Why? Lets say I make a digital Widgit. My widgit gets adapted by hundreds of coporations around the glob and saves their companies $500 million dollars all combined. Shouldn't I as the creator of this widgit that has saved half a billion dollars be elligable for some of that money?
Where you turn a profit. You mention Thousands of dollars over years. $2,000 over 5 years isn't a profession, it isn't even worth reporting on your taxes.
From your post it sounds like you are saying content is worthless, but the author has value. But to me as a consumer, I couldn't give to shakes of a monkey's ass over who wrote my SQL Bible, but it's content has saved me hours of head banging frustration.
Why would I pay $20 to meet the author of the book when I already have the book? Why would I pay $20 for the book when I can get it online for free? Why bother with the ebook when I can use Google to get the same information faster?
Okay sparky, I pay roughly $30/month for my pipe. That's about $1/day. about $0.042 per hour. down to $0.00069 per minute. So if takes say, 5 minutes to upload a media file (on a 768mb/s up-pipe, that's a good sized file) to a "free" host (as in one that I am not paying for), the total cost to me is a whoping $0.0035. Now, at this point, no copies have been made. As we are associating this to MY costs, I am not paying any more, the host will have to pay, or drop the file, but in that case I can always blow another 1/3rd of a penny to upload the media elsewhere. So from this point on, MILLIONS of copies can be made with ZERO cost to me. 1/3rd of a penny is not worth tracking, the time it would take you to log a value that small in your ledger would cost you significantly more then the 1/3rd cent as a loss.
Hell, even if I hosted the file myself. I have a site w/ 75gigs transfer per month for $15. If my e-book is 5 megs I could easily shoot out 1500 copies per month at a cost of $0.01 per copy.
So yes, you are correct, digital distrobution is NOT free. the cost per copy (based on my accounts) can be as high as $15 (for a single hosted copy), 1 cent (for 1500 hosted copies), or as low as 1/3rd of a cent (for infinate free hosted copies)
As for advertizing, Spend an extra 1/3rd of a penny to spend a few minutes on slash dot, add a link to the file in your signature. If you have the entire FireFly manuscript in e-book form hosted on an FTP site linked to in your sig, you'd be +5 insightful on every post and cause your host of choice to have a meltdown every time you posted.
"If you create content that is mass produceable, don't give out all your answers in that mass produced content. Hold some back, hold the most important parts back, for one-on-one or face-to-face interaction!"
The problem is not mass production. VCR remotes are mass produceable. Toy cars are mass produceable. Silicon chips are mass produceable.
And e-book is infinately producable. For $0 cost I can share an ebook with the entire digital population, whether I wrote it or not. Sure, hook people with a cliff hanger story and sell a seperate episode. But at some point, someone will transcribe the book to a digital format and it will be distributed. Encourage people to come to your shows and presentations, and they will be recorded and distributed.
I mean, we are looking down the barrel of the end of the supply/demand market in the digital media content market. Face-to-Face interactions are one way for content creators to get by, but what about those reclusive authors who write amazing stories but have the public speaking ability of a def-mute.
I'm not saying we should fight to keep the existing system, but I am curious as to how the market will shape up, how content delivery companies (RIAA, MPA, etc) will shake out, and how it will all effect the original authors.
There was a Myth Busters episode testing the '5 second rule'. They found the same oddity, the toilet seat was the cleanest place (according to bacteria counts) in the whole shop.
I wish I had a mod point for you, this should so be a +4 Insightful post. I'd say +5, but you forgot to add "rabble rabble" in the background to get the extra +1 funny. Well done though!
"they are using the telco's network without paying for it."
Wouldn't that be like the DoT charging Ford and Chevy for people using the HOV lanes? If Toyota doesn't cough up a golden lung then none of the Toyota drivers will get to use the HOV lane.
You don't just AJAX something up. It's not like something you just plug in, change a config file, and BLAMO it's AJAXified! You design applications with AJAX in mind. Now, some people will (and have already) used AJAX in horrendous ways (ie: Navigation). But there are many GOOD uses for AJAX. For example, I have a corporate phone directory our receptionists use. It lists all of the employees, indicates if any of them are out of the office, and shows which other receptionists are online. That would be enough if the data was static, but it's not. People are constantly coming and going, receptionists step away from their desks, and contact info is updated. In order to keep all of the receptionists on the same page we have two options. 1) Use a hidden iframe that posts back every 10 seconds, checks for updates, and refreshes the iframe containing the employee list. 2) Use an AJAX method to communicate with the server and update the employee DIV. Using AJAX can get rid of iframes (making it easier for text->speach readers to interpret), removes the refresh "click", reduces complexity on the page. and just all round makes the page smoother.
When making this desicion we didn't just "AJAX it up" we made the design decision and organized the entire project around that decision.
