I just can't stand the cruft sprint makes your friends sift through to get picture mail.
For Sprint phones, I have maintained a screen scraper sort of tool, that intercepts "shared image" emails as you send them, cuts out the spint ads and junk HTML redirection, and sends it on its way as a plain old attachment.
This can easily be interfaced to blogging sites like text america -- they know how to look inside e-mails for attachments, but that's about this.
More details at: http://pcs.hoho.com
(PS: its free, and the Python source is available.)
I'd gnaw off the wrist band and flush it down the toilet.
But if you need the wristband to get on rides, you'd probably keep it around. (Of course a kidnapper probably wouldn't be concerned with getting another ride in..)
I'd hardly call FCP at $999 a steal compared to its competition.
What, then, is the comparable competition?
Find me another suite -- at any price -- that comes with the functionality of FCP. Remember, you're getting a multitrack editor and 4.6GB of samples [Soundtrack], a titling and title-effects package [LiveType], and a compression package [Compressor], all in the same box as your offline video editor.
Oh, troll-feeding aside, it costs $300 for educational customers. DEFINITELY a steal.
> You make it sound so easy. Just "break out" of the > sandbox and erase the system.
There are any number of ways to cause harm from within an ebuild. Perhaps I was misleading; you can "break out" by using legal ebuild syntax. Eg, "insinto/etc", and the "doins shadow". Someone might notice the install log, but who cares? This attack targets joe rsync'r, who must update world daily. Replace/bin/bash if you want -- nothing will stop your trojaned x11-themes package. Ok?
> No system is ever going to be 100% secure, but things > like sandboxing make it safer.
Sandboxing was not at all the point.
The point was that Gentoo is built around distributing esentially shell scripts over rsync -- and at present these can easily be modified by a compromised or malicious mirror and cause GREAT harm. A hash of the ebuild is rsync'd WITH the ebuild from the SAME source! Simple integrity check? Yes. Proof that the Manifest, or anything in it, is the same as Gentoo intends it? Absolutely not. The fact that this would be so easy to exploit is surprising.
By the way, sandboxing in Gentoo is protect build scripts outside of the ebuild from installing things where they shouldn't be.
cat/usr/bin/emerge
Portage itself is mostly a few python modules. Modify the emerge program to delete a few files, then package it back up and put it (with a new manifest) on your rsync mirror. You don't even need to know how to use gcc.
>> There is abosolutely _ZERO_TRUST_ in the gentoo >> system > Don't you mean "total trust" in the system, in that the > users "trust" the rsync servers not to be r00t3d, > somewhat optimistically?
Doh! But yes, that's what I meant in my somewhat hasty response. (I have been thinking about gentoo and this for a while.)
Gentoo would be ideal with a web of trust, such that a gentoo deployment maintained keys that it trusted -- ie, from gentoo, from developers, from friends, etc, and accepted and rejected ebuilds accordingly. Considering the development distribution of gentoo, it is almost a case study in how to build and use a mini public key infrastructure.
The whole gentoo tree could be viewed as as many 'virtual' trees as you desire, by multiple signatures on single or multiple ebuilds: for example, instead of setting "~x86" (experimental x86 ebuild) from within the ebuild, why not sign the ebuild with the gentoo_experimental_x86 key? Then, sign it with a "testing" or "stable" key as it fits.
With keys from developers (gpg message signing is already a big habit on gentoo-dev), you can accept patches from developers and other people you trust, even if you receive the ebuild out of band (eg, on bugzilla). All of this also removes the posibility of, say, an errant CVS commit. Now all you trust is those public keys (and however many signatures you require on an ebuild to believe it wasn't porrly signed.)
(Of course, verifying signatures adds more complexity to the build time, but... this is gentoo! You love the build time!)
And who doesn't see this coming again? All you need is a box with some bandwidth, and you can become a gentoo mirror.
Now, you want to compromise every gentoo box on the planet? Edit any ebuild you want to add your compromise. Make it break out of the gentoo sandbox and erase that system straight from the ebuild. Or make it install a tainted binary. Whatever, just be sure to re-hash your ebuild in the Manifest, and wait for some poor suckers to download it. Given the frequency with which gentooer's rsync, this should happen very quickly.
There is abosolutely _ZERO_TRUST_ in the gentoo system, and it is frightening how easily a rsync mirror could abuse whatever clout it has to taint a significant number of hosts.
The solution for this is signed digests and shared trusted gentoo keys, but this is still a ways off.
But, for a non-profit, they really do a pretty sad job following up on donations.
I am a member of a 501c3 nonprofit foundation, and last year I recommended we donate to the EFF. As a trial, we sent them $1000 with some information about our foundation.
What did we get back? Nothing. Now, for $1000, you don't expect to get free tickets to the next EFF bash, or whatever other perks larger donations sometimes garner. But what irked us most is we didn't get so much as a thank-you letter, or even a request for more funds!
Needless to say, they are losing out on a lot of potential funding (at least in our view), and I will not recommend them again because of my embarassment.
