I hate to burst people's bubble, but it doesn't work like this. You can't just copy a DVD by using a DVD-ROM disk. That's because the (fixed) sector that contains the disk keys is pre-burned out on a DVD-ROM.
However, if you use the LIVID code to decrypt the VOB files, and then create an unencrypted DVD-Video disk burned on a DVD-ROM, I believe that will work. So there is something to the the DVD Consortium's claim that the LIVID code could be used for piracy, and you can't just do a bit-for-bit copy to copy DVD's, at least not using commercially available DVD-ROM media.
This doesn't change the fact that the main intended use of LIVID is to view DVD's under Linux, and it so many of the arguments still hold. But let's not say that you can just use a DVD-ROM burnder to pirate DVD's. It's not true; the DVD designers thought about that, and spiked the system to prevent at least trivial copying.
I tried downloading the Opera snapshot, and I wasn't impressed. It puts multiple windows inside a "Desktop" area, perpetuating the Star Office mistake. (I like top-level windows, d*mn it!).
More seriously, it seemed to have fundamental network I/O problems. When I tried to get it to load pages where I knew the web server had no problems, it would more often than not hang, or fail to be able to laod the entire image file correctly. Running netscape in another window simultaneously, I confirmed that netscape had absolutely no problems loading the exact same URL. I was able to duplicate this enough times to be convinced that something was Seriously Wrong.
Cool features like better user control over web page rendering are all very well and good, but if it can't do http well, what's the point?
This is actually not a new idea. In fact, it's come up in converstaions with various folks for over a year by now. It started with some conversations which I had with Jim Gettys, who is widely credited as being the "father" of the X Windows system.
His basic observation was this: Many companies made various improvements to the X code, which they would keep as proprietary and give them a temporary edge in the marketplace. However, since the X code base was continually evolving, over time it became less attractive to maintain, since it would mean that they would have to be continually merging their changes into the evolving code base. Also, typically the advantage in having the proprietary new feature or speed enhancement typically degraded over time, since most companies are quite happy if it takes 18-24 months for their competitor to match a feature in their release.
So sometime later, the companies would very often donate their heretofore proprietary extension to the X consortium, which would then fold it into the public release of X. Jim Gettys' complaint about the GPL is that it by removing this ability for companies to recoup the investment needed to make major developmental improvements to Open Source code bases, companies don't have the incentive do this type of infrastructural improvements to GPL'ed projects.
Anyway, I had written up a more detailed writeup of my ideas, which I called the "Temporary Propietary License". I'd appreciate comments from folks as to what the think. Please note that I am not doctrinaire about licenses. Licenses are tools which software authors use to achieve certain goals, and nothing more. This is just one more tool which might be useful for certain projects.
According to this article in the Boston Globe, a Y2K-related failure happened yesterday when credit card swipe machines in the UK failed, because they tried to look ahead 4 days and when they "compared Dec. 28, 1999 with Jan 1, 2000, they failed to function because they read the date as Jan. 1, 1900". Oops.
Moral of the story? When do the problems actually start happening? They've started happening already. Hopefully most of them will be mostly minor problems, though? (Although if you were a merchant in the UK, what happened yesterday wasn't minor. Some of the merchants are screaming for blood, and are thinking about sueing the bank who made the terminals.)
If you look at the announcement, it states that LinuxOne is reserving 300,000 shares for "employees, fellow open-source developers, and others". Uh, 300,000 shares isn't a lot, folks. When you consider how many shares previous community programs required (far more than that) and that the 300,000 also has to include stock given to employees, this looks like another red flag.
Prediction: They will give a single share to each developer, and offer a "special low price" by which developers can buy 99 more shares at a super-low discounted price of $5/share". If they do something like that, I wonder how many people would be stupid enough to fall for such a trick?:-)
I pulled down the README and was very surprised to find out they're using e2fsrprogs based on version 1.06; that version dates back to October 7, 1996, and there have been a huge number of bug fixes since then, including some that prevent data loss when faced with certain "interesting" kinds of filesystem corruption.
