Forgot your password?

Comment: ZFS v31+ at last? (Score 1) 224

by Zergwyn (#38008050) Attached to: Solaris 11 Released

I think what I'm most excited for with this release is seeing if Oracle follows through on their promise to put out the source for the up-to-the-date work on ZFS. While ZFS at v28 has proven to be both a lot of fun and very useful for many of us, the updates since (first available for general use with Solaris 11 Express last year I believe) add a few really nice features, including crypto and work on block pointer rewrite. While the illumos project could certainly fork it if required, it would be really great if everyone could stay in sync more. After the acquisition, rather then do nightly releases there was a decision to opt for only releasing code with major versions, which while disappointing at least offered hope going forward. I don't see that Oracle has anything to lose here by staying open with that component, filesystems benefit a lot from widespread use and lots of testing, but, well, it is Oracle.

Comment: Re:To those opposed, what about software upgrades? (Score 1) 258

by Zergwyn (#37585906) Attached to: Psystar Loses Appeal In Apple Case

No it doesn't; you could sell what amounts to a bunch of patches, using previously installed components of the system that did not change.

I addressed this in passing, but perhaps it's worth some additional expansion. I wrote:

Additionally, "upgrades" should be (again, from a user perspective) simply full versions, identical, except cheaper and for existing users.

What you seem to be arguing for is additional DRM, ie., a technical protection measure in order to enforce the wishes of the developer. However, compared to a purely social and legal framework, where customers and people in general are simply expected to be adults and do the right thing, there are significant downsides.

  1. There is additional cost to develop and deploy technical protection methods on the developer side, towards no real overall economic gain.
  2. On the user side, these measures can present honest customers with significant additional hassle and no gain while failing to do anything to the dishonest. This is the case in general, but particularly the case with an operating system. Under the current state of things, Mac OS X has no serial, no ownership checks, and no checks for previous versions. It only has some weak checks to see if it's on a Mac, and otherwise depends on license requirements. The net result is that one never even has to think about it when it comes to upgrading a machine, imaging new machines, etc. It's fine to change hardware, nuke the old hard drive, run it off a direct connect or networked image, just copy right over from one hard drive to another, or anything else possible. In any case, there will never be any trip up.
    Under your scenario, things become much more complicated to no value. To upgrade, you first need to go and dig up your old install media and install that? What if it's been a few versions, you have to start a couple back, then install one upgrade, then the next upgrade? Is it even allowed under this scenario to simply ditto over from an old drive to a new one? This doesn't seem like a net gain.
  3. Finally, if there is no rule of law and society involved, but merely technical protection, I see no way around the economic incentive to ever more heavily restrict stuff. Deep hardware level DRM practically becomes a requirement under this scenario, one where you're not just up against random individuals who aren't really any commercial loss, but against serious businesses. This seems bad every way around, from the perspective of consumer choice and of competition. A massive multinational like Apple could afford to reengineer everything, but a small dev?

I think it's better to have a system where the general standards just exist as a matter of law and society.

Comment: To those opposed, what about software upgrades? (Score 4, Insightful) 258

by Zergwyn (#37584586) Attached to: Psystar Loses Appeal In Apple Case

To my mind, software upgrades are an economically efficient and pro-user offering. They are good for both the production and use side of the equation, allowing users to pay directly for the additional cost of development since their last version rather then all the original work and value that went into the product. They allow developers to reward their own supporters and more efficiently allocate resources. Additionally, "upgrades" should be (again, from a user perspective) simply full versions, identical, except cheaper and for existing users. This is how all commercial software I use works as well.

However, the entire concept of upgrades depends completely on legal licensing: that I can have a clause that says "you may not use this unless you previously owned a full version". I already see a number of posts, both here on Slashdot and on other forums (such as the comments with the Ars Technica article on this story), that are enraged at the result, and that argue that Psystar was "adding value" by "lowering hardware costs". The underlying argument is that, if a piece of software is sold, that should be that. However, how do those of you who argue for that square it with upgrading? Do you simply agree with the App Store take, where upgrades don't exist at all? Or do you have some other way of squaring things away?

