Heh, I think the above comment proves some kind of point (although it may not be my own). A big chunk of the comment between angle brackets was chopped out by Slashdot. Why it can't just quote the bracket characters I don't know.
Remember that as with so many security holes, this is first of all a bug, and becomes a vulnerability later.
If when displaying some text you assume that text == HTML and just paste it in, so that/etc/passwd' and how many construct a string to pass to system() with similar vulnerabilities.)
It seems a bit silly to count by the number of domains hosted - this means that domain parking services (as mentioned in the report) inflate the numbers. Would it be possible to have a rough guess at how popular a site is (eg from Google rankings, or from traffic statistics gathered by snooping on traffic crossing some major ISP) and weight the results by that?
The problem is that the activism chosen doesn't necessarily have much to do with GNU-Darwin or free software or programming, and is just a random collection of the author's beliefs and prejudices, jumbled together because if you believe in one you're expected to believe in the others. What does the Iraq war have to do with the GPL or software patents, for example?
Having a political stance is fine, but you need to stay focused on what your real goal is. The FSF is a good example in this regard - they choose their goal (freedom for all computer users, in terms of using, sharing and changing software) and work towards it. Although RMS may talk about stuff on his own time, you don't see the FSF issuing press releases about global warming or saving the giant panda.
But surely whatever tricks Sony is using to keep prices down could also be applied by hardware manufacturers of the Xbox. The fact that the same components used to be PC standard hardware three years ago wouldn't make any difference.
Unless you mean that Sony planned forward, arranging five-year contracts with hardware suppliers to ensure a continued supply of cheap components, while Microsoft didn't and got bitten by obsolence.
Perhaps Microsoft already has a Win2k kernel running on the G5. NT4 was available for PowerPC, that support was dropped, but it wouldn't surprise me if random PowerPC builds of bits of NT/2k were still being produced inside Microsoft.
Time was, when the choice of CPU meant something. If two machines used the same CPU you had a good chance of getting a speedy emulation of one using the other - for example the Mac emulators for the Amiga which were close to 100% compatible. But even though this is a Power-derived processor it doesn't seem likely anyone will be running AIX or Mac OS X on the Xbox2, or the other way round.
As I said in an earlier comment, it's simple to have the file PGP signed by Spamhaus or whoever and then distributed.
You make a good point though - on a system like Freenet designed for anonymity, what's to prevent spamming? (Assuming for a moment that millions of people stupid enough to buy from spammers started using Freenet.)
NB in the above comment I didn't consider deliberately hiding information, for example spelling out a secret message with the first character of each word or encoding a message in the least significant bit of the blue component of each pixel. I meant being safe against accidentally releasing information you didn't intend to, and which is clearly viewable by anyone who knows how the app works. Of course any useful file format can be used with steganography to carry secret messages if you deliberately try to.
I think one can distinguish two kinds of file format. 'Transparent' formats and 'obscure' formats. In a transparent format, what you see is what you get in the true sense of the phrase. For example a text file has no hidden information, the characters are right there and there is no text editor stupid enough to hide some of them by default. LaTeX source is also transparent in practice (even though in principle you could construct a document using bizarre macros to obfuscate the final output - it would at least be clear to the reader of the source that some obfuscation was happening). Bitmap images are also transparent, all they contain is the value of each pixel, which you can see right there on the screen.
Obscure formats are those containing implementation details of the application, such as memory dumps which may contain stale old data (Word documents have been notorious for this in the past, I don't know if the latest format fixes it). And those which allow for hidden information or at least information which is not shown by default. Finally those which are displayed by overlaying one graphic on top of another, as with vector file formats (you could have a hidden message with a white rectange superimposed on it) or this example of PDF with images.
If you're sending out a document that might be sensitive, you'd better make sure to use a transparent format. You could do worse than take a screenshot of your application displaying the document, then you know there are no surprises (even though a bitmap image is a horrible interchange format in many other ways).
It's certainly important from the Library's point of view. (BTW, I didn't say in the above post whether I'd be in favour of or opposed to such a policy.)
What the articles don't make clear is why legislation was needed. If all that will happen is for the British Library to crawl.uk sites, they could do that already.
For print publications it is mandatory to send a copy to the BL. Obviously that would never be workable for websites. But does the law now say that the BL has the right to take copies of what you publish whether you like it or not, as already happens for dead-tree publications?
For example the library might spider even sites with a robots.txt that forbids it, and be protected (in the UK at least) from legal harassment for doing so.
