I build an end-user application. The application is substantially free (i.e. most of its functionality is available without charge or restrictions). A small subset of functionality requires payment, in amount about equal to two (2) movie tickets (may be less, I haven't been to the movies in a while). Other software with substantially similar functionality may cost hundreds of dollars.
You'd think, then, that my product should be virtually immune to piracy. After all, there is hardly a way to price it any less (making it completely free is probably the only other option, at which point I'll have to find another project to pay my bills and stop working on this one).
Well, I think it goes without saying that there is a crack out there for my application and that it is being distributed illegally. Market failure? Perhaps, if the only available market is "distribute it for free".
The system of "certificate authority" on which SSL security ostensibly relies, has deteriorate to an essentially meaningless state.
This system is based primarily on trust. Trust requires at least a basic level of knowledge or understanding (this is a crucial difference between "trust" and "faith":) ).
If you have not taken a look at your browser's "trusted certificate authority list" - now may be the time. I am a Firefox user, and I know that the list in Firefox contains numerous organizations with trustworthy names like "QuoVadis Limited", "TÜRKTRUST Elektronik Sertifika Hizmet Salaycs" and "XRamp Global Certification Authority". Do you know any of these companies? Do you personally have any reason to trust in their judgment, honesty or integrity?
For each company Firefox web site holds a document by some accounting firm (like the KPMG which has proven itself untrustworthy and unreliable even in matters of finance where they presumably have a clue) that purports to audit intentions and pracitces of said company wrt. issuance of said certificates. To put it simply that's worth as much as their audit of Lehman Brothers.
Bottom line - your browser essentially allows a random selection of highest bidders or politically connected entities to define what web sites are, in turn, to be trusted. It's pointless and there is little reason to believe that anything that say, sign or claim has any value whatsoever beyond the level of background noise.
Treat SSL the way you treat SSH - save specific certificates for sites, and watch for unexpected changes. Regardless of what the certificate or the "green location bar" say, don't trust them further than you can throw them.
We've been "writing once/testing everywhere" for our desktop products for a while for all computing platforms - that's a non-issue.
A single hardware device would be ok if its specs met the needs of our users, but they don't quite fit. With OS not tied to the hardware as a developer I have a leeway with choice of hardware and can even go to a nice manufacturer out in China to ask for a specific modification which we can then offer our users. I doubt Apple would oblige:)
As far as optimization issues go - Apple iOS is by no means a new platform so they had ample time to get things right. And I think it's not really reasonable to say that Apple has "financial constraints". They pour a lot of money into their products, but they tend to spend it on aspects that matter to their users (shiny slick case) rather than to, say, developers (like clean well tested compatible and optimized APIs)
Have what available? I've been trying to get some decent information on NDK, but documentation is so sparse it's not even funny. All I've got so far is that new NDK can respond to "external actions" (touch,button etc). There is still no UI to the best of my understanding. Who's going to draw all the buttons, read text input, show keyboard, manage windows for pete's sake? I ain't writing my own GUI system:) Unless, of course, this is all there and Google just forgot to document it (no big surprise, look at Skia:) )
I mean, this is/. - so whatever Microsoft does is bad:)
I am a developer, and I am currently evaluating a mobile platform to move my application to. The application requires both fairly extensive user interface and significant graphic processing. 1. Android: The good - our code would port into native Android quite well and work with all appropriate optimizations. But the NDK does not really have a UI component, and writing our own UI is both non-cost effective and probably won't look the way users would like it to look. Java is not suitable both due to limits on performance (see elsewhere on/. about its responsivness or lack thereof when handling sound, for example), as well as because our current code base while quite portable, is C/C++. These issues would make development technically difficult for us - not impossible, but simply not economically feasible. No go at this point.
(Why, oh why did they decide to put Java into the mix there? If only there was a native GUI, Android would have been perfect for us. But I digress)
2. iOS/iPad/iPhone - technically these would work, but we are not terribly eager to get into a single-platform solution. Sure, they are big and have many devices out there, but these devices are all the same and come from a single hw vendor. Aside from that there are API and optimization issues, due to some quick and shoddy decisions that Apple made when putting iOS together. The resulting product would not be as efficient as we'd like and Apple hardware does not entirely hit the target market. On top of that, some of the requirements of Apple store are incompatible with what we do, so we'd have to remove functionality or otherwise work around legal hurdles. So - a weak "may be" only because there is little choice for now.
