This is another case, like the netcraft toolbar, of people guessing at what something does without actually looking at it.
First of all, Microsoft's program monitors 59 different active conditions. These include preventing spyware processes from loading, prventing spyware processes from installing, requiring confirmation for actions such as installing services, and preventing redirection of the HTTP protocol, for example.
It actively prevents spyware from instaling (both known and unknown), and it actively prevents many common attacks against IE. I think this qualifies as "trying to do something to deal with the gaping holes, doesn't it?"
So far as FireFox goes, visit this URL: http://dict.mozdev.org/installation.html
Click on "dict-0.5.18.xpi" and watch what FireFox does. Visit any untrusted site that uses ActiveX content in Internet Explorer XP SP2, and see what it does.
Identical behavior.
What does an XPI contain?
An XPI contains program code that will run with the same rights as the currently logged in user, and instructions on how to execute it.
In what possible way is that different from ActiveX?
Oh, you got the warning message, right?
So go to the official plug ins page and click one, and note you don't get the warning. This is based not on something strong like an SSL certificate, but based on the SITES URL.
Does that protection mechanism sound at all familiar?
So we don't have digital signatures on the XPI, or some other mechanism to verify its really what it says it is, it gets unrestricted access to do whatever it wants to the browser and to access anything the current user is, and you're gonna say that FireFox blocks spyware?
Give me a break. I love FireFox, I use it as my primary browser on every computer that I have, but just look at the facts. There is no difference between an ActiveX control in a cab file or a XPCOM control in an XPI file, except the latter can have variations for multiple operating systems and processor architectures and pick the correct one automatically.
You can't remove the capability to make plug ins for the browser, it's central to being able to explore new ideas and try new things without having to alter the browser itself. It's one of the reasons that the browser has been successful, if you have some new service it's easy to integrate it into the browser. If you want to try a new picture format, you can just write a plug in and distribute just the plug in, and people can try it and remove it.
Take a look at your mozilla configuration files. They're in %APPDIR%\Mozilla\FireFox on Windows, or I believe ~/.mozilla/FireFox on Linux/*BSD/*nix. Does it look like it would be hard for an install program to modify the proxy settings, since they are just sitting in an XML file? Does it look like it would be hard for something to add itself to the XPCOM registry, causing any browser using the user's profile to load it?
I'm not going to talk about the system-wide config files, since their location is dependent on where FireFox is installed, but it's pretty obvious it will take a Spyware author all of 10 minutes to figure out how to get their code into FireFox.
The sole reason it's not been done is that there isn't an audience for it. As soon as the spyware companies figure out that there is an audience for it, they'll attack it.
Apple has always had a different way of doing things.
However, typically you get specs to developers and to magazines before you make a product announcement. In order for commercial software developers to complete a rigorous QA cycle (unlike open source software, where typically you make odd numbers feature releases and even numbers stable releases, people rightly expect all software to be 'stable'), they need several months of time to test on the hardware.
What that means is if this really is being anounced, then a number of trusted Apple partners who Apple will be depending on to deliver the initial software already have the hardware, and violated a contract with Apple (a NDA, in particular) to provide the information.
This is dangerous because specs often change slightly between such beta machines and the actual real production machines.
You use https to connect to g-mail, yahoo, etc. (at least if you type https first -- most don't force https, unfortunately).
Your company may have a http proxy. In this case, the secure channel is between the proxy and g-mail, and then there's separate secure channel between your computer and the proxy. There is no secure channel between your computer and the remote site.
Some proxies are immediately apparent, and have to be manually configured in the browser. Some are less apparent, operating at a packet level.
You have to assume, on a corporate network, that any data that you send is passing through a proxy.
You can, however, identify that this is the case. If you view the certificate (every browser has the capability to do this), you'll see your employer's certificate and not the remote web site's. AFAIK, there is no way to suppress this in current browsers.
Recently, there was software posing as a internet accelerator (which work following this same pattern) that was collecting all sorts of information about users. It operated on this same principle -- once you're connected to the proxy, the proxy is in control and sees everything.
In addition to the other child, keep in mind we had word Processors on the Apple ][, where 16k of RAM was bank switched with ROM (if it was installed at all), and high end units had 48k total memory, about 16k of which was available for use depending on what the design was.
So this was indeed huge for the day, you were talking about a huge increase. And things like fonts were single or maybe a pair of control codes, in a non-extensible binary format custom to the specific word processing application.
And you want to know what is really scarey is we did word processing on machines that ran 1Mhz, and some that even ran SLOWER than that.
Actually, the two digit year was never about memory.
On the Apple ][ and Mac, you didn't have space to store the date in human readable format most of the time, so you used packed binary notation. Typically you would reuse several bits for other purposes as well.
For example, byte 1 would be year, byte 2 would be month, byte 3 would be day. This lets you store a 256 year period (not a 100 year period) in the program. It lets you sort the records without having to process text, etc. If you were working with the dates, you almost certainly used a pattern like this.
It takes a minimum of six bytes to store a date in ASCII format, and most of the bits aren't used. Nobody would want to use that format if they could avoid it, because of that. You have maybe 8k total for your data, maybe 143k if you swap out onto the second floppy drive (286k if you're willing to make the user flip the disk).
I don't think that people understand this anymore, or how hard it was to get anything to run on these, but the Y2K problem was almost exclusively about data entry.
You take your three bytes, and you parse them to 19__-__-__ on some report, and so you have a problem when the date rolls over because the 19 is hard coded. It doesn't cause any operational problems, just display problems.
Similarly, you might do data entry that same way (only make the user enter two digits), because users don't like to type. The storage still would be OK, but entering the data would break at 2000.
But it was never about the memory taken up by the extra two digits. ASCII and Unicode are inherently inefficient, and were rarely used in data structures.
It's called starband, www.dishnetwork.com, but unsuitable for video games, etc. as the other reply says. It takes time for the signal to go up to the satallite and come back down, but you can get it elsewhere. DirectTV used to have a service called DirectPC, which used dial-up for the uplink and a dish for the downlink.
Actually, the ISP experience -- as it stands now -- is unchanged in IP v6. IP Version 6 isn't deployed because:
* Routers have to be upgraded ($$$) * PoP have to be upgraded ($$$) * User Operating Systems have to be upgraded ($$$) * User Hardware has to be upgraded ($$$) * No capability to incrementally make the switch * Every border gateway has to translate IP v4 to IP v6 until such a time that everyone is on IP v6 ($$$)
To users, IP v4 configuration is automatic. They use PPPoE or DHCP, they power on their computer, it works. If they are using dial up, they connect up, the modems make some noise, and then they have an internet connection.
