List of common SSL offending (and non-offending) sites.
The Heartbleed Hit List: The Passwords You Need to Change Right Now
Good video explanation:
Mashable Explains: What Is the Heartbleed Encryption Bug?
Java MUST MUST MUST read and do:
Critical Java Update Plugs 37 Security Holes — Krebs on Security
To copy directly from the Open Source Initiative website:
An “open standard” must not prohibit conforming implementations in open source software.
To comply with the Open Standards Requirement, an “open standard” must satisfy the following criteria. If an “open standard” does not meet these criteria, it will be discriminating against open source developers.
One can imagine that each phrase was fought over in countless hours of committee work. Let’s see how the Digital Standard Organization uses “open standard” on their site. Notice the differences and similarities. There will be a test…ongoing and on the floor of conventions and when you read PR everywhere. Notice that the term is tied to Free in this usage, but that usage comes directly from:
The Digistan definition of a free and open standard is based on the EU’s EIF v1 definition of “open standard” with the language cleaned-up and made more explicit. Our analysis of the importance of vendor capture in determining the openness of a standard comes from this analysis.
Picking our way through their site:
What is an open standard? The Wikipedia page shows many definitions, which specify characteristics of a specification, or of the processes that produce it and make it available.
To understand why there is no single agreed definition, and to let us build a canonical definition, we can start with two observations:
The definitions collected on Wikipedia can be grouped into those made by vendors, and those made by the rest of the market. The variation in definition comes from the various viewpoints expressed (e.g. W3C focuses on process while Denmark focuses on user cost).
We, the Digital Standards Organization, explicitly take the side of “the market at large”. We do not accept the definitions of “open standard” produced by vendor bodies, including W3C to some extent. We do not accept the attempts of some legacy vendors to stretch “open standard” to include RAND-licensed standards.
An open standard must be aimed at creating unrestricted competition between vendors and unrestricted choice for users. Any barrier – including RAND, FRAND, and variants – to vendor competition or user choice is incompatible with the needs of the market at large.
The Digital Standards Organization defines free and open standard as follows:
To copy directly from the Open Source Initiative website:
An “open standard” must not prohibit conforming implementations in open source software.
To comply with the Open Standards Requirement, an “open standard” must satisfy the following criteria. If an “open standard” does not meet these criteria, it will be discriminating against open source developers.
One can imagine that each phrase was fought over in countless hours of committee work. Let’s see how the Digital Standard Organization uses “open standard” on their site. Notice the differences and similarities. There will be a test…ongoing and on the floor of conventions and when you read PR everywhere. Notice that the term is tied to Free in this usage, but that usage comes directly from:
The Digistan definition of a free and open standard is based on the EU’s EIF v1 definition of “open standard” with the language cleaned-up and made more explicit. Our analysis of the importance of vendor capture in determining the openness of a standard comes from this analysis.
Picking our way through their site:
What is an open standard? The Wikipedia page shows many definitions, which specify characteristics of a specification, or of the processes that produce it and make it available.
To understand why there is no single agreed definition, and to let us build a canonical definition, we can start with two observations:
The definitions collected on Wikipedia can be grouped into those made by vendors, and those made by the rest of the market. The variation in definition comes from the various viewpoints expressed (e.g. W3C focuses on process while Denmark focuses on user cost).
We, the Digital Standards Organization, explicitly take the side of “the market at large”. We do not accept the definitions of “open standard” produced by vendor bodies, including W3C to some extent. We do not accept the attempts of some legacy vendors to stretch “open standard” to include RAND-licensed standards.
An open standard must be aimed at creating unrestricted competition between vendors and unrestricted choice for users. Any barrier – including RAND, FRAND, and variants – to vendor competition or user choice is incompatible with the needs of the market at large.
The Digital Standards Organization defines free and open standard as follows:
but takes different meanings depending on the many different possible viewpoints. One group will use the word to mean that two articles of clothing can look identical under the lighting of the store, but will look wildly different in the light of the bedroom. It is also metamerism that allows what looks one way on the screen in RGB to look similar when printed with CMYK inks. It is also used in the controlled tests of the lab when a person is asked to mix 3 colors in order to match a target color – in fact, it was similar tests that the then young International Commission on Illumination (the CIE) used to proof the tri-stimulus system and to come up with the various color models that we are familiar with (think horseshoe).