3. Here comes the Windows part. Our code would build/run on those devices natively wiuth all appropriate optimizations. There is a native accessible (C/C++) GUI, without a need of Java shims or custom UIs. It is not locked to a single hardware vendor, so in theory we could expect a number of tablets and other devices to satisfy various user needs. A small snag - not too many devices available quite yet:)
So, personally I am rooting for Nokia + Windows. If this works out, it will provide is the shortest most direct path to give mobile application to our users.
Admittedly, I would just as well welcome a complete Android NDK (with full GUI integration, to remove any need to glue Java and native code together). Perhaps it's there already?:) It's hard to know seeing as very little of NDK is properly documented.
And now we return to our usual Microsoft bashing programming:)
I know Mac is a magic word and answer to world peace and all. And the song is cute.
But really, do they have a clue? Did the guy try to open up a Macbook? It's worse than his HP. The official Apple answer to cleaning the fan is to buy a new computer:)
And what is un-due about it? Who should issue warrants if judges are not an appropriate source? Or do you suggest that a concept of "warrant" is against due process?
It is not DHS per se, but rather ICE - immigration & customs enforcement, which has been moved under DHS umbrella like a number of other federal agencies.
They are responsible for enforcement of various international crimes, including smuggling of child porn where that happens to be across borders, as is almost always the case. It's a matter of jurisdiction.
Quote: "As with previous seizures, ICE convinced a District Court judge to sign a seizure warrant, and then contacted the domain registries to point the domains in question to a server that hosts the warning message. However, somewhere in this process a mistake was made and as a result the domain of a large DNS service provider was seized."
You may not like this, but a warrant signed by a judge *is* due process.
And, of course, part of the reason is that after even a short "streak of luck" (say, a couple of weeks) he'd be discovered and then likely face charges. So, not only is it not worth his time, but it's not worth the trouble of going to jail for a few thousand $.
That was my question though - can I? The answer I found so far is that the only firewall/netfilter/ip stack that supports IPv6 nat is that of OpenBSD. I found no mention of it in FreeBSD. I also found specific statements by Linux Netfilter developers to the effect that "NAT for IPv6" will be available "over his dead body".
So, looks like "you can't NAT IPv6" just like IPv4 after all. "In theory there is no difference between theory in practice. In practice - there is" (c)
As poster below noted (and you seem to not quite get:) ) - this is not to protect devices that never speak to the "outside world", but rather to remove ability of sites and servers in the outside world to discern between separate devices in my network connecting to them. Poster below also brought some good reasons for doing so, although there are more.
Anonymous IP addresses do not solve this issue because for a duration of the validity of this address your computer is still uniquely identified amongst other systems in your subnet.
This did, however, give me an idea - instead of mapping all connections to the same address, perhaps a better solution, now that a 64 bit space is available, is to map every connection to a *different* address. The downside of this approach is that if system on the other end uses IP as a method to bind your session - you may have trouble using it (think Facebook sessions, although many of these systems do make some exceptions to allow multiple proxies and things like AOL buggery). On the other hand, this would make traditional tracking a bit harder - where tracking systems normally used your single IP to map to at least a household, if not an individual computer - they'll be faced with virtually unlimited number of IP addresses. I am sure in time they'll figure out how to apply a/64 mask - but until then, it's a great way to make their job more difficult:)
As an aside, regarding Flash leaking IP address of internal system - I am sure it could, but that's what Flashblock is for. I don't think any of the devices in my household are permitted to run flash by default. In fact, on the system I am typing this from, the only site on flashblock white list is Youtube - and I probably should remove that too:)
I want to go to a *single* IP address that represents all systems on my network. Same thing I am doing today with IPv4. I don't like people outside to be able to enumerate devices on my network - and using a single address is a first step (tweaking IP stacks to change signature and replacing browser agent string helps too).
I kinda expected that instead of "this is how you do this" (which is what freedom of choice of technology should be about) I am going to get the usual ideologically painted answers about how "that's not what you need".
I think I found the answer though - OpenBSD will gladly masquerade either ipv4 or ipv6. I suppose I may have to go with a slightly higher end router box (rather than the usual Linksys dd-wrt re-flash)
Too bad Linux/netfilter won't but ideology takes precedence there.
