Update2: Original entry deleted, re-posted as a private entry.

Update: This stream-of-consciousness half-baked journal entry wasn't supposed to be on FireHose. I took the default marking "Publish: Share this with other Slashdot users." I did NOT choose "Publicize: Submit this story to be posted to the Slashdot front page."

Sorry for wasting your time everyone.
-----------------------------

How to detect illegal movies:

Break movie file up into chunks. Fewer chunks mean simpler encoding, shorter chunks mean simpler verification.

Chunks by time are best because DVDs are already marked by scene.

For each scene, create a few dozen "markers" that can be in one of at least two states. For example, a pixel can have an RGB color of {100,100,100} or {100,100,101}, a sound can be slightly altered, or the time can be slightly compressed or dilated.

For each customer make a unique version of the scene. With 30 markers you have a billion combinations.

Digitally sign each scene.

On playback, the player will show the identity of the signer, along with a trademarked "authentic" symbol. Scenes that are not signed will be labeled as "not authenticated." Scenes whose signatures don't check out will be marked as "authentication failed, possibly corrupted." This can be turned off by the customer, and will be most of the time.

Movie studios can use this as evidence of an illegally copied movie in two ways:
1) complete scenes with the authentication tampered with are most likely bootleg.
2) complete scenes which are untampered can be traced to the original buyer.
3) file-sharing services can use the presence or absence of authentication markers, plus matching of the clip against a database, to determine if the copy is authorized for use on that service.

This can be applied to other content and media as well.

Goal:
=====
=====

Create a framework so any newly-developed filesystem can have a user-tunable and user-extensible mechanism for handling deleted files and deallocated blocks.

Problem:
=======
=======
Filesystems allocate new disk from the free disk pool based on factors OTHER than the free disk space's "readiness" to be re-used. Filesystems tend optimize for quickly locating available space or read-write performance after the space is assigned to a particular file.

In some cases, you want to preserve a deleted block until certain actions can be taken. This may be to aide in file-recovery, or to scrub a block multiple times before using it for real data.

The solution:
============
============

Tag deleted blocks with the following information:
=================================================
Arbitrary information added by a deleted-block handler (DBH), including priority level assigned by the DBH.
The arbirary information includes information needed to help determine how "valuable" the data is, possibly including the time of deletion, the userid of the deleter, the process name of the deleter, the previous owner of the file, the previous inode number of the file, the block-offset into the file, and other information. Typically it will just be the time of deletion.
The priority level DBH_CURRENT_PRIORITY will range from 0=DBH_UNPROCESSED to MAXPRIORITY=DBH_FULLYPROCESSED, with higher-priority blocks getting preference to lower-priority blocks during allocation.

The filesystem itself will record the following parameters:
==========================================================
DBH_PRIORITY_HARD_CUTOFF = n >= 0
DBH_PRIORITY_SOFT_CUTOFF = n >= DBH_PRIORITY_SOFT_CUTOFF
DBH_SOFT_CUTOFF_ACTION = {skip, fix}

Tunable while mounted:
=====================
A filesystem's DBH_PRIORITY_HARD_CUTOFF, DBH_PRIORITY_SOFT_CUTOFF, and DBH_SOFT_CUTOFF_ACTION are all tunable while a FS is mounted. Likewise, the DBH routine itself can be replaced while the system is mounted. Whether mounted or unmounted, changing values can have side-effects, so it is recommended that any such change be carefully controlled to prevent disaster. One way to do this is to raise lower the cutuff priorities to 0, another to raise the DBH_CURRENT_PRIORITY of all existing deleted blocks to above the soft cutoff. More sophisticated means would examine each deleted block on a block-by-block basis and make an intelligent decision. This takes time and is not recommended on anotherwise-busy system.

Discussion:
==========

Deleted blocks whose DBH_CURRENT_PRIORITY is less than DBH_PRIORITY_HARD_CUTOFF will be unavailable for use by non-privilaged users. If the only blocks avaible are below DBH_HARD_CUTOFF then call the DBH to perform additional cleanup.

