If you're reading any of Brust, start with "Jhereg" before reading any of the other Vlad Taltos or Phoenix Guards books - it's the key to that universe, and if you like it you'll like most of the rest. It's interesting to see Brust's characters and plots evolve - he got definitely tired of writing the same old stuff, and started doing different things with them. He's also done some other things; I found The Gypsy and Agyar quirky and enjoyable.
I view Asprin as a much different category of writer. Most of his stuff starts out as "We're going to have fun writing a formulaic novel or bunch of stories for the Disposable SF/Fantasy Marketing Genre", but once you accept the concept that this stuff isn't meant to be literature or take itself at all seriously, some of it's good enough escape fiction.
As one of my coworkers says "Madness!"... If you want enjoyable disposable escape fiction for vacation or airport reading, these rock.
When Ludlum's trying to be funny (Road to Omaha, Road to Gandolfo), however, he can be seriously lame. I thought Cry of the Halidon sucked badly as well. And the last couple of books, published either posthumously or semi-posthumously, don't work - they're superficially similar to real Ludlum works, but there's no depth there, just a thing walking around with his name on it.
Similarly, Patrick O'Brian's novels in the same genre - start with Master and Commander, and if you become addicted, there are lots more. Hollywood has noticed the trend, and decided to movieize it, so we'll see if the characterization and mood stick around or if they turn it into adventure-movie tripe.
Tom Holt books seem to be a bit hard to find over here, but maybe that's because people keep them rather than recycling them to the used book stores - thanks for the Amazon UK pointer. Expecting Someone Taller and Who's Afraid of Beowulf? were both cheerful and interesting reads; Valhalla was pretty lame, as was Flying Dutch. Pratchett - Also try Lords and Ladies as an early start (elves - nasty, brutish, and short....) George R.R.Martin - A Game of Thrones - Lots of swords, not much sorcery, stark, cold, depressing - pretty much worthwhile. The "R.R." double middle initials are a bit crudely derivative, unless they're actually his...
Cryptonomicon was more fun if you knew half the people in it:-) The "Secret Admirers", the small company offices in Los Altos, an awful lot of inside jokes. Some of the jokes were inside for a much broader Silicon Valley audience ("Enhancing Shareholder Value....") and people who live near leftie-academia ("War As Text"). And, ok, Stephenson's never been that good at endings.
Vaclav Havel wasn't in his office in Czechslovakia the day I stopped by, and I wouldn't have wasted his time even if he had been, but his office was in a part of the main castle in Prague that tourists could just walk up to, though of course his secretary might not let you by. (This was before the Czech-Slovak split). That also doesn't mean he reads email directly from the public, any more than he reads all his paper mail from the public; I'd expect staff members to handle that and forward the more important mail to him.
On the other hand, if you want to Slashdot the PM, go ahead, or ask Joe Baptista about how to fax the entire government of a province or email the US government.
Just because the connection is stateless doesn't mean the protocol has to be; cookies and their relatives are a traditional way to work around that. Have the server generate a random cookie value and store it, and require the client to provide a valid cookie as part of the query. You can either have the cookie contain information about the client (its IP address or whatever), or not bother about that, and trash any cookies older than a few seconds. The only important thing is making sure that cookie values aren't easily predictable, so use a 64-bit random number or something that's not a timestamp.
OK, any definition of "easy" that requires getting millions of clients changed isn't _that_ easy:-) But if you're doing a new version of a server, it's worth doing things like this, and it's important to consider scale factors. It may be a big easier to get people to upgrade by sending out a message saying "upgrade to version N+1 or you'll get Fragged off the Net, send this email to everybody you game with right now!", but that's got its own problems:-)
Lots of server protocols prevent attacks by requesting a cookie before they do anything difficult or resource-consuming. Besides security, that's useful for basic reliability - it makes sure the IP routes are all working, the client can reach the server, the server's working, and the server can reach the client, before either side does any real work. Most exceptions to this are simple protocols like DNS that don't require any state or much work and would do more work building the connection than sending the real data, and things like NFS which have some reason for the client to trust the server's availability before sending big packets and which make sure that retries with the same data are ok.