What new powers does this Act give the library that it didn't have before?
I think it means light falling on the screen could power the computer. If you use a laptop outside on a sunny day. Still, a lame 'suggestion', since it's just a wish and not particularly exciting. You can suggest new things to be invented at the halfbakery, but you're supposed to keep away from magic items.
I think the different editing mechanism doesn't have to imply that every document is written by several people. You could have a collection of documents where each is maintained by one person, but they're all grouped together in a single collaborative system because it's just easier that way. Or have documents mostly written by one person with others adding a few tweaks and corrections occasionally.
Even if you are the only author of a document, some groupware system may be easier than traditional web publishing - look at user journals (blogs) on Slashdot.
Yeah your understanding sounds more likely to be correct than mine. (Though it must vary with different filesystems, and the layout on disk doesn't always determine the strategy you must use to write things.) I do recall something about ext3 flushing the journal to disk every five seconds by default, so it's possible that the writing-to-regular-bit-of-disk doesn't get asked for at the time of the original write() call, but by a separate daemon thingy some time later.
I said the slowest that's still widely supported, apart from serial connections. Arcnet is not widely supported these days, if it ever was (how many PCs have an Arcnet adaptor?). OK, the parallel port was something I left out.
And what's the difference between "classic" ethernet and the plain-old-commodity-grade ethernet that runs through cat-5 and 3c905 adapters?
By 'classic' Ethernet I meant 10Mb/s, not Fast Ethernet (100Mb/s) or Gigabit Ethernet or any of the other networking technologies with 'Ethernet' in the name.
Actually I was talking about delays at the MAC level in the Ethernet card itself, so a physical limitation on data transfer no matter how fast the machine. But it's a similar issue.
Hmm, telnet. Clear-text passwords and all that. But it would be insane to try porting ssh to such a machine. So is there any way to get secure remote logins?
Perhaps you could generate a 100-kilobyte file of random data, get a copy of it at either end somehow (does this Atari have disk drives? maybe even put the file on tape heh heh) and use it as a one-time pad for remote connections.
Slashdot Mirror
You can use Hash Cash where the 'payment' is in a small amount of CPU time burned by the sender. So no central authority is needed.
It's November. How can they possibly know what the coolest inventions of 2003 are?
Heh, I think the above comment proves some kind of point (although it may not be my own). A big chunk of the comment between angle brackets was chopped out by Slashdot. Why it can't just quote the bracket characters I don't know.
Remember that as with so many security holes, this is first of all a bug, and becomes a vulnerability later.
/etc/passwd' and how many construct a string to pass to system() with similar vulnerabilities.)
If when displaying some text you assume that text == HTML and just paste it in, so that
It seems a bit silly to count by the number of domains hosted - this means that domain parking services (as mentioned in the report) inflate the numbers. Would it be possible to have a rough guess at how popular a site is (eg from Google rankings, or from traffic statistics gathered by snooping on traffic crossing some major ISP) and weight the results by that?
The problem is that the activism chosen doesn't necessarily have much to do with GNU-Darwin or free software or programming, and is just a random collection of the author's beliefs and prejudices, jumbled together because if you believe in one you're expected to believe in the others. What does the Iraq war have to do with the GPL or software patents, for example?
Having a political stance is fine, but you need to stay focused on what your real goal is. The FSF is a good example in this regard - they choose their goal (freedom for all computer users, in terms of using, sharing and changing software) and work towards it. Although RMS may talk about stuff on his own time, you don't see the FSF issuing press releases about global warming or saving the giant panda.
But surely whatever tricks Sony is using to keep prices down could also be applied by hardware manufacturers of the Xbox. The fact that the same components used to be PC standard hardware three years ago wouldn't make any difference.
Unless you mean that Sony planned forward, arranging five-year contracts with hardware suppliers to ensure a continued supply of cheap components, while Microsoft didn't and got bitten by obsolence.
Perhaps Microsoft already has a Win2k kernel running on the G5. NT4 was available for PowerPC, that support was dropped, but it wouldn't surprise me if random PowerPC builds of bits of NT/2k were still being produced inside Microsoft.
Time was, when the choice of CPU meant something. If two machines used the same CPU you had a good chance of getting a speedy emulation of one using the other - for example the Mac emulators for the Amiga which were close to 100% compatible. But even though this is a Power-derived processor it doesn't seem likely anyone will be running AIX or Mac OS X on the Xbox2, or the other way round.