Deleted blocks whose DBH_CURRENT_PRIORITY is between DBH_HARD_CUTOFF and DBH_SOFT_CUTOFF will either be skipped until they are the only available blocks left or an immediate call will be made to the DBH to perform additional cleanup, depending on the value of DBH_SOFT_CUTOFF_ACTION. If the only blocks avaible are below DBH_SOFT_CUTOFF then call the DBH to perform additional cleanup.

Examples:
========
========

A typical DBH might do the following:
=====================================
If the file is less than 24 hours old, preserve it and keep DBH_CURRENT_PRIORITY at 0.
Then, on a time-available, lowest-priority basis, sweep the entire filesystem overwriting each block first with 0's then with alternating patterns. At each pass, raise DBH_CURRENT_PRIORITY.
Set DBH_PRIORITY_HARD_CUTOFF at 1 and DBH_PRIORITY_SOFT_CUTOFF at the maximum value.
DBH_SOFT_CUTOFF_ACTION is set to fix.
The typical "fix" action will be to overwrite the data enough times to raise DBH_CURRENT_PRIORITY to DBH_PRIORITY_SOFT_CUTOFF.

A typical security-conscience environment:
==========================================
Run a medium-priority task to scrub sectors.
Set DBH_PRIORITY_HARD_CUTOFF and DBH_PRIORITY_SOFT_CUTOFF to the maximum priority.
Set DBH_SOFT_CUTOFF_ACTION to skip.

A typical performance-oriented environment:
===========================================
Set DBH_PRIORITY_HARD_CUTOFF at 0 and DBH_PRIORITY_SOFT_CUTOFF at 1.
DBH_SOFT_CUTOFF_ACTION to skip or fix depending on which gives better overall system performance.
This will give preference to sectors that have been overwritten one time.

Disabling this feature entirely:
===============================
Set DBH_PRIORITY_HARD_CUTOFF at 0 and DBH_PRIORITY_SOFT_CUTOFF at 0.
This makes DBH_SOFT_CUTOFF_ACTION moot.
Install a stub, do-nothing DBH. It won't ever be called once the filesystem is mounted.

Using this to prioritize deleted sectors by age:
===============================================
Routinely update DBH_CURRENT_PRIORITY based on age, with most-recently-deleted files having a value of 0 and files that are very old having a maximum priority.
Set DBH_PRIORITY_HARD_CUTOFF to a value corresponding to the minimum time you guarentee files will be kept and DBH_PRIORITY_SOFT_CUTOFF to a higher value.
Set DBH_SOFT_CUTOFF_ACTION to skip.
Set the DBH handler to make the block available if DBH_CURRENT_PRIORITY is greater than DBH_PRIORITY_SOFT_CUTOFF.

Alternative method to prioritize deleted sectors by age which checks blocks on-demand:
=====================================================================================
Routinely update DBH_CURRENT_PRIORITY based on age, with most-recently-deleted files having a value of 0 and files that are very old having a maximum priority.
Set DBH_PRIORITY_HARD_CUTOFF to 0, it is ignored.
Set DBH_PRIORITY_SOFT_CUTOFF to 1.
Set DBH_SOFT_CUTOFF_ACTION to fix.
Set the DBH handler to make the block available if the time since deletion is long enough.

Performance impact:
===================
===================

Formatting and mounting a filesystem will have a small additional overhead to write and read fs-wide values.

While a filesystem is mounted, additional memory is needed to hold additional filesystem metadata.

Any operation that requests a block will have an overhead as DBH_CURRENT_PRIORITY is checked and, if necessary, the DBH is called to make a block available.

Any operation that requests a block may not get the block it wants, leading to a sub-optimal layout of the file on disk.

Any operation that requests a block may fail due to lack of available blocks when it otherwise would not have.

Any operation that frees a block will have an overhead while the block's DBH_CURRENT_PRIORITY and other arbitrary date is set. This can probably be made very simple and fast if additional data isn't kept.

