Slashdot Mirror

The guards pages are only practical for larger allocations due to hardware limitations, as you say. Strings are protected by different means such as Propolice; in order to minimise the overhead of Propolice, it "detects" strings (as opposed to byte buffers) and specifically protects them with canaries to try and find overflows that would smash the stack (the local variable re-arrangement tries to put these buffers as close to the canary as it can at compile time). The string detection is a heuristic as gcc doesn't maintain quite enough type information when it reaches the code generation parts which Propolice touches. Also, there is a simple bounds checker built into gcc which looks for incorrect use of statically allocated buffers with some standard functions such as strncpy or sscanf (you'd be amazed how many people specify the buffer size wrong to a bounded function).

None of these are perfect of course, but each of the techniques has found bugs (hundreds in the case of the two mentioned above) in our source and ports trees. It's also great to see projects like CCured being developed at Berkeley; although the overhead is just slightly too high to be used "out of the box" right now, it still works great with select applications such as Apache. The underlying tool, CIL can compile most of the OpenBSD source tree (including the kernel) now, and the result even boots when using a null source-to-source transform.

SETI

For typing math in PowerPoint, TeXPoint is the biz.
I was lured away from PowerPoint a few times in the past by the OOo equation editor, but after trying TeXPoint, now editing equations in PowerPoint is so easy I'd rather do it there than with OOo's editor. OOo's syntax is kind of TeX-like, but TeXPoint is the full deal.

That said, you better like editing equations in TeX, because that's the only way to make an equation with TeXPoint. None of this fancy WYSIWYG editing crap.

Another recent name change that stands out is the island of Chuuk, formerly called Truk.

Yes, the website for the Federated States of Micronesia really is "http://www.fm/" - I've never seen anything formatted like that.

Jeez man, put some of that idle CPU power to good use!

I have a old atsc (a samsung SIR-T165) tuner that uses plaintext DVI. It also has a built in scaler--you can plug in a dvd player, vcr, etc, and it will scale the video up to 1080i or 720p. The scaler function requires HDCP.

Later incarnations of the tuner seem to require HDCP displays. I suppose it's all part of samsung's plan to comply with the broadcast flag requirements.
Although it may be cheaper, and certainly less craven to buy a display that doesn't implement HDCP, locating consumer electronics capable of sending a plaintext DVI signal is a difficult and time-consuming task. Many companies have already switched to HDMI, which usually implies encryption.

On a different note, the key exchange algorithm used by HDCP over DVI is flawed. Do those flaws extend to HDMI?

Everything is a trade-off. You may be able to get some economy of scale in generating centrally, but you lose an awful lot in transmission. Maintainance costs may increase, but as you say it's insurance against one line being cut and thousands of homes going without electricity (eg from a hurricane). You can also go hybrid, where a few solar panels or small wind turbine can keep the house ticking over during the day whilst you are at work but draw off the grid when you get home and fire up the kettle/tv/computer/etc.

It does makes sense for everyone to have solar panels on roof, and many companies are working hard to make solar panels cheap enough so that the time taken for it to pay for itself is short enough for mass acceptance. For example solar cells you can spray onto plastic. Let's hope funding increases for alternative energy, at both the government and the venture capital level.

Phillip.

And if you read this, it further confirms that California has no way to ship gas back and forth. So, we are being jacked. Big time.

Oil companies are making HUGE profits off of everyone from these Hurricanes.

Well, I'll trust Hal Varian before I trust you. He's the well-respected UC Berkeley economics professor that helped google set it up.

College radio is great listening too, and most college stations have online streams. I like WTBU out of Boston University -- amazingly eclectic programming schedule.

There's a bunch of good stations out there... a quick list that I've got on hand:

• Pittsburg: WRCT
• Georgia: WREK
• New York: WFUV
• Los Altos, CA: KFJC
• Berkeley, CA: KALX
• San Francisco, CA KUSF
• Davis, CA: KDVS
• Stanford, CA: KZSU

RC4 is a stream cipher which has been on shaky ground for a long time. There are two problems with RC4. The first is that the data is not as random as it could be, at the beginning. The way RC4 works, you put in a key and then it generates a string of random bytes which you XOR with your plaintext to encrypt. But there are weaknesses in the randomness of the first part of RC4's key stream. To fix this experts recommend throwing away the first N bytes. The problem is that nobody can agree on what N should be and it keeps going up. It used to be that 256 bytes was enough, then a thousand; now they say several thousand. Such progressive weakness is a bad sign in a cipher.

The other problem is that stream ciphers in general are hard to use correctly. There have been many notorious cases of RC4 being misused. If you use the same keystream twice you get very bad results (similar to using a one time pad twice), and you can xor bits of the ciphertext and have them go straight through to the plaintext. Again and again people make these mistakes.