Users don't care about multicast, either, they go view web pages and download a file now and again. While these are important technologies, they aren't enough.
IP v6 to IP v4 border gateways operate as NAT firewalls, with the inherent problems involved. IP v4 to IP v6 border gateways have full functionality, depending on implementation, but still cause all the current problems (i.e. limited address space, etc. etc. etc.).
If a packet travels over 2 or more networks, it may undergo the transformation several times, back and forth.
And currently there isn't any "killer app" or something similar that users really want to have that requiers IP v6.
And that is why it's not been deployed. I'm not saying it isn't needed, I'm not saying it isn't something that should have been pursued, I'm not saying that it is a useless concept, etc.
But it doesn't make sense to do something with massive expense and massive technical problems until your customers can see some form of direct benefit.
It depends on the complexity of the application, etc.
VB is great at dealing with applications that take a supported data source, bind it to fields, and provide a user with a mechanism for editing.
The exception handling isn't great, but then none is right now on any front. You have to do substantial coding to get useful information out of a production application, regardless of the language involved, and substantial coding to avoid just dieing with an error message. In a production environment, even if you are using open source applications, the first priority is to get the app back up and running, and the second priorit is to identify why it failed. It's important not to require a core dump, etc. from a production application, because the dump could contain data you don't want exposed to the world (forcing dumps was, at one time, a common technique to obtain passwords, for example).
The begin/end block is purely a matter of taste. Borland used begin/end blocks in Turbo Basic, Quick Basic was a "we're not a clone" of Turbo Basic, and then Visual Basic inherited Quick Basic's syntax. For...Next, etc., were inherited from the original basic syntax, and it was felt to be important that BASIC code require minimal changes.
Having worked on a project that moved from GW Basic to Pro Basic to QuickBasic to Visual Basic to VB.NET, being able to reuse old code helped meet deadlines, but yes, readability wasn't always there. But not having to rewrite every line of code every time we upgraded languages really did help, and there wasn't a way to do that if they watned to change the syntax.
Visual Basic's IDE is very good at generating data bound forms -- that is forms that tie directly to either database files or files from a fixed file proprietary database. It requires very little code to make such applications, and most of that code is dedicated to error handling and graceful recovery.
In contrast, most GUI frameworks on C++ require piles of code and far moer effort. Python, likewise, tends to take actual effort to create these kinds of applications.
VB has traditionally had fairly good string processing, and VB interfaces with other Windows applications extremely well, and with much less code than C++ requires, for example.
If you are doing heavy array processing, you probably want to use C++. C++ is a lot faster at array processing tasks, although it performs less error checking.
If you are doing heavy list processing (which is different), and sometimes for set processing, you probably want to use a LISP derivitive, Python, etc.
You use the right tool for the job..NET is a different animal -- there's not a compelling reason to use VB.NET over C#. On the.NET side of things, you use whatever language you know and allows you to efficiently implement the code. That could be IronPython or LISP, if you choose, or it could be C# or VB.NET.
Well, having been on-call New Years eve and having handled support calls, here's what I can say...
I was working on ATM software at the time, and we did have two failures. 50% of the banks in the US run our software, so 2 failures isn't very bad. One of these failures was because the bank didn't install an upgraded version, while the other failure was in custom code that had been documented and specced to work only to the very end of 1999, but which both our QA team and the bank involved had forgotten.
Contrary to the doom and gloom that the media was painting about what would happen, these problems didn't interfere with the capability of the ATMs to dispense cash, etc. What it did was simply prevent the computer sytems from automatically notifying someone if the ATM had a problem (like running out of cash).
In both cases, there is a redundant monitor of people sitting in front of a screen, and while the automatic notification wasn't working, the screen was showing that the automatic notification was failing, and so the banks involved could fall back to a manual process of calling in problems.
You don't want to use long long -- use the ISO standard stdtypes.h, and if an implementation doesn't have it, then use one of the applications that can generate it automatically to compensate.
You should never make any assumptions of bit depth of integers in ISO C -- the standard doesn't define them. In the case of this code, on many 64 bit platforms, short is 16, int is 32, long is 64 and long long is 128 -- you almost certainly don't need 128 for this calculation
Yes, this was precisely the goal of the founding fathers, of folks such as Ben Franklin who, themselves, had corporations that performed business for a lot of money.
A corporation can't be sent to jail for criminal actions, however it's management can and often is (for example, look at Enron) if it's criminal. The real issue is most activities that are underhanded, etc. that companies engage in are civil, nor criminal, and most of the problems are civil, not criminal.
First lets start with forking. If you are contributing to a GPL project, each time you create a patch, you fork the project. You must be able to provide the complete machine readable source, in the form customarily used for building programs, upon request to anyone who has accepted the GPL license (but not to anyone who has not accepted the license).
You inherently have a fork until your patch becomes a part of the operating sysetm, or else you are out of compliance with the license, because you must provide the =complete= source code, and not just the patch, if you are asked. And if you even post the patch to a mailing list, you are immediaetly responsible for providing the =complete= code if anyone should happen to ask you for it.
With the BSD license, you're free to contribute your change or not, as you see fit. The BSD folks only accept BSD license stuff, but that's no different from the GPL.
So far as BSD goes, Mac OS X is a shell that runs on top of FreeBSD, and is inherently no different from what Red Hat, SuSE, Caldera (aka SCO), IBM, LinkSys, Cisco and hundreds of others do with the Linux kernel. They are required to provide source for the Linux kernel, or information on where to obtain the source, for 3 years if someone asks. So as long as they don't modify the kernel (but they can install new kernel modules, as many other proprietary companies can and do), they can just provide a link to kernel.org.
So GPL or not, you're doing work for you. I'm not sure what makes you want to do work for free for Cisco, but I suppose if you prefer them to Apple, that's fine.
All GPL does is say if someone else incorporates the GPL code directly into their program, then their program must also be GPL. Unfortunately, running under the Linux kernel doesn't infect the application, so unless they are actually actively modifying whatever program you distributed, you will never see a single cent from a proprietary user.
Here's what SanDisk's site used to say about the matter. Most PalmOS 5 devices don't put out the correct spec power on the SD card, and so using the network adapter could physically damage the machine.
