There is an obvious fatal flaw in this new region encoding scheme. The Warner Home Video memo states that:
In simple language, the RCE allows the disc to detect if a hardware player is region specific (as required by the CSS licensing agreement), or if it has been manufactured or altered in the market to be "region free".
The flaw here is that the disc is not capable of actually detecting anything. To detect something, some software is going to have to run on the player. That means that the player is in charge, and can do whatever it wants with the software. Namely, the player could be programmed to simply return whatever return code is neccessary for the DVD's software to continue executing, instead of showing the warning on the screen.
This is a really silly move on the part of Warner. It is going to cost them money to do this. It will certainly also cost them goodwill. It will not be effective. Existing DVD players could be modified to work around this. New DVD players can be designed to work around this. Software which runs on general-purpose computers (e.g. livid) can easily be modified to circumvent this.
I imagine that Warner's software is going to try to detect a multi-region player by presenting itself as two different regions and seeing if the player will play both. The solution is simple and obvious: once the player chooses a region for the DVD, lock that region in and always claim to be a player from that region until another disc is inserted. There isn't any writeable memory on a DVD, so it isn't as if the disc itself can store the region code of the player.
A gift I would really appreciate is nothing. I don't want anyoe I care about to throw money down the drain to get me something I don't need, just because the invented-by-and-for-retailers "gift-giving season" is at hand.
It seems like Compaq has been shipping the ES-40 with 667 MHz EV67 CPUs for ages. Does anyone know how well the ES40 mid-range server would compete with this new 280R? I realize the 280R isn't actually shipping yet, but it boasts almost twice the memory bandwidth of the ES40 (9.6 versus 5.2 GB/s peak). OTOH, the ES40 can take 4 CPUs, 32 DIMMs, 8 disks, and 10 PCI cards. Hmm.
For that matter, when is Compaq's next revision of their mid-range servers supposed to come out. I'd at least like to see them move to the 750 MHz CPUs.
255 characters in a full path is HUGE. For example, I think the deepest part of my filesystem is my mozilla CVS tree. One of the longer pathnames in that tree is:
That is quite a lengthy pathname, but it is still only 128 characters. This CVS tree contains over 45000 files, so paths of this length are long enough to support a large document structure. I can't see how a 255-character path would be limiting in practice.
Re:[a bit OT] Al Gore and the internet
on
A Letter from 2020
·
· Score: 3
Funding a project is not "taking the initiative in creating the Internet." The Internet was created by scientists. They were creative people who invented and developed a fast and scalable system for connecting computers over long and short distances around the world.
Al Gore enthusiastically gave them money. There is a huge difference. He should have said "I took the initiative in spending tax money on the Internet." That would have been 100% accurate. As it stands, his comment makes it sound like the federal funding was the key element. Gore has a habit of making statements that belittle the acheivements of the individual. He believes that the goverment is responsible for the strong economy, low crime, and the Internet. In reality these things are the result of dedicated work by the people of America, and the government is merely the tool of the people.
I'm usre you meant EV-1, not EV-6. The EV-1 is an electric car from GM, the EV6 is a Compaq code name for a line of CPUs and the process on which they are made. Although I'm sure that the Digital engineers briefly considered making the EV6 powered by an on-board internal combustion engine:)
BTW, the EV-1 is a pretty stupid idea. The problem is not that cars burn gasoline, the problem is reliance on the personal automobile in the first place.
This article was a nice way for Bruce to pimp Counterpane's network monitoring service. He uses his stellar reputation to advise people that they need his services. Brilliant.
He's spot on the money of course, but he didn't address an internet company's responsibility to its customers. I believe that if a company with operations on the internet discovers that their system has vulnerabilities, and these vulnerabilities are likely to be exploited, and the exploit would likely cause harm to their customers, then the business must shut down the operation to remove the vulnerability.
Unfortunately, I've never heard of a business actually using this policy. All of them, including banks, brokerages, and the rest, are so greedy that they continue operations even with major vulnerabilites. Worse, they do not tell their customers that the vulnerabilities exist. In fact, they typically have shiny marketingware which extolls the security of their systems. Hackers and crackers are the only people aware of the vulnerabilities in the meantime.
In a system that I am building at work, I am including a "scram" function which provides central control for shutting down all network operations. Hopefully the scram combined with they type of intrusion detection system that Bruce outlines, will help me uphold my responsibility to my cusotmers.
