list, then a year later some guy sees it in an archive and wants to send you an e-mail solving all your problems. He wouldnt be able to. Its surely a great idea to not be 'loose' with your address, but thinking you can completely avoid getting on a spammers list and still use the 'net effectively is a little ambitious.
You could buy a projector or large plasma screen for less money, and it would be roughly the same size. Or, as others suggested, make your own out of 17" LCD screens and a custom frame, would cost a lot less than the 150,000 theyre asking for their top end system.
To run that thing would also put a lot of strain on your system, (large amount of memory to hold all screen resources etc) but I guess you would only use it if you felt you needed it, and then the tradeoff would be worth it.
But yeah, just get a projector or large screen, comes with no stupid borders too.
Only cases that are hard tooled offer the best levels of quality consistency from case to case. This does not mean that cases produced using soft tooling are inferior, but consistent quality is difficult to control with soft tooling; and the additional time and labor that is required to produce quality soft tooled cases means that manufacturers must charge more for cases made with the soft tooling process to cover their production costs
So let me get this straight.. hard tooling is better and costs less, soft tooling is worse and costs more? Hmm... sounds a bit like an ad to me. "Buy hard tooling.. its better and cheaper" just a coincidence this company happens to use hard tooling. There must be some cost benifit to using soft tooling, otherwise no one would do it. "Passing on additional production costs" is bullshit IMHO.
Another problem with BT is it doesn't work through egress firewalls which allow outgoing for the proxy only, and the proxy is configured for port 80 only. This is a very common setup because it is good practice security wise where all that is meant to be allowed is web browsing. For this reason, BT should never be used as the only distribution method when you want people who can only 'browse the net' to be allowed to download.
'clip' is not a program which comes default installed with WinXP. Try it and see.
You must have it installed from somewhere else, or as part of the admin pack or whatever. Its obvioulsy just a program which puts the stdin input into the clipboard, pretty useful, but not included by default.
What everyone else said. Do you seriously hink me having a browse of the code is causing a delay? Fuck.. valve wouldn't even know that I was, and it'd make no difference whether I was or not.
Vavle has to assume that anyone going to abuse the use of the source has got a copy. Whether they do or not, and whether joe sixpack does or not is irrelevant.
The source has been leaked. _that_ is the problem, not me or anyone else having a look. _that_ makes no bloody difference.
Yeah I know its common to have those in "finished" code. There just seemed to be a hell of a lot, with comments like 'TODO: complete re-write of AI code for such and such, at the moment it just walks in circles'.. ie, the TODOs/HACKs seemed to need quite a bit of work. But maybe that code isn't entirely necessary, or is in the newer version, or exists elsewhere. whatever, I think the artwork etc would be more behind than the code anyway.
They will not even need to recode the key auth algo. From the source: // this function exported by cdkey.obj (we don't have the source code)
extern int SimpleCDCheck( const char *cdkey );
This was all commented out so they intended to change it anyway.
They might like to change the server auth code though. Currently it sends an md5 of the key to authenticate. Easy to sniff and abuse - they should be using a challenge response system where the key or usable hash isn't sent over the wire. Then again, security obviously isn't something valve is good for.
They don't even need to recode the cd key verification algo. From the source code: // this function exported by cdkey.obj (we don't have the source code)
extern int SimpleCDCheck( const char *cdkey );
All this code was commented out anyway, so were intending on modifying it anyway.
Although they perhaps might need to recode some of the networking code which sends the md5 of this to servers - this would be easy to sniff and allow people to steal 'keys' (or at least the md5 of them - which is used to auth). They should be using some challenge response instead anyway.
Yes I think this is the case. I have taken a look at the code, and I can say there is a hell of a lot of 'TODO:/BUG:' stuff in there. I'm no expert, but I would say it seemed a long way off being complete. Not to mention all the artwork, levels, scripts etc that may or may not exist in very complete form.
As for ease for creating keygens, take a look at the code - it makes an external reference to a 'cdkeycheck()' function (cdkey.obj) in which there is even comments to the effect that they (valve) don't have the source code. In other words, they have outsourced the key verification algorithm, so it doesn't exist in the source tree. (either is the cdkey.obj file).
Yeah ok, that works for web page authors, so long as they dont want to access remote data (which is quite often)... but what about all those pages out there that don't get changed? I want to be able to hack IE to display them as normal, not expect web page developers to modify their pages. This 'NOEXTERNALDATA' flag tell IE to go looking for remote data in the params and not pass it to the object if it exists - not the 'one byte hack to the client' I was hoping for.
_you_ read my fucking post.
I just hope they "accidently" make it easily hackable. ie, keep all the code for working as normal, but just have a little conditional jump which executes this patent friendly crap code. Thus you can easily restore IE to its 'better' state with a one byte hack, without getting Microsoft into trouble.
Google are aware of this problem and are working on it. I know cause I wrote to them with some example URIs and they replied they are working on some known issues with their servers.
Sounds an awful lot like usermode linux. Get a vesion of the kernel/OS which makes calls to a host virtual machine rather than directly to the hardware for privileged instructions. Everything else can run directly through the CPU without being emulated because it is running in 'usermode' (or ring 1).
No, that would be a bad idea. Spammers use their own blacklists to filter their mailing lists. They don't want to send spam to anti-spam vigilantes or *@ftc.gov etc. They also filter for things like 'nospam' etc and 'wash' their lists as its called.
If they see that e-mail address posted as being for research purposes rather than genuine, you can bet they will add it to their 'wash' list.
I think what he meant was - why is there a worm due for Microsoft Windows because of a recent exploit, but there isn't one due to Linux despite 2 recent exploits?....
RSA and Elliptic Curve wouldn't stand a chance against this unbreakable encryption.
Huh? Are RSA and Elliptic Curve some method for breaking encryption? Yeah I know what he meant, just worded funny.
It seems to be a buffer overflow, so would be executing native code. Why MS is talking about VBA and programmatic access to address books etc is beyond me. It is a BO executing native x86 code which happens to be possible by embedding a corrupt bit of VBA objects..
After reading through the couple of updates they have, I get the impression that the format is actually a standard used somewhere but these guys just haven't figured out what it is.
They seem to be wasting their time grabbing frames and converting from jpegs etc. They should just try work out what the standard is. Afterall, why would the developers of the VideoNOW spend the time and money developing some new format when there are heaps out there already. They are already using a non-standard CD size to stop people just playing the discs on their own machines, and people wouldn't pay $8 for a few b/w low res cartoons to play on their own machines anyway. - so why use a propriety format?
Yeah... except if it doesn't work. It is after all only in trials, and IMHO likely to fail cause it just isn't ready for the desktop. Then people would look at it and think "well it didn't work there. it won't work here. it will never work anywhere". then it dies.
01234567890123456789012345678901234567890123456789
thats 50 chars folks. which is a bit more than the
parent poster would have you believe. Why he does-
'nt just use "HTML Formatted" so that it strips o-
ut the unnecessary formatting is beyond me.
Just because you don't use something doesn't mean you dont have to patch it. If its on your machine, someone may be able to abuse it, especially the 'local user can do such and such' bugs (if you let other users use your machine). ie. I dont use MS windows' RPC mechanism... so I guess I dont have to patch for that either..