Palm is saying using the SD WiFi in a 650 could potentially damage the SD slot.
SanDisk requires an SD I/O compatible slot. TapWave devices have one SD slot that's compatible, some Palm devices have slots that can do SD I/O, others have a reputation for burning out SD I/O cards. Veo's website used to have a list of ones that could run their camera reliably and ones that would become paperweights if you plugged it in.
The units with full SD I/O (and not just SD) slots typically can be identified by the vendor trying to sell you a host of SD cards you don't really need.
Anyway, from the article and from what the Palm and SanDisk sites say, and from what previous SD I/O devices are known to do, I would be extremely cautious with this unless you're prepared to lose the card, the phone or both.
If you are running Windows, Crystal CPUID will tell you what the real processor is, if they only changed the label. If they physically changed the part itself, it won't do any good.
Wordpad is a basic word processor. Most of us would use OpenOffice or Word if there was any option, but every single Windows machine has WordPad.
Windows Firewall, likewise, is a basic firewall. It prevents most internet-based attacks, and it prevents servers from running on the computer without permission, but it doesn't stop much of anything else.
Windows anti-spyware will be similar. It will be a basic product that prevents most malicious software from getting a grip on the computer.
By the way, Spyware is easily preventable if you follow some of Microsoft's existing guidelines. The add a user wizard, for example, has since 2000 Pro defaulted to adding users to the "users" or "power users" group, not to the administrator group. This wizard, since 2000 pro, has denied users the rights to write HKEY_CLASSES and HKEY_SOFTWARE, as well as many individual subtrees, that these applications need to be able to run on startup, etc.
The Microsoft Installer automatically escalates to install, if it is correctly installed, or you must reboot to an administrative account.
This means ActiveX attacks in IE, for example, shouldn't be able to get a hold on a 2000 or XP system. Unfortunately, many systems are not configured correctly, and have lazy admins who don't take the time to properly lock them down.
Buffer overflows, etc. should likewise only impact the current session for the current user, and should give access to only the current user's data and files.
If you actually have the system configured this way, it means that Microsoft could add a hook to MS Installer for Giant to "work better," further encouraging a secure session.
MSI makes a transaction log, and "rolls back" if the install fails. It sees every file copied, where it is copied, etc. If there were a hook there (there currently is not) for a spyware scanner to connect, and if users correctly secured XP, this could potentially kill the ability to install unauthorized software.
If you combine this with application-level security, you would have a system where it was virtually impossible for an unauthorized application to run.
Zone Alarm Pro, for example, provides Application-level security on inbound and outbound internet connections. You can specify which applications are allowed to access which sites for which users, when they may be accessed, etc.
It is very difficult, once ZAP is installed, to have a program connect to a website without your knowledge of where it is trying to connect, the application name, etc. You see what the application is doing, and then you decide if you want it done or not.
Is it a perfect solution? No. But is it better than a buffer overrun in an e-mail program allowing a malformed RFC 822 (SMTP) message to execute arbitrary code and access every file the currently logged in user has access to?
And you can say protect from buffer overflows, they are shoddy programming, etc. but humans make mistake, and many programming languages don't have compiler-level checked buffers, in many cases because they impact performance severely, and apps are graded, often times, by performance.
And programs are often built by using common libraries, which means if the common library contains a bug, it tends to impact multiple applications.
You can focus on user education, etc., but the fact of the matter is the average user is lucky to figure out how to open a can of Soda in under half an hour, and would lose a writing competition to a hamster with a pen tied to its paw.
Ran into this a lot with ATM industry as well, people wouldn't upgrade as long as there was the perception of the software working, even if the upgrade was for free.
Interesting? Wow,/. readers are more ignorant than I thought...
If you want to send a mission to a target that requires over a 6 month trip (one way, incidently), where exactly do you train and prepare the crew? Put them on a Shuttle for a week?
These people need to know how to perform routine and non-routine tasks on board a space craft, and need to be trained in an environment where they can easily communicate with the earth, and there is simply nothing other than the ISS that currently can provide that facility.
Think about this just for a minute, would you get on a spacecraft, knowing you could not return to earth if something went wrong, knowing that you could die before the mission was complete, after having trained only in an underwater tank?
People are saying "there's no science going on," no doubt, the crew is supposed to be 7 people, you have 2, no doubt there isn't as much science going on as there should be. However, the reason there are only 2 people right now is there isn't any transportation for more, there aren't enough supplies for more, etc.
Industry has a ton of experiments that they want to perform, including long term crystalization experiments that cannot be done except in earth orbit (crystals form differently in free fall, but the free fall must be sustainable, and there must be human monitoring of the experiment, and it is less expensive to send the experiments with a routine ship with other experiments than to have a separate launch of a dedicated spacecraft).
The whole point here is there needs to be some facility to train astronauts for the trip to mars, etc. We know robotic exploration is not enough, the head of the MERV program has told us that certainly in his lifetime, we won't get answers on mars, and some of what we are learning from Mars will help us learn more about this rock we're sitting on. We know that from our brief visits to the moon.
I think that you really need to think about this. How do you test excercise equipment? If a treadmill fails in low earth orbit, it can be replaced. Astronauts can be trained on how to fix the equipment, etc., in the real environment, but where supplies and evacuation are possible.
The way the toolbar is supposed to work (wish people would RTFA and read the page on Netcraft that goes into detail) is that people like ISP's use the information in the toolbar to identify phishing sites.
That's people like you, like me, and like most of/. who know the phishing attempts are phishing attempts (and they are sophisticated these days).
When a less experienced user tries to surf the site, if it is a confirmed phishing site, they get a Netcraft page explaining that it is a scam site instead.
The way it works, again, is that experienced users such as ISPs,/. readers, etc. visit the phishing site and report it, then once Netcraft has sufficient data on the pattern a particular scam is using, they block it.
This takes advantage of the fact that phishers have to send the message to a huge collection of people, and are hoping for one in ten thousand or one in one hundred thousand to actually believe the scam and click on it. Alot of users who know the site is a phishing scam will get the mail, and if they visit it and report it, then any user with the toolbar won't be able to visit it.
The idea, which I think is sound, is that those of us who look at a Phish and go "OMG who would fall for that" can go and report the Phish, after which nobody else would be able to access it.
The information presented is so that the ISP, you, me, whoever intentionally visits the page in order to report it, has enough information to verify that it really is a phishing attempt and that it isn't a legitimate site.