Metamers are in the news because of laser light replacing xenon, and, like the always present but exacerbated ‘speckle’ is something that heretofore sloppy but lucky implementations were able to hide – not that the engineers were sloppy, but the technology was so ‘force over subtlety’ that the age didn’t allow any better. Unlike speckle, no one knows for certain whether metamers will be an actual audience problem. It may be something that we run into everyday and ignore. There are things like this that we just don’t notice on the movie screen as well – for example, what is seen as a circle if you are in a center seat takes the shape of an ellipse if you are over to the side. But the human visual system compensates for this with ease – you see it but you ignore it…except for stereoscopic movies, where the brain ‘sees’ an ellipse, and just adds that to the pile of straw waiting to get too heavy…bringing headaches and dissatisfied customers…force over subtlety yet again.
New Audio Systems – The attempt for same sound with different structures
Now, with increased computational power and the desire to immerse the audience with ‘natural’ sound, the audio world has entered the realm of (attempting) the creation of an equivalent set of combined sounds taking different presentation positions (the Object of object-based audio essence–OBAE) while attempting to create the same sound regardless of different variables – an audio metamer for want of a better term. The new Object-based audio systems presume that they can dial in a particular set of numbers to get a different arrangement of speakers to act just like another…across different systems with different crossovers and spectral response.
Good luck with that. The term of art is: to be subjectively consistent, making best use of the available resources.
Lest this progress be decried as just another manufacturer’s method of raking over the audience to get more money…or the exhibitor’s money since better audio doesn’t really have a ‘return from end-user’ built into the business model…directors are also pushing for this change, since it is the logical extension of what we all imagined audio could be back in our teen-age, garage-band, more-speakers-in-the-car days.
But that isn’t what we are here to write about. Our topic has to do with the many and several ways to achieve KAVI-based bliss when using the SMPTE Committee site. That is the true -mer, sharing knowledge (or in the case of your author here, only sharing time since he all too often finds himself as the dullest crayon in the room during these engineering meetings.) But getting into the process of using the SMPTE website needs some explaining for the novice. This may be the first of many tutorials.
Soon (hopefully, and relatively) there will be pictures and arrows here, with tips from good/better/best people making comments on this article. Because everyone has met this problem, not only learning how to guide themselves through the login and the disappearing Record My Attendance and the Please Vote emails with cryptic messages.
{mp4 width=”660″ height=”400″}smpte_1{/mp4}
but takes different meanings depending on the many different possible viewpoints. One group will use the word to mean that two articles of clothing can look identical under the lighting of the store, but will look wildly different in the light of the bedroom. It is also metamerism that allows what looks one way on the screen in RGB to look similar when printed with CMYK inks. It is also used in the controlled tests of the lab when a person is asked to mix 3 colors in order to match a target color – in fact, it was similar tests that the then young International Commission on Illumination (the CIE) used to proof the tri-stimulus system and to come up with the various color models that we are familiar with (think horseshoe).
Metamers are in the news because of laser light replacing xenon, and, like the always present but exacerbated ‘speckle’ is something that heretofore sloppy but lucky implementations were able to hide – not that the engineers were sloppy, but the technology was so ‘force over subtlety’ that the age didn’t allow any better. Unlike speckle, no one knows for certain whether metamers will be an actual audience problem. It may be something that we run into everyday and ignore. There are things like this that we just don’t notice on the movie screen as well – for example, what is seen as a circle if you are in a center seat takes the shape of an ellipse if you are over to the side. But the human visual system compensates for this with ease – you see it but you ignore it…except for stereoscopic movies, where the brain ‘sees’ an ellipse, and just adds that to the pile of straw waiting to get too heavy…bringing headaches and dissatisfied customers…force over subtlety yet again.
