"BitTorrent is the name of a peer-to-peer (P2P) file distribution client application and also of a file sharing protocol, both of which were created by programmer Bram Cohen."
Probably said already. If so, its worth repeating.
He hired me to assist in rewriting the software - only catch is, he's stuck on having it re-written in VisualBasic. This scares me, but I honestly can't make a good argument against VB because I'm not familiar enough with it.
Lose the ego, I'd do what your boss tells you to do. Otherwise he'll merely find someone else to do it. Slashdot can't help you here.
DISCLAIMER - I work for a software company that specializes in application security. Just not Fortify.
High-level languages like Java tend to have high-level security weaknesses, just like low-level languages like C/C++ have low-level weaknesses. Especially in web-accessible code (just because it's not an applet doesn't mean it's not web-accessible), there are right ways to do things (such as parameter validation, proper encoding, crypto usage, etc.) that even simple static analysis (or hand-scans, if you're lo-tech) can find.
Companies like Fortify, or Ounce Labs, or SecureSoftware do more than just static analysis of code and can find potential and actual flaws that pen-testing cannot find. When you're dealing with risk management & mitigation, and you have billions of dollars at stake, those potentials need to have dollar figures attached to them just like the actual flaws do. It's all about quantifying the risks of deploying new software.
The article was purposefully mum on the technique these guys are using, so I'll try to elaborate:
We all know that the fab process for turning silicon into chips is *way* too complex to be explained by ordinary science, so the UK researchers instead brought in 7 Christian ministers to sanctify the process. Prior to etching, the wafer (pun intended) is doped with a mixture of holy water & oil. As the etching process takes place, the ministers intone the "Reverent Petition for Holy Quantumness" in quiet solitude, while reflecting on the needs for fast silicon to spread the Good News of our Lord and Savior Jebus Christ, Son of Man.
--- And if I offended you, oh I'm sorry but maybe you needed to be offended. - Muir
Point taken, anonymous coward, but in this particular situation it really isn't all that complex. Sony made its customer base out to be criminals by default. There's no need to use crappy software to hide DRM when there's already an law (in the US, at least) that makes its illegal to knowingly remove/bypass DRM protection.
By virtue of them using crappy software, they showed negligence at a minimum and possibly committed a crime at the maximum.
I think you misunderstood the grandparent poster's intention - it isn't Sony's actions that tread in the grey area, it was the inaction on the part of AV firms due to that grey area.
The point is that our confidence in the basic competency of AV vendors should be decreasing as a result.
"'...which is why we need to continue our carrot and stick approach to the problem of illegal file-sharing,' he [Philips] said."
What carrots? All I see are sticks. Are good file-sharers being rewarded at all? Let's see...
New CD at Best Buy, at a cut-rate price: $12.00
Paying for an entire CD with 15 songs off of iTunes: $14.85, not including the hidden costs of their DRM.
It seems all we're getting are sticks and heavier sticks from the recording industry. Yet they think they're being nice by offering to license music for a more expensive price. Fuck them, I'll save my $15 bucks and download free music off archive.org.
Searched for it in the discussions, but didn't find it mentioned. It's by far the best tabletop game I've ever played.
It's more a game of politics than a war game, but it has its share of war scenarios. The political intrigue of Roman times is well captured, and the battle aspects are a result of political decision making.
A few years ago I worked on a project with Lucent that dealt with an in-memory database system that Bell Labs invented in 1995. It was called DataBlitz and was part of their QTM platform.
I can't find any public technical details, but DataBlitz is mentioned here and here, and I'm sure if anyone wanted they could google it for more. I'm still obligated to keep my mouth shut, though.. let me just say it seemed like a very hokey system that was prone to many problems.
The system requirements for QTM was outrageous.. the smallest machine I worked on was a 4-banger Sun with 32 gigs of RAM.
Slashdot Mirror
"BitTorrent is the name of a peer-to-peer (P2P) file distribution client application and also of a file sharing protocol, both of which were created by programmer Bram Cohen."
http://en.wikipedia.org/wiki/Bittorrent
If so, this is starting to sound more like a victory for my bloody ears.
I think you'd have a hard time finding many
DISCLAIMER - I work for a software company that specializes in application security. Just not Fortify.
High-level languages like Java tend to have high-level security weaknesses, just like low-level languages like C/C++ have low-level weaknesses. Especially in web-accessible code (just because it's not an applet doesn't mean it's not web-accessible), there are right ways to do things (such as parameter validation, proper encoding, crypto usage, etc.) that even simple static analysis (or hand-scans, if you're lo-tech) can find.