Two psychologists have found evidence that the number of and the time spent in meetings has a detrimental effect on mood. "...a general relationship between meeting load and the employee's level of fatigue and subjective workload was found"
And the number of Prirates in the world is inversely related to the rate of global warming. Honestly, people who are in more meetings usually have to balance multiple projects for multiple people. Multiple projects means more work, and more stress, whether you are in meetings or not.
"It seems about as relevant as saying "There have been people who play chess for years and yet French people will turn their noses up at British cooking."
Your analogy is only true if the British cooks are implying they are chess masters. The relevance is the implied message that these 'nuts' believe they are intellectuals.
Windows 2k, XP, 2k3 are all NT derivatives. 95/98/ME came from the 95 code base. The people responsible for 95 were completely seperate from the people responcible for NT.
I'd be interested in seeing the actual PoC code. My knowledge of the WMF script is minimal, but I'd like to see where the length=1 comes into play and how that error allows the author to send an escap code and command.
I am not familiar with WMF scripting, but that would sound correct. the WMF scripting should not be aloud to call SAP, but that could be hard thing to impliment. Because SAP is not the only API that takes a call back method. If the fix was to just block SAP calls I'm sure someone would dig until they found another API with a call back. So either MS dug threw the entire scope of the API black listing anything with a call back, or the problem lays elsewheres. My guess still lays on the WMF interpreter. When the interpreter hits that buffer overrun it opens itself to this problem. The correct solution would be to fix the exception handling in the interpreter to no allow for the buffer overrun.
int SetAbortProc(
HDC hdc,// handle to DC
ABORTPROC lpAbortProc// abort function
);
SetAbortProc doesn't take a Length value. It takes the DC of the print job to cancel, and the pointer to a call back method to launch when the abort completes.
I was incorrect in one aspect. SetAbortProc is in the GDI, NOT Win32 library. But it isn't the problem here. The problem is that vulnerbility in the code that parses the record is passing the incorrect call back method pointer to the SetAbortProc method.
"It would only cause MORE bugs for years and years to come. Right now, Win32/GDI is quite bug-free, or at least undocumented bug-free."
So true. It's the maturity curve. The older a piece of code, the longer it has survived, the less likely an error will be found.
But GDI is also a pain in the ass. It was designed long before anyone had a clue that PCs were going to go in the direction they have. I am glad to see it go. But this problem I don't beleive was part of the GDI. SetAbortProc started there and moved to Win32, but it is working fine from my understanding. The issue is specificly with the code that handles the WMF passing a bad pointer to SetAbortProc (after loading the payload to that address)
"poorly designed 'SetAbortProc,' the function that allows printing jobs to be canceled, was ported over to Vista."
SetAbortProc is well designed. The problem is the code that handles the WMF. That code is allowing a payload to be placed on the stack and an incorrect pointer to be sent.
All set abort proc does is send an abort code to the print job and set a call back method to call when the abort completes.
It appears to have something to do with the length of 1. whether accidentally or on purpose it seems that is the key, if the length is 1 the pointer sent for call back is the payload address. At this point to determine which it was would take a peek at the code. I don't know what API lib SetAbortProc was in, but what are the chances that library was in the Windows NT code leak a few years back?
What if someone dies with $9,000 in state taxes owed and 5 years later you and your 4 year old child are getting harrased by the state because your child now owes $25,000 in state taxes, late fees and fines. How important is tracking the dead then?
My knowledge here is limited, I can't say I know the internal workings of the Windows API, so I may be very far off course.
Your interpretation of my poorly worded description is correct though. I would expect the payload to wind up on the stack and the SetAbortProc to send the pointer to the start of that proc.
That pointer is the address of the callback function isn't it? So that when the abort occurs the print manager calls the function at that address that should update the app (the standard "Print job canceled" message box). In the case of the WMF there is no print job so the call back happens almost immediately and thus launches the payload.
That would be my understanding of how you wind up with the payload in the stack and a way to launch it.
Because they legally can't. And because SS # are reused. When you die your SS# will return to the regional pool and be reassigned. When you are trying to uniquely identify everyone, a repeating logic containing key is not a good idea;)
I believe he was an assistant manager. He had a decent apartment, a new (albeit cheap) car. All of his DJ profits went into his gear (he had his own PA system), music, and travel. Nice guy. I should look that old bunch up some time.
Matters on how you define professional. I used to work in the DC Goth scene. Great crowd. Some awesome DJs. The night club I worked at had 2 standard DJs and a rotating slot for visitors. Those DJ's spun almost every night of the week and still had to keep day jobs to get by. When you walk into Kinko's and see one of your favorite DJ's behind the counter you realise the guy is doing it for the love of DJing, not the money.
Slashdot Mirror
Why? Lets say I make a digital Widgit. My widgit gets adapted by hundreds of coporations around the glob and saves their companies $500 million dollars all combined. Shouldn't I as the creator of this widgit that has saved half a billion dollars be elligable for some of that money?
