Actually, your link says "The bomb tore out a two square foot portion of the cabin floor, revealing the cargo hold underneath, but the fuselage of the plane stayed intact." However, the article does speculate that it might have blown a hole in the fuselage if it had exploded in a different way.
She was _on_stage_ with CNet and an audience at a press conference/interview. There's no reasonable grounds for her to expect any sort of privacy in this context.
True, but the perpetrators violated her reasonable expectation not to be attacked by flying penises in that context. I think this case is just silly, but the issue does come up with regard to more serious crimes. If a criminal films the rape of his victims, should newscasts be allowed to show it? Should pornographers be allowed to compile DVDs of such videos and sell them? If US soldiers strip and humiliate Iraqi detainees and take pictures/videos, should those be disseminated? Should they be edited to hide the genitals or maybe the faces?
I'm not arguing either way here, just noting similar (but obviously much more extreme) examples.
Google asked The Associated Press not to publish the property's address, although it can easily be found on the Internet using the company's search engine.
But I have been Googling for the last half hour to no avail. It's not that I care so much for the exact address as much as I'm offended that some AP reporter is apparently a better Googler than me:). Can any of the Google hot-shots here find it?
Picture McBride behind the wheel of a minivan, flying down a drag strip as fast as 6 cylinders can take it on a collision course with a main battle tank. The SCO van has lights flashing, sirens blaring, mimes doing handstands on the roof, and maybe a little T&A out the sunroof. Oh, and it's full of lawyers.
The tank isn't doing much of anything, really.
Now, what we're all wondering... Is Darl McBride just some crazy lunatic powering his shitbox down the road and maybe planning on turning at the last minute, or does he really have something in that minivan that can take out a tank. And if he does, when is he gonna whip it out? Will the tank bring around the main gun and blast him, or will it just use the machine gun? How many lawyers are killed? Mimes? Will the minivan turn into a DeLorean at the very last second and blast a trail through time?!?
I don't know about you, but the suspense is killing me.
No, I there isn't any known way to distinguish/dev/random output from/dev/urandom output. It's not like/dev/urandom uses a silly pseudo-random algorithm like rand(). It uses the same strong cryptographic-hashing-based techniques as/dev/random, but it doesn't require as much input to the entropy pool. You still can't crack it or distinguish it from/dev/random output unless you have every bit of state that has gone into the pool (interrupt timing, etc.) since the box was booted. And if you are in a position know that,/dev/random isn't any more secure.
their product page proclaims it as "the world's first PCI Express graphics card with open-source display drivers for Linux and other Unix-like operating systems".
Dual digital flat panel support up to 1280 x 1024 resolution per display
Sorry, but 1280x1024 doesn't cut it any more (and I'm not going analog). Sadly, all of their products that I looked at seem to have this limitation (unless you go dual-dvi -- and then you lose dual-headed operation).
It is worth mentioning (since the reviewer didn't) that the book is available free online in HTML format. Start with the table of contents. He also sells (erm, "licenses") PDFs for $35, though I'd rather buy the book itself for $50 at Amazon. The HTML version has those annoying fake-link ads that pop up sundry advertisements when you mouse over them, but I still commend him for posting the book. I have bookmarked it for future reference, and I'll likely buy the book if it proves more useful than the RFCs next time I need it.
Believe it or not, it gets even worse if you read on! He changes tone from gangsta' to haXX0r:
Thanks to our fully 1337 h4X0r developer, you can sign up for alerts proper. Check out the Tools section up at top right in the swanky new box he's built with his zeros and ones.
I hate it when/. posts blatant product advertisements as stories. This story was submitted by "Carbolic", whose given URL (mouse-over his name) is Wifi-toys.com. He talks about a wifi-toys.com story (in the third person), and links to the "kit from bluedriving.com". The small print on that page notes that Bluedriving.com is a member site of wifi-toys.com . The $99 "kit" linked to is just a $45 Linksys adaptor and a CD of freeware and drivers (you'd be better off downloading the newest versions from the net). A fool and his money are soon parted, I guess. This is the second time this week that Carbolic has posted a story linking to his site.