>However, there is an effect like this in the >Indiana Jones attraction at Disneyland. At one >point you drive through a wall of fog onto which is >projected a bunch of rats.
close, but not quite. the projection is used to create the illusion that you are driving through a spider web -- not a bunch of rats. simple, too: just uses spots of white light and no light to illuminate the thin fog in to a webby shape.
probably the best effect on that ride, along with the dart room.
based on the patents disney holds for effects in the haunted mansion (eg the singing bust projection technique, others?) i'm a bit surprised there isn't more discussion of the disney factor..
Thank you all for the replies; good suggestions all around!
One thing I neglected to mention is that part of the reason just 'mailing film' won't work is that this would be a digital operation -- hoping to get a few chances here and there to upload and describe images. Having a friend at home develop pictures would probably be more expensive than hanging on to a few CF cards or whatever..
About the volume of the pictures: it is true that 10,000 might be on the high side! Perhaps 5000 is more like it. ANd regarding desired resolution, well, higher (>1024x768) is definitely better, because online photo places can make some lovely prints these days (for the odd good photo..)
The best textbook I have read for those just starting in EE (from a digital logic point of view) is "Digital Design: Priciples and Practices" by John Wakerly.
It starts with simple logic, truth tables, and so on, and covers more advanced topics in later chapters such as VHDL and other cool things. If you're not strictly CS, this is *the* handbook to have if you don't want to look like a doufus listening to EE guys. And, I've always found the index to be very complete (and filled with riddles) -- something MANY books seem to be horrible at!
I'd have to say the best 'feature' of this book -- and of any other, I'd say -- is the offer of a cash ($5!) reward for the first to discover an error!
(The author maintains an errata page and other goodies at http://www.ddpp.com)
Are you kidding? Firstly, these specs are not realistic for a consumer machine. If Joe Schmoe can get a FireWire/DVD/FlatPanel machine at iMac prices, he'll do it instead of buying a spiffy new G4. Apple would see the professional line losing sales very quickly. That said, a graphite looking machine would have a similar effect; it would confuse the two VERY SPECIFIC product lines. All of these "iMac II" rumors need to be better thought out. A larger CRT is a more realistic possibility; a FireWire port might make it too. But, c'mon, a flat panel LCD? Too expensive and too fancy. Amgine
Slashdot Mirror
Hi,
I just can't stand the cruft sprint makes your friends sift through to get picture mail.
For Sprint phones, I have maintained a screen scraper sort of tool, that intercepts "shared image" emails as you send them, cuts out the spint ads and junk HTML redirection, and sends it on its way as a plain old attachment.
This can easily be interfaced to blogging sites like text america -- they know how to look inside e-mails for attachments, but that's about this.
More details at: http://pcs.hoho.com
(PS: its free, and the Python source is available.)
cheers..
I'd gnaw off the wrist band and flush it down the toilet.
But if you need the wristband to get on rides, you'd probably keep it around. (Of course a kidnapper probably wouldn't be concerned with getting another ride in..)
I'd hardly call FCP at $999 a steal compared to its competition.
What, then, is the comparable competition?
Find me another suite -- at any price -- that comes with the functionality of FCP. Remember, you're getting a multitrack editor and 4.6GB of samples [Soundtrack], a titling and title-effects package [LiveType], and a compression package [Compressor], all in the same box as your offline video editor.
Oh, troll-feeding aside, it costs $300 for educational customers. DEFINITELY a steal.
> You make it sound so easy. Just "break out" of the
/etc", and the "doins shadow". Someone might notice the install log, but who cares? This attack targets joe rsync'r, who must update world daily. Replace /bin/bash if you want -- nothing will stop your trojaned x11-themes package. Ok?
/usr/bin/emerge
> sandbox and erase the system.
There are any number of ways to cause harm from within an ebuild. Perhaps I was misleading; you can "break out" by using legal ebuild syntax. Eg, "insinto
> No system is ever going to be 100% secure, but things
> like sandboxing make it safer.
Sandboxing was not at all the point.
The point was that Gentoo is built around distributing esentially shell scripts over rsync -- and at present these can easily be modified by a compromised or malicious mirror and cause GREAT harm. A hash of the ebuild is rsync'd WITH the ebuild from the SAME source! Simple integrity check? Yes. Proof that the Manifest, or anything in it, is the same as Gentoo intends it? Absolutely not. The fact that this would be so easy to exploit is surprising.
By the way, sandboxing in Gentoo is protect build scripts outside of the ebuild from installing things where they shouldn't be.
cat
Portage itself is mostly a few python modules. Modify the emerge program to delete a few files, then package it back up and put it (with a new manifest) on your rsync mirror. You don't even need to know how to use gcc.
>> There is abosolutely _ZERO_TRUST_ in the gentoo
>> system
> Don't you mean "total trust" in the system, in that the
> users "trust" the rsync servers not to be r00t3d,
> somewhat optimistically?