I'll see your HTML and raise you some javascript:) Here's how to convert Netscape's "Search" button into a dialog front-end for google. Simply place this line in your ~/.netscape/preferences.js file:
Put the Kool Aid down and look at reality. AMD has NO market share in the server segment. They make NO server products. Their chipsets were very poor quality as recently as 12 months ago, and the bad reputation is still with them. Also SMP configurations are not available with the AMD CPUs.
I have never seen a rack-mountable server machine which packs AMD processors. I just checked three vendors (Telenet Systems, VA Linux, and Penguin Computing) and none of the are shipping AMD products.
The x86 server market is very much owned by Intel and their 440GX chipset, and Pentium III/Xeon processors.
Closing the source is hardly the solution. The only way to prevent abuse is for the system to require a trusted cryptographic public key for access. Then the people who are initially in control of the system can start signing other keys, and building up a web of trust. They can be extremely liberal about key signing, because the trust can be revoked at any time, or the key can be shitlisted altogether.
It sounds draconian but it is the only way to have an orderly and useful file trading service. Think BBS. When you joined a BBS Back in The Day, you didn't just get full access to everything right away. You got perhaps a few minutes a week with limited downloads and no messaging. Then maybe if you where a good user, you would get chatting priviledges. And after that, perhaps file uploading priviledges. If you were a fuckup, your account was permanently revoked.
Regarding Gnutella's particular scalability problems, I'm afraid there may be no solution aside from a complete redesign.
C'mon siggy use your brain. If a person copies a CD to a hard disk, that is fair use under copyright law. If a business does the same thing in the course of making a bunch of money, that is definitely not fair use.
The only way the my.mp3.com service could be legal would be if it was operated by a not-for-profit entity, and even then, it would be heavily challenged in court.
Not only does KDE support Slackware, their latest beta rlease is available as Slackware packages./sbin/installpkg *.tgz and you're done, no dependency headaches required.
I have some thoughts on the concept of package management, and the implementation of Linux package managers.
Package management has a core problem, and it is that the management system maintains an information database that may or may not reflect reality. RPM, for example, has a database of installed packages. All you need to do is delete a few files, or install something from source, and the package management database is invalid.
Instead, I propose that package management systems should always rely on authoritative information when checking for installed packages. A new package Foo which is to be installed contains a list of dependencies: functions a, b, and c in lib123, and function d in lib456. The package manager checks for these symbols and libraries. If they are not available, the package manager can recursively install these libraries and any packages upon which they depend.
Further, an advanced package manager should keep track of these dependencies and offer to update any packages which might be affected by updating a library. For example, updating Evolution might also update Dia, Gnumeric, and GEdit because the gnome-print which Evolution requires breaks the old API.
Thoughts? Is there a package manager which does these things already?
That isn't a cease and desist letter, it is just a letter from some lawyers. A cease and desist letter would have the words "cease and desist" along with the word "demand" in it somewhere. There would also be a list of causes of action, as well as a date by which you must respond. This letter just looks like an attempt to make a bunch of hackers without lawyers start getting afraid of businessmen with lawyers.
I spend a lot of my time evaluating the security of commercial web sites. Most of them have incredibly bad security. But my observation is that human interactions that do not involve computers have as little or less security as computer transactions.
For example, it is possible to easily execute money transfers and stock trades as someone else at A Large Internet Broker Who Will Remain Unnamed. This sounds bad, and it is bad, but it isn't much worse than the equivalent security at non-Internet banks and brokerages. At my bank, I can execute a money transfer by simply sending a fax with my signature to the bank. Now, any waiter, billing clerk, or grocery checkout monkey to whom I have ever given a check has my account number, the name of my bank, the bank's routing number, and an original of my signature. Photo reproduction is more than good enough for a forged fax, so it would be trivial to walk down to the local copy shop and start faxing money transfers to people's banks.
Credit cards are even worse. You need only possess the physical card, or a reproduction thereof, to use the card fraudulently. The number of register operators who actually check the card signature against positive identification and then note the form and number of the identification is incredibly small. With near-full employment here in the U.S.A., the diligence of the rank register operator has become even worse in recent years. Fraud is trivially perpetrated in real-world banking and retail.