I won't fault Carbolic for pimping his site, particularly since he isn't hiding his affiliation. But the/. editors should filter this spam out.
Open Source developers don't generally need this product.
Your press release states that you "will charge $250 to individual
Linux developers". So you admit that you are charging hundreds of
dollars for something unnecessary? If I wanted to waste money, I
could pay $699 to SCO instead.
Are you actually offering this insurance yet? It sounds like you
have not even found a reinsurer after spending months trying. Even if
I wanted this insurance, I would be a fool to
pay premiums before you have any sort of financial backing.
I have great respect for Bruce and Pamela, but frankly this reeks
of opportunism and greed. OSRM will only be able to sell this product
by scaring companies into thinking it is necessary. How will that
possibly help Open Source? The venture capitalist who started this
organization (Daniel Egger) has already begin spreading FUD. Just a
few days ago he completely mischaracterized the DaimlerChristler suit.
The OSRM web site has been cleaned up after intense criticism, but
still says things like "organizations gaging the risks of Open Source
software face a vacuum of clear information." On the contrary, I know
of hundreds of highly convincing paper from lawyers like Eben Moglen
dismissing the SCO claims.
Because your business is to scare people into buying insurance, you
neglect to mention the millions of dollars in defense money already
available free from the OSDN. There is also the million dollar Redhat
Open Source Now fund. And don't forget vendor indemnification freely
available for customers of Redhat, HP, Novell, etc. You do mention
vendor indemnification on the OSRM site, but only to attack it as
inferior to your insurance.
The OSRM page states that "OSRM has generated the widespread
support of Open Source leaders," but the only ones I have seen
supporting it are on the OSRM payroll. Without the credibility of PJ
and BP, this project would be universally ridiculed. Egger made a
good decision in paying you off (I'm sorry that sounds harsh, but we
all know he hired you two for your credibility in the open source
world).
You are a smart guy and have studied this more than I have. So
perhaps you can enlighten me as to why I should consider this a good thing. Or
maybe you are just trying to cash out on the current Linux FUD. That
isn't illegal, but please don't cast it as doing us a favor.
They bounce back ALL mail to addresses that don't exist, and if some spammer users YOUR domain or YOUR email address, you get all the bounces. They also don't respond when you try to get them to stop.
Anyway, the whole post sounds like an advertisement. Hope/. got comensated.
The last/. article on Huminity was also a thinly disguised ad (called Huminity "the technology of the year"). Too bad/. editors don't do a better job vetting submissions for this commercial crap. Bootstrapping start-ups is an interesting topic though, IMHO.
> Look at the size of the file. It cannot be
> the whole kernel source, only patches.
Who modded this insightful? That file SCO is distributiong (linux-2.4.13-21S.src.rpm)
most certainly is the Linux kernel. Note that the size is 26,701,141 bytes, which is only slightly more than the 23,111,925 of the official linux-2.4.13.tar.bz2 from ftp.kernel.org. It is outrageous that SCO is still distributing this under the GPL while claiming it is illegal for others to use and distribute.
Not only does Larry threaten to change the protocol willy-nilly and implement digital signatures in an attempt to prevent interoperability with free software, but he also claims that writing a free interoperable client is a violation of the license agreement. What a jerk! Read about it in his own words.
> this just seems like a way to jab at SCO for something completely not on topic.
Chill out. They are probably getting flooded with submissions about
the SCO conference call, which is the first "news" out of SCO since
the Japan Trip (I don't think their ballyhooed July 9 conference call
ever happened). But SCO announcing a Monday conference call is
certainly not worth its own story, and there is no point waiting until
the next Slashback. So Timothy stuck it in a mildly-related story to
stop the submissions and so that people who are interested in
the SCO case can follow the link and investigate/comment. Sounds
reasonable.
Before you go through all the effort of implementing Google Adsense
on your site, take a look through their pages and calculate how much
revenue it will bring in. Having trouble? That is because Google
refuses to disclose the formula they use to pay webmasters, or even
all the factors involved! You run the ads on your site, and THEN they
decide how much to pay you based on whatever secret formula they are
using that day. How arrogant can they get? Now I am a big Google
fan, but I am not going to put up with this! It would be like taking
a job at a store that refuses to tell you how your commission is
calculated. Google should tell us the payout ratios BEFORE we
implement their system and we should be notified when the formula
changes.