I.E. maybe Earthlink actually does send a gramatically incorrect message with an out-of-the-ordinary URL one time in a billion asking for billing information, and maybe that one in a billion messages really does originate from a korean ISP through some fluke of nature or obscure business practices. You never know.
Actually, sites can (unfortunately) change the mouse over and status bar text in the "on hover" event on a link. There was a message above on how to change this setting in firefox.
The thing you left out is that it also blocks reported phishing sites. One point the site makes strongly is that phishing operates by sending billions of messages and hoping for a small number of hits.
If responsible, experienced users using the toolbar were to actually report the phishing links, the inexperienced users likely to be vulnerable to it would be very well protected.
The toolbar has a feature (not mentioned in the synapsis, but mentioned prominently in the download) that it does not require you to look at the toolbar to prevent phishing.
When an experienced user (/. reader, for example) receives a phishing link, they can report the phishing link. When there are enough reports (I don't know what enough is, didn't see it on the page), they block the site.
That is, if the site is in a known list of phishing web sites, you cannot browse it.
So this is very real protection for inexperienced users, as long as experienced users take the responsibility of reporting phishing attempts.
When an author expresses an idea -- be it in Source Code, Words, a Painting, a Sculpture, Music, a Movie, or any other form -- they are allowed to control how that particular expression, in whole or in part, is distributed. The constitution explicitly allows congress to write the laws to make this happen.
The GPL depends on this to carry teeth, for example. Without the constitutional promise that congress can pass laws concerning protection of expression of ideas, and indead of ideas themselves, the GPL itself would be meaningless words on a paper.
For whatever reason, it seems hard to understand that a movie and bash, for example, are the same. For whatever reason, it's hard to accept it. But the fact of the matter is a movie is an expression of ideas, and those ideas are then stored on some media, and bash is, likewise, an expression of ideas stored on some media.
The only difference is in how that expression is viewed, and what it does when it is viewed.
The big problem here is that a lot of users are going "it's OK to copy the MPAA or RIAA's expressions, because they want to charge money and I don't want to pay it." But their right to charge and the Free Software and Open Source movement's right not to charge are connected, inherently glued, because the same laws and rights that allow one are the ones that allow the other.
It doesn't seem hard to understand that the MPAA has a right to prevent their individual expression of ideas from being duplicated wholesale, when it is a guaraunteed constitutional right for them to own their expression, as fundamental as the first amendment.
It doesn't seem too hard to understand that the FSF has a right to require people who are contributing to a GPL project to release their derived work under the GPL. It is their right to demand this.
If you don't like the RIAA, try out mp3.com -- most of their songs are independent, you can generally download them without paying, and you know the quality of what you're getting ahead of time.
If you don't like the RIAA, there are plenty of independent music web sites, distributing songs in MP3, OGG, etc. format. One that I frequent (bookmark is at home, I'm at work) charges $0.99 per song, just like iTunes, but gives $0.80 of that to the artist themselves. That same site, for a reasonable one-time fee, lets you buy rights to use the song in software, again giving 80% to the artists.
If you don't like the RIAA, you don't have to listen to their songs. If you want to listen to songs by their artists, however, their artists have the protected constitutional right to determine how their songs may be distributed.
This same reasoning goes to the MPAA. I buy DVDs, and I buy them only for things I actually want to watch.
All rights for all expressions of ideas are connected, as soon as you decide one shouldn't apply to one expression, you destroy the ability to apply it to other expressions that perhaps you more strongly care about.
I am not a supported of the DMCA, however what LokiTorrent was doing (and SuperNova, etc.) was primarily geared towards infringing use.
So far as Google goes, if there is a site with infringing content, there is a procedure on their website to get it removed from the index. Essentially, you contact Google, you make the claim, Google contacts the other party for a rebuttal, and then decides based on the responses if it is infringing or not.
e-Bay, Yahoo, eXcite, Lycos and every other reputable internet business has procedures for dealing with complaints from copyright holders, and that includes open source projects incidently, to lodge complaints.
For example, if company xyz is distributing a GPL DVD ripper under a commercial guise, and isn't distributing source code, you can directly complain to the search engines, and they will shut it down if you can substantiate your claim.
Technically, you could also send cease and desist letters, etc.
The FCC does not require companies to recover their contributions directly from their customers. Each company makes a business decision about whether and how to assess customers to recover Universal Service costs.
The company is mandated to pay the USF. What you quoted says they don't have to list it as a line item on your bill, essentially, not that they aren't required to pay the USF. So they have an option between giving you a lower bill, and putting a line item on for the item the government is requiring them to pay, so that you understand it is the government collecting the money and not them and so their portion of the bill looks smaller, or they can incorporate it into their pricing structure, and give you a higher bill.
In either event, you are, of course, paying the USF -- it's a matter of if the phone company chooses to make it obvious or not solely.
Also consider for bit torrent, you need a service to find a stream, unless you happen to know the web site for a particular program.
HBO is $10/month -- if they charged $10/month for a Torrent-style server, there are a large number of users who wouldn't think anything about that at all in exchange for getting a known perfect copy of the program. Most would even put up with (but complain about) advertising.
So they have a premium service (as you suggest) without the commercial.
Well, before the Lisa came out (by a long shot), there was Apple Pascal.
There were four major operating systems on the Apple II series of computers: Apple DOS: Plain vanilla, flat file system, 33 char file names using all available characters.
Apple CPM: CPM in all its glory. 8.3 file names, no folders, required a coprocessor board with a Z80
Apple ProDos: 15 character hierarchal file system, four character file types (not as part of the name), four character app IDs (not as part of the name), more advanced OS services than the older DOS - but you had to pay for it and your old software didn't work.
Apple Pascal: UCSD Pascal derivative with a different set of bugs. Sold for a lot of money, and was often used for game programs because the OS used disks that the DOS and ProDos OS-level copy tools couldn't read, and few people had purchased copies of Pascal.
Where as *nix and CPM standardized on C for their development platform, Apple standardized on Pascal.
Seriously, Lisa was more likely an Apple Pascal derivative. Apple Pascal never hid the fact it was a UCSD derivative, but everything was slightly different from UCSD (typically because "we only have 64k of RAM at a time). Things like the way Units worked, etc. were a fair bit different, to account for the fact there wasn't any memory to work with.
Slashdot Mirror
This is another case, like the netcraft toolbar, of people guessing at what something does without actually looking at it.