New Audio Systems – The attempt for same sound with different structures
Now, with increased computational power and the desire to immerse the audience with ‘natural’ sound, the audio world has entered the realm of (attempting) the creation of an equivalent set of combined sounds taking different presentation positions (the Object of object-based audio essence–OBAE) while attempting to create the same sound regardless of different variables – an audio metamer for want of a better term. The new Object-based audio systems presume that they can dial in a particular set of numbers to get a different arrangement of speakers to act just like another…across different systems with different crossovers and spectral response.
Good luck with that. The term of art is: to be subjectively consistent, making best use of the available resources.
Lest this progress be decried as just another manufacturer’s method of raking over the audience to get more money…or the exhibitor’s money since better audio doesn’t really have a ‘return from end-user’ built into the business model…directors are also pushing for this change, since it is the logical extension of what we all imagined audio could be back in our teen-age, garage-band, more-speakers-in-the-car days.
But that isn’t what we are here to write about. Our topic has to do with the many and several ways to achieve KAVI-based bliss when using the SMPTE Committee site. That is the true -mer, sharing knowledge (or in the case of your author here, only sharing time since he all too often finds himself as the dullest crayon in the room during these engineering meetings.) But getting into the process of using the SMPTE website needs some explaining for the novice. This may be the first of many tutorials.
Soon (hopefully, and relatively) there will be pictures and arrows here, with tips from good/better/best people making comments on this article. Because everyone has met this problem, not only learning how to guide themselves through the login and the disappearing Record My Attendance and the Please Vote emails with cryptic messages.
{mp4 width=”660″ height=”400″}smpte_1{/mp4}
Harkness calls it “Screen Lifecycle Management” and they feel that they have the apps to help with that.
“Anything to help Quality Control” is what we call it: Free Webinar 26th February 2014
SCREEN LIFECYCLE MANAGEMENT WITH THE HARKNESS APPS – WEB SEMINAR
The only thing better is if you and they were to join the SMPTE Study Groups that are working on Light and Audio Quality. Join Now.
Harkness calls it “Screen Lifecycle Management” and they feel that they have the apps to help with that.
“Anything to help Quality Control” is what we call it: Free Webinar 26th February 2014
SCREEN LIFECYCLE MANAGEMENT WITH THE HARKNESS APPS – WEB SEMINAR
The only thing better is if you and they were to join the SMPTE Study Groups that are working on Light and Audio Quality. Join Now.
When extended band-width in video is discussed, BT.1886 gets mentioned. What is it?
SpectraCal has a nice whitepaper on the subject.
Lest there be any confusion, SMPTE specifies a gamut, so this is not going to be in the DCI projector for movies for a while. But some clever cable box or satellite group might use it to make the darks better in an alternative content feed, for example.
When extended band-width in video is discussed, BT.1886 gets mentioned. What is it?
SpectraCal has a nice whitepaper on the subject.
Lest there be any confusion, SMPTE specifies a gamut, so this is not going to be in the DCI projector for movies for a while. But some clever cable box or satellite group might use it to make the darks better in an alternative content feed, for example.
25 Feb–OSX Security Update Available…do it now. [End Update]
Did you update your Flash at the last emergency? when was that…ah~! less than 3 weeks ago.
The emergencies never cease for this decaying corpse. It is possible to live without Flash. Standards exist and are being implemented. It does not belong on your work systems, period. Adobe, Microsoft Push Fixes For 0-Day Threats — Krebs on Security
Meanwhile, on the Apple front.
DCinema is full of encrypted data, and it was in this arena that the iPhone had a flaw. It is suspected that the Mac OS has a similar flaw. Some wonder whether this has been an intentionally placed back-door, but there is no evidence of that. There is a lesson though: Code must be tested publicly. SSL flaws have been written about for the last few years, even on an amateur site like this one.
25 Feb–OSX Security Update Available…do it now. [End Update]
Did you update your Flash at the last emergency? when was that…ah~! less than 3 weeks ago.
The emergencies never cease for this decaying corpse. It is possible to live without Flash. Standards exist and are being implemented. It does not belong on your work systems, period. Adobe, Microsoft Push Fixes For 0-Day Threats — Krebs on Security
Meanwhile, on the Apple front.