My final example involves my own clients. I am in a line of business that automates business processes in medium and large companies. Invariably, the client wants to ensure that the computer-automated process is totally secure. This is good and I applaud their concern. However, it is funny to note that the manual processes they are replacing haven't the least bit of security at all. Often, the "process" involves one person rubber-stamping a piece of paper and placing it in an open bin on some other person's desk. Yet they insist on impenetrable electronic security.
It's possible that you haven't been looking for jobs lately, or that my experience has been particularly unlucky. When i was looking for work about one month ago, I was presented with multiple egregious Proprietary Information and Inventions Agreements, which were required as a precondition of employment. Among the incredibly overreaching clauses in these agreements were:
Compulsory work for the company after termintaion of employment at a rate fixed in the contract for all time. Very bizarre.
Exclusion of all work outside the company (including book writing, teaching, etc.)
Rights to inventions even if invented entirely on personal time, with personal resources, and in fields not related to the business of the company (which is counter to CA state law)
This is not a simple codification of standard workplace ethics. These restrictions are attempts by the companies to make employees waive fundamental rights. Needless to say, I took my talent to an employer with a reasonable Inventions Agreement.
BTW, I didn't start this thread to defend the Apple guy. Obviously you shouldn't be giving away insider information to the press.
How could I have forgotten to point out that your interpretation of the request BNF is ALSO wrong. A HEAD request cannot be a Simple-Request, it is a Full-Request. The Full request contains a Request-Line and a CRLF, at least. The Request-Line also contains a CRLF, so again the request MUST have two CRLF, and the server MUST wait for both CRLF before responding.
Slashdot Mirror
The flaw here is that the disc is not capable of actually detecting anything. To detect something, some software is going to have to run on the player. That means that the player is in charge, and can do whatever it wants with the software. Namely, the player could be programmed to simply return whatever return code is neccessary for the DVD's software to continue executing, instead of showing the warning on the screen.
This is a really silly move on the part of Warner. It is going to cost them money to do this. It will certainly also cost them goodwill. It will not be effective. Existing DVD players could be modified to work around this. New DVD players can be designed to work around this. Software which runs on general-purpose computers (e.g. livid) can easily be modified to circumvent this.
I imagine that Warner's software is going to try to detect a multi-region player by presenting itself as two different regions and seeing if the player will play both. The solution is simple and obvious: once the player chooses a region for the DVD, lock that region in and always claim to be a player from that region until another disc is inserted. There isn't any writeable memory on a DVD, so it isn't as if the disc itself can store the region code of the player.
I'll be handing out some of these Christmas Gift Exemption Vouchers during the weeks leading up to Buy Nothing Day.
To go straight to the webcast, go here: http://cyber.law.harvard.edu/grou pch at/manual/
Replying to myself, I've got ES40 on the brain, but I guess that the DS20 would have been a more valid comparison.
For that matter, when is Compaq's next revision of their mid-range servers supposed to come out. I'd at least like to see them move to the 750 MHz CPUs.
That is quite a lengthy pathname, but it is still only 128 characters. This CVS tree contains over 45000 files, so paths of this length are long enough to support a large document structure. I can't see how a 255-character path would be limiting in practice.
Al Gore enthusiastically gave them money. There is a huge difference. He should have said "I took the initiative in spending tax money on the Internet." That would have been 100% accurate. As it stands, his comment makes it sound like the federal funding was the key element. Gore has a habit of making statements that belittle the acheivements of the individual. He believes that the goverment is responsible for the strong economy, low crime, and the Internet. In reality these things are the result of dedicated work by the people of America, and the government is merely the tool of the people.
BTW, the EV-1 is a pretty stupid idea. The problem is not that cars burn gasoline, the problem is reliance on the personal automobile in the first place.
man 1 wget
I got 12 in mozilla, but I had to turn all the chrome off and scroll the eleventh frame with the keyboard. 2000x1500 pixel 125 dpi display.
Couldn't you just get as many as you want by cranking up your virtual desktop resolution?
Unfortunately, I've never heard of a business actually using this policy. All of them, including banks, brokerages, and the rest, are so greedy that they continue operations even with major vulnerabilites. Worse, they do not tell their customers that the vulnerabilities exist. In fact, they typically have shiny marketingware which extolls the security of their systems. Hackers and crackers are the only people aware of the vulnerabilities in the meantime.