First of all, Microsoft's program monitors 59 different active conditions. These include preventing spyware processes from loading, prventing spyware processes from installing, requiring confirmation for actions such as installing services, and preventing redirection of the HTTP protocol, for example.
It actively prevents spyware from instaling (both known and unknown), and it actively prevents many common attacks against IE. I think this qualifies as "trying to do something to deal with the gaping holes, doesn't it?"
So far as FireFox goes, visit this URL:
http://dict.mozdev.org/installation.html
Click on "dict-0.5.18.xpi" and watch what FireFox does. Visit any untrusted site that uses ActiveX content in Internet Explorer XP SP2, and see what it does.
Identical behavior.
What does an XPI contain?
An XPI contains program code that will run with the same rights as the currently logged in user, and instructions on how to execute it.
In what possible way is that different from ActiveX?
Oh, you got the warning message, right?
So go to the official plug ins page and click one, and note you don't get the warning. This is based not on something strong like an SSL certificate, but based on the SITES URL.
Does that protection mechanism sound at all familiar?
So we don't have digital signatures on the XPI, or some other mechanism to verify its really what it says it is, it gets unrestricted access to do whatever it wants to the browser and to access anything the current user is, and you're gonna say that FireFox blocks spyware?
Give me a break. I love FireFox, I use it as my primary browser on every computer that I have, but just look at the facts. There is no difference between an ActiveX control in a cab file or a XPCOM control in an XPI file, except the latter can have variations for multiple operating systems and processor architectures and pick the correct one automatically.
You can't remove the capability to make plug ins for the browser, it's central to being able to explore new ideas and try new things without having to alter the browser itself. It's one of the reasons that the browser has been successful, if you have some new service it's easy to integrate it into the browser. If you want to try a new picture format, you can just write a plug in and distribute just the plug in, and people can try it and remove it.
Take a look at your mozilla configuration files. They're in %APPDIR%\Mozilla\FireFox on Windows, or I believe ~/.mozilla/FireFox on Linux/*BSD/*nix. Does it look like it would be hard for an install program to modify the proxy settings, since they are just sitting in an XML file? Does it look like it would be hard for something to add itself to the XPCOM registry, causing any browser using the user's profile to load it?
I'm not going to talk about the system-wide config files, since their location is dependent on where FireFox is installed, but it's pretty obvious it will take a Spyware author all of 10 minutes to figure out how to get their code into FireFox.
The sole reason it's not been done is that there isn't an audience for it. As soon as the spyware companies figure out that there is an audience for it, they'll attack it.
Apple has always had a different way of doing things.
However, typically you get specs to developers and to magazines before you make a product announcement. In order for commercial software developers to complete a rigorous QA cycle (unlike open source software, where typically you make odd numbers feature releases and even numbers stable releases, people rightly expect all software to be 'stable'), they need several months of time to test on the hardware.
What that means is if this really is being anounced, then a number of trusted Apple partners who Apple will be depending on to deliver the initial software already have the hardware, and violated a contract with Apple (a NDA, in particular) to provide the information.
This is dangerous because specs often change slightly between such beta machines and the actual real production machines.
They don't need the password.
You use https to connect to g-mail, yahoo, etc. (at least if you type https first -- most don't force https, unfortunately).
Your company may have a http proxy. In this case, the secure channel is between the proxy and g-mail, and then there's separate secure channel between your computer and the proxy. There is no secure channel between your computer and the remote site.
Some proxies are immediately apparent, and have to be manually configured in the browser. Some are less apparent, operating at a packet level.
You have to assume, on a corporate network, that any data that you send is passing through a proxy.
You can, however, identify that this is the case. If you view the certificate (every browser has the capability to do this), you'll see your employer's certificate and not the remote web site's. AFAIK, there is no way to suppress this in current browsers.
Recently, there was software posing as a internet accelerator (which work following this same pattern) that was collecting all sorts of information about users. It operated on this same principle -- once you're connected to the proxy, the proxy is in control and sees everything.
In addition to the other child, keep in mind we had word Processors on the Apple ][, where 16k of RAM was bank switched with ROM (if it was installed at all), and high end units had 48k total memory, about 16k of which was available for use depending on what the design was.
So this was indeed huge for the day, you were talking about a huge increase. And things like fonts were single or maybe a pair of control codes, in a non-extensible binary format custom to the specific word processing application.
And you want to know what is really scarey is we did word processing on machines that ran 1Mhz, and some that even ran SLOWER than that.
Actually, the two digit year was never about memory.
On the Apple ][ and Mac, you didn't have space to store the date in human readable format most of the time, so you used packed binary notation. Typically you would reuse several bits for other purposes as well.
For example, byte 1 would be year, byte 2 would be month, byte 3 would be day. This lets you store a 256 year period (not a 100 year period) in the program. It lets you sort the records without having to process text, etc. If you were working with the dates, you almost certainly used a pattern like this.
It takes a minimum of six bytes to store a date in ASCII format, and most of the bits aren't used. Nobody would want to use that format if they could avoid it, because of that. You have maybe 8k total for your data, maybe 143k if you swap out onto the second floppy drive (286k if you're willing to make the user flip the disk).
I don't think that people understand this anymore, or how hard it was to get anything to run on these, but the Y2K problem was almost exclusively about data entry.
You take your three bytes, and you parse them to 19__-__-__ on some report, and so you have a problem when the date rolls over because the 19 is hard coded. It doesn't cause any operational problems, just display problems.
Similarly, you might do data entry that same way (only make the user enter two digits), because users don't like to type. The storage still would be OK, but entering the data would break at 2000.
But it was never about the memory taken up by the extra two digits. ASCII and Unicode are inherently inefficient, and were rarely used in data structures.
It's called starband, www.dishnetwork.com, but unsuitable for video games, etc. as the other reply says. It takes time for the signal to go up to the satallite and come back down, but you can get it elsewhere. DirectTV used to have a service called DirectPC, which used dial-up for the uplink and a dish for the downlink.
Actually, the ISP experience -- as it stands now -- is unchanged in IP v6. IP Version 6 isn't deployed because:
* Routers have to be upgraded ($$$)
* PoP have to be upgraded ($$$)
* User Operating Systems have to be upgraded ($$$)
* User Hardware has to be upgraded ($$$)
* No capability to incrementally make the switch
* Every border gateway has to translate IP v4 to IP v6 until such a time that everyone is on IP v6 ($$$)
To users, IP v4 configuration is automatic. They use PPPoE or DHCP, they power on their computer, it works. If they are using dial up, they connect up, the modems make some noise, and then they have an internet connection.