Sure, some of your friends may be doing reasonably well now.
Perhaps Google has goosed the system during this initial rollout
period so that pay is decent. But what do you think will happen to
pay rates once they reach critical mass? If your payment is down one
month, how will you know whether it is a normal clickthrough
fluctuation that could go back next month, or whether Google has
changed the rules? You won't know!
Note that Adsense has garnered many
other complaints as well. I would recommend boycotting this
service until Google is honest enough to detail the revenue share
arrangement.
Here is an idea: do a search on keywords that relate to your site
and note who is advertising. Send them a mail offering 50% off Google
rates if they wish to advertise on your site. That is probably a far
higher percentage than Google pays you, and it puts you back in
control over your web site earnings. And then let Google know about it by sending email to adsense-support@google.com . I am not trying to screw Google here - I just believe that need to be more open about the process. Refusing to tell webmasters how their pay is calculated in exploitative and reeks of arrogance.
The TCP initial sequence numbers were not intended as a
security mechanism. Even back then they wouldn't have been dumb
enough to use a 32-bit number for security. You mention "randomly
generated" numbers as is they were part of the spec, but the word "random" doesn't
even appear in the RFC. No stacks (AFAIK)
randomized these numbers back then. They used the trivially
predictable 64K rule as these numbers were intended for
reliability not security.
It is true that this reliability feature makes spoofing slightly more difficult, and that many stacks have been enhanced (mostly in the last 5 years) to make these numbers less predictable. But to call this "the fundamental security mechanism for
TCP" and declare this as challenge-response prior art from 1981 is
misleading.
All that being said, I wholeheartedly agree that this patent is
bogus and that you are right to be looking for any creative examples
of prior art you can find! But this just does not cut it.
Anyone who believes the Intuit PR downplaying the problem need only read the 391 overwhelmingly negative reviews at Amazon to determine that this is a serious problem that severely affects people. I am certainly changing to TaxCut this year! I feel that this review by Kent Stanton sums these issues up well:
here's a lot of hype going around about the copy protection scheme in Turbotax. Much of it is overblown. But even ignoring the hype, Intuit has blown it big time.
The copy protection scheme used by Intuit is invasive. It works by installing and running an unwanted program on your computer. This program runs 100% of the time. You can't turn it off, and you can't uninstall it even when you remove turbotax. (Intuit has recently release a separate uninstaller for the copy protection scheme, but first you have to download it, and many people are saying that it doesn't work).
Intuit is punishing/annoying/infuriating it's paying customers to stop a few thieves. The vast majority of Turbotax customers are honest, and they want one just thing from TT. A safe reliable way to do their taxes. It doesn't make sense to use pirated tax software to save 30 bucks.
The Intuit customer support deptartment is so overwhelmed by all the problems this has caused that you should expect a 30-60 minutes wait to talk to anyone at Intuit about anything. This includes activating your product if you can't do it on-line. But don't take my word for it, try to call them.
But here's the killer: If every software vendor decides to try something like this, we'll end up needing a separate computer for every program. The c-dilla software used by intuit has a well-earned reputation for being unstable. How well will your computer work in the future when there are 20 different competing copy protection services running on it.
I buy Turbo Tax "Premier Home & Business" every year, so I picked it up in early January when it hit the shelves. Fortunately, I have not yet risked my system by installing it -- I plan to try Tax Cut instead. But I certainly don't want Intuit keeping my $68 after this outrage! So I read the box, and noted this text on the lower-left back corner:
"60-Day Money-Back Guarantee: Try TurboTax software. If you're not satisfied, return it within 60 days of purchase with your dated receipt for a full refund."
So even those of you who already opened the box are covered! I
recommend returning this nonsense at the first opportunity. If the salesman gives you any flack, just point them at this text on the box.
The undocumented VMWare I/O
port communication mechanism can also be (and is) used to determine whether
an application is running under VMWare. The relatively simple code to
implement this was posted
to the Honeypots security list.
> hourly rate. Could FSF use this sum to hire dedicated
> programmer, to do some coding?