Some of the crypto protocols, such as Photuris, do a cookie handshake first, because the first "real" step of the protocol comsumes lots of server CPU, and they'd be vulnerable to denial-of-service attacks otherwise. In this case, the attack is a forged-request attack on an unsuspecting client, but the server is still the only one that can provide any protection. Either way, the client firsts requests a cookie from the server, and the requests for real work need to include the cookie, or the cookie modified in a way that clearly indicates it was received.
A variation on cookies is to make the client perform non-trivial amounts of work using the cookie, which the server can verify quickly - this lets the server limit the rate of requests, and means an successful attacker needs lots more resources than the server. Hashcash is the canonical one - the client has to use brute-force search to find a string containing the cookie that has a hash value starting with a specified N bits, and the server can verify the hash quickly. This defense can be made stronger by including the sender's identification and a timestamp in the cookie string, making it harder to replay. While it's not possible to tune hashcash CPU consumption precisely (since different machines are different speeds, and the attacker may have a Beowulf cluster of Crays or a bunch of zombies to do calculations), the server can adjust the rate of requests by adjusting the hash length as needed. In addition to fullscale cookie-based hashcash, it's sometimes adequate to do a simple userid-and-timestamp version, or userid-and-counter, so the attacker has to do some work, e.g. burn a second of CPU time for every 2KB of response for a modem user, or 10KB for an online user, to prevent swamping.
In this environment, though, anything that requires client upgrades won't fly; you're stuck with upgrades to servers (tough enough) and handshakes that use the existing user interface. Modifying the server to limit the number of responses per second for a given client (or of big responses) is probably a good start - it doesn't solve all the problems, and the attacker may be able to forge a stream of requests that prevents the victim from doing legitimate queries, but it protects the network connections. Another approach would be to do something password-like - the user queries for a password, or chooses a password, and has to use it to get any big queries, or more than N big queries.
That is a nasty attack, but most firewalls of any sort block packets from the outside pretending to be from the inside, since there are _way_ too many Bad Things that can be done otherwise, more of them security breaches than denial of service. Also, it's actually not as nasty an attack as it looks, because the server is probably on an Ethernet behind a router, so the loopback happens on the 100Mbps Ether segment, and doesn't try to go out the T1 Internet pipe.
A typical query for DNS or daytime or SNMP whatever gets a response that's similar in size to the query; this attack is fun because you can get a 400:1 multiplication.
At the data level it is, but the whole query includes the UDP and IP headers, which are about 40 bytes, so it's really only ~75:1 magnifaction. (Modem users can do compressed PPP and get somewhat smaller headers for somewhat bigger effect.) Still an attractive nuisance.
There are two different kinds of attacks here, and your split-response defense only solves part of one of them. The attacks work because a small UDP query gets a big UDP response, so you can get a Gamespy server to send out 400 times more data than it receives, and by forging the UDP origin, you can direct it places.
One attack is to swamp a third-party target's Internet pipe by sending forged UDP requests to the Gamespy server, which has a much bigger Internet pipe than the target (or sending them to a bunch of Gamespy servers, which at least have a much bigger combined bandwidth.) Your defense doesn't solve that, because the destination is reachable - it's an existing IP address, and you can pick some UDP port that's probably valid, such as 53.
Another attack is to swamp the server's Internet pipe by sending lots of forged requests "from" lots of places, which works because your 5kbps of requests generate 2Mbps of response, killing a T1, or your 128kbps of dsl/cable upstream generates 50Mbps of response, killing a T3 and doing a pretty good job on a 100Mbps ether. One variation on this is to forge all the requests as "from" one target, but a probably more successful approach is to spread the destination around to a large number of addresses. If the addresses are invalid, then your defense will help, but if they're valid IP addresses, it won't.
If you modify your fix a bit more - make the first answer packet small, and require a response before sending the big part, that could do the job. You could either do a table-driven approach, or just have the first exchange of packets be a cookie-like request/response, and require a valid cookie along with the actual query. If you want to get fancy, you can require the requester to do some calculation on the cookie value, e.g. hashcash, that burns a half second of CPU time on an average box, limiting the possible attack rate.