Given that they're using a 2.1 kernel, I don't know why they didn't bother to use a more recent version of e2fsprogs. Hopefully all of the programs are on a romfs, and the only thing on the data disks is data that on a powerhit you can just recover from by running mke2fs on the data partition. (After all, the data is just broadcast TV shows --- it can't be very valuable.:-)
Remember, RHAT is still in their lockout phase. So none of the employees are using RHAT stocks/stock options to raise money for those nice cars. It's likely that they got the $$$ off of other Linux company stocks (Corel, Andover, Applix, etc.)
There is no such thing as "Islamic law". The Holy Koran is not a law book. The thing that's being called "Islamic law" by non-secular Islamic countries (Saudi Arabia, Afghanistan, Iran) is a merely a bunch of terrible laws, conjured by some mullahs based on their false interpretation of Koran.
That's actually not so. Muslims believes that the Qur'an provides answers to all questions. Most Muslims (with the exception of the Shi'ites) believe that God doesn't give any man or human institution the absolute authority to interpret the Qur'an. Each individual believer is supposed to do that for themselves.
However, in a Muslim community, there are codified rules. The first Muslim commmunity relied on Muhammad for guidance. After he died, though, Muslim scholars spent several centuruies researching his life and his sayings in order to come up with the Sunna. (The Muslim tradition of scholarly research comes from this very intensive historical research into Muhammad's life.)
By the eleventh century, Muslim scholars had finished identifying and codifying the Sunna of the Prophet, and then mined the Sunna and the Qur'an to develope the Shari'a, which was a consensus opinion what one must do or not do in order to live in accordance with God's will.
All Muslims --- Sunnite and Shi'ite --- recognize the Qur'an and the Sunna. 85% of the Muslims on earth recognize the Shari'a as authoratative, and it is this code which is known as "Islamic Law" to most Westerners. These people are called Sunni, or "people of the Sunna". Shi'ite Muslims recognize an additional source of authority in addition to the Sunna, so their Shari'a code isn't exactly the same. But, there is such a thing as a code for individuals and societies to follow, the Shari'a, which is generally accepted and recognized by most Muslims in the world.
Secular Muslim societies may choose not to use the Shari'a as the base of their legal framework, but that doesn't change the fact that such a base exists. Devout Muslims in secular socities will still recognize the Shari'a and consider themselves bound by the requirements the Shari'a places on individuals, even if they are living in a society which doesn't adhere to the Shari'a's communal rules.
Yes, there will always be some societies where the rich and the powerful find ways to bend the rules. A devout Roman Catholic can recognize that some of the Popes in the past lead decadant lives, yet not lose faith in what a good pope can do for his followers. A patriotic American can still believe that the U.S. from of government is a good one, even despite the actions of a single president renting out the Lincoln bedroom. Just because some Muslim societies have had abuses doesn't mean that all of "Islamic Law" is bad.
A lot of the protesters have been really upset about the some of the problems of the WTO. It may be dominated by the goals of the corporations, but this is true of most governments as well. The WTO is simply a larger-scale version of what happens in Washington, D.C.
I also have to wonder how many of the protesters who decry the "incrasing corporatism" aren't aware of how many benefits they get from the same corporations which they are attacking. This is more than asking how many protestors were wearing Nike shoes; did they drive to Seattle? Where did all of the gasoline come from; can they really say that they aren't part of our car-centric culture? Did they fly? Who made the airplane they flew in on? From how many countries did parts for that airplane come from?
This is a complicated issue, and it seems to me that many of the protesters weren't necessarily presenting a very thoughtful dissent to what the WTO is trying to do.
The site specified above has been slashdotted, so I can't read the page cited by the Slashdot Story, but I suspect this story originated from a claim that Bill Simpson made to the IPSEC working group mailing list two weeks ago (on Thursday, November 18th at 13:37:46 -0500), where he claimed that he obtained his FBI records through a FOIA request, and that he was under investigation during the years 1991, 1992, and 1993. As far as I know, I've heard of no claims that he is currently under investigation, and I suspect that the Slashdot posting may be somewhat confused.
Back in 1991, the FBI was still probably not clear on the concept that they would be laughed out of court if they tried to interfere with international standards bodies such as the IETF --- the U.S. Government has recognized the IETF as an international standards body. Some of the quotes from the FOIA'ed file make it clear that this was the focus of their investigation:
"(blacked out)stated that he believes the PPP is legal technology. However, if the government is attempting to restrict the dissemination of authentication protocols, he believes it is too late. It is like locking the barn after the horse has escaped (per (balcked out)).... (more blacked out stuff).... In summary, (blacked out) does not believe Simpson has engaged in breaking United States export laws regarding the export of cryptographic devices or is interested in violating such laws at the behest of a foreign power."