As I said in an earlier comment, it's simple to have the file PGP signed by Spamhaus or whoever and then distributed.
You make a good point though - on a system like Freenet designed for anonymity, what's to prevent spamming? (Assuming for a moment that millions of people stupid enough to buy from spammers started using Freenet.)
And why 'premiere' and not 'premier'?
Having the list distributed doesn't mean that anyone can start messing around with it: the data file can be PGP signed by Spamhaus, for example.
So how about using Bitkeeper or Freenet or Gnutella to distribute spam blacklists and other information?
NB in the above comment I didn't consider deliberately hiding information, for example spelling out a secret message with the first character of each word or encoding a message in the least significant bit of the blue component of each pixel. I meant being safe against accidentally releasing information you didn't intend to, and which is clearly viewable by anyone who knows how the app works. Of course any useful file format can be used with steganography to carry secret messages if you deliberately try to.
I think one can distinguish two kinds of file format. 'Transparent' formats and 'obscure' formats. In a transparent format, what you see is what you get in the true sense of the phrase. For example a text file has no hidden information, the characters are right there and there is no text editor stupid enough to hide some of them by default. LaTeX source is also transparent in practice (even though in principle you could construct a document using bizarre macros to obfuscate the final output - it would at least be clear to the reader of the source that some obfuscation was happening). Bitmap images are also transparent, all they contain is the value of each pixel, which you can see right there on the screen.
Obscure formats are those containing implementation details of the application, such as memory dumps which may contain stale old data (Word documents have been notorious for this in the past, I don't know if the latest format fixes it). And those which allow for hidden information or at least information which is not shown by default. Finally those which are displayed by overlaying one graphic on top of another, as with vector file formats (you could have a hidden message with a white rectange superimposed on it) or this example of PDF with images.
If you're sending out a document that might be sensitive, you'd better make sure to use a transparent format. You could do worse than take a screenshot of your application displaying the document, then you know there are no surprises (even though a bitmap image is a horrible interchange format in many other ways).
It's certainly important from the Library's point of view. (BTW, I didn't say in the above post whether I'd be in favour of or opposed to such a policy.)
What the articles don't make clear is why legislation was needed. If all that will happen is for the British Library to crawl .uk sites, they could do that already.
For print publications it is mandatory to send a copy to the BL. Obviously that would never be workable for websites. But does the law now say that the BL has the right to take copies of what you publish whether you like it or not, as already happens for dead-tree publications?
For example the library might spider even sites with a robots.txt that forbids it, and be protected (in the UK at least) from legal harassment for doing so.
What new powers does this Act give the library that it didn't have before?
I think it means light falling on the screen could power the computer. If you use a laptop outside on a sunny day. Still, a lame 'suggestion', since it's just a wish and not particularly exciting. You can suggest new things to be invented at the halfbakery, but you're supposed to keep away from magic items.
I think the different editing mechanism doesn't have to imply that every document is written by several people. You could have a collection of documents where each is maintained by one person, but they're all grouped together in a single collaborative system because it's just easier that way. Or have documents mostly written by one person with others adding a few tweaks and corrections occasionally.
Even if you are the only author of a document, some groupware system may be easier than traditional web publishing - look at user journals (blogs) on Slashdot.
Yeah your understanding sounds more likely to be correct than mine. (Though it must vary with different filesystems, and the layout on disk doesn't always determine the strategy you must use to write things.) I do recall something about ext3 flushing the journal to disk every five seconds by default, so it's possible that the writing-to-regular-bit-of-disk doesn't get asked for at the time of the original write() call, but by a separate daemon thingy some time later.
Maybe geeks do lack in economic skills, but the dotcom bust showed that managers, bankers, marketeers and lawyers are equally lacking...
By 'classic' Ethernet I meant 10Mb/s, not Fast Ethernet (100Mb/s) or Gigabit Ethernet or any of the other networking technologies with 'Ethernet' in the name.
Actually I was talking about delays at the MAC level in the Ethernet card itself, so a physical limitation on data transfer no matter how fast the machine. But it's a similar issue.
Hmm, telnet. Clear-text passwords and all that. But it would be insane to try porting ssh to such a machine. So is there any way to get secure remote logins?
Perhaps you could generate a 100-kilobyte file of random data, get a copy of it at either end somehow (does this Atari have disk drives? maybe even put the file on tape heh heh) and use it as a one-time pad for remote connections.