Really I think what's going on is completely backwards. Canadian MPs and Senators should be lobbying the American congress and senate for looser copyright laws. Encourage the the United States to switch from its current witch hunt lawsuit enforcement system to instituting blank media levies or something similar.
Regardless of whether or not you were the best programmer in your class, maybe you didn't have the other skills employers look for when hiring somebody. Programmers who poop out code all day are great but most companies look for people with a little bit more than that these days.
Now if you'll excuse me, I have to get back to pooping out code.
I'm a fresh university graduate working for a Seattle area software development company on a TN visa. My salary +signing bonus+stock options doesn't get me to $100k but it's close enough that I believe Gates. Considering that Microsoft is bringing in people with several years experience (and therefore paid more) under their belts that number could easily get to $100k.
I am finishing my final semester at a University where there is semester long project in at least two courses per semester since the start of 3rd year. I have learned more about time management, writing, and software lifecycle because of those courses than I would had I just had isolated assignments. I've got a pretty sweet job waiting for me upon graduation and I like to think that is partly because of the experience my project work gave me. Knowing the syntax of a bunch of languages does not make you a software developer. You have to know how to work with and succeed as a team.
Here is my reply from the original post and it applies here:
"There are a variety of standards on how RFID tags are encoded, all of which break down into partitioning the tag's data into segments to form the unique identifier
For the sake of argument I'll use EPC SGTIN96. In the SGTIN tag has four partitions: Filter, Company Prefix, Item Reference, and Serial Number. Each of these fields is of varying size depending on how big tag is. Typically RFID tags are 96 bits (although some tags can get up to 1Kbit), even using 7 bit ascii there's not a whole lot you can fit in 96 bits. When I poll the reader, or the middleware I'm getting back a number, e.g. 12345 and it's my responsibility to parse through that number to get the fields I'm interested in. In this scenario I would have to be doing some *very* sloppy programming to open myself to an SQL injection attack (something along the lines of treating known numeric data as a string).
ISO and EPC Gen 2 tags do support custom data, which I suppose could be used to store strings but since it is severely space constrained (typically in the range of 2-32 bytes) I question the viability of such an attack. Not to mention that the field will likely be used to writing in ids instead of human readable data. Finally, it is common to encrypt the custom payload on an rfid tag. So even if somebody were to change it to "AND 1 = 1" it would be caught when the program tries to decrypt the tag."
An RFID tag contains just a number; newer RFID tags have support for custom payload but 99% of RFID tags are so space constrained that nobody would put raw strings in the tag. I spent a good chunk of last year devleloping RFID applications and not once did I do a straight lookup on the database from data I pulled from the RFID tag. So while I guess this classifies as a vulnerability somebody who does straight database lookups using RFID tag data will bring down the company long before an RFID tag exploit will.
To be fair, Microsoft is the only company that has sold at a loss for the entire lifetime of the console. FTA it says that Nintendo started off at a loss for the first year and then moved into profitability.
I disagree, there are plenty of ways to build up a successful distro without going to the lengths that Ubuntu has to build up its community. If Shuttleworth wanted to make a distro, but wanted to do it frugally he wouldn't host the ISOs on Ubuntu's servers, and he most certainly wouldn't get discs factory pressed and shipped to anybody anywhere in the world.
Ultimately I have no idea what Mr. Shuttleworth's plans are, but I get the impression that he's made his millions and is content with what he has. I'm sure that if the opportunity presented itself to make Ubuntu profitable he would take it, but flat out selling the company to Oracle would be a very abrupt turn around from his post Ubuntu behaviour.
Mark Shuttleworth has no incentive to sell Canonical/Ubuntu to Oracle. If he were in it for the money, Ubuntu wouldn't mail me CDs once every six months.
Nvidia and ATI release closed source drivers for linux.
They stop releasing drivers.
The bottom line of either company will not be affected by pulling driver support from linux. Nvidia and ATI both, justifiably, want to make sure that nobody knows the tricks they are doing in their respective drivers, and I'm sure they would sooner drop linux support than give up their intellectual property. As other people have mentioned, open source is about choice. Personally I will choose fully featured fast closed source drivers over the less impressive open source alternatives.
Maybe people should be listening to him. I saw him speak at the University of Waterloo recently and he raised a lot of valid points. I run Linux/Windows at home but I have a big beefy computer to back those OSes up. Minix seems exactly like the kind of thing that would work well with the $100 laptop project.
I'd argue that designing schemas, and designig object mappings are the exact same thing. Whatever you make your schema is is still defining the relationships that make a database work.