Companies like Fortify, or Ounce Labs, or SecureSoftware do more than just static analysis of code and can find potential and actual flaws that pen-testing cannot find. When you're dealing with risk management & mitigation, and you have billions of dollars at stake, those potentials need to have dollar figures attached to them just like the actual flaws do. It's all about quantifying the risks of deploying new software.
The article was purposefully mum on the technique these guys are using, so I'll try to elaborate:
We all know that the fab process for turning silicon into chips is *way* too complex to be explained by ordinary science, so the UK researchers instead brought in 7 Christian ministers to sanctify the process. Prior to etching, the wafer (pun intended) is doped with a mixture of holy water & oil. As the etching process takes place, the ministers intone the "Reverent Petition for Holy Quantumness" in quiet solitude, while reflecting on the needs for fast silicon to spread the Good News of our Lord and Savior Jebus Christ, Son of Man.
---
And if I offended you, oh I'm sorry but maybe you needed to be offended. - Muir
Point taken, anonymous coward, but in this particular situation it really isn't all that complex. Sony made its customer base out to be criminals by default. There's no need to use crappy software to hide DRM when there's already an law (in the US, at least) that makes its illegal to knowingly remove/bypass DRM protection.
By virtue of them using crappy software, they showed negligence at a minimum and possibly committed a crime at the maximum.
Mod parent +1 Funny.
Pshh.. please. Symantec is quite familiar with Win32 kernel programming, trust me.
I think you misunderstood the grandparent poster's intention - it isn't Sony's actions that tread in the grey area, it was the inaction on the part of AV firms due to that grey area.
The point is that our confidence in the basic competency of AV vendors should be decreasing as a result.
Ooops I mean 'Director' and not 'Directory.' Muscle-memory, ya dig?
Does anyone else find it slightly ironic that the last name of a Directory of Marketing is 'Evangelist'?
First off - Graham* in the original post.
... and did a much better job at that.
</reading whitedust article>
Paul Grahm wrote a similar essay almost 2 1/2 years ago. http://www.paulgraham.com/hp.html
D'oh!! forgot about that. Regardless, I'll still save my $15$10 and get DRM-free music.
"'...which is why we need to continue our carrot and stick approach to the problem of illegal file-sharing,' he [Philips] said."
What carrots? All I see are sticks. Are good file-sharers being rewarded at all? Let's see...
New CD at Best Buy, at a cut-rate price: $12.00
Paying for an entire CD with 15 songs off of iTunes: $14.85, not including the hidden costs of their DRM.
It seems all we're getting are sticks and heavier sticks from the recording industry. Yet they think they're being nice by offering to license music for a more expensive price. Fuck them, I'll save my $15 bucks and download free music off archive.org.
If you don't like where your package leaves its config data, build it from source. Don't be lazy.
./configure --help | grep sysconfdir
root@moops:/usr/local/src/php-4.3.3#
--sysconfdir=DIR read-only single-machine data in DIR [PREFIX/etc]
http://members.aol.com/wergames/ahreprom.htm
http://grognard.com/titler.html#r6
Searched for it in the discussions, but didn't find it mentioned. It's by far the best tabletop game I've ever played.
It's more a game of politics than a war game, but it has its share of war scenarios. The political intrigue of Roman times is well captured, and the battle aspects are a result of political decision making.
http://www.ctv.ca/servlet/ArticleNews/story/CTVNew s/1098121671320_93530871/?hub=World
"And in Orange County, voting ground to a halt after the touch-screen voting system crashed for about 10 minutes.
A senior deputy elections supervisor could not explain the brief outage, but speculated a faulty Internet connection may have been to blame."
Yeeeehaw! Let the games begin.
Won't catch all instances. I got this virus in my inbox yesterday, and the attachment was named "test.exe".
>Obviously, no matter who you vote for there will
>be corruption.
Or who you don't vote for. Call me a conspiracy theorist if you will....
A few years ago I worked on a project with Lucent that dealt with an in-memory database system that Bell Labs invented in 1995. It was called DataBlitz and was part of their QTM platform.
.. the smallest machine I worked on was a 4-banger Sun with 32 gigs of RAM.
I can't find any public technical details, but DataBlitz is mentioned here and here, and I'm sure if anyone wanted they could google it for more. I'm still obligated to keep my mouth shut, though.. let me just say it seemed like a very hokey system that was prone to many problems.
The system requirements for QTM was outrageous