hey folks, this was posted to bugtraq some two months ago.
That is why I don't understand what all the hoopin' and hollerin' is all about. Microsoft has known about this for quite some time. In addition, two months ago when the demonstration/exploit was make publicly available the author clearly stated that one of the exploit techniques had been documented for over 2 years.
I'm curious for those here who think this should have been reported to MS first, please post the email addr or website where one would report this -- that would be a public service. I dont have a lot of faith they would have acted even if told -- but for future reference.
I read through this entire thread empathizing with the need to provide GUI interfaces for people who learn in different ways and to provide a tool that is easy to use in the 'problem domain'....but then after reading all about not using a tool that gets in the way of the problem at hand, you drop the bomb... "I'm working in Java, too, but as little as possible. I prefere Perl ". Talk about tool that is hard to use. Whenever anything needs to be done in perl, one has to take a trip to the reference books and re-read the man pages. By the time I refresh the nuances of perl (and perhaps download 43 packages from CPAN that the one module needs to use) I've forgotten what I was trying to accomplish in the first place.
DVDs can hold video streams with resolutions that HD uses. They just can't hold 2 hours of it.
That is not correct. The DVD standard is very specific about what resolutions are supported and resolutions that HD use are not.
In the NTSC world, the DVD standard supports 720x480 (called D1) , 352x480 (called 1/2 D1), 704x480 (called Broadcast D1), and 352x240 (called SIF). These are the only 4 standard rates that consumer DVD plauyers have to be able to handle. A DVD player in your PC most likely allows greater flexibility in the standard. In that case you could possibly put HD data on a DVD, but it would only be playable on a PC. Another problem is that todays DVD player hardware were not designed to be able to pump data out at the MB/sec needed for an HD signal.
Kung Fu opens with two guys slouched in front of the TV. A commercial comes on and they're up and doing their own Jackie Chan riff, in slow motion, complete with sound effects. It ends when one guy leaps over the other, lands on the coffee table, which crashes to the floor.
"Too much free time?" says the voice over. "Go see the ballet."
The newest version: "Mr. President, you really should be taking this job a little more serious."
Voiceover? What's that? Our Subway ads in Australia have the same old yank talking. Their advertising pitch also says how many pounds some fat prick lost..... we use metric buddy, NFI what a pound is.
Deal with it. We've got to listen to the incessant 'Outback Steakhouse' Aussie voiceover telling us "No rules, just right". And then of course there is the Aussie lad telling us that "Fosters is Australian for Beeeer". You people don't even drink that stuff and it's really imported from Canada.
The pounds you'll lose at Subway refers to the British pound. Rather than shoot an Aussie version they recycled the brit versio. The commercial with Jared playing the didgeridoo didn't do well with focus groups, especially the Aboriginal subway patrons.
At least this will shut up the lobbyists who have been begging for a law against spam
The lobbyists? As quoted in many of the news articles, the house and senate members claim that their isn't a town hall meeting where they aren't asked to fix the SPAM problem.
The thing I find disturbing is that the bill only allows 'ISP's' to sue under the law and not individuals. However, I'm not sure which version (House or Senate) this is in. Most likely the House version (which pass 11/22/2003) will be the one that most reflects the final version. I would have preferred an opt-in.
Perhaps the 'sandbox' is just a computer that boots a read-only filesystem with writeable RAMDISK via PXE. After each submission it reboots. Any damage is wisked away.
The businesses are always in crunch mode trying to push their people which means things like training and self-improvement of their employees suffer. Then they claim they need foreign workers since only they have the latest skills. The economy is suffering because none of us told the emperorer they were naked during the dot.com bubble. Instead we checked our yahoo finance every hour watching our stock/401(k)'s blossom. We've built our economy on consumerism which requires a high-standard of living - letting these jobs go overseas is going to hurt if no one has money to buy the items! How far to the bottom can we race - there has to be a balance - 100% free market just doesn't work.
"That's an amazing invention, but who would ever want to use one of them?"... President Rutherford B. Hayes in 1876, after Alexander Graham Bell demonstrated the telephone to him at the White House.
"There is no likelihood man can ever tap the power of the atom,"... Robert Milken, Nobel Prize winner in physics, 1923
"Heavier-than-air flying machines are impossible,"... Lord Kelvin, President Royal Society, 1895
"Who the hell wants to watch movies with sound?" Who said this? Believe it or not, it was the president of Warner Brothers Studios, Harry Warner, sometime around 1918.
The big difference here is that no programmer at MicroSoft ever produced anything someone would want to pay money for, so it hasn't been tested. Plus it fits in with that whole Freedom to Innovate mantra.
So, interpreting the law narrowly would put the employee in a position pretty close to indentured servitude.
Hardly. What debt is the employee working off? What period of time is the employee obligated to remain in employ? I think that what you mean to say is that it's not fair for Apple to be able to take a program that he's written on his own time without paying something extra for it.
Well it would appear the other 16 hours of each workday plus 48 hours of weekends, plus an additional two years of non-compete if he takes a hike. Sounds pretty indentured to me.