I'm not a theatre buff by any stretch of the word, but I thoroughly enjoyed it. I realize that not everybody lives close enough to Toronto to go see the play, but then you shouldn't criticize it if you haven't seen it. Yes the play's story feels a bit rushed, but what do you expect condensing three 500 page books into a 3 1/2 hour musical? Does the play do justice to Tolkien's original works? Yes.
My *only* complaint about it is that the costumes/sets/characters seem to be heavily influenced by the movies. I couldn't tell you whether they did that because the movies are more readily identifiable, or because the movies did such an excellent job of portraying the characters.
Why though? Sony is not a person, it's a company that employs thousands of people and has has all kinds of different goals. Sony owns a restaurant chain in Japan, would you not eat there because of the rootkit fiasco(geographical difficulties aside)?
The division that makes the playstation has nothing to do with the division that made the rootkits. Just the division that makes the playstation is making things region free, Sony's other arms are ensuring that things like movies and music stay region coded. I won't be so naieve to think that Sony made the games region free out of the goodness of their hearts, it was probably done for financial gain. However, it's obvious they are trying to make money from something that will benefit gamers and not punish them.
Would I harp on Microsoft's XBOX division for the decision to require Windows activation? No. So why why are people so hard on Sony's computer enterainment branch when it was Sony Music that decided that rootkits were a good idea?
Considering the XBOX has lost 4 billion dollars for Microsoft over the past four years and they don't have market dominance, I wouldn't be at all afraid of anything J Allard is going to be bringing to the table.
p.s. I own an XBOX, I'm just saying that his track record making "killer" devices is somewhat spotty.
I'm not sure you understand how RFID tags work. There are a variety of standards on how RFID tags are encoded, all of which break down into partitioning the tag's data into segments to form the unique identifier
For the sake of argument I'll use EPC SGTIN96. In the SGTIN tag has four partitions: Filter, Company Prefix, Item Reference, and Serial Number. Each of these fields is of varying size depending on how big tag is. Typically RFID tags are 96 bits (although some tags can get up to 1Kbit), even using 7 bit ascii there's not a whole lot you can fit in 96 bits. When I poll the reader, or the middleware I'm getting back a number, e.g. 12345 and it's my responsibility to parse through that number to get the fields I'm interested in. In this scenario I would have to be doing some *very* sloppy programming to open myself to an SQL injection attack (something along the lines of treating known numeric data as a string).
ISO and EPC Gen 2 tags do support custom data, which I suppose could be used to store strings but since it is severely space constrained (typically in the range of 2-32 bytes) I question the viability of such an attack. Not to mention that the field will likely be used to writing in ids instead of human readable data. Finally, it is common to encrypt the custom payload on an rfid tag. So even if somebody were to change it to "AND 1 = 1" it would be caught when the program tries to decrypt the tag.
The problem I have with the idea of an RFID virus is that most RFID middleware is based on either.NET or Java. I'm not saying it's impossible but the prospect to propagating a virus by RFID tag becomes a whole lot harder if they have to put MSIL or Java bytecode on the tag. I've developed a few RFID applications and all of the incoming RFID data are numbers (e.g. id: 12345) and I just look that information up in a database. It's not like I'm storing "SELECT * FROM table WHERE id = 12345" on the tag and then executing it blindly.
I haven't found a single comment pointing out one of the best things that comes from our CD levy: the CRIAA has tried numerous times (and failed) to bring US style RIAA lawsuits against the people of the country. What is the justification for not allowing the lawsuits? The CRIAA is already reimbursed for any alleged piracy through this levy and as such they aren't entitled to any more money.
I find it hipocritical (in a general sense) that the slashdot commetns revolving around the RIAA suing grandmothers and small children ranges from disgust to condemnation; yet most of the comments on the Canadian system to avoid such lawsuits are calling it unnecessary.
The biggest change I would like to see is the inclusion of software vendors into the group of people that benefit from this.
Re:Will it be in FC5 or Ubuntu 6.next?
on
A Look at GNOME 2.14
·
· Score: 5, Informative
Every Ubuntu release is timed so that it arrives shortly after the release of gnome. This is done so that the Ubuntu release features the latest and greatest of what gnome has to offer.
RFID tag encodings adhere to standards (EPC and ISO); perhaps I'm missing something but what exact is there to crack when all the information is freely available on the internet?
Slashdot Mirror
How is this going to be enforced? Are all news reporters going to have to get special permits that let them video tape violent acts?