Is there software that can NAT IPv6? Clearly anything's possible in theory - but are there existing solutions.
I'd like all my devices to appear as a single IP address to the outside world, as they do now - to maintain uncertainty. My Google mojo does not help - any mention of IPv6 in connection with nat that I am finding, is something about ipv4 nat or tunneling.
Ideally, it'd be nice to have that built into dd-wrt
"Each user has been delegated a/64 block of approximately 18,446,744,073,709,551,616 (18 quintillion) unique IPv6 addresses. "
So, effectively, they just shortened an IPv6 address to 64 bit - and allocation haven't even started yet in earnest. This is the problem with people. Even technical people (and moreover - everyone else) will waste any resource (including artificial resource) until there is scarcity regulated by monetary means. If that's the way IPv6 will be assigned -/64 to an individual user,/32 to a corporation,/12 to interplanetary internet or whatever other cooky idea there is - these addresses will run out in a jiffy. And then we'll be trading in these and IPv4 just the same.
I think what we see here (and I am being serious) is outsourcing at work. He downloads tools from a subnet in Pakistan, likely homebase. Just like anything from software development to customer service is being offshored to lowest bidder and services being performed by people without appropriate skills, simply because they are cheap. Same thing here - mass hacking is a business, and it is being outsourced to cheap unskilled labor. Look at this and laugh - then realize, this is the kind of quality of production that modern legitimate businesses rely on every day. Scary, ain't it?
On the one hand, Mozilla/Firefox has been taking control of cookies away from "regular users" - yes, it's all still there, but it is no longer obviously exposed, and instead most users would never even know what hides behind "Firefox will remember history" one-liner in a drop box.
So now, after cannibalizing the real control of privacy - one that rests with a user, they are trying to come up with an *http header* that is no more than a plea on part of a client to the server - "please don't track me". What are the chances anyone would give a damn (unless this is written into a *world wide* law with severe penalties?).
Sorry, this misses the mark completely. If you want to make sure users are not being tracked, restore control of information sites can store, make it *easier* and *more obvious* to users when they are being tracked, cooperate with or build into your browser functionality of "cookie jar", "ghostery", "adblock" and other click/cookie/link/image tracking control plugins. In short - do real work, rather than sticking a feel-good, do-nothing header which will achieve nothing.
That's the thing about technology - it serves all masters.
The two forces at play in Egypt are Mubarak's official regime on one side and Muslim Brotherhood on another side. FWIW it's a choice between a rock and a hard place. Muslim brotherhood is your garden variety Islamic hard-liners who will no doubt build an oppressive society if ever in charge. Mubarak's regime is already oppressive. So, while the sides scuffle - there is little to expect externally except, perhaps, a more extremist regime should Mubarak fail.
How convenient that just by pure accident, the same site that posted the article has a screwdriver for sale that fits that darn impossible pentalobe screw:) Oh, what are the chances?
The fallacy of digital photography is that a price of a single image is essentially 0. This caused an exponential explosion of digital photos, most of which have neither artistic nor informational merits. In fact, I dare say that 99% of photos taken currently are not even viewed by their own authors except perhaps for a brief preview on camera LCD and, may be, once more during transfer. Chances of viewing most of these photos later on go down from there.
The best way to store these photos, if you do decide you need to keep them, is to sort them and delete 9 out of 10 (or 99 out of a 100). That'll answer a question of where to store them pretty well. You and others are also more likely to have some interest in looking at these, presumably better photos, because they are not buried in a heap of bit garbage.
That "current bias" on Google is, imho, more of a liability than an advantage. Once any term becomes at least somewhat popular, it also becomes "self-sustaining" on Google - which means that any attempts to look for truly relevant information bring up only more and more recent "meta-discussions". This also means that finding anything that hasn't happened recently on Google becomes more and more difficult. Their time-based index is severely broken (showing recent results as if they are from the past etc).
Slashdot Mirror
Sure glad now I used a "shitty unimportant level" password for my wordpress.com account. Whoever it is, is welcome to keep it.
I build an end-user application. The application is substantially free (i.e. most of its functionality is available without charge or restrictions). A small subset of functionality requires payment, in amount about equal to two (2) movie tickets (may be less, I haven't been to the movies in a while). Other software with substantially similar functionality may cost hundreds of dollars.