As things have existed, Mac OS X offerings have all been upgrades and have been priced accordingly. There seems to be a reasonable consideration on both sides here: buyers pay less money, but in exchange have the restriction of needing to have a Mac as Apple has chosen to build their development around an integrated model. Do some of you think that such integrated models should be illegal, regardless of what benefits they offer? Should Apple be required by law to sell a "full" version of Mac OS X, and would you actually be willing to pay what that might cost (ie., if they said "full version, $400")? I'm genuinely curious about people's thoughts around this.

Comment: Oh honestly (Score 2, Insightful) 436

by Zergwyn (#33996042) Attached to: Gosling Reacts To Apple's Java Deprecation

It seems to have become trendy again to hate Apple no matter what, but this is getting ridiculous. Why is it that Apple is expected to be the only platform vendor that has to maintain their own version of the JVM for free? Jobs is quite correct in saying that Java under OS X has long lagged behind the latest official Sun release. I wish it was more common for Apple to leave more components to third parties now that they've got more market share. Another example would be graphics drivers, which lag tremendously in both performance and features. I don't understand why on Earth any Java dev would want to be stuck indefinitely with Apple's outdated implementation that by definition would never be a major priority rather then get a version from the main organization behind it. For that matter I blame Sun's longstanding ambivalence toasted FOSS. If we had a fully open GPL edition of the JVM that was best of class like we should have gotten years ago, this never would have been an issue in the first place. It's yet another tech Sun's BS has screwed us on, with their insistance to out ZFS under the CDDL rather then Apache/BSD/LGPL being another major example. Anyone still have that old sun strategy wheel, from before 'acquisition' became their final exit?

Comment: Adds another layer to hardware solutions? (Score 4, Interesting) 260

by Zergwyn (#26510579) Attached to: Solution Against Cold Boot Attack In the Making

Or the converse, I suppose (hardware solutions can add another layer to this). This looks like some very interesting work, and may have more applicability in general beyond this one scenario. I'm certainly looking forward to following their implementation as it comes along. But with that said, if this attack was a serious concern for a given entity there seem to be some obvious potential hardware solutions. The attack essentially depends on being able to shutdown the computer but keep the memory cold enough that the randomization time is slowed down tremendously, giving enough time to perform a dump of the contents onto another system for further analysis. Therefore, it can be prevented by, for example, having electric heater units surrounding the memory connected to a dedicated capacitor bank and temperature sensor, as well as a sensor to detect if someone tries for force open the machine (intrusion alarm). Then the system can perform a scram shutdown (or if it is just shutdown normally), and the heaters can assure that the memory is kept hot for a couple of seconds afterwards even in the face of attempted cooling. It only needs to manage it very briefly and then all the contents are scrambled. Other similar methods (maybe a really micro EMP inside a shield memory space) would be possible to, but basically they just need to deny an attacker for a very short amount of time or ensure entropy in the RAM and then the attack is useless.

Ultimately a dedicated hardware secure key store would be better and easier to integrate across all systems, and this more software solution of course has the massive advantage of being able to run for free on existing hardware. But the above could at least be retrofitted on nearly anything, and while it is more esoteric, then again so is the attack since it requires physical access.


Spam Flood Unabated After Bust 188

Posted by kdawson
from the removing-a-cup-of-water-from-the-sea dept.
AcidAUS writes "Last week's bust of the largest spam operation in the world has had no measurable impact on global spam volumes. The spam gang, known by authorities and security experts as HerbalKing, was responsible for one-third of all spam, the non-profit antispam research group Spamhaus said." The article speculates that the operators of HerbalKing simply passed on to associates the keys to the automated, 35,000-strong botnet, and the spam flow didn't miss a beat.

Comment: Trademark and ads actually the real issues (Score 5, Insightful) 621

by Zergwyn (#24354281) Attached to: Second Mac Clone Maker Set To Sell, With a Twist

Contrary the the statement there, I don't the even pretty wild interpretations of an EULA would apply at all. If they wished to pursue that angle Apple would need to go after individual users. From Apple's POV, I believe the only true point of contention would be if Open Tech uses any of their trademarks in its advertising or general web. They can't just plaster Apple OS X images all over the place for example.