I very much doubt that the FBI would be wasting time with such investigations today, and certainly I would doubt that any such case would be allowed come to court --- if they tried, you can be sure that there would be plenty of support from the net, and there's a very good chance they would lose the case. Much of the current force of the export control regulations come from Fear, Uncertainty, and Doubt. If they let a case come to trial, there's a very good chance they could lose on first amendment grounds, and that's the last thing they would want.
The US government bent AT&T to their will. Why should Intel stand where the communications giant couldn't?
Yes, but look how well the clipper phone sold; it was a commercial disaster. Companies take note of such things.
Secondly, I don't think AT&T was special in any way; the government had been planning and developing the Clipper chip long before AT&T tried to get export approval for their phone (which was originally going to use DES). The government probably pursuaded AT&T that they would be able to export the phone with the Clipper chip, and that was how they pursuaded some overly naive AT&T executives. Intel doesn't have the same motivation to gimmick their P3 RNG.
According to some reports I've seen, the random number generator in the Pentium III may be flawed generating numbers that appear random, but aren't.
Even if the P3's random number generator (RNG) is flawed, it still can be useful as an input of entropy into Linux's/dev/random driver. The way the/dev/random driver works is that there's a pool of entropy, into which inputs are mixed. The more stuff you mix in, the harder it is to predict what's in the entropy pool. If you mix in something completely predictable --- say, all zeros, or all ones, at worse it just doesn't add any entropy to the pool. If there's any amount of unpredictability in the P3's RNG, though, it can be a useful addition to the linux/dev/random Driver.
It's most likely that the P3 RNG is flawed in some way, so that its output is baised one way or the other. The simplest kind of bias is one where the 60% of the bits are ones, but there are more complicated kind of biases. For example, there might be a 60Hz component in the output, that would be noticeable if you ran a FFT over it. But the wonderful thing about the way the/dev/random driver works is this doesn't really matter, since the outputs of the P3 RNG is only going to get mixed into the entropy pool. The only question is how much entropy "credit" to give when you mix inputs from the P3. If you're really paranoid, you can mix in 0 bits of credit, in which case you're no worse off than if you weren't using the P3, and possibly better off.
The worst case scenario is one where Intel has completely lied, and is using (for example) the P3 serial number plus the time as a seed into some fixed function, and the RNG isn't really an RNG at all, but a total trapdoor to allow the NSA to guess session keys easily. I find this hard to believe, though, for two reasons. First, it would imply that Intel was really deeply enmeshed into the NSA and/or the FBI, and while some conspiracy theorists might believe that, I have trouble believing it. Secondly, Intel has far too much to lose. If they did something like this, the chances that the secret would eventually leak is just far too high (in fact, almost a certaininty) and once it did, Intel would never be trusted again. I don't believe that Intel would ever be quite that stupid, the mistakes the DVD consortium made notwithstanding.
It's an interesting line of thought to travel, especially when you compare the IPO millionaires open source has created at places like Red Hat to the vow of poverty that's both expected and respected in the academic community.
Cough.... if you really think this is true, you haven't spent *any* time in an academic community. Professors have consulting gigs, and start companies to commercialize their ideas just as much as in the Open Source community. In fact, I would say it's much more common for Professors to do so; there's certainly many more worked examples of such.
Exhibit one: RSA DSI, was formed by MIT professors to commercialize the RSA public key algorithm, and it has been argued that it has done more to stop the usage of RSA than any government ban on encryption export could have ever done....
I've had some contacts within SAP, and their engineers have been playing with Linux for a long time; though for a long time (at least several years!) it was unofficial and against Management's wishes. For example, for a long time it was a Deep, Dark Secret that they had ported the the SAPGUI to Linux. And I had gotten back channel tips that the original application server benchmarks they ran on Linux didn't do that well because of how they used mmap's weren't well optimized for Linux. This got fed back to the linux-kernel list without my telling folks it was SAP asking for the speedups. (I think I said it was a for a large financial company.)