Handheld vs. Laptop bandwidth needs
on
Reflections
·
· Score: 1
While it's nice to have fast data rates for your Dick Tracy Wristwatch TV, even that can get by with 64kbps or 384kbps if you want to do a conference room. The real uses for higher data rates than that are for computers, and while you can use a PDA or a cellphone with a wire or infrared to feed your laptop, for this knd of application it makes a lot more sense to put the power-hungry cpu-burning device in your laptop and add a headset if you want to integrate the voice functions with it.
It's possible that the "hand-held devices" that this technology is too large for are the laptops, not the phones, in which case, yes, we'd like some new chips please:-) Maybe the old MicroUnity project could be finished... By the way, if you're going to do phased-array things with antennas, might as well have fun doing them with microphones and speakers and skip the headset entirely. One of the Microunity folks was playing with this a few years ago; you could do really impressive things if you had the signal-processing horsepower available, which their chip, had it ever become what they wanted, would have done; maybe current DSPs can provide enough horsepower today.
Re: Old Guys from Bell Labs
on
Reflections
·
· Score: 1
It was nice to see Bob Lucky's name on something; it's been a few years (since I don't read IEEE Spectrum). Tom Duff was another name from back when; you may remember some of his C hacks. To qualify zawada's time scale a bit, I started at (more boring parts of) Bell Labs in the late 70s, well before divestiture, and Bob was an old-timer back then, who got to do press releases about the cool things that Bell Labs folks had done.
All these 25-year-old dot-com kids who are worried that they're too old to be CEOs should know the world was different once.... the article described Forschini as a 40-year veteran of the Labs, and it's unlikely to have been a typo for "40-year-old".
I was surprised to see a comment this mistaken from the EFF. Yes, there are lots of private spaces on the Internet, and if you don't like the ones that are there, you can build your own, because unlike the radio/tv broadcast spectrum, which is nationalized in most countries, either for government use or for use by officially permitted oligopolies, the Internet *is* free public space. You can get any domain name that isn't currently in use, and if you want to be http://www.pest-control-troll.org, the name's available. You can connect to anywhere on the internet, and anybody who wants to can connect to you. The internet originally didn't _have_ public space on it - it was all government-controlled - but the Commercial Internet Exchange and its successors changed that, and some of the EFF's founders were important participants in that. The public space depends on cooperation of everybody who wants to participate in it - if you don't like it, you can go start your own Arpanet over on 10.x.x.x and only invite your friends, or go hide on 127.0.0.1 and not invite anybody, but if you want a richer and more interesting public space, you have to build more of it and invite the public in, because that't how things get built around here. Telling other people that you don't like the gift horse they've given the public isn't the way to get it.
The existence of public space doesn't mean that anybody's obligated to show up at your web site and listen to you, or that anybody's SMTP server is obligated to accept your requests to connect to their Port 25*, any more than the existence of public parks and legality of soapboxes means that anybody's obligated to stick around and listen to you rant about space aliens' plots to destroy us all with volcanoes, but if you've gotten thrown out of the pub because you were rudely yelling at everybody about why they should buy canned meat from you, the commons and the high seas are still public space. The internet works through cooperation, and if nobody wants to cooperate with you because you won't cooperate with them, well, perhaps their lives are drearier for it, or perhaps not.
There are ways in which private groups are trying to take over public space. Various proposals for "internet drivers' licenses" and various governments' restrictions on their citizens' free speech and freedom to read are obvious examples. Australia's attempts to extend local defamation law around the world are especially disturbing, given the number of regimes that make "defaming the state" illegal. ICANN's main objective seems to be to assert trademark-owners' control over the namespace, and secondarily to make sure that some service providers always make money on namespace, rather than to provide technical management and high-quality implementations. You can see this especially in their insistence that registrars get your True Name and True Subpoena-Delivery Address for whois records and publish them, rather than insisting that your Technical and Administrative email addresses go somewhere that doesn't bounce and maybe even get a human to respond. Some big ISPs periodically try to attract customers to a Walled Garden that doesn't really access the full Internet, and the market gradually tells them that people want more than that - that's why AOL now lets you fetch real web pages as well as AOL-provided content, and cellphone WAP systems aren't getting the respect their purveyors expected, so they're trying to find better ways to get real Internet content and not just newswires. The cable modem companies are the big exceptions right now, by trying to prevent their users from running "servers" from home (there were initially some technical reasons for this, but it was always basically the fear that they might not be in control.) That hasn't killed them all yet, though @Home's really dead, and their quasi-monopoly status and TV-content-pusher background has made it take longer for them to realize that they need active users to generate interesting content and develop the Killer Apps that will make everybody else buy cable modem, but they'll get there. The kinds of people who want to tell Google how to rank their pages because everybody uses Google to search the web are another example, not realizing that the reason that everybody uses Google is *because* of the way they rank their pages, and if they want to have a "politically correct web search ranking" system, which is really just an outlet for their own speech and ideas, they should use the Internet's public-space capability, set out their own soapbox with a big "politically correct searches here" sign over it, and hope the public shows up.