You'd think, then, that my product should be virtually immune to piracy. After all, there is hardly a way to price it any less (making it completely free is probably the only other option, at which point I'll have to find another project to pay my bills and stop working on this one).
Well, I think it goes without saying that there is a crack out there for my application and that it is being distributed illegally. Market failure? Perhaps, if the only available market is "distribute it for free".
The system of "certificate authority" on which SSL security ostensibly relies, has deteriorate to an essentially meaningless state.
This system is based primarily on trust. Trust requires at least a basic level of knowledge or understanding (this is a crucial difference between "trust" and "faith" :) ).
If you have not taken a look at your browser's "trusted certificate authority list" - now may be the time. I am a Firefox user, and I know that the list in Firefox contains numerous organizations with trustworthy names like "QuoVadis Limited", "TÜRKTRUST Elektronik Sertifika Hizmet Salaycs" and "XRamp Global Certification Authority". Do you know any of these companies? Do you personally have any reason to trust in their judgment, honesty or integrity?
For each company Firefox web site holds a document by some accounting firm (like the KPMG which has proven itself untrustworthy and unreliable even in matters of finance where they presumably have a clue) that purports to audit intentions and pracitces of said company wrt. issuance of said certificates. To put it simply that's worth as much as their audit of Lehman Brothers.
Bottom line - your browser essentially allows a random selection of highest bidders or politically connected entities to define what web sites are, in turn, to be trusted. It's pointless and there is little reason to believe that anything that say, sign or claim has any value whatsoever beyond the level of background noise.
Treat SSL the way you treat SSH - save specific certificates for sites, and watch for unexpected changes. Regardless of what the certificate or the "green location bar" say, don't trust them further than you can throw them.
We've been "writing once/testing everywhere" for our desktop products for a while for all computing platforms - that's a non-issue.
A single hardware device would be ok if its specs met the needs of our users, but they don't quite fit. With OS not tied to the hardware as a developer I have a leeway with choice of hardware and can even go to a nice manufacturer out in China to ask for a specific modification which we can then offer our users. I doubt Apple would oblige :)
As far as optimization issues go - Apple iOS is by no means a new platform so they had ample time to get things right. And I think it's not really reasonable to say that Apple has "financial constraints". They pour a lot of money into their products, but they tend to spend it on aspects that matter to their users (shiny slick case) rather than to, say, developers (like clean well tested compatible and optimized APIs)
Have what available? I've been trying to get some decent information on NDK, but documentation is so sparse it's not even funny. All I've got so far is that new NDK can respond to "external actions" (touch,button etc). There is still no UI to the best of my understanding. Who's going to draw all the buttons, read text input, show keyboard, manage windows for pete's sake? I ain't writing my own GUI system :) Unless, of course, this is all there and Google just forgot to document it (no big surprise, look at Skia :) )
I mean, this is /. - so whatever Microsoft does is bad :)
I am a developer, and I am currently evaluating a mobile platform to move my application to. The application requires both fairly extensive user interface and significant graphic processing. /. about its responsivness or lack thereof when handling sound, for example), as well as because our current code base while quite portable, is C/C++. These issues would make development technically difficult for us - not impossible, but simply not economically feasible. No go at this point.
1. Android: The good - our code would port into native Android quite well and work with all appropriate optimizations. But the NDK does not really have a UI component, and writing our own UI is both non-cost effective and probably won't look the way users would like it to look. Java is not suitable both due to limits on performance (see elsewhere on
(Why, oh why did they decide to put Java into the mix there? If only there was a native GUI, Android would have been perfect for us. But I digress)
2. iOS/iPad/iPhone - technically these would work, but we are not terribly eager to get into a single-platform solution. Sure, they are big and have many devices out there, but these devices are all the same and come from a single hw vendor. Aside from that there are API and optimization issues, due to some quick and shoddy decisions that Apple made when putting iOS together. The resulting product would not be as efficient as we'd like and Apple hardware does not entirely hit the target market. On top of that, some of the requirements of Apple store are incompatible with what we do, so we'd have to remove functionality or otherwise work around legal hurdles. So - a weak "may be" only because there is little choice for now.