I recently purchased a $300 eMachines computer, and that was such a mistake..... within two months, the power supply died, and they use a non-standard (small) form-factor power supply. Of course, they don't sell parts.
Your only choice is to pay $89.95 to get the three year extended service warranty, *plus* an additional $50 to get a replacement machine shipped to you. Of course, this ends up being a substantial fraction of a cost of the machine to begin with. The original intent was to buy a cheap, trashy machine for those times when I absolutely had to run Windows applications. I didn't realize how trashy machine I had purchased, although I suppose the $299 price should have been a tipoff.
Slashdot Mirror
I hate to burst people's bubble, but it doesn't work like this. You can't just copy a DVD by using a DVD-ROM disk. That's because the (fixed) sector that contains the disk keys is pre-burned out on a DVD-ROM.
However, if you use the LIVID code to decrypt the VOB files, and then create an unencrypted DVD-Video disk burned on a DVD-ROM, I believe that will work. So there is something to the the DVD Consortium's claim that the LIVID code could be used for piracy, and you can't just do a bit-for-bit copy to copy DVD's, at least not using commercially available DVD-ROM media.
This doesn't change the fact that the main intended use of LIVID is to view DVD's under Linux, and it so many of the arguments still hold. But let's not say that you can just use a DVD-ROM burnder to pirate DVD's. It's not true; the DVD designers thought about that, and spiked the system to prevent at least trivial copying.
I tried downloading the Opera snapshot, and I wasn't impressed. It puts multiple windows inside a "Desktop" area, perpetuating the Star Office mistake. (I like top-level windows, d*mn it!).
More seriously, it seemed to have fundamental network I/O problems. When I tried to get it to load pages where I knew the web server had no problems, it would more often than not hang, or fail to be able to laod the entire image file correctly. Running netscape in another window simultaneously, I confirmed that netscape had absolutely no problems loading the exact same URL. I was able to duplicate this enough times to be convinced that something was Seriously Wrong.
Cool features like better user control over web page rendering are all very well and good, but if it can't do http well, what's the point?
This is actually not a new idea. In fact, it's come up in converstaions with various folks for over a year by now. It started with some conversations which I had with Jim Gettys, who is widely credited as being the "father" of the X Windows system.
His basic observation was this: Many companies made various improvements to the X code, which they would keep as proprietary and give them a temporary edge in the marketplace. However, since the X code base was continually evolving, over time it became less attractive to maintain, since it would mean that they would have to be continually merging their changes into the evolving code base. Also, typically the advantage in having the proprietary new feature or speed enhancement typically degraded over time, since most companies are quite happy if it takes 18-24 months for their competitor to match a feature in their release.
So sometime later, the companies would very often donate their heretofore proprietary extension to the X consortium, which would then fold it into the public release of X. Jim Gettys' complaint about the GPL is that it by removing this ability for companies to recoup the investment needed to make major developmental improvements to Open Source code bases, companies don't have the incentive do this type of infrastructural improvements to GPL'ed projects.
Anyway, I had written up a more detailed writeup of my ideas, which I called the "Temporary Propietary License". I'd appreciate comments from folks as to what the think. Please note that I am not doctrinaire about licenses. Licenses are tools which software authors use to achieve certain goals, and nothing more. This is just one more tool which might be useful for certain projects.
According to this article in the Boston Globe, a Y2K-related failure happened yesterday when credit card swipe machines in the UK failed, because they tried to look ahead 4 days and when they "compared Dec. 28, 1999 with Jan 1, 2000, they failed to function because they read the date as Jan. 1, 1900". Oops.
Moral of the story? When do the problems actually start happening? They've started happening already. Hopefully most of them will be mostly minor problems, though? (Although if you were a merchant in the UK, what happened yesterday wasn't minor. Some of the merchants are screaming for blood, and are thinking about sueing the bank who made the terminals.)
If you look at the announcement, it states that LinuxOne is reserving 300,000 shares for "employees, fellow open-source developers, and others". Uh, 300,000 shares isn't a lot, folks. When you consider how many shares previous community programs required (far more than that) and that the 300,000 also has to include stock given to employees, this looks like another red flag.