If the user-level free-block scavenging task does not get enough opportunity to run, the system can degenerate to a point where every block is below the DBH_HARD_CUTOFF and only root can use the system. If DBH_HARD_CUTOFF is set to 0 then the degenerate case will have every block being made available as needed, possibly a time-consuming operation. The latter can be a design feature, as it is in the example "Alternative method to prioritize deleted sectors by age which checks blocks on-demand" above.

Benefit:
========
========

The reuse of free disk space becomes a tunable parameter.
This can aid in file recovery and in legal compliance for data retention and destruction.

Requirements of a filesystem:
============================
============================
Any filesystem that impliments this will need hooks or callbacks in the appropriate places, such as:
initialization, volume-formatting, volume-mounting, volumen-unmounting, block-allocation, block-delallocation, etc.
It will also need a way to store information about deleted sectors in non-volatile storage and a way to store additional information in memory.
To the extend that information is recorded, this information should be quick to generate. Information such as the current time is quick to generate. Information such as the previous owner of a block may not be in all filesystems, and in some situations the information may have been destroyed prior to deleting the block. Some operating systems or filesystems may require an "assistant" routine that is called before any file is removed to temporarily record useful information.
A well-defined data block that says "here is a list of easy to find things and here are their values or here is where to find them" will be useful to make user-written deleted-block-data-saving routines more portable across filesystems and operating systems. This data block will be populated by filesystem- and operating-system-specific routine when files are deleted or blocks deallocated.

History:
========
========
Many filesystems, including DOS's FAT, preserve some information about the names and other meta-data for deleted files to aide in reconstruction.
Microsoft's NTFS has the concept of a "tombstone" to hold recently-deleted data.

Implementation:
===============
This has not been implemented yet. This is a high-level description of what such a system might look like.

One of the biggest dangers to PDAs, digital cameras, and the like is identity theft if the items are lost or stolen.

Some devices have keypad-locks, which is a start.

I recommend all devices have keypad-locks that activate after a user-configurable period of time or after boot.

I also recommend that all data be strongly encrypted and never stored in clear-text when the device is off.

If public-key encryption is used, most people will not be able to memorize the public key. Take the private key, encrypt it using a passphrase, and store the encrypted version on an second device which can be plugged into or brought near the cell-phone, PDA, or camera.

In the case of a camera, photos are stored encrypted, and must be decrypted before use on a PC. In the case of a cell phone, all data, including call records and photos, are stored encrypted.
This feature is especially useful when traveling to countries that do not value privacy.

Thanks to quantum computing, public-key encryption will be breakable in a matter of years, a decade or two on the outside.

One-time pads are inherently secure, but they are a pain since the pad itself has to be transferred securely.

A solution is to take a common, everyday data source, slice-and-dice and compress it, and use the result as the one-time pad. Transmit the instructions using public-key cryptography or using a different one-time pad.

Examples of everyday data sources include meteorological data, newspapers, literature, government publications, software releases, etc.

Decryption instructions can be as simple as:

Take the SuSE Linux 10.0 English CD set, append the ISO files in numerical order, strip off the first 100 bytes, compress it, and swap every 10th byte with the next-higher byte.

Transmit this instruction - which is less than a few hundred bytes - using any available secure channel.