3. Here comes the Windows part. Our code would build/run on those devices natively wiuth all appropriate optimizations. There is a native accessible (C/C++) GUI, without a need of Java shims or custom UIs. It is not locked to a single hardware vendor, so in theory we could expect a number of tablets and other devices to satisfy various user needs. A small snag - not too many devices available quite yet :)
So, personally I am rooting for Nokia + Windows. If this works out, it will provide is the shortest most direct path to give mobile application to our users.
Admittedly, I would just as well welcome a complete Android NDK (with full GUI integration, to remove any need to glue Java and native code together). Perhaps it's there already? :) It's hard to know seeing as very little of NDK is properly documented.
And now we return to our usual Microsoft bashing programming :)
I know Mac is a magic word and answer to world peace and all. And the song is cute.
But really, do they have a clue? Did the guy try to open up a Macbook? It's worse than his HP. The official Apple answer to cleaning the fan is to buy a new computer :)
And what is un-due about it? Who should issue warrants if judges are not an appropriate source? Or do you suggest that a concept of "warrant" is against due process?
It is not DHS per se, but rather ICE - immigration & customs enforcement, which has been moved under DHS umbrella like a number of other federal agencies.
They are responsible for enforcement of various international crimes, including smuggling of child porn where that happens to be across borders, as is almost always the case. It's a matter of jurisdiction.
Don't see anything particularly unusual here.
Quote:
"As with previous seizures, ICE convinced a District Court judge to sign a seizure warrant, and then contacted the domain registries to point the domains in question to a server that hosts the warning message. However, somewhere in this process a mistake was made and as a result the domain of a large DNS service provider was seized."
You may not like this, but a warrant signed by a judge *is* due process.
And, of course, part of the reason is that after even a short "streak of luck" (say, a couple of weeks) he'd be discovered and then likely face charges. So, not only is it not worth his time, but it's not worth the trouble of going to jail for a few thousand $.
That was my question though - can I?
The answer I found so far is that the only firewall/netfilter/ip stack that supports IPv6 nat is that of OpenBSD. I found no mention of it in FreeBSD. I also found specific statements by Linux Netfilter developers to the effect that "NAT for IPv6" will be available "over his dead body".
So, looks like "you can't NAT IPv6" just like IPv4 after all.
"In theory there is no difference between theory in practice. In practice - there is" (c)
As poster below noted (and you seem to not quite get :) ) - this is not to protect devices that never speak to the "outside world", but rather to remove ability of sites and servers in the outside world to discern between separate devices in my network connecting to them. Poster below also brought some good reasons for doing so, although there are more.
Anonymous IP addresses do not solve this issue because for a duration of the validity of this address your computer is still uniquely identified amongst other systems in your subnet.
This did, however, give me an idea - instead of mapping all connections to the same address, perhaps a better solution, now that a 64 bit space is available, is to map every connection to a *different* address. The downside of this approach is that if system on the other end uses IP as a method to bind your session - you may have trouble using it (think Facebook sessions, although many of these systems do make some exceptions to allow multiple proxies and things like AOL buggery). On the other hand, this would make traditional tracking a bit harder - where tracking systems normally used your single IP to map to at least a household, if not an individual computer - they'll be faced with virtually unlimited number of IP addresses. I am sure in time they'll figure out how to apply a /64 mask - but until then, it's a great way to make their job more difficult :)
As an aside, regarding Flash leaking IP address of internal system - I am sure it could, but that's what Flashblock is for. I don't think any of the devices in my household are permitted to run flash by default. In fact, on the system I am typing this from, the only site on flashblock white list is Youtube - and I probably should remove that too :)
I want to go to a *single* IP address that represents all systems on my network. Same thing I am doing today with IPv4. I don't like people outside to be able to enumerate devices on my network - and using a single address is a first step (tweaking IP stacks to change signature and replacing browser agent string helps too).
I kinda expected that instead of "this is how you do this" (which is what freedom of choice of technology should be about) I am going to get the usual ideologically painted answers about how "that's not what you need".
I think I found the answer though - OpenBSD will gladly masquerade either ipv4 or ipv6. I suppose I may have to go with a slightly higher end router box (rather than the usual Linksys dd-wrt re-flash)
Too bad Linux/netfilter won't but ideology takes precedence there.