DCinema is full of encrypted data, and it was in this arena that the iPhone had a flaw. It is suspected that the Mac OS has a similar flaw. Some wonder whether this has been an intentionally placed back-door, but there is no evidence of that. There is a lesson though: Code must be tested publicly. SSL flaws have been written about for the last few years, even on an amateur site like this one.
Cultures and technologies advance, not always simultaneously nor without mess excitement interesting times.
This white paper describes the film to digital transition with focus on the evolution of equipment that assists the deaf, blind, hard of hearing and partially sighted cinema patron. It includes the background cultural and legal trends in Australia, England, and the United States. It includes an Equipment Table for Closed Captions and Assisted Listening Equipment.
Please address any questions or comments to the editor of DCinemaTools, C J Flynn, who is responsible for the contents of this document.
Accessibility to Inclusion in Cinema – White Paper
Cultures and technologies advance, not always simultaneously nor without mess excitement interesting times.
This white paper describes the film to digital transition with focus on the evolution of equipment that assists the deaf, blind, hard of hearing and partially sighted cinema patron. It includes the background cultural and legal trends in Australia, England, and the United States. It includes an Equipment Table for Closed Captions and Assisted Listening Equipment.
Please address any questions or comments to the editor of DCinemaTools, C J Flynn, who is responsible for the contents of this document.
Accessibility to Inclusion in Cinema – White Paper
Someone figured out how to get a Trojan into that system – so the conjecture goes. Working its way from the air conditioner through to the billing system was then only a matter of the diligence and technique of the hackers.
It isn’t only Target. See a probably much more gruesome story that is yet to reach the public eye: Hotel Franchise Firm White Lodging Investigates Breach — Krebs on Security. White Lodging is the hotel franchise group that we all know under the brands that include Hilton, Marriott, Sheraton and Westin.
From the Kreb’s Target article: Avivah Litan, a fraud analyst with Gartner, said that although the current PCI standard (PDF) does not require organizations to maintain separate networks for payment and non-payment operations (page 7), it does require merchants to incorporate two-factor authentication for remote network access originating from outside the network by personnel and all third parties — including vendor access for support or maintenance (see section 8.3).
The comments list other PCI violations. How familiar are you with this standard…or how secure is the structure of your internal walls.
Putting on my other hat as an equipment manufacturer, this conversation came up just a few days ago. It is typical for a company (you) to allow data into your system, but not so typical to let it out. It is up to you to make certain that all connections to your equipment and data server are necessary, vetted, secure, and monitored. The best way seems to be “on request” services, for example, a RESTful service with certificate authentication.
But don’t take our word for it; read up so that you can ask intelligent questions of your security personnel…and ironically, your service group.
Security setup for RESTful web services – IBM
Securing RESTful Web Services – 12c Release 1 (12.1.1) – Oracle
And, good luck to us all.
Someone figured out how to get a Trojan into that system – so the conjecture goes. Working its way from the air conditioner through to the billing system was then only a matter of the diligence and technique of the hackers.
It isn’t only Target. See a probably much more gruesome story that is yet to reach the public eye: Hotel Franchise Firm White Lodging Investigates Breach — Krebs on Security. White Lodging is the hotel franchise group that we all know under the brands that include Hilton, Marriott, Sheraton and Westin.
From the Kreb’s Target article: Avivah Litan, a fraud analyst with Gartner, said that although the current PCI standard (PDF) does not require organizations to maintain separate networks for payment and non-payment operations (page 7), it does require merchants to incorporate two-factor authentication for remote network access originating from outside the network by personnel and all third parties — including vendor access for support or maintenance (see section 8.3).
The comments list other PCI violations. How familiar are you with this standard…or how secure is the structure of your internal walls.
Putting on my other hat as an equipment manufacturer, this conversation came up just a few days ago. It is typical for a company (you) to allow data into your system, but not so typical to let it out. It is up to you to make certain that all connections to your equipment and data server are necessary, vetted, secure, and monitored. The best way seems to be “on request” services, for example, a RESTful service with certificate authentication.
But don’t take our word for it; read up so that you can ask intelligent questions of your security personnel…and ironically, your service group.
Security setup for RESTful web services – IBM
Securing RESTful Web Services – 12c Release 1 (12.1.1) – Oracle
And, good luck to us all.