You can say it over and over but it doesn't make it so. I find it hard to believe a legal judgement interpreting the law so broadly as you imply. We don't know all the facts here, but if Apple was working on a way to integrate Netflix queue management into their OS as an embedded applet--they might have a case. But to broadly say that Apple is exempt from 2870 for any software product any employee works on (outside company time/resources) is absurd. Furthermore, if it is true (we dont know) that Apple is just going to stash and sit on it then they aren't living up to their side of the provision of making it a product so where is the conflict. Lawyers get paid a lot of money to argue these things so I can understand the guy dropping it.
I don't think your analogy is quite fair. One of the benefits of the slimdevices product is its portability - put it in anyroom in the house without having to install/drag around a PC. However, by not supporting a wider variety of audio formats in the hardware you shift the transcoding burden to *some* other machine in your house. I just wanted to point out that if that machine in your house is in use by others while you are listening to your tunes (non MP3 or raw uncompressed), they might not like it due to the heavy CPU load. In my case, I put all my tunes in max rate VBR MP3, but others here posted they wanted Flacc or Ogg Vorbis, etc.
I mentioned the RF interference because the slimdevice tech support told me the same thing, "That was an issue with some early SLIMP3 models". However, this was a model I ordered just a few months ago so unless it had been sitting around on the shelves, I think the RF problem remains for a limited number of people with the SLIMP3. Its great to hear that you did it right with the Squeezebox - though source of the noise of the SLIMP3 seemed to be the VFD display. I'm glad to see your product is successful - its a good idea.
Since you just got your unit two weeks ago you might consider their 30-day money back guarantee. I know I hate buying something only to have a newer/improved version come out a few weeks later.
There are truth to both sidss regarding the audio support.
The hardware decoder built into the Sqeezebox supports MP3 and uncompressed audio. Thats it.
By installing 'transcoders' on the server your server CPU can transcode from whatever format the transcoder can handle into these native 'MP3' or 'uncompressed audio'. Transcoding some of these formats in real-time can be pretty CPU intensive so if your server is someones desktop machine they might notice it.
I tried one of the slimdevices previously using their 30 day money back guarantee and found that their unit caused to much RF interference - diagonal lines on my TV. Maybe this new design has more shielding. They honored their 30 day promise and refunded me.
In the end I ended up building a MythTV and using the mythmusic module to playback music from a server.
Slashdot Mirror
hey folks, this was posted to bugtraq some two months ago.
That is why I don't understand what all the hoopin' and hollerin' is all about. Microsoft has known about this for quite some time. In addition, two months ago when the demonstration/exploit was make publicly available the author clearly stated that one of the exploit techniques had been documented for over 2 years.
I'm curious for those here who think this should have been reported to MS first, please post the email addr or website where one would report this -- that would be a public service. I dont have a lot of faith they would have acted even if told -- but for future reference.
I read through this entire thread empathizing with the need to provide GUI interfaces for people who learn in different ways and to provide a tool that is easy to use in the 'problem domain'. ...but then after reading all about not using a tool that gets in the way of the problem at hand, you drop the bomb... "I'm working in Java, too, but as little as possible. I prefere Perl ". Talk about tool that is hard to use. Whenever anything needs to be done in perl, one has to take a trip to the reference books and re-read the man pages. By the time I refresh the nuances of perl (and perhaps download 43 packages from CPAN that the one module needs to use) I've forgotten what I was trying to accomplish in the first place.
DVDs can hold video streams with resolutions that HD uses. They just can't hold 2 hours of it.
That is not correct. The DVD standard is very specific about what resolutions are supported and resolutions that HD use are not.
In the NTSC world, the DVD standard supports 720x480 (called D1) , 352x480 (called 1/2 D1), 704x480 (called Broadcast D1), and 352x240 (called SIF). These are the only 4 standard rates that consumer DVD plauyers have to be able to handle. A DVD player in your PC most likely allows greater flexibility in the standard. In that case you could possibly put HD data on a DVD, but it would only be playable on a PC. Another problem is that todays DVD player hardware were not designed to be able to pump data out at the MB/sec needed for an HD signal.
who scored this as flamebait, it was supposed to be funny!
Kung Fu opens with two guys slouched in front of the TV. A commercial comes on and they're up and doing their own Jackie Chan riff, in slow motion, complete with sound effects. It ends when one guy leaps over the other, lands on the coffee table, which crashes to the floor.
"Too much free time?" says the voice over. "Go see the ballet."
The newest version: "Mr. President, you really should be taking this job a little more serious."
Voiceover? What's that? Our Subway ads in Australia have the same old yank talking. Their advertising pitch also says how many pounds some fat prick lost..... we use metric buddy, NFI what a pound is.
Deal with it. We've got to listen to the incessant 'Outback Steakhouse' Aussie voiceover telling us "No rules, just right". And then of course there is the Aussie lad telling us that "Fosters is Australian for Beeeer". You people don't even drink that stuff and it's really imported from Canada.
The pounds you'll lose at Subway refers to the British pound. Rather than shoot an Aussie version they recycled the brit versio. The commercial with Jared playing the didgeridoo didn't do well with focus groups, especially the Aboriginal subway patrons.
If this is what you think capitalism is all about then there is no hope.