* There's a corrolary to Godwin's Law which says that all discussions that don't trigger the primary form of it will eventually devolve into discussions about spam.... But then Godwin also used to be an EFF lawyer...
There have been some crypto file networks proposed that do that - it's nice for security, and it does reduce distributing copies of corrupt files (though you can still spend N hours downloading a DVD from the Bad Guys only to find out that it's corrupt.) However, that pushes part of the problem into the directory space. You can be sure you're getting an accurate copy of the file 0x3133712408201, but the only way you knew to download that file was that somewhere there was a directory file saying that there's a "Metallica Live Concert Video, Los Angeles, 2/29/97" with that checksum. Furthermore, if you do download it, and it turns out that it's just Lars yelling at you for ripping them off, you still need to delete it or post a directory review saying that it was lame, or other people will download it.
(hmmm..... If Eminem made a video like that, how would you know it wasn't the real thing...?
It's well known in the industry, and heavily commented on by some musicians that *some* record labels have been known to rip off their musicians' music and other record labels have failed to adequately promote their artists' music. To make sure that that doesn't happen and that artists are properly compensated and promoted, Congress needs to pass a law requiring record labels to pay bands up front and not rip them off later and record labels to pay the internet industry to distribute anything that isn't in the Top 40. This is heavily documented statistically - the decline in Billboard ratings of almost every song that was in the Top 40 five years ago clearly demonstrates that the lack of adequate promotion by the record industry is interfering wtih artists' earnings and recognition. Furthermore, almost everything that *is* in the Top 40 is there because of record industry promotion, except for a smaller number of artists that achieve that popularity because of their artistic abilities in spite of the rampant failure to adequately promote them, and a much smaller number of songs like the Macarena which are clearly statistical outliers or badly collected data.
Hillary Rosen doesn't realize the depth of the can of worms she's stepped in when she decided to attack the computer and telecommunications industries. While the patents for digital reproduction of music have mostly expired, the copyright law extensions that also gave us the Berne Convention mean that Bell Telephone Laboratories still has the copyright on the songs "1" and "0", and the RIAA had better not go creating derivative works without giving us our cut, because All Their Bits Are Belong to Us.
IBM owns the songs "2" through "9" and "A" through "F" and "SmileyFace", Bell Labs owns "-128" through "-1", "*", "#", and "13" through "127", the CCITT owns "128" through "255", Control Data owns "Negative 0". Digital Equipment owns "-32768"-"-129" and "256"-"32767", except that John Draper seems to have aquired performance rights for "2600" and somebody scribbled on the documentation on "31337", IBM owns "32768-65535", and by now that's covered all the songs you can play on CD. If they're thinking about using other standards, remember that the IEEE currently has all the floating point numbers, plus and minus infinity, and "Not A Number", so there's no place for the RIAA to hide except back in Analog Land.
And, surely if the music industry can tax us for possible downloads, we should be able to tax them for showing computers in their movies and using "computer hackers" in their plots, because they MIGhT NOT HAVE paid the Cyberspace Society of Computer Programmers, Hackers, and Stereotyped Nerdy Teenagers for using them. The tax obviously ought to be paid in movie downloads.