Is there software that can NAT IPv6? Clearly anything's possible in theory - but are there existing solutions.
I'd like all my devices to appear as a single IP address to the outside world, as they do now - to maintain uncertainty.
My Google mojo does not help - any mention of IPv6 in connection with nat that I am finding, is something about ipv4 nat or tunneling.
Ideally, it'd be nice to have that built into dd-wrt
"Each user has been delegated a /64 block of approximately 18,446,744,073,709,551,616 (18 quintillion) unique IPv6 addresses. "
So, effectively, they just shortened an IPv6 address to 64 bit - and allocation haven't even started yet in earnest. /64 to an individual user, /32 to a corporation, /12 to interplanetary internet or whatever other cooky idea there is - these addresses will run out in a jiffy. And then we'll be trading in these and IPv4 just the same.
This is the problem with people. Even technical people (and moreover - everyone else) will waste any resource (including artificial resource) until there is scarcity regulated by monetary means. If that's the way IPv6 will be assigned -
I use Firefox exclusively.
Please read what I posted again, more carefully this time.
I think what we see here (and I am being serious) is outsourcing at work. He downloads tools from a subnet in Pakistan, likely homebase.
Just like anything from software development to customer service is being offshored to lowest bidder and services being performed by people without appropriate skills, simply because they are cheap. Same thing here - mass hacking is a business, and it is being outsourced to cheap unskilled labor. Look at this and laugh - then realize, this is the kind of quality of production that modern legitimate businesses rely on every day. Scary, ain't it?
On the one hand, Mozilla/Firefox has been taking control of cookies away from "regular users" - yes, it's all still there, but it is no longer obviously exposed, and instead most users would never even know what hides behind "Firefox will remember history" one-liner in a drop box.
So now, after cannibalizing the real control of privacy - one that rests with a user, they are trying to come up with an *http header* that is no more than a plea on part of a client to the server - "please don't track me". What are the chances anyone would give a damn (unless this is written into a *world wide* law with severe penalties?).
Sorry, this misses the mark completely. If you want to make sure users are not being tracked, restore control of information sites can store, make it *easier* and *more obvious* to users when they are being tracked, cooperate with or build into your browser functionality of "cookie jar", "ghostery", "adblock" and other click/cookie/link/image tracking control plugins. In short - do real work, rather than sticking a feel-good, do-nothing header which will achieve nothing.
And what is the "secular" sentiment? What type of government and ideology are those secular protesters wish to see in place of current one?
That's the thing about technology - it serves all masters.
The two forces at play in Egypt are Mubarak's official regime on one side and Muslim Brotherhood on another side. FWIW it's a choice between a rock and a hard place. Muslim brotherhood is your garden variety Islamic hard-liners who will no doubt build an oppressive society if ever in charge. Mubarak's regime is already oppressive. So, while the sides scuffle - there is little to expect externally except, perhaps, a more extremist regime should Mubarak fail.
How convenient that just by pure accident, the same site that posted the article has a screwdriver for sale that fits that darn impossible pentalobe screw :) Oh, what are the chances?
The only way it would not be considered biased here on /. is if it selected Linux and Open Office ;) Sheesh.
(Let's see how soon collective /. consciousness mods this down to "troll" so as not to see an opinion different from the general consensus)
The fallacy of digital photography is that a price of a single image is essentially 0. This caused an exponential explosion of digital photos, most of which have neither artistic nor informational merits. In fact, I dare say that 99% of photos taken currently are not even viewed by their own authors except perhaps for a brief preview on camera LCD and, may be, once more during transfer. Chances of viewing most of these photos later on go down from there.
The best way to store these photos, if you do decide you need to keep them, is to sort them and delete 9 out of 10 (or 99 out of a 100). That'll answer a question of where to store them pretty well. You and others are also more likely to have some interest in looking at these, presumably better photos, because they are not buried in a heap of bit garbage.
That "current bias" on Google is, imho, more of a liability than an advantage.
Once any term becomes at least somewhat popular, it also becomes "self-sustaining" on Google - which means that any attempts to look for truly relevant information bring up only more and more recent "meta-discussions".
This also means that finding anything that hasn't happened recently on Google becomes more and more difficult. Their time-based index is severely broken (showing recent results as if they are from the past etc).