RC4 has probably been the cause of more security flaws than any other crypto algorithm. The most recent one (the first link above) was just this year. It is time for Microsoft to retire RC4 in new protocols and products.

It is both - the actual gyroscope is housed in a 7mm x 7mm x 3 mm package. To quote the page Analog Devices Introduces World's First Integrated Gyroscope
By integrating the sensor structure and all necessary signal conditioning circuitry onto a single integrated circuit, Analog Devices' iMEMS ADXRS gyro is smaller, more accurate, more reliable, and more economical than other angular rate sensors in its class. The ADXRS gyro is mounted inside a small 7 millimeters x 7 millimeters x 3 millimeters ball grid array (BGA) package, and consumes only 5 milliamps of current at 5 Volts.

And there's also a research paper published

Doug Tygar, one of the authors of this paper, is actually a professor at UC with joint appointments in the UC Berkeley CS department and School of Information Management and Systems. Besides his academic work, he also served as an expert witness in cases regarding SSL patents, Napster, and Kazaa. He's hardly a student like the summary claims. The other two authors are PhD students in UC Berkeley's CS program.

Doug Tygar, one of the authors of this paper, is actually a professor at UC with joint appointments in the UC Berkeley CS department and School of Information Management and Systems. Besides his academic work, he also served as an expert witness in cases regarding SSL patents, Napster, and Kazaa. He's hardly a student like the summary claims. The other two authors are PhD students in UC Berkeley's CS program.

Doug Tygar, one of the authors of this paper, is actually a professor at UC with joint appointments in the UC Berkeley CS department and School of Information Management and Systems. Besides his academic work, he also served as an expert witness in cases regarding SSL patents, Napster, and Kazaa. He's hardly a student like the summary claims. The other two authors are PhD students in UC Berkeley's CS program.

Information Wants to be Free (Full Text)

Microarray analysis shows that some microRNAs downregulate large numbers of target mRNAs
Lee P. Lim1, Nelson C. Lau2, Philip Garrett-Engele1, Andrew Grimson2, Janell M. Schelter1, John Castle1, David P. Bartel2, Peter S. Linsley1 and Jason M. Johnson1

Top of pageAbstractMicroRNAs (miRNAs) are a class of noncoding RNAs that post-transcriptionally regulate gene expression in plants and animals1, 2. To investigate the influence of miRNAs on transcript levels, we transfected miRNAs into human cells and used microarrays to examine changes in the messenger RNA profile. Here we show that delivering miR-124 causes the expression profile to shift towards that of brain, the organ in which miR-124 is preferentially expressed, whereas delivering miR-1 shifts the profile towards that of muscle, where miR-1 is preferentially expressed. In each case, about 100 messages were downregulated after 12 h. The 3' untranslated regions of these messages had a significant propensity to pair to the 5' region of the miRNA, as expected if many of these messages are the direct targets of the miRNAs3. Our results suggest that metazoan miRNAs can reduce the levels of many of their target transcripts, not just the amount of protein deriving from these transcripts. Moreover, miR-1 and miR-124, and presumably other tissue-specific miRNAs, seem to downregulate a far greater number of targets than previously appreciated, thereby helping to define tissue-specific gene expression in humans.

Gene expression analysis has helped find targets of an overexpressed plant miRNA4, but such an approach has not been reported in animals, where, in contrast to plants, miRNAs are believed to act mainly through translational repression rather than messenger RNA (mRNA) cleavage1, 2. Nonetheless, a microarray analysis showed that unintentional reduction of transcript levels can be observed following small interfering RNA (siRNA) transfection of HeLa cells, and it was observed that several of these downregulated, off-target transcripts contained sites of partial complementarity to the siRNA5, reminiscent of those seen between metazoan miRNAs and their targets. This observation, together with the documented overlap between the potential activities of siRNAs and metazoan miRNAs6, 7, 8, 9 led us to hypothesize that the off-target effects of siRNAs are due to miRNA-like activity, and therefore using microarrays to screen for changes in gene expression following transfection of human miRNAs would shed light on natural miRNA functions.

We focused on two miRNAs noted for their tissue-specificity in mammals: miR-1 and miR-124. miR-1 is preferentially expressed in heart and skeletal muscle and miR-124 is preferentially expressed in brain10, 11 (Supplementary Fig. 1). miR-1 or miR-124 RNA duplexes were transfected into HeLa cells, and mRNA was purified and profiled on microarrays (Fig. 1a). Filtering the expression profiles for genes characterized by the LocusLink database12 that were significantly downregulated (P http://www.ensembl.org./ Following removal of polyA tails, sequences were masked for repeats (A. F. Smit & P. Green, RepeatMasker at http://ftp.genome.washington.edu/RM/RepeatMasker.h tml) and analysed by MEME using the 'zoops' model, setting motif width 'w' incrementally from four to ten. Otherwise, MEME default parameters were used. Sequence logos were constructed using WebLogo (http://weblogo.berkeley.edu./ Background sets of genes were constructed using LocusLink genes that were represented on the chip, and that were either associated with annotated Unigene 3' UTRs or represented in the expression atlas, as appropriate. Orthologous UTRs were aligned with ClustalW30 using default parameters.