Besides, as a spokesperson for the Cable TV industry (I own about a 3-millionth of Comcast) it's important to remind the RIAA that most of the Cable Modem companies have strict policies against copyright violation, so our users would never do anything like that and she therefore can't tax us for it, and most of them also have strict policies running anything server-like, including file sharing software, which is bizarrely and suicidally clueless (Duhh, why do you think people buy broadband?) but also means that none of *our* users are doing this. However, we do know that the record labels and their "agents" often use the telephone to talk to their artists, so the telephone companies are as much a part of the music production process as the RIAA is, and we'd like our cut now, please.
The big problems with checksums are that you can't validate a checksum until you've downloaded the file, and that you can't identify a bad copy that you don't have a known checksum source for without a human listening to it all, and that checksums are only useful for identical copies of originals, not for music that has an uncompressed original which lots of people rip and distribute, because the compression process produces different results for different parameter sets. For music that you're trying to play while downloading, or for videos that might take hours to download, that loses, and on many of the file sharing systems out there (especially the original Napster), it was really easy for somebody to look like a great download site. If lots of people really are using checksum validation lists, that might cut down on the number of bad copies that get redistributed, but basically it's pretty easy to flood or hack the network. And even if you've got a list of trusted people, if you've downloaded a copy from Jack before he's had a chance to listen to it, it might still be bad (in particular, it might only have the bad bits near the end, and maybe the middle is good, or maybe it's just degraded quality.) That would certainly have been a problem with original Napster.
An open source voting solution makes it possible to tell if anybody's cheating on the process. Do you seriously think anybody wants to buy *that* ? And an open-source polling solution isn't going to know that the non-open-source voting solution is being cheated...
Maybe they improved a bit after the Perot campaigns, but VNS has traditionally believed that there are only two parties, and that only two parties need to be counted, and that the sum of the votes for the two candidates is 100%, and that if one of the Two Parties isn't running a candidate, the other one is "unopposed", with "100%" of the vote. (As a Libertarian, this has always pissed me off... I've even seen one election where a Congressional race in New York City had 46% of the vote go to a minor-party candidate that they reported that way; it would have been fun if their "unopposed" candidate had lost. The runner-up in that race was from the New Alliance party, who were pretty far fringe.)
In the Florida election, Ralph Nader's Green Party vote had a major impact on the end results.
He's providing the service to the community to be a nice guy, not just for his own use because he's not hacking PCI hardware any more. It's not like his passion in life that he wants to find an opportunity to express in spite of oppposition. The main people this site helps are people trying to SELL PCI GEAR to open-source users and open-source users who want to develop tools to let them use more kinds of PCI gear. The PCI sellers' organization was rude, and offered to let him give them the benefits of his work for free if he talks his employer into it.
The real question is whether the PCI-SIG folks should fire their lawyers, or whether they should fire whichever one of their employees asked their lawyers to do this, depending on who initiated the action.
The Wayback machine's caches on the site seem to date from October 2001, so it's nice that Google's is newer. It's possible that the Wayback machine has some newer data under some non-obvious name; that's a problem with having.asp database-lookup pages instead of static data files.
I view Asprin as a much different category of writer. Most of his stuff starts out as "We're going to have fun writing a formulaic novel or bunch of stories for the Disposable SF/Fantasy Marketing Genre", but once you accept the concept that this stuff isn't meant to be literature or take itself at all seriously, some of it's good enough escape fiction.
If you want enjoyable disposable escape fiction for vacation or airport reading, these rock.
When Ludlum's trying to be funny (Road to Omaha, Road to Gandolfo), however, he can be seriously lame. I thought Cry of the Halidon sucked badly as well. And the last couple of books, published either posthumously or semi-posthumously, don't work - they're superficially similar to real Ludlum works, but there's no depth there, just a thing walking around with his name on it.
Similarly, Patrick O'Brian's novels in the same genre - start with Master and Commander, and if you become addicted, there are lots more. Hollywood has noticed the trend, and decided to movieize it, so we'll see if the characterization and mood stick around or if they turn it into adventure-movie tripe.
Tom Holt books seem to be a bit hard to find over here, but maybe that's because people keep them rather than recycling them to the used book stores - thanks for the Amazon UK pointer. Expecting Someone Taller and Who's Afraid of Beowulf? were both cheerful and interesting reads; Valhalla was pretty lame, as was Flying Dutch.