The FSF doesn't actually hire many programmers, as they have
been so successful in recruiting volunteers. I found this
quote interesting from the Kapor
article/. just posted:
"Compare Kapor's effort, for example, to the Free Software
Foundation, a Cambridge-based nonprofit that led the design
of the free GNU operating system. The foundation, which now
expends more energy fighting legal battles in defense of
free software than creating it, has an annual operating
budget of about $625,000, compared to $2 million to $2.5
million for OSAF."
I am very surprised that they do so much with so
little. With a $625K operating budget, even small donations
can be a big help. But if "all" you want to contribute is your programming talent, that is still a generous gift!
One must always be careful in praising vaporware, but the prototypes
on the OSAF web
site sure look impressive. I am particularly glad they place
such a strong emphasis on security!
That is an even better reason than MS-loathing to urge
Outlook users to switch. OSAF will do the Internet a great
service if Vista can cut down the number of Outlook viruses flooding
my emailbox every day!
> [the] best way to support FSF is to donate code not money.
Those options aren't exclusive. After all, programmers are
among the biggest beneficiaries of the "free software"
concept, as we are the ones who can actually read, learn
from, and modify the code ourselves. Other people can hire
programmers to modify free software, but we benefit there
too. And what profession gets the most use out of FSF tools
such as Emacs, GCC, etc? For me, GPL programming and
donating to the FSF is just like being an EFF activist
and financial supporter. After all, the FSF and EFF
always value volunteers, but they also have very real
administrative costs such as office space, legal fees,
travel, promotional items, etc. If programmers don't donate
to the FSF, what profession do you think will?
Slashdot Mirror
Actually, your link says "The bomb tore out a two square foot portion of the cabin floor, revealing the cargo hold underneath, but the fuselage of the plane stayed intact." However, the article does speculate that it might have blown a hole in the fuselage if it had exploded in a different way.
True, but the perpetrators violated her reasonable expectation not to be attacked by flying penises in that context. I think this case is just silly, but the issue does come up with regard to more serious crimes. If a criminal films the rape of his victims, should newscasts be allowed to show it? Should pornographers be allowed to compile DVDs of such videos and sell them? If US soldiers strip and humiliate Iraqi detainees and take pictures/videos, should those be disseminated? Should they be edited to hide the genitals or maybe the faces?
I'm not arguing either way here, just noting similar (but obviously much more extreme) examples.
The original AP story (which includes a picture) noted:
But I have been Googling for the last half hour to no avail. It's not that I care so much for the exact address as much as I'm offended that some AP reporter is apparently a better Googler than me :). Can any of the Google hot-shots here find it?
This reminds me of one of my favorite SCO analogies:
Picture McBride behind the wheel of a minivan, flying down a drag strip as fast as 6 cylinders can take it on a collision course with a main battle tank. The SCO van has lights flashing, sirens blaring, mimes doing handstands on the roof, and maybe a little T&A out the sunroof. Oh, and it's full of lawyers.
The tank isn't doing much of anything, really.
Now, what we're all wondering... Is Darl McBride just some crazy lunatic powering his shitbox down the road and maybe planning on turning at the last minute, or does he really have something in that minivan that can take out a tank. And if he does, when is he gonna whip it out? Will the tank bring around the main gun and blast him, or will it just use the machine gun? How many lawyers are killed? Mimes? Will the minivan turn into a DeLorean at the very last second and blast a trail through time?!?
I don't know about you, but the suspense is killing me.
No, I there isn't any known way to distinguish /dev/random output from /dev/urandom output. It's not like /dev/urandom uses a silly pseudo-random algorithm like rand(). It uses the same strong cryptographic-hashing-based techniques as /dev/random, but it doesn't require as much input to the entropy pool. You still can't crack it or distinguish it from /dev/random output unless you have every bit of state that has gone into the pool (interrupt timing, etc.) since the box was booted. And if you are in a position know that, /dev/random isn't any more secure.
Sounds awesome! Until I read on the G550 PCIe product page:
Sorry, but 1280x1024 doesn't cut it any more (and I'm not going analog). Sadly, all of their products that I looked at seem to have this limitation (unless you go dual-dvi -- and then you lose dual-headed operation).