Really I think what's going on is completely backwards. Canadian MPs and Senators should be lobbying the American congress and senate for looser copyright laws. Encourage the the United States to switch from its current witch hunt lawsuit enforcement system to instituting blank media levies or something similar.
Regardless of whether or not you were the best programmer in your class, maybe you didn't have the other skills employers look for when hiring somebody. Programmers who poop out code all day are great but most companies look for people with a little bit more than that these days.
Now if you'll excuse me, I have to get back to pooping out code.
I'm a fresh university graduate working for a Seattle area software development company on a TN visa. My salary +signing bonus+stock options doesn't get me to $100k but it's close enough that I believe Gates. Considering that Microsoft is bringing in people with several years experience (and therefore paid more) under their belts that number could easily get to $100k.
I am finishing my final semester at a University where there is semester long project in at least two courses per semester since the start of 3rd year. I have learned more about time management, writing, and software lifecycle because of those courses than I would had I just had isolated assignments. I've got a pretty sweet job waiting for me upon graduation and I like to think that is partly because of the experience my project work gave me. Knowing the syntax of a bunch of languages does not make you a software developer. You have to know how to work with and succeed as a team.
First off this is basically a dupe of http://it.slashdot.org/article.pl?sid=06/03/15/132 4233. It was innacurate when it was first reported and it's innacurate now.
Here is my reply from the original post and it applies here:
"There are a variety of standards on how RFID tags are encoded, all of which break down into partitioning the tag's data into segments to form the unique identifier
For the sake of argument I'll use EPC SGTIN96. In the SGTIN tag has four partitions: Filter, Company Prefix, Item Reference, and Serial Number. Each of these fields is of varying size depending on how big tag is. Typically RFID tags are 96 bits (although some tags can get up to 1Kbit), even using 7 bit ascii there's not a whole lot you can fit in 96 bits. When I poll the reader, or the middleware I'm getting back a number, e.g. 12345 and it's my responsibility to parse through that number to get the fields I'm interested in. In this scenario I would have to be doing some *very* sloppy programming to open myself to an SQL injection attack (something along the lines of treating known numeric data as a string).
ISO and EPC Gen 2 tags do support custom data, which I suppose could be used to store strings but since it is severely space constrained (typically in the range of 2-32 bytes) I question the viability of such an attack. Not to mention that the field will likely be used to writing in ids instead of human readable data. Finally, it is common to encrypt the custom payload on an rfid tag. So even if somebody were to change it to "AND 1 = 1" it would be caught when the program tries to decrypt the tag."
An RFID tag contains just a number; newer RFID tags have support for custom payload but 99% of RFID tags are so space constrained that nobody would put raw strings in the tag. I spent a good chunk of last year devleloping RFID applications and not once did I do a straight lookup on the database from data I pulled from the RFID tag. So while I guess this classifies as a vulnerability somebody who does straight database lookups using RFID tag data will bring down the company long before an RFID tag exploit will.
To be fair, Microsoft is the only company that has sold at a loss for the entire lifetime of the console. FTA it says that Nintendo started off at a loss for the first year and then moved into profitability.
Shhhhhhh you're going to lose your street cred with the linux elite. User friendliness is for the weak, didn't you know?
I disagree, there are plenty of ways to build up a successful distro without going to the lengths that Ubuntu has to build up its community. If Shuttleworth wanted to make a distro, but wanted to do it frugally he wouldn't host the ISOs on Ubuntu's servers, and he most certainly wouldn't get discs factory pressed and shipped to anybody anywhere in the world.
Ultimately I have no idea what Mr. Shuttleworth's plans are, but I get the impression that he's made his millions and is content with what he has. I'm sure that if the opportunity presented itself to make Ubuntu profitable he would take it, but flat out selling the company to Oracle would be a very abrupt turn around from his post Ubuntu behaviour.
Mark Shuttleworth has no incentive to sell Canonical/Ubuntu to Oracle. If he were in it for the money, Ubuntu wouldn't mail me CDs once every six months.
Well the way I see it there are two choices:
The bottom line of either company will not be affected by pulling driver support from linux. Nvidia and ATI both, justifiably, want to make sure that nobody knows the tricks they are doing in their respective drivers, and I'm sure they would sooner drop linux support than give up their intellectual property. As other people have mentioned, open source is about choice. Personally I will choose fully featured fast closed source drivers over the less impressive open source alternatives.
I'll just pirate windows basic! Then there won't be any reproducussions for my thievery... except that I'd be running windows.
Dude, have you seen Willy Wonka? Candy making looks awesome!!!
