SCNF typically operates TGV North line (Paris-Lille) [1] with two connected single-deck TGVs, to double capacity. As the limiting operational factor is the distance between trains, the more passengers the better.
Anyway, I have got to believe that the two locomotives of each halves are running, hence there should be traction from the middle of the train.
[1] not always, and probably not only on that one, but that's the one I know:)
Even if DNSSEC ever gets widespread usage, they only get the ability to spoof every other domain in the world. Right. First, maybe some non-US ISPs could keep their own hard-coded copies of public keys for relevant non-US TLDs, so the US cannot spoof them.
But in practice, the trust level in DNS is low anyway. It's as bad as the ability to emit any spoof Verisign server x509 certificate (which the US might quite possibly do as well, but nobody will discuss this).
IPv6 includes private provider-independant addressing too, in two different flavor: the old obsoleted on which is very much like a v6-ified RFC-1918, and the shiny new one which also facilitates merging two private networks (what do you do if you must merge two companies both using 10.0.0.0/8 ??) by using pseudo-random prefixes.
If you want to remain ISP-independant, you could use private IPv6 addresses internally, in parallel with public (changing) addresses for outgoing traffic.
I've heard UPnP implementations were not so consistent among the various vendors, resulting in huge headaches for any app vendor considering its use.
Also, in many case, UPnP is not enabled by default, unlike Joes computer configuration (which runs XP, or maybe 9x or Mac OS X), you can't make a step-by-step guide on how to enable it because they are so many different vendors.
Finally, many NAT boxes simply don't support UPnP. Or they might be multiple layers of NAT, UPnP is not really meant for (e.g. someone plugs it's Wireless-NAT access point behind its embedded switch-DSL-NAT-router).
The author notes the FBI is not concerned with GPL license violations because it does not reach a treshold of lost money...
So what if a GPL'd software author put a big notice on his/her website that reads something like This software can be licensed under MIT-like software license in exchange for the payment of [put twice the FBI treshold here] ?
Granted it's not 50 Euros, it's about 50 FF (monetary unit change fooled me), precisely 6.20 Euros for a >20 g warranted shipment with receive ack (the only kind of shipment you'd seriously use for legal stuff).
It might be neglectible for a company, but nevertheless it very much breaks the idea of open-source. It's definetely, not DFSG-compliant, not GPl-compliant, and I believe not even OSI-compliant.
It is neither free as in beer, as you've got to pay the letter with receival acknowledgement (which IIRC would cost me about 50 euros from my home to Redmond), nor free as in speech as the patent license cannot be sublicensed, meaning those you give/sell/rent your licensed software to cannot give/sell/rent it to anyone else (which is why it is not GPL-compatible).
A really freely license would be one like that Red Hat automatically grants (in RH's particular case, to GPL'd software).
Indeed, from Microsoft, "open and available for royalty-free licensing" typically means you can get a non-sublicensable license by sending them a letter. That's how it works for their network protocols stuff.
Non-sublicensable meaning that it's not GPL2-compliant.
Re:Weren't they aware of this during implementatio
on
VLC & European Patents
·
· Score: 1
You don't "care" about the law or the patents, beyond the danger they pose to your personal freedom and finances. I may give a mugger my wallet, but only because he has a gun, not because I consider him in the right.
Well, yes. The point is, said danger is likely to become much much bigger with the EU software patentability directive, as we're based in Europe.
You use phrases such as "official and liable structure" and "official VLC releases", knowing perfectly well that, although you have a damn fine core app, 90% of its actual usefulness comes from third-party developers supporting various patented formats and that no one actually runs just your official builds, but rather, ones that support things like DTS, MPEG4, and the like.
Unfortunately, that's well how it may end up. At the very moment, the only extension that I do honestly know exists, and that is not in the official builds is DTS decoding. And I don't know anyone providing DTS-enabled builds, except Linux distributions - which always provide their own build of software anyway.
If that becomes so, there are reasons to believe however that the overall popularity of open-source software among average users will fade compared with proprietary, patent-licensed software.
(Actually, I'd add we don't include emule partial file stuff either, but that's not for legal reasons)
Re:Weren't they aware of this during implementatio
on
VLC & European Patents
·
· Score: 2, Informative
Many people believe that open-source developpers should not, and actually don't care about patents. That is not entirely true.
Software like VLC and MPlayer know perfectly well that they violate a countless number of patents,
I'm currently one of the members of the VideoLAN project (that is, the official and liable structure, not the developper's community). And I've had a 4 hours long meeting with my engineering school lawyer regarding the DTS Inc. vs ECP IP issue over the publication of libdca by the VideoLAN project.
DTS Inc. holds a patent in Europe on that. It is no secret that, for now, official VLC releases no longer support DTS sound decompression.
It is true that VLC violates many many patents that are valid in the United States. It is no wonder why we have no download mirrors in the United States. We did have offers, but we denied them for fear that the people hosting the mirrors might get themselves into trouble.
and the authors just don't care (and if you really think they all live in Europe, I'd like you to show me "Connecticut" on a map of Europe).
We DO care. It doesn't mean we make sure not to infringe any patents, but we still do care, because we have had problems, and we expect to have a lot more if the EU directive is passed.
Who knows, we might have to remove MPEG2, MPEG4, H264, etc etc. Who would want a VLC media player that can only read Vorbis and Theora ? (that's not to say these codecs aren't good)
The original aim of the VideoLAN project was to stream TV channels over IP. It turns out all digital TV channels use MPEG2 (or more recently MPEG4 or H264). We couldn't even access these...
Any legit project that makes use of their source code needs their head checked, but projects like VLC don't care about infringement. And users thereof don't, either.