-Rick
Where you turn a profit. You mention Thousands of dollars over years. $2,000 over 5 years isn't a profession, it isn't even worth reporting on your taxes.
From your post it sounds like you are saying content is worthless, but the author has value. But to me as a consumer, I couldn't give to shakes of a monkey's ass over who wrote my SQL Bible, but it's content has saved me hours of head banging frustration.
Why would I pay $20 to meet the author of the book when I already have the book? Why would I pay $20 for the book when I can get it online for free? Why bother with the ebook when I can use Google to get the same information faster?
-Rick
Okay sparky, I pay roughly $30/month for my pipe. That's about $1/day. about $0.042 per hour. down to $0.00069 per minute. So if takes say, 5 minutes to upload a media file (on a 768mb/s up-pipe, that's a good sized file) to a "free" host (as in one that I am not paying for), the total cost to me is a whoping $0.0035. Now, at this point, no copies have been made. As we are associating this to MY costs, I am not paying any more, the host will have to pay, or drop the file, but in that case I can always blow another 1/3rd of a penny to upload the media elsewhere. So from this point on, MILLIONS of copies can be made with ZERO cost to me. 1/3rd of a penny is not worth tracking, the time it would take you to log a value that small in your ledger would cost you significantly more then the 1/3rd cent as a loss.
Hell, even if I hosted the file myself. I have a site w/ 75gigs transfer per month for $15. If my e-book is 5 megs I could easily shoot out 1500 copies per month at a cost of $0.01 per copy.
So yes, you are correct, digital distrobution is NOT free. the cost per copy (based on my accounts) can be as high as $15 (for a single hosted copy), 1 cent (for 1500 hosted copies), or as low as 1/3rd of a cent (for infinate free hosted copies)
As for advertizing, Spend an extra 1/3rd of a penny to spend a few minutes on slash dot, add a link to the file in your signature. If you have the entire FireFly manuscript in e-book form hosted on an FTP site linked to in your sig, you'd be +5 insightful on every post and cause your host of choice to have a meltdown every time you posted.
-Rick
"If you create content that is mass produceable, don't give out all your answers in that mass produced content. Hold some back, hold the most important parts back, for one-on-one or face-to-face interaction!"
The problem is not mass production. VCR remotes are mass produceable. Toy cars are mass produceable. Silicon chips are mass produceable.
And e-book is infinately producable. For $0 cost I can share an ebook with the entire digital population, whether I wrote it or not. Sure, hook people with a cliff hanger story and sell a seperate episode. But at some point, someone will transcribe the book to a digital format and it will be distributed. Encourage people to come to your shows and presentations, and they will be recorded and distributed.
I mean, we are looking down the barrel of the end of the supply/demand market in the digital media content market. Face-to-Face interactions are one way for content creators to get by, but what about those reclusive authors who write amazing stories but have the public speaking ability of a def-mute.
I'm not saying we should fight to keep the existing system, but I am curious as to how the market will shape up, how content delivery companies (RIAA, MPA, etc) will shake out, and how it will all effect the original authors.
-Rick
There was a Myth Busters episode testing the '5 second rule'. They found the same oddity, the toilet seat was the cleanest place (according to bacteria counts) in the whole shop.
-Rick
I wish I had a mod point for you, this should so be a +4 Insightful post. I'd say +5, but you forgot to add "rabble rabble" in the background to get the extra +1 funny. Well done though!
-Rick
"they are using the telco's network without paying for it."
Wouldn't that be like the DoT charging Ford and Chevy for people using the HOV lanes? If Toyota doesn't cough up a golden lung then none of the Toyota drivers will get to use the HOV lane.
-Rick
And can I pay to have my competitor's service not accelerated?
-Rick
You don't just AJAX something up. It's not like something you just plug in, change a config file, and BLAMO it's AJAXified! You design applications with AJAX in mind. Now, some people will (and have already) used AJAX in horrendous ways (ie: Navigation). But there are many GOOD uses for AJAX. For example, I have a corporate phone directory our receptionists use. It lists all of the employees, indicates if any of them are out of the office, and shows which other receptionists are online. That would be enough if the data was static, but it's not. People are constantly coming and going, receptionists step away from their desks, and contact info is updated. In order to keep all of the receptionists on the same page we have two options. 1) Use a hidden iframe that posts back every 10 seconds, checks for updates, and refreshes the iframe containing the employee list. 2) Use an AJAX method to communicate with the server and update the employee DIV. Using AJAX can get rid of iframes (making it easier for text->speach readers to interpret), removes the refresh "click", reduces complexity on the page. and just all round makes the page smoother.
When making this desicion we didn't just "AJAX it up" we made the design decision and organized the entire project around that decision.