No, the real potential source of suits isn't even necessarily from Apple. Rather, Open Tech will have to be very careful in their wording when it comes to promotion. From what I've seen an early draft of their PR used phrases like "Mac Compatible." What exactly does that mean, legally? What happens when a software update breaks the OS? If a customer sees "Mac Compatible" and nothing else, and then buys based on that, I could see grounds for a false advertising suit.

Of course, that can be avoided quite neatly I think with some very careful wording, and by making the limitations and lack of support from Apple very explicit. "Capable of running OS X", with a big fat bold "Not supported by Apple, future updates may not be compatible" warning might work just fine. This just seems like the area where, if these guys are amateur or don't think about it much, they could get tripped up.


+ - {Update}Mac OS X Root Escalation via AppleScript

Submitted by Zergwyn
Zergwyn (514693) writes "This is just a suggestion to update the "Mac OS X Root Escalation Through AppleScript" article to add a temporary solution. The cause of the escalation is having the set-user-ID-on-execution (SUID) bit set for /System/Library/CoreServices/RemoteManagement/ which is an application owned by root. As a result anything it executes is also owned by root, thus the escalation. Unsetting the SUID bit via chmod prevents this behavior until there is a more permanent patch."

+ - First Recorded Song Found on 1860 Phonautogram

Submitted by
Pickens writes "Thomas Edison has long been considered the father of recorded sound but researchers say they have unearthed a recording of the human voice, made by Frenchman Édouard-Léon Scott , that predates Edison's invention of the phonograph by nearly two decades. The 10-second recording of a singer crooning the folk song "Au Clair de la Lune" was discovered earlier this month in an archive in Paris by a group of American audio historian and made playable by scientists at the Lawrence Berkeley National Laboratory in Berkeley, California. "This is a historic find, the earliest known recording of sound," said Samuel Brylawski, the former head of the recorded-sound division of the Library of Congress, Scott's device had a barrel-shaped horn attached to a stylus, which etched sound waves onto sheets of paper blackened by smoke from an oil lamp. The recordings were not intended for listening; the idea of audio playback had not been conceived. Scott's 1860 phonautogram was made 17 years before Edison received a patent for the phonograph and 28 years before an Edison associate captured a snippet of a Handel oratorio on a wax cylinder, a recording that until now was widely regarded by experts as the oldest that could be played back."

+ - RIAA calls attorney fee "excessive"->

Submitted by Anonymous Coward
An anonymous reader writes "It seems that the RIAA is finally listening to the arguments of the people getting sued, but not in the way many of us would have hoped since they use it in there own defence. According to Ars, they have this to say over the attorney fee in the Atlantic v. Andersen case: "... the RIAA called the $298,995 figure "excessive" and said that it should be drastically slashed to something along the lines of $30,000. In the RIAA's opinion, Atlantic v. Andersen was a "straightforward copyright infringement claim," and the labels' independent expert believes that the fees sought are excessive "in numerous respects." ..."

The official filings are also available on Ray Beckermans site, and can be found here."

Link to Original Source

+ - Webkit passes Acid3.->

Submitted by ablaze
ablaze (222561) writes "The latest Webkit nightlies are the first public available browser to pass Acid3. The Surfin' Safari Weblog has the news:

WebKit has become the first publicly available rendering engine to achieve 100/100 on Acid3. The final test, test 79, was a brutal torture test of SVG text rendering. [...] Indeed, we found a critical bug in the test itself that would have forced a violation of the SVG 1.1 standard to pass, so until a few hours ago it was not possible to get a valid 100/100. Acid3 test editor Ian Hickson has the details.

Link to Original Source

+ - U.S. to File Trade Cases Against Pirated Material

Submitted by
ecoshift writes "RIAA driving US Trade policy....???

"The Bush administration announced today that it is filing two new trade cases against China to force the Asian giant to crack down on the distribution of pirated products and to drop barriers to the sale of American music, movies and books."

— le/2007/04/09/AR2007040900574.html?nav=rss_email/c omponents"

At these prices, I lose money -- but I make it up in volume. -- Peter G. Alaquon