Whether we care or not, we have been a target, and we are much weaker than big companies to defend ourselves. We'd be fools not to care.
Actually, Windows's DNS client was showed to be very insecure in last Phrack release and probably various other places, so you don't even need to be in the middle to attack. Nevertheless, as you say, I don't expect Windows or any other OS to work fine without its DNS client.
To disable the DNS client service, Microsoft would have to make it an on-demand library, per application, as it is on Linux. But they'll lose most of the DNS cache feature.
Yes I too found it quite of an anti-Microsoft-biased overstatement to note that DNS client should be disabled by default.
And concerning the fact that the firewall doesn't do egress filtering, it is not entirely true:
Back in April, at Microsoft "Security conferences" in Paris, the employee who presented SP2 explained, that while he add no official answer to why the new firewall didn't really support egress filtering, it might well be that Microsoft did not want to the firewall market (yet?).
Slashdot Mirror
SCNF typically operates TGV North line (Paris-Lille) [1] with two connected single-deck TGVs, to double capacity. As the limiting operational factor is the distance between trains, the more passengers the better. Anyway, I have got to believe that the two locomotives of each halves are running, hence there should be traction from the middle of the train. [1] not always, and probably not only on that one, but that's the one I know :)
Even if DNSSEC ever gets widespread usage, they only get the ability to spoof every other domain in the world. Right. First, maybe some non-US ISPs could keep their own hard-coded copies of public keys for relevant non-US TLDs, so the US cannot spoof them. But in practice, the trust level in DNS is low anyway. It's as bad as the ability to emit any spoof Verisign server x509 certificate (which the US might quite possibly do as well, but nobody will discuss this).
Indeend, RFC3363 specifies AAAA should be used. RFC3364 explains why AAAA is preferred over A6.
IPv6 includes private provider-independant addressing too, in two different flavor: the old obsoleted on which is very much like a v6-ified RFC-1918, and the shiny new one which also facilitates merging two private networks (what do you do if you must merge two companies both using 10.0.0.0/8 ??) by using pseudo-random prefixes. If you want to remain ISP-independant, you could use private IPv6 addresses internally, in parallel with public (changing) addresses for outgoing traffic.
I've heard UPnP implementations were not so consistent among the various vendors, resulting in huge headaches for any app vendor considering its use. Also, in many case, UPnP is not enabled by default, unlike Joes computer configuration (which runs XP, or maybe 9x or Mac OS X), you can't make a step-by-step guide on how to enable it because they are so many different vendors. Finally, many NAT boxes simply don't support UPnP. Or they might be multiple layers of NAT, UPnP is not really meant for (e.g. someone plugs it's Wireless-NAT access point behind its embedded switch-DSL-NAT-router).
I don't know for other patents. But this very one has been withdrawn according to given URL...
The author notes the FBI is not concerned with GPL license violations because it does not reach a treshold of lost money... So what if a GPL'd software author put a big notice on his/her website that reads something like This software can be licensed under MIT-like software license in exchange for the payment of [put twice the FBI treshold here] ?
Granted it's not 50 Euros, it's about 50 FF (monetary unit change fooled me), precisely 6.20 Euros for a >20 g warranted shipment with receive ack (the only kind of shipment you'd seriously use for legal stuff). It might be neglectible for a company, but nevertheless it very much breaks the idea of open-source. It's definetely, not DFSG-compliant, not GPl-compliant, and I believe not even OSI-compliant.
A really freely license would be one like that Red Hat automatically grants (in RH's particular case, to GPL'd software).
Indeed, from Microsoft, "open and available for royalty-free licensing" typically means you can get a non-sublicensable license by sending them a letter. That's how it works for their network protocols stuff. Non-sublicensable meaning that it's not GPL2-compliant.
Well, yes. The point is, said danger is likely to become much much bigger with the EU software patentability directive, as we're based in Europe.
Unfortunately, that's well how it may end up. At the very moment, the only extension that I do honestly know exists, and that is not in the official builds is DTS decoding. And I don't know anyone providing DTS-enabled builds, except Linux distributions - which always provide their own build of software anyway.
If that becomes so, there are reasons to believe however that the overall popularity of open-source software among average users will fade compared with proprietary, patent-licensed software.
(Actually, I'd add we don't include emule partial file stuff either, but that's not for legal reasons)
DTS Inc. holds a patent in Europe on that. It is no secret that, for now, official VLC releases no longer support DTS sound decompression.
It is true that VLC violates many many patents that are valid in the United States. It is no wonder why we have no download mirrors in the United States. We did have offers, but we denied them for fear that the people hosting the mirrors might get themselves into trouble.
We DO care. It doesn't mean we make sure not to infringe any patents, but we still do care, because we have had problems, and we expect to have a lot more if the EU directive is passed.
Who knows, we might have to remove MPEG2, MPEG4, H264, etc etc. Who would want a VLC media player that can only read Vorbis and Theora ? (that's not to say these codecs aren't good)
The original aim of the VideoLAN project was to stream TV channels over IP. It turns out all digital TV channels use MPEG2 (or more recently MPEG4 or H264). We couldn't even access these...
Whether we care or not, we have been a target, and we are much weaker than big companies to defend ourselves. We'd be fools not to care.
Actually, Windows's DNS client was showed to be very insecure in last Phrack release and probably various other places, so you don't even need to be in the middle to attack. Nevertheless, as you say, I don't expect Windows or any other OS to work fine without its DNS client. To disable the DNS client service, Microsoft would have to make it an on-demand library, per application, as it is on Linux. But they'll lose most of the DNS cache feature.