It is worth mentioning (since the reviewer didn't) that the book is available free online in HTML format. Start with the table of contents. He also sells (erm, "licenses") PDFs for $35, though I'd rather buy the book itself for $50 at Amazon. The HTML version has those annoying fake-link ads that pop up sundry advertisements when you mouse over them, but I still commend him for posting the book. I have bookmarked it for future reference, and I'll likely buy the book if it proves more useful than the RFCs next time I need it.
Pl33z3, sH00t m3 n0w!
I won't fault Carbolic for pimping his site, particularly since he isn't hiding his affiliation. But the /. editors should filter this spam out.
Your press release states that you "will charge $250 to individual Linux developers". So you admit that you are charging hundreds of dollars for something unnecessary? If I wanted to waste money, I could pay $699 to SCO instead.
Are you actually offering this insurance yet? It sounds like you have not even found a reinsurer after spending months trying. Even if I wanted this insurance, I would be a fool to pay premiums before you have any sort of financial backing.
I have great respect for Bruce and Pamela, but frankly this reeks of opportunism and greed. OSRM will only be able to sell this product by scaring companies into thinking it is necessary. How will that possibly help Open Source? The venture capitalist who started this organization (Daniel Egger) has already begin spreading FUD. Just a few days ago he completely mischaracterized the DaimlerChristler suit. The OSRM web site has been cleaned up after intense criticism, but still says things like "organizations gaging the risks of Open Source software face a vacuum of clear information." On the contrary, I know of hundreds of highly convincing paper from lawyers like Eben Moglen dismissing the SCO claims.
Because your business is to scare people into buying insurance, you neglect to mention the millions of dollars in defense money already available free from the OSDN. There is also the million dollar Redhat Open Source Now fund. And don't forget vendor indemnification freely available for customers of Redhat, HP, Novell, etc. You do mention vendor indemnification on the OSRM site, but only to attack it as inferior to your insurance.
The OSRM page states that "OSRM has generated the widespread support of Open Source leaders," but the only ones I have seen supporting it are on the OSRM payroll. Without the credibility of PJ and BP, this project would be universally ridiculed. Egger made a good decision in paying you off (I'm sorry that sounds harsh, but we all know he hired you two for your credibility in the open source world).
You are a smart guy and have studied this more than I have. So perhaps you can enlighten me as to why I should consider this a good thing. Or maybe you are just trying to cash out on the current Linux FUD. That isn't illegal, but please don't cast it as doing us a favor.
From my ~/.procmailrc :
* ^From:
The last /. article on Huminity was also a thinly disguised ad (called Huminity "the technology of the year"). Too bad /. editors don't do a better job vetting submissions for this commercial crap. Bootstrapping start-ups is an interesting topic though, IMHO.
But "GNU's Not Unix".
> the whole kernel source, only patches.
Who modded this insightful? That file SCO is distributiong (linux-2.4.13-21S.src.rpm) most certainly is the Linux kernel. Note that the size is 26,701,141 bytes, which is only slightly more than the 23,111,925 of the official linux-2.4.13.tar.bz2 from ftp.kernel.org. It is outrageous that SCO is still distributing this under the GPL while claiming it is illegal for others to use and distribute.
Not only does Larry threaten to change the protocol willy-nilly and implement digital signatures in an attempt to prevent interoperability with free software, but he also claims that writing a free interoperable client is a violation of the license agreement. What a jerk! Read about it in his own words.
Chill out. They are probably getting flooded with submissions about the SCO conference call, which is the first "news" out of SCO since the Japan Trip (I don't think their ballyhooed July 9 conference call ever happened). But SCO announcing a Monday conference call is certainly not worth its own story, and there is no point waiting until the next Slashback. So Timothy stuck it in a mildly-related story to stop the submissions and so that people who are interested in the SCO case can follow the link and investigate/comment. Sounds reasonable.