Users don't care about multicast, either, they go view web pages and download a file now and again. While these are important technologies, they aren't enough.
IP v6 to IP v4 border gateways operate as NAT firewalls, with the inherent problems involved. IP v4 to IP v6 border gateways have full functionality, depending on implementation, but still cause all the current problems (i.e. limited address space, etc. etc. etc.).
If a packet travels over 2 or more networks, it may undergo the transformation several times, back and forth.
And currently there isn't any "killer app" or something similar that users really want to have that requiers IP v6.
And that is why it's not been deployed. I'm not saying it isn't needed, I'm not saying it isn't something that should have been pursued, I'm not saying that it is a useless concept, etc.
But it doesn't make sense to do something with massive expense and massive technical problems until your customers can see some form of direct benefit.
And right now, there just isn't one.
It depends on the complexity of the application, etc.
.NET is a different animal -- there's not a compelling reason to use VB.NET over C#. On the .NET side of things, you use whatever language you know and allows you to efficiently implement the code. That could be IronPython or LISP, if you choose, or it could be C# or VB.NET.
VB is great at dealing with applications that take a supported data source, bind it to fields, and provide a user with a mechanism for editing.
The exception handling isn't great, but then none is right now on any front. You have to do substantial coding to get useful information out of a production application, regardless of the language involved, and substantial coding to avoid just dieing with an error message. In a production environment, even if you are using open source applications, the first priority is to get the app back up and running, and the second priorit is to identify why it failed. It's important not to require a core dump, etc. from a production application, because the dump could contain data you don't want exposed to the world (forcing dumps was, at one time, a common technique to obtain passwords, for example).
The begin/end block is purely a matter of taste. Borland used begin/end blocks in Turbo Basic, Quick Basic was a "we're not a clone" of Turbo Basic, and then Visual Basic inherited Quick Basic's syntax. For...Next, etc., were inherited from the original basic syntax, and it was felt to be important that BASIC code require minimal changes.
Having worked on a project that moved from GW Basic to Pro Basic to QuickBasic to Visual Basic to VB.NET, being able to reuse old code helped meet deadlines, but yes, readability wasn't always there. But not having to rewrite every line of code every time we upgraded languages really did help, and there wasn't a way to do that if they watned to change the syntax.
Visual Basic's IDE is very good at generating data bound forms -- that is forms that tie directly to either database files or files from a fixed file proprietary database. It requires very little code to make such applications, and most of that code is dedicated to error handling and graceful recovery.
In contrast, most GUI frameworks on C++ require piles of code and far moer effort. Python, likewise, tends to take actual effort to create these kinds of applications.
VB has traditionally had fairly good string processing, and VB interfaces with other Windows applications extremely well, and with much less code than C++ requires, for example.
If you are doing heavy array processing, you probably want to use C++. C++ is a lot faster at array processing tasks, although it performs less error checking.
If you are doing heavy list processing (which is different), and sometimes for set processing, you probably want to use a LISP derivitive, Python, etc.
You use the right tool for the job.
Well, having been on-call New Years eve and having handled support calls, here's what I can say...
I was working on ATM software at the time, and we did have two failures. 50% of the banks in the US run our software, so 2 failures isn't very bad. One of these failures was because the bank didn't install an upgraded version, while the other failure was in custom code that had been documented and specced to work only to the very end of 1999, but which both our QA team and the bank involved had forgotten.
Contrary to the doom and gloom that the media was painting about what would happen, these problems didn't interfere with the capability of the ATMs to dispense cash, etc. What it did was simply prevent the computer sytems from automatically notifying someone if the ATM had a problem (like running out of cash).
In both cases, there is a redundant monitor of people sitting in front of a screen, and while the automatic notification wasn't working, the screen was showing that the automatic notification was failing, and so the banks involved could fall back to a manual process of calling in problems.
You don't want to use long long -- use the ISO standard stdtypes.h, and if an implementation doesn't have it, then use one of the applications that can generate it automatically to compensate.
You should never make any assumptions of bit depth of integers in ISO C -- the standard doesn't define them. In the case of this code, on many 64 bit platforms, short is 16, int is 32, long is 64 and long long is 128 -- you almost certainly don't need 128 for this calculation
Yes, this was precisely the goal of the founding fathers, of folks such as Ben Franklin who, themselves, had corporations that performed business for a lot of money.
A corporation can't be sent to jail for criminal actions, however it's management can and often is (for example, look at Enron) if it's criminal. The real issue is most activities that are underhanded, etc. that companies engage in are civil, nor criminal, and most of the problems are civil, not criminal.
Not true in the slightest.
First lets start with forking. If you are contributing to a GPL project, each time you create a patch, you fork the project. You must be able to provide the complete machine readable source, in the form customarily used for building programs, upon request to anyone who has accepted the GPL license (but not to anyone who has not accepted the license).
You inherently have a fork until your patch becomes a part of the operating sysetm, or else you are out of compliance with the license, because you must provide the =complete= source code, and not just the patch, if you are asked. And if you even post the patch to a mailing list, you are immediaetly responsible for providing the =complete= code if anyone should happen to ask you for it.
With the BSD license, you're free to contribute your change or not, as you see fit. The BSD folks only accept BSD license stuff, but that's no different from the GPL.
So far as BSD goes, Mac OS X is a shell that runs on top of FreeBSD, and is inherently no different from what Red Hat, SuSE, Caldera (aka SCO), IBM, LinkSys, Cisco and hundreds of others do with the Linux kernel. They are required to provide source for the Linux kernel, or information on where to obtain the source, for 3 years if someone asks. So as long as they don't modify the kernel (but they can install new kernel modules, as many other proprietary companies can and do), they can just provide a link to kernel.org.
So GPL or not, you're doing work for you. I'm not sure what makes you want to do work for free for Cisco, but I suppose if you prefer them to Apple, that's fine.
All GPL does is say if someone else incorporates the GPL code directly into their program, then their program must also be GPL. Unfortunately, running under the Linux kernel doesn't infect the application, so unless they are actually actively modifying whatever program you distributed, you will never see a single cent from a proprietary user.
Read the article.
Here's what SanDisk's site used to say about the matter. Most PalmOS 5 devices don't put out the correct spec power on the SD card, and so using the network adapter could physically damage the machine.
Palm is saying using the SD WiFi in a 650 could potentially damage the SD slot.