Pratchett - Also try Lords and Ladies as an early start (elves - nasty, brutish, and short....)
George R.R.Martin - A Game of Thrones - Lots of swords, not much sorcery, stark, cold, depressing - pretty much worthwhile. The "R.R." double middle initials are a bit crudely derivative, unless they're actually his...
Cryptonomicon was more fun if you knew half the people in it :-) The "Secret Admirers", the small company offices in Los Altos, an awful lot of inside jokes. Some of the jokes were inside for a much broader Silicon Valley audience ("Enhancing Shareholder Value....") and people who live near leftie-academia ("War As Text"). And, ok, Stephenson's never been that good at endings.
On the other hand, if you want to Slashdot the PM, go ahead, or ask Joe Baptista about how to fax the entire government of a province or email the US government.
Just because the connection is stateless doesn't mean the protocol has to be; cookies and their relatives are a traditional way to work around that. Have the server generate a random cookie value and store it, and require the client to provide a valid cookie as part of the query. You can either have the cookie contain information about the client (its IP address or whatever), or not bother about that, and trash any cookies older than a few seconds. The only important thing is making sure that cookie values aren't easily predictable, so use a 64-bit random number or something that's not a timestamp.
Lots of server protocols prevent attacks by requesting a cookie before they do anything difficult or resource-consuming. Besides security, that's useful for basic reliability - it makes sure the IP routes are all working, the client can reach the server, the server's working, and the server can reach the client, before either side does any real work. Most exceptions to this are simple protocols like DNS that don't require any state or much work and would do more work building the connection than sending the real data, and things like NFS which have some reason for the client to trust the server's availability before sending big packets and which make sure that retries with the same data are ok.
Some of the crypto protocols, such as Photuris, do a cookie handshake first, because the first "real" step of the protocol comsumes lots of server CPU, and they'd be vulnerable to denial-of-service attacks otherwise. In this case, the attack is a forged-request attack on an unsuspecting client, but the server is still the only one that can provide any protection. Either way, the client firsts requests a cookie from the server, and the requests for real work need to include the cookie, or the cookie modified in a way that clearly indicates it was received.
A variation on cookies is to make the client perform non-trivial amounts of work using the cookie, which the server can verify quickly - this lets the server limit the rate of requests, and means an successful attacker needs lots more resources than the server. Hashcash is the canonical one - the client has to use brute-force search to find a string containing the cookie that has a hash value starting with a specified N bits, and the server can verify the hash quickly. This defense can be made stronger by including the sender's identification and a timestamp in the cookie string, making it harder to replay. While it's not possible to tune hashcash CPU consumption precisely (since different machines are different speeds, and the attacker may have a Beowulf cluster of Crays or a bunch of zombies to do calculations), the server can adjust the rate of requests by adjusting the hash length as needed. In addition to fullscale cookie-based hashcash, it's sometimes adequate to do a simple userid-and-timestamp version, or userid-and-counter, so the attacker has to do some work, e.g. burn a second of CPU time for every 2KB of response for a modem user, or 10KB for an online user, to prevent swamping.
In this environment, though, anything that requires client upgrades won't fly; you're stuck with upgrades to servers (tough enough) and handshakes that use the existing user interface.
Modifying the server to limit the number of responses per second for a given client (or of big responses) is probably a good start - it doesn't solve all the problems, and the attacker may be able to forge a stream of requests that prevents the victim from doing legitimate queries, but it protects the network connections. Another approach would be to do something password-like - the user queries for a password, or chooses a password, and has to use it to get any big queries, or more than N big queries.
That is a nasty attack, but most firewalls of any sort block packets from the outside pretending to be from the inside, since there are _way_ too many Bad Things that can be done otherwise, more of them security breaches than denial of service. Also, it's actually not as nasty an attack as it looks, because the server is probably on an Ethernet behind a router, so the loopback happens on the 100Mbps Ether segment, and doesn't try to go out the T1 Internet pipe.
A typical query for DNS or daytime or SNMP whatever gets a response that's similar in size to the query; this attack is fun because you can get a 400:1 multiplication.