-Rick
Two psychologists have found evidence that the number of and the time spent in meetings has a detrimental effect on mood. "...a general relationship between meeting load and the employee's level of fatigue and subjective workload was found"
And the number of Prirates in the world is inversely related to the rate of global warming. Honestly, people who are in more meetings usually have to balance multiple projects for multiple people. Multiple projects means more work, and more stress, whether you are in meetings or not.
-Rick
"It seems about as relevant as saying "There have been people who play chess for years and yet French people will turn their noses up at British cooking."
Your analogy is only true if the British cooks are implying they are chess masters. The relevance is the implied message that these 'nuts' believe they are intellectuals.
-Rick
Windows 2k, XP, 2k3 are all NT derivatives. 95/98/ME came from the 95 code base. The people responsible for 95 were completely seperate from the people responcible for NT.
-Rick
I'd be interested in seeing the actual PoC code. My knowledge of the WMF script is minimal, but I'd like to see where the length=1 comes into play and how that error allows the author to send an escap code and command.
-Rick
Read the rest of this thread. SetAbortProc doesn't take a length arguement, the problem is in the WMF interpreter.
-Rick
I am not familiar with WMF scripting, but that would sound correct. the WMF scripting should not be aloud to call SAP, but that could be hard thing to impliment. Because SAP is not the only API that takes a call back method. If the fix was to just block SAP calls I'm sure someone would dig until they found another API with a call back. So either MS dug threw the entire scope of the API black listing anything with a call back, or the problem lays elsewheres. My guess still lays on the WMF interpreter. When the interpreter hits that buffer overrun it opens itself to this problem. The correct solution would be to fix the exception handling in the interpreter to no allow for the buffer overrun.
-Rick
I was incorrect in one aspect. SetAbortProc is in the GDI, NOT Win32 library. But it isn't the problem here. The problem is that vulnerbility in the code that parses the record is passing the incorrect call back method pointer to the SetAbortProc method.
-Rick
"It would only cause MORE bugs for years and years to come. Right now, Win32/GDI is quite bug-free, or at least undocumented bug-free."
So true. It's the maturity curve. The older a piece of code, the longer it has survived, the less likely an error will be found.
But GDI is also a pain in the ass. It was designed long before anyone had a clue that PCs were going to go in the direction they have. I am glad to see it go. But this problem I don't beleive was part of the GDI. SetAbortProc started there and moved to Win32, but it is working fine from my understanding. The issue is specificly with the code that handles the WMF passing a bad pointer to SetAbortProc (after loading the payload to that address)
-Rick
"poorly designed 'SetAbortProc,' the function that allows printing jobs to be canceled, was ported over to Vista."
SetAbortProc is well designed. The problem is the code that handles the WMF. That code is allowing a payload to be placed on the stack and an incorrect pointer to be sent.
All set abort proc does is send an abort code to the print job and set a call back method to call when the abort completes.
-Rick
It appears to have something to do with the length of 1. whether accidentally or on purpose it seems that is the key, if the length is 1 the pointer sent for call back is the payload address. At this point to determine which it was would take a peek at the code. I don't know what API lib SetAbortProc was in, but what are the chances that library was in the Windows NT code leak a few years back?
-Rick
What if someone dies with $9,000 in state taxes owed and 5 years later you and your 4 year old child are getting harrased by the state because your child now owes $25,000 in state taxes, late fees and fines. How important is tracking the dead then?
-Rick
My knowledge here is limited, I can't say I know the internal workings of the Windows API, so I may be very far off course.
Your interpretation of my poorly worded description is correct though. I would expect the payload to wind up on the stack and the SetAbortProc to send the pointer to the start of that proc.
That pointer is the address of the callback function isn't it? So that when the abort occurs the print manager calls the function at that address that should update the app (the standard "Print job canceled" message box). In the case of the WMF there is no print job so the call back happens almost immediately and thus launches the payload.
That would be my understanding of how you wind up with the payload in the stack and a way to launch it.
-Rick
Because they legally can't. And because SS # are reused. When you die your SS# will return to the regional pool and be reassigned. When you are trying to uniquely identify everyone, a repeating logic containing key is not a good idea ;)
-Rick
I believe he was an assistant manager. He had a decent apartment, a new (albeit cheap) car. All of his DJ profits went into his gear (he had his own PA system), music, and travel. Nice guy. I should look that old bunch up some time.
-Rick
Matters on how you define professional. I used to work in the DC Goth scene. Great crowd. Some awesome DJs. The night club I worked at had 2 standard DJs and a rotating slot for visitors. Those DJ's spun almost every night of the week and still had to keep day jobs to get by. When you walk into Kinko's and see one of your favorite DJ's behind the counter you realise the guy is doing it for the love of DJing, not the money.
-Rick
I think it may be a warning that I should get myself checked out for dyslexia. That should be "grabs"
-Rick