SanDisk requires an SD I/O compatible slot. TapWave devices have one SD slot that's compatible, some Palm devices have slots that can do SD I/O, others have a reputation for burning out SD I/O cards. Veo's website used to have a list of ones that could run their camera reliably and ones that would become paperweights if you plugged it in.
The units with full SD I/O (and not just SD) slots typically can be identified by the vendor trying to sell you a host of SD cards you don't really need.
Anyway, from the article and from what the Palm and SanDisk sites say, and from what previous SD I/O devices are known to do, I would be extremely cautious with this unless you're prepared to lose the card, the phone or both.
If you are running Windows, Crystal CPUID will tell you what the real processor is, if they only changed the label. If they physically changed the part itself, it won't do any good.
People are not understanding the goal.
Wordpad is a basic word processor. Most of us would use OpenOffice or Word if there was any option, but every single Windows machine has WordPad.
Windows Firewall, likewise, is a basic firewall. It prevents most internet-based attacks, and it prevents servers from running on the computer without permission, but it doesn't stop much of anything else.
Windows anti-spyware will be similar. It will be a basic product that prevents most malicious software from getting a grip on the computer.
By the way, Spyware is easily preventable if you follow some of Microsoft's existing guidelines. The add a user wizard, for example, has since 2000 Pro defaulted to adding users to the "users" or "power users" group, not to the administrator group. This wizard, since 2000 pro, has denied users the rights to write HKEY_CLASSES and HKEY_SOFTWARE, as well as many individual subtrees, that these applications need to be able to run on startup, etc.
The Microsoft Installer automatically escalates to install, if it is correctly installed, or you must reboot to an administrative account.
This means ActiveX attacks in IE, for example, shouldn't be able to get a hold on a 2000 or XP system. Unfortunately, many systems are not configured correctly, and have lazy admins who don't take the time to properly lock them down.
Buffer overflows, etc. should likewise only impact the current session for the current user, and should give access to only the current user's data and files.
If you actually have the system configured this way, it means that Microsoft could add a hook to MS Installer for Giant to "work better," further encouraging a secure session.
MSI makes a transaction log, and "rolls back" if the install fails. It sees every file copied, where it is copied, etc. If there were a hook there (there currently is not) for a spyware scanner to connect, and if users correctly secured XP, this could potentially kill the ability to install unauthorized software.
If you combine this with application-level security, you would have a system where it was virtually impossible for an unauthorized application to run.
Zone Alarm Pro, for example, provides Application-level security on inbound and outbound internet connections. You can specify which applications are allowed to access which sites for which users, when they may be accessed, etc.
It is very difficult, once ZAP is installed, to have a program connect to a website without your knowledge of where it is trying to connect, the application name, etc. You see what the application is doing, and then you decide if you want it done or not.
Is it a perfect solution? No. But is it better than a buffer overrun in an e-mail program allowing a malformed RFC 822 (SMTP) message to execute arbitrary code and access every file the currently logged in user has access to?
And you can say protect from buffer overflows, they are shoddy programming, etc. but humans make mistake, and many programming languages don't have compiler-level checked buffers, in many cases because they impact performance severely, and apps are graded, often times, by performance.
And programs are often built by using common libraries, which means if the common library contains a bug, it tends to impact multiple applications.
You can focus on user education, etc., but the fact of the matter is the average user is lucky to figure out how to open a can of Soda in under half an hour, and would lose a writing competition to a hamster with a pen tied to its paw.
Ran into this a lot with ATM industry as well, people wouldn't upgrade as long as there was the perception of the software working, even if the upgrade was for free.
Interesting? Wow, /. readers are more ignorant than I thought...
If you want to send a mission to a target that requires over a 6 month trip (one way, incidently), where exactly do you train and prepare the crew? Put them on a Shuttle for a week?
These people need to know how to perform routine and non-routine tasks on board a space craft, and need to be trained in an environment where they can easily communicate with the earth, and there is simply nothing other than the ISS that currently can provide that facility.
Think about this just for a minute, would you get on a spacecraft, knowing you could not return to earth if something went wrong, knowing that you could die before the mission was complete, after having trained only in an underwater tank?
People are saying "there's no science going on," no doubt, the crew is supposed to be 7 people, you have 2, no doubt there isn't as much science going on as there should be. However, the reason there are only 2 people right now is there isn't any transportation for more, there aren't enough supplies for more, etc.
Industry has a ton of experiments that they want to perform, including long term crystalization experiments that cannot be done except in earth orbit (crystals form differently in free fall, but the free fall must be sustainable, and there must be human monitoring of the experiment, and it is less expensive to send the experiments with a routine ship with other experiments than to have a separate launch of a dedicated spacecraft).
The whole point here is there needs to be some facility to train astronauts for the trip to mars, etc. We know robotic exploration is not enough, the head of the MERV program has told us that certainly in his lifetime, we won't get answers on mars, and some of what we are learning from Mars will help us learn more about this rock we're sitting on. We know that from our brief visits to the moon.
I think that you really need to think about this. How do you test excercise equipment? If a treadmill fails in low earth orbit, it can be replaced. Astronauts can be trained on how to fix the equipment, etc., in the real environment, but where supplies and evacuation are possible.
The way the toolbar is supposed to work (wish people would RTFA and read the page on Netcraft that goes into detail) is that people like ISP's use the information in the toolbar to identify phishing sites. That's people like you, like me, and like most of /. who know the phishing attempts are phishing attempts (and they are sophisticated these days).
When a less experienced user tries to surf the site, if it is a confirmed phishing site, they get a Netcraft page explaining that it is a scam site instead.
The way it works, again, is that experienced users such as ISPs, /. readers, etc. visit the phishing site and report it, then once Netcraft has sufficient data on the pattern a particular scam is using, they block it.
This takes advantage of the fact that phishers have to send the message to a huge collection of people, and are hoping for one in ten thousand or one in one hundred thousand to actually believe the scam and click on it. Alot of users who know the site is a phishing scam will get the mail, and if they visit it and report it, then any user with the toolbar won't be able to visit it.
The idea, which I think is sound, is that those of us who look at a Phish and go "OMG who would fall for that" can go and report the Phish, after which nobody else would be able to access it.
The information presented is so that the ISP, you, me, whoever intentionally visits the page in order to report it, has enough information to verify that it really is a phishing attempt and that it isn't a legitimate site.