At the data level it is, but the whole query includes the UDP and IP headers, which are about 40 bytes, so it's really only ~75:1 magnifaction. (Modem users can do compressed PPP and get somewhat smaller headers for somewhat bigger effect.) Still an attractive nuisance.
If you modify your fix a bit more - make the first answer packet small, and require a response before sending the big part, that could do the job. You could either do a table-driven approach, or just have the first exchange of packets be a cookie-like request/response, and require a valid cookie along with the actual query. If you want to get fancy, you can require the requester to do some calculation on the cookie value, e.g. hashcash, that burns a half second of CPU time on an average box, limiting the possible attack rate.
It's possible that the "hand-held devices" that this technology is too large for are the laptops, not the phones, in which case, yes, we'd like some new chips please :-) Maybe the old MicroUnity project could be finished... By the way, if you're going to do phased-array things with antennas, might as well have fun doing them with microphones and speakers and skip the headset entirely. One of the Microunity folks was playing with this a few years ago; you could do really impressive things if you had the signal-processing horsepower available, which their chip, had it ever become what they wanted, would have done; maybe current DSPs can provide enough horsepower today.
All these 25-year-old dot-com kids who are worried that they're too old to be CEOs should know the world was different once.... the article described Forschini as a 40-year veteran of the Labs, and it's unlikely to have been a typo for "40-year-old".
The existence of public space doesn't mean that anybody's obligated to show up at your web site and listen to you, or that anybody's SMTP server is obligated to accept your requests to connect to their Port 25*, any more than the existence of public parks and legality of soapboxes means that anybody's obligated to stick around and listen to you rant about space aliens' plots to destroy us all with volcanoes, but if you've gotten thrown out of the pub because you were rudely yelling at everybody about why they should buy canned meat from you, the commons and the high seas are still public space. The internet works through cooperation, and if nobody wants to cooperate with you because you won't cooperate with them, well, perhaps their lives are drearier for it, or perhaps not.
There are ways in which private groups are trying to take over public space. Various proposals for "internet drivers' licenses" and various governments' restrictions on their citizens' free speech and freedom to read are obvious examples. Australia's attempts to extend local defamation law around the world are especially disturbing, given the number of regimes that make "defaming the state" illegal. ICANN's main objective seems to be to assert trademark-owners' control over the namespace, and secondarily to make sure that some service providers always make money on namespace, rather than to provide technical management and high-quality implementations. You can see this especially in their insistence that registrars get your True Name and True Subpoena-Delivery Address for whois records and publish them, rather than insisting that your Technical and Administrative email addresses go somewhere that doesn't bounce and maybe even get a human to respond. Some big ISPs periodically try to attract customers to a Walled Garden that doesn't really access the full Internet, and the market gradually tells them that people want more than that - that's why AOL now lets you fetch real web pages as well as AOL-provided content, and cellphone WAP systems aren't getting the respect their purveyors expected, so they're trying to find better ways to get real Internet content and not just newswires. The cable modem companies are the big exceptions right now, by trying to prevent their users from running "servers" from home (there were initially some technical reasons for this, but it was always basically the fear that they might not be in control.) That hasn't killed them all yet, though @Home's really dead, and their quasi-monopoly status and TV-content-pusher background has made it take longer for them to realize that they need active users to generate interesting content and develop the Killer Apps that will make everybody else buy cable modem, but they'll get there. The kinds of people who want to tell Google how to rank their pages because everybody uses Google to search the web are another example, not realizing that the reason that everybody uses Google is *because* of the way they rank their pages, and if they want to have a "politically correct web search ranking" system, which is really just an outlet for their own speech and ideas, they should use the Internet's public-space capability, set out their own soapbox with a big "politically correct searches here" sign over it, and hope the public shows up.
* There's a corrolary to Godwin's Law which says that all discussions that don't trigger the primary form of it will eventually devolve into discussions about spam.... But then Godwin also used to be an EFF lawyer...
(hmmm..... If Eminem made a video like that, how would you know it wasn't the real thing...?