Maybe people should be listening to him. I saw him speak at the University of Waterloo recently and he raised a lot of valid points. I run Linux/Windows at home but I have a big beefy computer to back those OSes up. Minix seems exactly like the kind of thing that would work well with the $100 laptop project.
I'd argue that designing schemas, and designig object mappings are the exact same thing. Whatever you make your schema is is still defining the relationships that make a database work.
I'm not a theatre buff by any stretch of the word, but I thoroughly enjoyed it. I realize that not everybody lives close enough to Toronto to go see the play, but then you shouldn't criticize it if you haven't seen it. Yes the play's story feels a bit rushed, but what do you expect condensing three 500 page books into a 3 1/2 hour musical? Does the play do justice to Tolkien's original works? Yes.
My *only* complaint about it is that the costumes/sets/characters seem to be heavily influenced by the movies. I couldn't tell you whether they did that because the movies are more readily identifiable, or because the movies did such an excellent job of portraying the characters.
Why though? Sony is not a person, it's a company that employs thousands of people and has has all kinds of different goals. Sony owns a restaurant chain in Japan, would you not eat there because of the rootkit fiasco(geographical difficulties aside)?
The division that makes the playstation has nothing to do with the division that made the rootkits. Just the division that makes the playstation is making things region free, Sony's other arms are ensuring that things like movies and music stay region coded. I won't be so naieve to think that Sony made the games region free out of the goodness of their hearts, it was probably done for financial gain. However, it's obvious they are trying to make money from something that will benefit gamers and not punish them.
Would I harp on Microsoft's XBOX division for the decision to require Windows activation? No. So why why are people so hard on Sony's computer enterainment branch when it was Sony Music that decided that rootkits were a good idea?
Considering the XBOX has lost 4 billion dollars for Microsoft over the past four years and they don't have market dominance, I wouldn't be at all afraid of anything J Allard is going to be bringing to the table. p.s. I own an XBOX, I'm just saying that his track record making "killer" devices is somewhat spotty.
I'm not sure you understand how RFID tags work. There are a variety of standards on how RFID tags are encoded, all of which break down into partitioning the tag's data into segments to form the unique identifier
For the sake of argument I'll use EPC SGTIN96. In the SGTIN tag has four partitions: Filter, Company Prefix, Item Reference, and Serial Number. Each of these fields is of varying size depending on how big tag is. Typically RFID tags are 96 bits (although some tags can get up to 1Kbit), even using 7 bit ascii there's not a whole lot you can fit in 96 bits. When I poll the reader, or the middleware I'm getting back a number, e.g. 12345 and it's my responsibility to parse through that number to get the fields I'm interested in. In this scenario I would have to be doing some *very* sloppy programming to open myself to an SQL injection attack (something along the lines of treating known numeric data as a string).
ISO and EPC Gen 2 tags do support custom data, which I suppose could be used to store strings but since it is severely space constrained (typically in the range of 2-32 bytes) I question the viability of such an attack. Not to mention that the field will likely be used to writing in ids instead of human readable data. Finally, it is common to encrypt the custom payload on an rfid tag. So even if somebody were to change it to "AND 1 = 1" it would be caught when the program tries to decrypt the tag.
The problem I have with the idea of an RFID virus is that most RFID middleware is based on either .NET or Java. I'm not saying it's impossible but the prospect to propagating a virus by RFID tag becomes a whole lot harder if they have to put MSIL or Java bytecode on the tag. I've developed a few RFID applications and all of the incoming RFID data are numbers (e.g. id: 12345) and I just look that information up in a database. It's not like I'm storing "SELECT * FROM table WHERE id = 12345" on the tag and then executing it blindly.
When the front door is wide open?
I haven't found a single comment pointing out one of the best things that comes from our CD levy: the CRIAA has tried numerous times (and failed) to bring US style RIAA lawsuits against the people of the country. What is the justification for not allowing the lawsuits? The CRIAA is already reimbursed for any alleged piracy through this levy and as such they aren't entitled to any more money.
I find it hipocritical (in a general sense) that the slashdot commetns revolving around the RIAA suing grandmothers and small children ranges from disgust to condemnation; yet most of the comments on the Canadian system to avoid such lawsuits are calling it unnecessary.
The biggest change I would like to see is the inclusion of software vendors into the group of people that benefit from this.
Every Ubuntu release is timed so that it arrives shortly after the release of gnome. This is done so that the Ubuntu release features the latest and greatest of what gnome has to offer.
RFID tag encodings adhere to standards (EPC and ISO); perhaps I'm missing something but what exact is there to crack when all the information is freely available on the internet?