At least this will shut up the lobbyists who have been begging for a law against spam
The lobbyists? As quoted in many of the news articles, the house and senate members claim that their isn't a town hall meeting where they aren't asked to fix the SPAM problem.
The thing I find disturbing is that the bill only allows 'ISP's' to sue under the law and not individuals. However, I'm not sure which version (House or Senate) this is in. Most likely the House version (which pass 11/22/2003) will be the one that most reflects the final version. I would have preferred an opt-in.
Perhaps the 'sandbox' is just a computer that boots a read-only filesystem with writeable RAMDISK via PXE. After each submission it reboots. Any damage is wisked away.
It is so easy to run a search on any name and determine prior uses.
;)
I found that no matter which word I type, I get a hit from google. Not sure that is realistic plan.
I use roboform which can generate random passwords - how about using those for names?
Introducing the Hk7jI8Po distribution.
The businesses are always in crunch mode trying to push their people which means things like training and self-improvement of their employees suffer. Then they claim they need foreign workers since only they have the latest skills.
The economy is suffering because none of us told the emperorer they were naked during the dot.com bubble. Instead we checked our yahoo finance every hour watching our stock/401(k)'s blossom.
We've built our economy on consumerism which requires a high-standard of living - letting these jobs go overseas is going to hurt if no one has money to buy the items!
How far to the bottom can we race - there has to be a balance - 100% free market just doesn't work.
"That's an amazing invention, but who would ever want to use one of them?" ... President Rutherford B. Hayes in 1876, after Alexander Graham Bell demonstrated the telephone to him at the White House.
"There is no likelihood man can ever tap the power of the atom," ... Robert Milken, Nobel Prize winner in physics, 1923
"Heavier-than-air flying machines are impossible," ... Lord Kelvin, President Royal Society, 1895
"Who the hell wants to watch movies with sound?" Who said this? Believe it or not, it was the president of Warner Brothers Studios, Harry Warner, sometime around 1918.
Funny - Microsoft doesn't do this.
The big difference here is that no programmer at MicroSoft ever produced anything someone would want to pay money for, so it hasn't been tested. Plus it fits in with that whole Freedom to Innovate mantra.
So, interpreting the law narrowly would put the employee in a position pretty close to indentured servitude.
Hardly. What debt is the employee working off? What period of time is the employee obligated to remain in employ? I think that what you mean to say is that it's not fair for Apple to be able to take a program that he's written on his own time without paying something extra for it.
Well it would appear the other 16 hours of each workday plus 48 hours of weekends, plus an additional two years of non-compete if he takes a hike. Sounds pretty indentured to me.
You can say it over and over but it doesn't make it so. I find it hard to believe a legal judgement interpreting the law so broadly as you imply.
We don't know all the facts here, but if Apple was working on a way to integrate Netflix queue management into their OS as an embedded applet--they might have a case. But to broadly say that Apple is exempt from 2870 for any software product any employee works on (outside company time/resources) is absurd.
Furthermore, if it is true (we dont know) that Apple is just going to stash and sit on it then they aren't living up to their side of the provision of making it a product so where is the conflict.
Lawyers get paid a lot of money to argue these things so I can understand the guy dropping it.
I don't think your analogy is quite fair. One of the benefits of the slimdevices product is its portability - put it in anyroom in the house without having to install/drag around a PC. However, by not supporting a wider variety of audio formats in the hardware you shift the transcoding burden to *some* other machine in your house. I just wanted to point out that if that machine in your house is in use by others while you are listening to your tunes (non MP3 or raw uncompressed), they might not like it due to the heavy CPU load. In my case, I put all my tunes in max rate VBR MP3, but others here posted they wanted Flacc or Ogg Vorbis, etc.
I mentioned the RF interference because the slimdevice tech support told me the same thing, "That was an issue with some early SLIMP3 models". However, this was a model I ordered just a few months ago so unless it had been sitting around on the shelves, I think the RF problem remains for a limited number of people with the SLIMP3. Its great to hear that you did it right with the Squeezebox - though source of the noise of the SLIMP3 seemed to be the VFD display.
I'm glad to see your product is successful - its a good idea.
there is truth to the conspiracy that we are all controlled by the invisible force of the 'free mesons'.
Hairbrush to sing into: $5 Songbook: $15 Getting grandma to join in: Priceless.
Since you just got your unit two weeks ago you might consider their 30-day money back guarantee. I know I hate buying something only to have a newer/improved version come out a few weeks later.
There are truth to both sidss regarding the audio support. The hardware decoder built into the Sqeezebox supports MP3 and uncompressed audio. Thats it. By installing 'transcoders' on the server your server CPU can transcode from whatever format the transcoder can handle into these native 'MP3' or 'uncompressed audio'. Transcoding some of these formats in real-time can be pretty CPU intensive so if your server is someones desktop machine they might notice it. I tried one of the slimdevices previously using their 30 day money back guarantee and found that their unit caused to much RF interference - diagonal lines on my TV. Maybe this new design has more shielding. They honored their 30 day promise and refunded me. In the end I ended up building a MythTV and using the mythmusic module to playback music from a server.