I.E. maybe Earthlink actually does send a gramatically incorrect message with an out-of-the-ordinary URL one time in a billion asking for billing information, and maybe that one in a billion messages really does originate from a korean ISP through some fluke of nature or obscure business practices. You never know.
Actually, sites can (unfortunately) change the mouse over and status bar text in the "on hover" event on a link. There was a message above on how to change this setting in firefox.
The thing you left out is that it also blocks reported phishing sites. One point the site makes strongly is that phishing operates by sending billions of messages and hoping for a small number of hits.
If responsible, experienced users using the toolbar were to actually report the phishing links, the inexperienced users likely to be vulnerable to it would be very well protected.
The toolbar has a feature (not mentioned in the synapsis, but mentioned prominently in the download) that it does not require you to look at the toolbar to prevent phishing.
When an experienced user (/. reader, for example) receives a phishing link, they can report the phishing link. When there are enough reports (I don't know what enough is, didn't see it on the page), they block the site.
That is, if the site is in a known list of phishing web sites, you cannot browse it.
So this is very real protection for inexperienced users, as long as experienced users take the responsibility of reporting phishing attempts.
Freedom of speech is a limited freedom.
When an author expresses an idea -- be it in Source Code, Words, a Painting, a Sculpture, Music, a Movie, or any other form -- they are allowed to control how that particular expression, in whole or in part, is distributed. The constitution explicitly allows congress to write the laws to make this happen.
The GPL depends on this to carry teeth, for example. Without the constitutional promise that congress can pass laws concerning protection of expression of ideas, and indead of ideas themselves, the GPL itself would be meaningless words on a paper.
For whatever reason, it seems hard to understand that a movie and bash, for example, are the same. For whatever reason, it's hard to accept it. But the fact of the matter is a movie is an expression of ideas, and those ideas are then stored on some media, and bash is, likewise, an expression of ideas stored on some media.
The only difference is in how that expression is viewed, and what it does when it is viewed.
The big problem here is that a lot of users are going "it's OK to copy the MPAA or RIAA's expressions, because they want to charge money and I don't want to pay it." But their right to charge and the Free Software and Open Source movement's right not to charge are connected, inherently glued, because the same laws and rights that allow one are the ones that allow the other.
It doesn't seem hard to understand that the MPAA has a right to prevent their individual expression of ideas from being duplicated wholesale, when it is a guaraunteed constitutional right for them to own their expression, as fundamental as the first amendment.
It doesn't seem too hard to understand that the FSF has a right to require people who are contributing to a GPL project to release their derived work under the GPL. It is their right to demand this.
If you don't like the RIAA, try out mp3.com -- most of their songs are independent, you can generally download them without paying, and you know the quality of what you're getting ahead of time.
If you don't like the RIAA, there are plenty of independent music web sites, distributing songs in MP3, OGG, etc. format. One that I frequent (bookmark is at home, I'm at work) charges $0.99 per song, just like iTunes, but gives $0.80 of that to the artist themselves. That same site, for a reasonable one-time fee, lets you buy rights to use the song in software, again giving 80% to the artists.
If you don't like the RIAA, you don't have to listen to their songs. If you want to listen to songs by their artists, however, their artists have the protected constitutional right to determine how their songs may be distributed.
This same reasoning goes to the MPAA. I buy DVDs, and I buy them only for things I actually want to watch.
All rights for all expressions of ideas are connected, as soon as you decide one shouldn't apply to one expression, you destroy the ability to apply it to other expressions that perhaps you more strongly care about.
I am not a supported of the DMCA, however what LokiTorrent was doing (and SuperNova, etc.) was primarily geared towards infringing use.
So far as Google goes, if there is a site with infringing content, there is a procedure on their website to get it removed from the index. Essentially, you contact Google, you make the claim, Google contacts the other party for a rebuttal, and then decides based on the responses if it is infringing or not.
e-Bay, Yahoo, eXcite, Lycos and every other reputable internet business has procedures for dealing with complaints from copyright holders, and that includes open source projects incidently, to lodge complaints.
For example, if company xyz is distributing a GPL DVD ripper under a commercial guise, and isn't distributing source code, you can directly complain to the search engines, and they will shut it down if you can substantiate your claim.
Technically, you could also send cease and desist letters, etc.
The phone company is mandated to pay the USF.
The FCC does not require companies to recover their contributions directly from their customers. Each company makes a business decision about whether and how to assess customers to recover Universal Service costs.
The company is mandated to pay the USF. What you quoted says they don't have to list it as a line item on your bill, essentially, not that they aren't required to pay the USF. So they have an option between giving you a lower bill, and putting a line item on for the item the government is requiring them to pay, so that you understand it is the government collecting the money and not them and so their portion of the bill looks smaller, or they can incorporate it into their pricing structure, and give you a higher bill.
In either event, you are, of course, paying the USF -- it's a matter of if the phone company chooses to make it obvious or not solely.
They are selling a separate coating (a tint) for the windows and doors, so that front is covered.
Rest of setiment agreed with, however.
Also consider for bit torrent, you need a service to find a stream, unless you happen to know the web site for a particular program.
HBO is $10/month -- if they charged $10/month for a Torrent-style server, there are a large number of users who wouldn't think anything about that at all in exchange for getting a known perfect copy of the program. Most would even put up with (but complain about) advertising.
So they have a premium service (as you suggest) without the commercial.
Well, before the Lisa came out (by a long shot), there was Apple Pascal.
There were four major operating systems on the Apple II series of computers:
Apple DOS: Plain vanilla, flat file system, 33 char file names using all available characters.
Apple CPM: CPM in all its glory. 8.3 file names, no folders, required a coprocessor board with a Z80
Apple ProDos: 15 character hierarchal file system, four character file types (not as part of the name), four character app IDs (not as part of the name), more advanced OS services than the older DOS - but you had to pay for it and your old software didn't work.
Apple Pascal: UCSD Pascal derivative with a different set of bugs. Sold for a lot of money, and was often used for game programs because the OS used disks that the DOS and ProDos OS-level copy tools couldn't read, and few people had purchased copies of Pascal.
Where as *nix and CPM standardized on C for their development platform, Apple standardized on Pascal.
Seriously, Lisa was more likely an Apple Pascal derivative. Apple Pascal never hid the fact it was a UCSD derivative, but everything was slightly different from UCSD (typically because "we only have 64k of RAM at a time). Things like the way Units worked, etc. were a fair bit different, to account for the fact there wasn't any memory to work with.