December 17, 2009: No man is so evil that he cannot turn around and receive God's embrace. Note: I think I just made that up earlier today, but it could be based on some famous quote. September 5, 2009: CmdrTaco, your mother is calling you up from the basement for dinner. June 21, 2009: Make Money Fast the legal way! April 16, 2009: Is it moral to take tax breaks you don't need? Discuss. November 17, 2008: Diet: Die with a T on the end -Garfield Note: href="http://tinyurl.com/wiki-AdiposeDrWho is http://en.wikipedia.org/wiki/List_of_Doctor_Who_monsters_and_aliens#Adipose November 3, 2008: Idle is: 1) Pants 2) Shirt 3) Socks 4) Coat 5) Tie 6) Cufflinks 7) Vest 8) CowboyNealBoots September 12, 2008: Don't like Ike? Donate. September 9, 2008: What do you think of idle.slashdot.com? September 3, 2008: Do you prefer the old Slashdot? Disable JavaScript. May 25, 2008: /. poll: I think life on Mars... April 1, 2008: Slashdot April Fools joke poll March 24, 2008: Happy Easter! March 23, 2008: Happy Easter! March 13, 2008: Poll: What are you giving up for Lent? February 27, 2008: Poll: What are you giving up for Lent? February 2, 2008: Poll: What are you giving up for Lent? November 8, 2007: This Holiday season, please give to those less fortunate. November 1, 2007: "He's our first meta-president!" - J. Stewart on President George W. Bush, 9-Oct-2007 [Note: Taken from The Daily Show, October 9, 2007] [Note: His name is Jon not John. But just the initials seems so much more formal and therefore so much funnier.] October 10, 2007: "He's our first meta-president!" - John Stewart on President George W. Bush, 9-Oct-2007 [Note: Taken from The Daily Show, October 9, 2007] July 20, 2007: Part of being a good system administrator is recognizing your own ignorance. June 19, 2007: I am on a quest for the elusive Great Slashdot Signature. May 27, 2007: Please Help me find a 3.5" bay for 4x2.5" drives. May 3, 2007: do you Digg these Very popular Digits? CfkRAp1041vYQVbFY1aIwA== April 19, 2007: Say no to bloatware. April 9, 2007: How would you solve tariff arbitrage? April 7, 2007: My thoughts on immigration. What are yours? April 6, 2007: if (post.isFunny()) laugh(); Tuesday November 28, 2006: Fake Slashdot Story Generator Friday October 13, 2006: Help me complete my Slashdotism Collection September 8, 2006: Banking login improvements - will they work? August 10, 2006: Future Terrorism journal, input requested. May 28, 2006: What is your vision for a $100 PC? Jan 30, 2006: Of water: "An ounce is an ounce and a pint is a pound" / not exactly but around. Jan 12, 2006: ACM Technews - news for academic nerds Nov 2, 2005: Give Karma to latecomers: Moderate yesterday's news today. Nov 1, 2005: New sig coming soon. To see sigs early send $10 to .... October 27, 2005: Central America "Beta"-tests for hurricane preparedness: http://tinyurl.com/ash4m [note: tinyurl is http://www.nhc.noaa.gov/archive/2005/refresh/BETA+shtml/] October 6, 2005: World's worst bug September 21, 2005: Rita explained: Bush must have friends in high places, because after Katrina, FEMA wanted a do-over. August 30, 2005: "We were expecting the worst, and I think itÂ's meeting those expectations" -Dan Packer, 8/29/2005, on Katrina July 8, 2005: ???Software is tangible after all??? June 8, 2005: --
Vote is the human detector too easy or too hard? May 23, 2005: -- Make Money Fast! No Spamming Required! January 14, 2005: --
6 years of MS World Domination January 3, 2005: --
Please help tsunami victims December 2004: --
Java Slide Rule

POLL: What's the best reason to limit or outlaw anonymity online?

1) Protect Children/Kiddie Porn
2) Fight terrorism
3) Fight financial fraud
4) Fight illegal drug trade
5) Other
6) None - there is no good reason
7) Unmask CowboyNeal

Nothing [for you] to see here. Move along.

Only Old North Koreans need NOUN.

In Soviet Russia, NOUN VERBS YOU!.

Imagine a Beowulf cluster of NOUNs.

All your base are belong to us.

Think of the children!
--
Did I miss any? Please reply so I can collect them all.

Please comment.

Ballot ideas 9/6/06

Goal:
1) voting by handicapped voters with minimal assistance
2) voter-verified audit trail
3) cost-reduced versions available where needed
4) quick count available to the press within minutes

4 machines handle ballots, only 1 of which is needed if goas 1, 2, and 4 are not required.