Luciferase reporters
Eight miR-1 targets were chosen randomly from those downregulated genes that possessed at least two 6-nt seed matches within a 1-kb segment of their 3

Which makes me very psyched I choose the graduate degree I did - check out the current list of classes being taught at SIMS - that plus the ability to take classes over in the Haas Business School makes for a solid modern program, and matches most of what is on the author's list of 'good' classes.

Fairly complete list of I-schools over at http://www.destinationkm.com/articles/default.asp? ArticleID=1015

Which makes me very psyched I choose the graduate degree I did - check out the current list of classes being taught at SIMS - that plus the ability to take classes over in the Haas Business School makes for a solid modern program, and matches most of what is on the author's list of 'good' classes.

Fairly complete list of I-schools over at http://www.destinationkm.com/articles/default.asp? ArticleID=1015

I teach Bayesian networks and machine learning, two of the topics listed in the above article, in my undergrad and graduate courses in AI. In my opinion, these are subtopics and not core topics, and I will be the first to admit that they are by no means defining topics for a CS curriculum. People list them on resumes because they are hot topics in research, good for catching the eyes of graduate school admissions people and R&D managers.

The fundamental topcis, as the author notes, should be data structures (including graphs), applied math (including the graph theory, probability, discrete math, and linear algebra to support Bayesian networks), and basic programming and OO design. Of course, the author also has his dose of "hot topics" (XML rather than "data representation principles", abstract data types and metadata, etc.).

Graphical models are just one family of many important representations for reasoning and learning, and for computation in general, and learning is just one of a number of important computational mechanisms. Certainly, the modern computer scientist has to be aware of this.

If we look at intelligent systems as a branch of CS that is concerned with "human-like (cognitively plausible) and rational (utility-maximizing) problem solving", as Russell and Norvig set forth in the leading AI textbook ( Artificial Intelligence: A Modern Approach ), we see where the above topics are coming from. AI is popular. Many more people have superficial interests in AI than will actually take jobs in theoretical research or applied fields of "computational intelligence", and I think that is what this commentary illustrates.

Pictures right here...

http://www.bbc.co.uk/sn/prehistoric_life/dinosaurs /chronology/127mya1.shtml
http://www.ucmp.berkeley.edu/diapsids/pterosauria. html

and are pterosaurs really dinosaurs at all?
http://www.ucmp.berkeley.edu/diapsids/dinosaur.htm l

and the nearest relly would be your pet budgie.
http://www.ucmp.berkeley.edu/diapsids/avians.html

And you can even make your own paper pterosaur
http://www.rain.org/~philfear/ptercaddie.html

Pictures right here...

http://www.bbc.co.uk/sn/prehistoric_life/dinosaurs /chronology/127mya1.shtml
http://www.ucmp.berkeley.edu/diapsids/pterosauria. html

and are pterosaurs really dinosaurs at all?
http://www.ucmp.berkeley.edu/diapsids/dinosaur.htm l

and the nearest relly would be your pet budgie.
http://www.ucmp.berkeley.edu/diapsids/avians.html

And you can even make your own paper pterosaur
http://www.rain.org/~philfear/ptercaddie.html

Pictures right here...

http://www.bbc.co.uk/sn/prehistoric_life/dinosaurs /chronology/127mya1.shtml
http://www.ucmp.berkeley.edu/diapsids/pterosauria. html

and are pterosaurs really dinosaurs at all?
http://www.ucmp.berkeley.edu/diapsids/dinosaur.htm l

and the nearest relly would be your pet budgie.
http://www.ucmp.berkeley.edu/diapsids/avians.html

And you can even make your own paper pterosaur
http://www.rain.org/~philfear/ptercaddie.html

inertial confinement fusion. I'ts not new, but getting better. Most labs are not trying to reach break even point. It's more of a research tool.

And to everyone who has/will ask 'when will these ever get us energy? We've been hearing about fusion for years!'. The new Tokamak being built in France right now is the first one that physicists expect to reach break even point. No other reactors were ever expected to generate more energy than they consumed. They were all for research purposes, to get them to the point they are at now. Probably the same for this new inertial confinement one in Europe.