It's well known in the industry, and heavily commented on by some musicians that *some* record labels have been known to rip off their musicians' music and other record labels have failed to adequately promote their artists' music. To make sure that that doesn't happen and that artists are properly compensated and promoted, Congress needs to pass a law requiring record labels to pay bands up front and not rip them off later and record labels to pay the internet industry to distribute anything that isn't in the Top 40. This is heavily documented statistically - the decline in Billboard ratings of almost every song that was in the Top 40 five years ago clearly demonstrates that the lack of adequate promotion by the record industry is interfering wtih artists' earnings and recognition. Furthermore, almost everything that *is* in the Top 40 is there because of record industry promotion, except for a smaller number of artists that achieve that popularity because of their artistic abilities in spite of the rampant failure to adequately promote them, and a much smaller number of songs like the Macarena which are clearly statistical outliers or badly collected data.
IBM owns the songs "2" through "9" and "A" through "F" and "SmileyFace", Bell Labs owns "-128" through "-1", "*", "#", and "13" through "127", the CCITT owns "128" through "255", Control Data owns "Negative 0". Digital Equipment owns "-32768"-"-129" and "256"-"32767", except that John Draper seems to have aquired performance rights for "2600" and somebody scribbled on the documentation on "31337", IBM owns "32768-65535", and by now that's covered all the songs you can play on CD. If they're thinking about using other standards, remember that the IEEE currently has all the floating point numbers, plus and minus infinity, and "Not A Number", so there's no place for the RIAA to hide except back in Analog Land.
And, surely if the music industry can tax us for possible downloads, we should be able to tax them for showing computers in their movies and using "computer hackers" in their plots, because they MIGhT NOT HAVE paid the Cyberspace Society of Computer Programmers, Hackers, and Stereotyped Nerdy Teenagers for using them. The tax obviously ought to be paid in movie downloads.
Besides, as a spokesperson for the Cable TV industry (I own about a 3-millionth of Comcast) it's important to remind the RIAA that most of the Cable Modem companies have strict policies against copyright violation, so our users would never do anything like that and she therefore can't tax us for it, and most of them also have strict policies running anything server-like, including file sharing software, which is bizarrely and suicidally clueless (Duhh, why do you think people buy broadband?) but also means that none of *our* users are doing this. However, we do know that the record labels and their "agents" often use the telephone to talk to their artists, so the telephone companies are as much a part of the music production process as the RIAA is, and we'd like our cut now, please.
The big problems with checksums are that you can't validate a checksum until you've downloaded the file, and that you can't identify a bad copy that you don't have a known checksum source for without a human listening to it all, and that checksums are only useful for identical copies of originals, not for music that has an uncompressed original which lots of people rip and distribute, because the compression process produces different results for different parameter sets. For music that you're trying to play while downloading, or for videos that might take hours to download, that loses, and on many of the file sharing systems out there (especially the original Napster), it was really easy for somebody to look like a great download site. If lots of people really are using checksum validation lists, that might cut down on the number of bad copies that get redistributed, but basically it's pretty easy to flood or hack the network. And even if you've got a list of trusted people, if you've downloaded a copy from Jack before he's had a chance to listen to it, it might still be bad (in particular, it might only have the bad bits near the end, and maybe the middle is good, or maybe it's just degraded quality.) That would certainly have been a problem with original Napster.
An open source voting solution makes it possible to tell if anybody's cheating on the process. Do you seriously think anybody wants to buy *that* ? And an open-source polling solution isn't going to know that the non-open-source voting solution is being cheated...
In the Florida election, Ralph Nader's Green Party vote had a major impact on the end results.
So CmdrTaco bounced my bug posting on sourceforge as a duplicate - the question is whether it's also fixed...
Oh, wait, that's the Two Hours' Earlier's Slashdot Article. Some CERN folks built a sauna in the remains of a dead Saab. One of their problems was how to heat it; this seems like it should do just fine. That's the kind of synergy you get in the open-source movement....
The real question is whether the PCI-SIG folks should fire their lawyers, or whether they should fire whichever one of their employees asked their lawyers to do this, depending on who initiated the action.
The Wayback machine's caches on the site seem to date from October 2001, so it's nice that Google's is newer. It's possible that the Wayback machine has some newer data under some non-obvious name; that's a problem with having .asp database-lookup pages instead of static data files.