Machine 1 is a master vote counter at county headquarters. This machine makes the official count and is required. In large counties more than one machine can work together. Machines do not have to be co-located.

Machine 2 is a printed-ballot scanner. At least one of these should be present at each voting location. This machine accepts the printed, marked ballots, tabulates them, and faxes the results to county headquarters as soon as the poll closes. More than one of these is allowed per precinct. If none are allowed, "instant results" will not be available and the opportunity to catch tampering of ballots en route to county headquarters is diminished.

Machine 3 is a ballot-marking machine. This is similar to an "e-ballot" machine but it is NOT an official voting machine. It is simply a machine that takes the voter's on-screen selection and prints it to a ballot, which the voter then drops into the printed-ballot scanner or into a traditional ballot box for later counting.
If this machine does not exist, the voter can mark the ballot by hand using a pen.
At least one machine should be at each precinct to meet the requirements of the Help America Vote Act.

Machine 4 is a ballot-verification machine. This machine is purely for the convenience of the voter and plays no role in the actual voting. A voter puts a marked ballot in this machine and it prints a report of what votes were cast. This can help a voter verify his hand-marked ballot was marked correctly and ask for a new ballot if it was not. This machine should use identical technology as the master vote counter for best results.

At any time before the voter puts the marked ballot in the printed-ballot scanner or traditional ballot box, he can "spoil" the ballot and vote again.

Counties with low budgets need only purchase a master vote counter and ballots and marking pens that are compatible with this hardware, something many counties have done for decades.

Counties with extremely small populations can and probably should continue to use hand-counted paper ballots, possibly with the assistance of a machine similar to machine 3 to comply with the Help America Voters Act law.

Fraud and error detection:

If available, the quick-count is compared to the master-count for that ballot box. Discrepancies that affect the outcome of any election are investigated.
A small random sample of precincts is machine-counted on a machine with different technology and vendor, OR is hand-counted.
A larger random sample of precincts, preferably over 25%, is statistically sampled. A statistical sample of ballots is counted by hand or using a machine with different technology and vendor than the master counter. If the actual counts and statistical sample are significantly different, the entire precinct is recounted. Any complete-count discrepancies that affect the outcome of any election are investigated.
Discrepancies that do not affect the outcome of an election should be investigated if fraud, equipment failure, correctable human error, or another failure is suspected. Minor variations such as seemingly-random +/- 1 vote discrepancies need not be investigated unless they affect an outcome, fraud is suspected, or fixing the underlying problem could avoid real problems in the future.

My bank is adding a "security picture" to its login. You enter your username, then the bank shows you a picture you previously selected. If it's wrong, you call the bank fraud hotline. If it's right, you enter your password.

A man-in-the-middle attack can easily defeat this. Even a bot running on a zombie PC can defeat this:
Bot sends spam directing people to a properly-registered similar-spelling secure web site run by the bad guys. The bad guys get your userid, and pass it on to one of a thousand other zombie-bots who give it to your bank and gets the picture. The zombie-bot and fake web site act together for a man-in-the-middle attack.

The reason the zombie-bots are needed is so the bank won't notice a bunch of different account accesses from the IP address of the bogus web site.

The bottom line:
This won't work. What will work better:
* Smarter people who won't fall for spelling/lookalike sites
* Train customer to either type in the address by hand or use a pre-typed shortcut or Favorite, NOT links sent to them in email
* Provide customers with an application that, independent of the web browser, gets a password and/or one-time passcode, connects to the server, and does a preliminary login. At that point, anyone from your IP address will have 15 minutes to do a regular login. A spoofed-url-based man-in-the-middle attack will immediately set off alarms.

Please tell me the FBI is doing this every week.

Let's play a game. Pretend Osama bin Laden hired us to brainstorm ways to get explosives aboard an airplane.

PLEASE: If you have any serious, non-obvious method, don't post it here. Contact law enforcement instead. England just busted a bunch of would-be plane bombers and I'm doing this to burn off some stress. Post just the obvious and the outlandish please.