Before you go through all the effort of implementing Google Adsense on your site, take a look through their pages and calculate how much revenue it will bring in. Having trouble? That is because Google refuses to disclose the formula they use to pay webmasters, or even all the factors involved! You run the ads on your site, and THEN they decide how much to pay you based on whatever secret formula they are using that day. How arrogant can they get? Now I am a big Google fan, but I am not going to put up with this! It would be like taking a job at a store that refuses to tell you how your commission is calculated. Google should tell us the payout ratios BEFORE we implement their system and we should be notified when the formula changes.
Sure, some of your friends may be doing reasonably well now. Perhaps Google has goosed the system during this initial rollout period so that pay is decent. But what do you think will happen to pay rates once they reach critical mass? If your payment is down one month, how will you know whether it is a normal clickthrough fluctuation that could go back next month, or whether Google has changed the rules? You won't know!
Note that Adsense has garnered many other complaints as well. I would recommend boycotting this service until Google is honest enough to detail the revenue share arrangement.
Here is an idea: do a search on keywords that relate to your site and note who is advertising. Send them a mail offering 50% off Google rates if they wish to advertise on your site. That is probably a far higher percentage than Google pays you, and it puts you back in control over your web site earnings. And then let Google know about it by sending email to adsense-support@google.com . I am not trying to screw Google here - I just believe that need to be more open about the process. Refusing to tell webmasters how their pay is calculated in exploitative and reeks of arrogance.
The TCP initial sequence numbers were not intended as a security mechanism. Even back then they wouldn't have been dumb enough to use a 32-bit number for security. You mention "randomly generated" numbers as is they were part of the spec, but the word "random" doesn't even appear in the RFC. No stacks (AFAIK) randomized these numbers back then. They used the trivially predictable 64K rule as these numbers were intended for reliability not security.
It is true that this reliability feature makes spoofing slightly more difficult, and that many stacks have been enhanced (mostly in the last 5 years) to make these numbers less predictable. But to call this "the fundamental security mechanism for TCP" and declare this as challenge-response prior art from 1981 is misleading.
All that being said, I wholeheartedly agree that this patent is bogus and that you are right to be looking for any creative examples of prior art you can find! But this just does not cut it.
here's a lot of hype going around about the copy protection scheme in Turbotax. Much of it is overblown. But even ignoring the hype, Intuit has blown it big time.
"60-Day Money-Back Guarantee: Try TurboTax software. If you're not satisfied, return it within 60 days of purchase with your dated receipt for a full refund."
So even those of you who already opened the box are covered! I recommend returning this nonsense at the first opportunity. If the salesman gives you any flack, just point them at this text on the box.
The undocumented VMWare I/O port communication mechanism can also be (and is) used to determine whether an application is running under VMWare. The relatively simple code to implement this was posted to the Honeypots security list.
> programmer, to do some coding?
The FSF doesn't actually hire many programmers, as they have been so successful in recruiting volunteers. I found this quote interesting from the Kapor article /. just posted:
"Compare Kapor's effort, for example, to the Free Software Foundation, a Cambridge-based nonprofit that led the design of the free GNU operating system. The foundation, which now expends more energy fighting legal battles in defense of free software than creating it, has an annual operating budget of about $625,000, compared to $2 million to $2.5 million for OSAF."
I am very surprised that they do so much with so little. With a $625K operating budget, even small donations can be a big help. But if "all" you want to contribute is your programming talent, that is still a generous gift!
One must always be careful in praising vaporware, but the prototypes on the OSAF web site sure look impressive. I am particularly glad they place such a strong emphasis on security! That is an even better reason than MS-loathing to urge Outlook users to switch. OSAF will do the Internet a great service if Vista can cut down the number of Outlook viruses flooding my emailbox every day!
> [the] best way to support FSF is to donate code not money.
Those options aren't exclusive. After all, programmers are among the biggest beneficiaries of the "free software" concept, as we are the ones who can actually read, learn from, and modify the code ourselves. Other people can hire programmers to modify free software, but we benefit there too. And what profession gets the most use out of FSF tools such as Emacs, GCC, etc? For me, GPL programming and donating to the FSF is just like being an EFF activist and financial supporter. After all, the FSF and EFF always value volunteers, but they also have very real administrative costs such as office space, legal fees, travel, promotional items, etc. If programmers don't donate to the FSF, what profession do you think will?