Doh! But yes, that's what I meant in my somewhat hasty response. (I have been thinking about gentoo and this for a while.)
Gentoo would be ideal with a web of trust, such that a gentoo deployment maintained keys that it trusted -- ie, from gentoo, from developers, from friends, etc, and accepted and rejected ebuilds accordingly. Considering the development distribution of gentoo, it is almost a case study in how to build and use a mini public key infrastructure.
The whole gentoo tree could be viewed as as many 'virtual' trees as you desire, by multiple signatures on single or multiple ebuilds: for example, instead of setting "~x86" (experimental x86 ebuild) from within the ebuild, why not sign the ebuild with the gentoo_experimental_x86 key? Then, sign it with a "testing" or "stable" key as it fits.
With keys from developers (gpg message signing is already a big habit on gentoo-dev), you can accept patches from developers and other people you trust, even if you receive the ebuild out of band (eg, on bugzilla). All of this also removes the posibility of, say, an errant CVS commit. Now all you trust is those public keys (and however many signatures you require on an ebuild to believe it wasn't porrly signed.)
(Of course, verifying signatures adds more complexity to the build time, but... this is gentoo! You love the build time!)
cheers.. (a gentoo user)
And who doesn't see this coming again? All you need is a box with some bandwidth, and you can become a gentoo mirror.
Now, you want to compromise every gentoo box on the planet? Edit any ebuild you want to add your compromise. Make it break out of the gentoo sandbox and erase that system straight from the ebuild. Or make it install a tainted binary. Whatever, just be sure to re-hash your ebuild in the Manifest, and wait for some poor suckers to download it. Given the frequency with which gentooer's rsync, this should happen very quickly.
There is abosolutely _ZERO_TRUST_ in the gentoo system, and it is frightening how easily a rsync mirror could abuse whatever clout it has to taint a significant number of hosts.
The solution for this is signed digests and shared trusted gentoo keys, but this is still a ways off.
This processor sounds like a real dog.
> the EFF needs you donations more then ever.
But, for a non-profit, they really do a pretty sad job following up on donations.
I am a member of a 501c3 nonprofit foundation, and last year I recommended we donate to the EFF. As a trial, we sent them $1000 with some information about our foundation.
What did we get back? Nothing. Now, for $1000, you don't expect to get free tickets to the next EFF bash, or whatever other perks larger donations sometimes garner. But what irked us most is we didn't get so much as a thank-you letter, or even a request for more funds!
Needless to say, they are losing out on a lot of potential funding (at least in our view), and I will not recommend them again because of my embarassment.
>However, there is an effect like this in the
>Indiana Jones attraction at Disneyland. At one
>point you drive through a wall of fog onto which is
>projected a bunch of rats.
close, but not quite. the projection is used to create the illusion that you are driving through a spider web -- not a bunch of rats. simple, too: just uses spots of white light and no light to illuminate the thin fog in to a webby shape.
probably the best effect on that ride, along with the dart room.
based on the patents disney holds for effects in the haunted mansion (eg the singing bust projection technique, others?) i'm a bit surprised there isn't more discussion of the disney factor..
This looks like an excellent direct camera-to-mass-storage device that I was thinking of. Thanks!
Thank you all for the replies; good suggestions all around!
One thing I neglected to mention is that part of the reason just 'mailing film' won't work is that this would be a digital operation -- hoping to get a few chances here and there to upload and describe images. Having a friend at home develop pictures would probably be more expensive than hanging on to a few CF cards or whatever..
About the volume of the pictures: it is true that 10,000 might be on the high side! Perhaps 5000 is more like it. ANd regarding desired resolution, well, higher (>1024x768) is definitely better, because online photo places can make some lovely prints these days (for the odd good photo..)
Cheers..
The best textbook I have read for those just starting in EE (from a digital logic point of view) is "Digital Design: Priciples and Practices" by John Wakerly.
It starts with simple logic, truth tables, and so on, and covers more advanced topics in later chapters such as VHDL and other cool things. If you're not strictly CS, this is *the* handbook to have if you don't want to look like a doufus listening to EE guys. And, I've always found the index to be very complete (and filled with riddles) -- something MANY books seem to be horrible at!
I'd have to say the best 'feature' of this book -- and of any other, I'd say -- is the offer of a cash ($5!) reward for the first to discover an error!
(The author maintains an errata page and other goodies at http://www.ddpp.com)
Are you kidding? Firstly, these specs are not realistic for a consumer machine. If Joe Schmoe can get a FireWire/DVD/FlatPanel machine at iMac prices, he'll do it instead of buying a spiffy new G4. Apple would see the professional line losing sales very quickly. That said, a graphite looking machine would have a similar effect; it would confuse the two VERY SPECIFIC product lines. All of these "iMac II" rumors need to be better thought out. A larger CRT is a more realistic possibility; a FireWire port might make it too. But, c'mon, a flat panel LCD? Too expensive and too fancy. Amgine