OK, here goes.

body cavity bomb.

Surgically implanted bombs.

Secretly replace air marshall with genetically programmed clone to do your bidding.

Hack NORAD and use SDI to take out a plane. BONUS: Take out the White House while you are at it.

Free Gatorade and digital cameras for everyone!

Please link this and post your replies.

We've all heard of the "$100 laptop" destined for third-world countries. But what about poor people in America and other industrialized countries that don't need a laptop?

What belongs in a $100, consumer-oriented computer?

Here is my vision. What is yours?

Typical consumer usage: Web-surfing, printing, composing resumes, educational programs/schoolwork, small-scale spreadsheet/database/small-business applications, Probably nothing more intensive than OpenOffice 2.0. Non-compute-intensive gaming.
Alternative/out-of-the-box uses: firewall, print server, file server, web server, or other dedicated use.

OS: Whatever it is it's got to be $0. Think Linux, BSD, or another popular open-source platform. System should come preloaded. However it must run Windows XP nicely and better if it runs Vista without the eye candy at a reasonable speed.

CPU: 1GHz minimum, 1.5GHz better.

RAM:256MB to keep the Windows users happy.

Internal hard disk/internal storage: 4GB minimum, 10GB better.

Video: As cheap as possible, support reasonable resolutions at reasonable refresh rates. Standard VGA connector.

Modem: 56K with voice and fax, soft-modem to save cost if OS supports it

Sound: Cheap sound with audio in and headphone/speaker-out.

USB: 2 ports minimum. 4 if it adds almost zero cost. User can buy a splitter if necessary.

External, extra-cost items, USB required: keyboard, mouse, printer, optical drives, removable flash media, floppy drive, wired or wireless networking, scanner, serial port, parallel port, fancy audio, and any other external device besides video.

Power supply: Lower-wattage, average quality

Noise: Low, single- or no-fan.

Internal expansion: Limited to replacing HD and adding RAM.

Boot: From internal disk or USB media, including via LAN from bootable USB LAN devices.

Form factor: As compact as reasonable, preferably the size of a modern consumer router.

Power consumption: Shoot for under 100W when system is fully utilized, less when disk or other systems are powered down.

Cost: Under $100 for just the computer. Keyboard, mouse, video, printer, optical drives, and other external devices extra. Cost for usable system: $140 with used monitor, keyboard, and mouse. Add $50 for printer.

Jr. High/High School math teachers:
Want to teach your students to be able to generate a trig table with a 4-function-plus-square-root calculator?

Have them memorize:
sin 0=0 (exactly)
sin 10=0.174
sin 20=0.342
sin 30=0.5 (exactly)
sin 37=0.602
sin 45=0.707 (sqrt(2) exactly)

From these, they can interpolate the rest of the sin table from 0 to 45 degrees.

They can generate a cosine table for 0-45 degrees using the formula:
1 = cos^2 + sin^2
or
cos = sqrt(1 - sin^2)

For 46-90 degrees use the formula:
sin(x) = cos(90-x)
and for 0-90 degrees which is what we care about:
cos(x) = sin(90-x)

Tangents are simply sin/cos.

Once you know these, cotangents, and the inverse functions fall into place.

The resulting table is good to within 0.5%, or 2 significant digits.

As a science-tie-in bonus, sin37 is approximately 0.602, which "looks like" Avogadro's number, 6.02 x 10^23, the number of atoms or molecule in a mol of a substance.

Additional observations for students:
1) interpolations are frequently good enough
2) the sin curve is relatively flat in 0-30 degrees so we can have our interpolation points spaces further apart. Using 10,20,30, 40, and 45 as interpolation points leads to inaccuracies greater than 0.5% between 30 and 40.

For advanced students:
What two points between 0 and 30 generate the table with the best worst-case error for 0-30 and 60-90 degrees for sin? for cosine? for tangent? [answer: I didn't calculate this yet.]
Why were 10 and 20 chosen? [answer: it's easy to divide by 10 which makes interpolation easy.]