In a system that I am building at work, I am including a "scram" function which provides central control for shutting down all network operations. Hopefully the scram combined with they type of intrusion detection system that Bruce outlines, will help me uphold my responsibility to my cusotmers.
I'll see your HTML and raise you some javascript :) Here's how to convert Netscape's "Search" button into a dialog front-end for google. Simply place this line in your ~/.netscape/preferences.js file:
i f(term)location.href='http://www.google. com/search?q='+escape(term)+'&num=100&sa=Google+Se arch'");
config("internal_url.net_search.url", "javascript:{void(term=prompt('Searchword:',''))}
I have never seen a rack-mountable server machine which packs AMD processors. I just checked three vendors (Telenet Systems, VA Linux, and Penguin Computing) and none of the are shipping AMD products.
The x86 server market is very much owned by Intel and their 440GX chipset, and Pentium III/Xeon processors.
It sounds draconian but it is the only way to have an orderly and useful file trading service. Think BBS. When you joined a BBS Back in The Day, you didn't just get full access to everything right away. You got perhaps a few minutes a week with limited downloads and no messaging. Then maybe if you where a good user, you would get chatting priviledges. And after that, perhaps file uploading priviledges. If you were a fuckup, your account was permanently revoked.
Regarding Gnutella's particular scalability problems, I'm afraid there may be no solution aside from a complete redesign.
The only way the my.mp3.com service could be legal would be if it was operated by a not-for-profit entity, and even then, it would be heavily challenged in court.
Not only does KDE support Slackware, their latest beta rlease is available as Slackware packages. /sbin/installpkg *.tgz and you're done, no dependency headaches required.
Package management has a core problem, and it is that the management system maintains an information database that may or may not reflect reality. RPM, for example, has a database of installed packages. All you need to do is delete a few files, or install something from source, and the package management database is invalid.
Instead, I propose that package management systems should always rely on authoritative information when checking for installed packages. A new package Foo which is to be installed contains a list of dependencies: functions a, b, and c in lib123, and function d in lib456. The package manager checks for these symbols and libraries. If they are not available, the package manager can recursively install these libraries and any packages upon which they depend.
Further, an advanced package manager should keep track of these dependencies and offer to update any packages which might be affected by updating a library. For example, updating Evolution might also update Dia, Gnumeric, and GEdit because the gnome-print which Evolution requires breaks the old API.
Thoughts? Is there a package manager which does these things already?
IANAL
Heh, it much more embarrassing than that for California. I bought and used a VoiceStream phone that used an identity card in Oklahoma City. In 1997.
Don't hold back, I'm dying to know how it turned out.
For example, it is possible to easily execute money transfers and stock trades as someone else at A Large Internet Broker Who Will Remain Unnamed. This sounds bad, and it is bad, but it isn't much worse than the equivalent security at non-Internet banks and brokerages. At my bank, I can execute a money transfer by simply sending a fax with my signature to the bank. Now, any waiter, billing clerk, or grocery checkout monkey to whom I have ever given a check has my account number, the name of my bank, the bank's routing number, and an original of my signature. Photo reproduction is more than good enough for a forged fax, so it would be trivial to walk down to the local copy shop and start faxing money transfers to people's banks.
Credit cards are even worse. You need only possess the physical card, or a reproduction thereof, to use the card fraudulently. The number of register operators who actually check the card signature against positive identification and then note the form and number of the identification is incredibly small. With near-full employment here in the U.S.A., the diligence of the rank register operator has become even worse in recent years. Fraud is trivially perpetrated in real-world banking and retail.
My final example involves my own clients. I am in a line of business that automates business processes in medium and large companies. Invariably, the client wants to ensure that the computer-automated process is totally secure. This is good and I applaud their concern. However, it is funny to note that the manual processes they are replacing haven't the least bit of security at all. Often, the "process" involves one person rubber-stamping a piece of paper and placing it in an open bin on some other person's desk. Yet they insist on impenetrable electronic security.
ln -s `which strings` /usr/local/bin/word
This is not a simple codification of standard workplace ethics. These restrictions are attempts by the companies to make employees waive fundamental rights. Needless to say, I took my talent to an employer with a reasonable Inventions Agreement.
BTW, I didn't start this thread to defend the Apple guy. Obviously you shouldn't be giving away insider information to the press.
Wrong. It's a bug in IIS, no question.
Whoever taught you to read BNF should be ashamed.