Prediction: They will give a single share to each developer, and offer a "special low price" by which developers can buy 99 more shares at a super-low discounted price of $5/share". If they do something like that, I wonder how many people would be stupid enough to fall for such a trick? :-)
I pulled down the README and was very surprised to find out they're using e2fsrprogs based on version 1.06; that version dates back to October 7, 1996, and there have been a huge number of bug fixes since then, including some that prevent data loss when faced with certain "interesting" kinds of filesystem corruption.
Given that they're using a 2.1 kernel, I don't know why they didn't bother to use a more recent version of e2fsprogs. Hopefully all of the programs are on a romfs, and the only thing on the data disks is data that on a powerhit you can just recover from by running mke2fs on the data partition. (After all, the data is just broadcast TV shows --- it can't be very valuable. :-)
Remember, RHAT is still in their lockout phase. So none of the employees are using RHAT stocks/stock options to raise money for those nice cars. It's likely that they got the $$$ off of other Linux company stocks (Corel, Andover, Applix, etc.)
That's actually not so. Muslims believes that the Qur'an provides answers to all questions. Most Muslims (with the exception of the Shi'ites) believe that God doesn't give any man or human institution the absolute authority to interpret the Qur'an. Each individual believer is supposed to do that for themselves.
However, in a Muslim community, there are codified rules. The first Muslim commmunity relied on Muhammad for guidance. After he died, though, Muslim scholars spent several centuruies researching his life and his sayings in order to come up with the Sunna. (The Muslim tradition of scholarly research comes from this very intensive historical research into Muhammad's life.)
By the eleventh century, Muslim scholars had finished identifying and codifying the Sunna of the Prophet, and then mined the Sunna and the Qur'an to develope the Shari'a, which was a consensus opinion what one must do or not do in order to live in accordance with God's will.
All Muslims --- Sunnite and Shi'ite --- recognize the Qur'an and the Sunna. 85% of the Muslims on earth recognize the Shari'a as authoratative, and it is this code which is known as "Islamic Law" to most Westerners. These people are called Sunni, or "people of the Sunna". Shi'ite Muslims recognize an additional source of authority in addition to the Sunna, so their Shari'a code isn't exactly the same. But, there is such a thing as a code for individuals and societies to follow, the Shari'a, which is generally accepted and recognized by most Muslims in the world.
Secular Muslim societies may choose not to use the Shari'a as the base of their legal framework, but that doesn't change the fact that such a base exists. Devout Muslims in secular socities will still recognize the Shari'a and consider themselves bound by the requirements the Shari'a places on individuals, even if they are living in a society which doesn't adhere to the Shari'a's communal rules.
Yes, there will always be some societies where the rich and the powerful find ways to bend the rules. A devout Roman Catholic can recognize that some of the Popes in the past lead decadant lives, yet not lose faith in what a good pope can do for his followers. A patriotic American can still believe that the U.S. from of government is a good one, even despite the actions of a single president renting out the Lincoln bedroom. Just because some Muslim societies have had abuses doesn't mean that all of "Islamic Law" is bad.
A lot of the protesters have been really upset about the some of the problems of the WTO. It may be dominated by the goals of the corporations, but this is true of most governments as well. The WTO is simply a larger-scale version of what happens in Washington, D.C.
I also have to wonder how many of the protesters who decry the "incrasing corporatism" aren't aware of how many benefits they get from the same corporations which they are attacking. This is more than asking how many protestors were wearing Nike shoes; did they drive to Seattle? Where did all of the gasoline come from; can they really say that they aren't part of our car-centric culture? Did they fly? Who made the airplane they flew in on? From how many countries did parts for that airplane come from?
This is a complicated issue, and it seems to me that many of the protesters weren't necessarily presenting a very thoughtful dissent to what the WTO is trying to do.
Back in 1991, the FBI was still probably not clear on the concept that they would be laughed out of court if they tried to interfere with international standards bodies such as the IETF --- the U.S. Government has recognized the IETF as an international standards body. Some of the quotes from the FOIA'ed file make it clear that this was the focus of their investigation:
"(blacked out)stated that he believes the PPP is legal technology. However, if the government is attempting to restrict the dissemination of authentication protocols, he believes it is too late. It is like locking the barn after the horse has escaped (per (balcked out)).... (more blacked out stuff) .... In summary, (blacked out) does not believe Simpson has engaged in breaking United States export laws regarding the export of cryptographic devices or is interested in violating such laws at the behest of a foreign power."