What point between 30 and 45 generates the best worst-case error for 30-60 degees for sin? for cosine? for tangent? [hint: 37 is better than 38].

(c) 2005 davidwr of slashdot

iso/tar/zip/whatever builder:
 
Purpose:
Allow web sites to "store" many slightly-different customized archives or CD-images
without storing the actual images on the server.
 
Patent potential:
This is patently obvious and took less than an hour to cook up a blueprint.
Besides, this or something very similar has almost certainly already been done.
No patent potential.
 
Commercial applications:
No reason commercial environments cannot benefit from these ideas.
 
Variations:
Variations are endless.
 
Input:
Type of output file
Source files and instructions to get/unpack source files
List of files to package
Location of destination file
block-level post-compression command and blocksize
 
Output:
Output file broken down into pieces, with instructions on how to get each piece OR contents
 
of the piece.
 
Example output:
 
controlfile.txt:
#===============
DATA:
#startoffset-endoffset - action which sends output to stdout
000000-00ffff - include directory.header
010000-012345 - interpret file1.txt.instructions
012346-02468a - interpret file2.txt.instructions
02468b-02468f - bytefill 00
024690-0246a0 - include checksum.txt
POSTPROCESSING:
compression command '%1 | blocklevelcompressor' # %1 is a block of data
compression index compressionindex.txt
 
compressionindex.txt:
========================
#If the user starts any part of a compressed block,
#rebuild the entire compressed block on hte fly and send only
#the parts that are needed.
#
#uncompressed block start-uncompressed block end - compressedfilestart-compressedfileend
000000-00ffff - 000000-007352
010000-01ffff - 007353-00f8ab
020000-0246a0 - 00f8ac-012fa0
 
directory.header:
================
[binary data representing the header to the file]
 
file1.txt.instructions:
======================
#!/bin/sh
##shows file-by-file compression
#tar -xf archive.tar file1.txt | gzip {gzip output to stdout}
## do not use ... |gzip {output to anything but stdout}
 
file2.txt.instructions
======================
#!/bin/sh
#cat file2.txt
 
checksum.txt:
============
[checksum goes here]
 
****end example output****
 
End-user action:
User goes to web site, runs a configuration program to get only
certain files, then is given the url to his tarball, iso, or what-have-you.
 
When the user asks for {ftp, http}://somesite/hiscustomfile the
  file is generated on the fly using the controlfile.txt file.
It can even be retrieved "in the middle" a la ftp-resume using the
offsets in compressionindex.txt first then those in controlfile.txt
 
NOT SUITABLE FOR:
 
This is not suitable for compressed files that rely on the entire file being compressed in a
 
non-block fashion, i.e. where the previous parts of the file affect the next part of the
 
file.
 
Improvements:
Instead of a bunch of loose text files, controlfile.txt,
compressionindex.txt, and the other files can themselves
be part of an organized file. The old-style Microsoft
file with [section headers] seems obvious, as does a .tar, .zip,
or .tgz file. XML also seems obvious and very "webbish."

That's because transfer of "intangible" goods, like information, is exempt from the regulations, but goods considered tangible, such as software, are not.

Since when is software tangible? Um, that's why it's called SOFTWARE.

link
Feds blacklist 'illegal' Cuban Web sites
Published: July 8, 2005, 2:42 PM PDT
By Anne Broache
Staff Writer, CNET News.com
TrackBack Print E-mail TalkBack

Americans should think twice before booking a Cuban holiday through scores of travel Web sites that the U.S. government has deemed to be off-limits.

The U.S. Treasury Department has blacklisted more than 60 Cuba-centric sites, many maintained by a travel company called Tour & Marketing International. The last update to the list was published by the department's Office of Foreign Assets Control on June 30.

Certain travel-oriented Web sites made it to the verboten list because they provide easy access to Cuba for Americans who choose to break the law, the OFAC says. While visiting the sites may be permitted, downloading software from them probably isn't.

The reason lies in a section of federal law prohibiting people living under U.S. jurisdiction from doing business with those on the OFAC's list of "specially designated nationals," a category that also includes known terrorists, narcotics traffickers and rogue regimes, such as Iran, Iraq and Syria. (Many of the Cuba sites have been on the list since a December update.)

It's already illegal to go to Cuba without a special Treasury Department-issued license, typically granted based on educational or professional purposes. Tourism, according to federal guidelines, is not allowed. Once licensed, travelers must make travel arrangements with an organization chosen from a list of OFAC-approved agencies.

But if booking travel with an unauthorized dealer is already illegal, then is booking travel through a company also on OFAC's verboten list an even greater offense? Lawyers aren't sure.

"I don't know what penalties OFAC would propose in connection with the use of these sites," said Daniel Waltz, a Washington, D.C., lawyer who specializes in U.S. embargoes. "They might take the view that because they're listed (with OFAC), the penalties should be higher. They might take the view that we'll penalize you once for travel and impose a second penalty for use of the listed site."

"The problem, really, with the OFAC regulations and export controls generally is they weren't designed for the Internet," said Douglas Jacobson, a sanctions lawyer in Washington, D.C.

Several of Tour & Marketing's sites--with gocubaplus.com as the flagship--allow customers to make online reservations for flights, hotels, rental cars and tour packages in Cuba by traveling via a "third country." The site mandates that customers pay online and claims to be "not only Cuba's number one agency for American travelers, but also...able to serve all travelers--regardless of whether they have a Treasury-issued license," according to a Treasury Department press release.

The bulk of the sites under the company's ownership provide information about the geography, history and tourist attractions in a host of Cuban locales, from Baracoa to Varadero Beach. Ads--also operated by the company--rim each page and point to the e-commerce sites.

It doesn't seem to be a crime to check Cuban weather or read up on Ernest Hemingway's ties to the island at the sites. Signing up for free e-mail lists would also be permissible, said Treasury spokeswoman Molly Millerwise, provided that they did not include "interactive software." That's because transfer of "intangible" goods, like information, is exempt from the regulations, but goods considered tangible, such as software, are not.

When robots meet RFID
Energy-conscious wireless tech
Quake watch turns to tech
Toeing the line on back-to-school PCs
Wi-Fi mooching and the law
Previous Next
Using the sites to get money to Cuban companies would clearly be illegal, but lawyers suggested that enforcement may be a little fuzzier.

"Theoretically, yes, a person can be prosecuted and subject to civil or criminal penalties by OFAC for purchasing a ticket or doing any businesses with any of these Web sites," Jacobson said. "The reality is, the chances of them actually being caught is relatively slim, because there's really no way to track that information. The only way they would do it is to raid their offices, take the server, get e-mail addresses...But I don't think they would go that far."

Owned by Stephen Marshall, a British entrepreneur, Tour & Marketing takes a strong stance on Cuban trade relations, defending the country's sovereignty and calling on the U.S. and British governments to cease their embargoes. According to an online statement by the company, "The United States' aim in stepping up the blockade is to isolate Cuba, strangle it economically and create the conditions for external intervention." Attempts to reach Marshall on Friday were unsuccessful.

The current OFAC list also contains Sercuba.com, a PayPal-esque electronic money transfer service, and Cimex, a corporation that runs travel agencies but does not appear to engage in e-commerce. Another site, Cuba-shop.net, which OFAC added to the list in February 2004, furnishes a 403 Forbidden screen when called up.

Vote here:
The /. Human-Detector is:
1) WAY TOO HARD: I can't make them out at all
2) TOO HARD: They are very hard to read even when I squint
3) JUST HARD ENOUGH: Any reasonably intelligent person with good eyesight can read them
4) TOO EASY: Any reasonably intelligent computer program can read them
5) TRIVIAL: Any $50 OCR package can read them