I very much doubt that the FBI would be wasting time with such investigations today, and certainly I would doubt that any such case would be allowed come to court --- if they tried, you can be sure that there would be plenty of support from the net, and there's a very good chance they would lose the case. Much of the current force of the export control regulations come from Fear, Uncertainty, and Doubt. If they let a case come to trial, there's a very good chance they could lose on first amendment grounds, and that's the last thing they would want.
Yes, but look how well the clipper phone sold; it was a commercial disaster. Companies take note of such things.
Secondly, I don't think AT&T was special in any way; the government had been planning and developing the Clipper chip long before AT&T tried to get export approval for their phone (which was originally going to use DES). The government probably pursuaded AT&T that they would be able to export the phone with the Clipper chip, and that was how they pursuaded some overly naive AT&T executives. Intel doesn't have the same motivation to gimmick their P3 RNG.
Even if the P3's random number generator (RNG) is flawed, it still can be useful as an input of entropy into Linux's /dev/random driver. The way the /dev/random driver works is that there's a pool of entropy, into which inputs are mixed. The more stuff you mix in, the harder it is to predict what's in the entropy pool. If you mix in something completely predictable --- say, all zeros, or all ones, at worse it just doesn't add any entropy to the pool. If there's any amount of unpredictability in the P3's RNG, though, it can be a useful addition to the linux /dev/random Driver.
It's most likely that the P3 RNG is flawed in some way, so that its output is baised one way or the other. The simplest kind of bias is one where the 60% of the bits are ones, but there are more complicated kind of biases. For example, there might be a 60Hz component in the output, that would be noticeable if you ran a FFT over it. But the wonderful thing about the way the /dev/random driver works is this doesn't really matter, since the outputs of the P3 RNG is only going to get mixed into the entropy pool. The only question is how much entropy "credit" to give when you mix inputs from the P3. If you're really paranoid, you can mix in 0 bits of credit, in which case you're no worse off than if you weren't using the P3, and possibly better off.
The worst case scenario is one where Intel has completely lied, and is using (for example) the P3 serial number plus the time as a seed into some fixed function, and the RNG isn't really an RNG at all, but a total trapdoor to allow the NSA to guess session keys easily. I find this hard to believe, though, for two reasons. First, it would imply that Intel was really deeply enmeshed into the NSA and/or the FBI, and while some conspiracy theorists might believe that, I have trouble believing it. Secondly, Intel has far too much to lose. If they did something like this, the chances that the secret would eventually leak is just far too high (in fact, almost a certaininty) and once it did, Intel would never be trusted again. I don't believe that Intel would ever be quite that stupid, the mistakes the DVD consortium made notwithstanding.
Cough.... if you really think this is true, you haven't spent *any* time in an academic community. Professors have consulting gigs, and start companies to commercialize their ideas just as much as in the Open Source community. In fact, I would say it's much more common for Professors to do so; there's certainly many more worked examples of such.
Exhibit one: RSA DSI, was formed by MIT professors to commercialize the RSA public key algorithm, and it has been argued that it has done more to stop the usage of RSA than any government ban on encryption export could have ever done....
I've had some contacts within SAP, and their engineers have been playing with Linux for a long time; though for a long time (at least several years!) it was unofficial and against Management's wishes. For example, for a long time it was a Deep, Dark Secret that they had ported the the SAPGUI to Linux. And I had gotten back channel tips that the original application server benchmarks they ran on Linux didn't do that well because of how they used mmap's weren't well optimized for Linux. This got fed back to the linux-kernel list without my telling folks it was SAP asking for the speedups. (I think I said it was a for a large financial company.)
Your only choice is to pay $89.95 to get the three year extended service warranty, *plus* an additional $50 to get a replacement machine shipped to you. Of course, this ends up being a substantial fraction of a cost of the machine to begin with. The original intent was to buy a cheap, trashy machine for those times when I absolutely had to run Windows applications. I didn't realize how trashy machine I had purchased, although I suppose the $299 price should have been a tipoff.