I don't know if this has been mentioned already, but doesn't anyone remember watching this exact thing being done near San Diego? There was a discovery channel special on it. They embedded cheap little magnets in the highway and the vehicles tracked based on those. They even had a public demonstration on it. The group that did it was called "PATH" from Berkeley and their summary of the experiment(from 1997!) is Here.
On a related note, I also remember seeing(in the same show) a piece on a van that was rigged to self-drive. They navigated cross-country on public roads with 97% of the driving being automated. This was done by CS majors using standard equipment publicly available at the time(no later than '97). It shouldn't take much adaptation to make it user-friendly and foolproof enough to survive public use... lawyers may be another story though.
SO, MY question is... why are we having so much difficulty with this now? ...and why is GM billing this as some "amazing new discovery that is 3 years on the horizon"? Couldn't GM just go to those college students and buy the technology off of them for a few six-packs?
It seems like the only real barriers to this technology will be political, but that's just my $.02

NASA already has a couple nanosat programs that will fly in formation. They are sometimes refered to as constellation missions.

ST-5
http://nmp.jpl.nasa.gov/st5/

THEMIS
http://sprg.ssl.berkeley.edu/themis/flash.html

These are the two that I know off the top of my head.

Ummm, yeah, I wonder if Chavez is really interested in helping the US, or if he is more interested in turning poor people into communists?

Gee get thee to the 1950s!

Communism is dead. North Korea is probably the only communist country left in the world, and that's a damn wierd place that no one really knows what is going on inside, so maybe not even that one. Sure, China and powerhouse Cuba may call themselves communist, but they really aren't. Totalitarian? Oh most definately! Communist? No. China stopped being communist the moment Deng Xiaopeng said, "To get rich is glorious." Cuba has a complete capitalist economy based on American dollars.

And if you think that there's some big undercurrent in the US wanting to be communist, again. The KGB tried for years to build a meaningful communist movement and failed. In fact, looking at the since declassified KGB reports from the 50s and 60s shows that the KGB agents reported that it was a wasted effort, and get this... they were losing KGB agents do to defection.

And one more inconvient fact about Chavez. He was democratically elected in an election the Carter Center as flawed, but did not change the outcome. In other words, the election is valid.

If you're going to call it a theory, one out to teach it as such.

You mean, like this sticker?

"This textbook contains material on evolution. Evolution is a theory, not a fact, regarding the origin of living things. The material should be approached with an open mind, studied carefully, and critically considered."

Good point! May I also suggest some more:

"This textbook states that the earth is over 4 billion years old. Because some people strongly believe that the earth cannot be this old, the material should be approached with an open mind, studied carefully, and critically considered."

"This book promotes the theory of plate tectonics, the gradual movement of the major land masses. Because nobody observed this process, this material should be approached with an open mind, studied carefully, and critically considered."

"This textbook suggests that the Earth is roughly spherical. The shape is a controversial topic, and not all people accept this theory. This material should be approached with an open mind, studied carefully, and critically considered."

"This book contains material on gravity. Gravity is a theory, not a fact, regarding a force which cannot be seen. This material should be approached with an open mind, studied carefully, and critically considered."

"This book discusses heliocentrism, that the Earth orbits around a centrally located sun. Because astronomers still disagree over the details of the heliocentric model, this material should be approached with an open mind, studied carefully, and critically considered."

"This book contains material on special relativity. Special relativity is a scientific theory, and very few scientists fully understand it. This material should be approached with an open mind, studied carefully, and critically considered."

"This textbook claims that evolution is not fully accepted by scientists because it is just a theory. The author hopes to confuse you into equating "scientific theory" with "cockamamie theory." To read a short blurb on what a scientific theory is, go to, http://wilstar.com/theories.htm."

"This book does not contain the word evolution, the unifying principle in biology and an important component of the National Science Standards and the Scholastic Achievement Test. For an overview of what your class is missing, go to http://evolution.berkeley.edu/"

"This book was anonymously donated to your school library to discretely promote religious alternatives to the theory of evolution. When you are finished with it, please refile the book in the fiction section."

"This book mentions Creationism, New Creationism, Scientific Creationism, or Intelligent Design. All of these beliefs rely on the action of a supernatural entity to explain life on Earth. Scientists rejected supernatural explanations for life on Earth in the 1800s, and still do today."

"This book discusses gods. The existence of entities with supernatural powers is controversial, and many believe that myths, especially other people's myths, are fictional. This material should be approached with an open mind, studied carefully, and critically considered."

"This book contains an evolution disclaimer sticker mandated by your local school board. For fun, submit an article to a local paper that probes the motivations of board members and analyzes the impact of weakened science instruction on students' college applications."

"This sticker covers a pre-existing sticker designed to subtly undermine the teaching of evolution in your class. To see the full text of the original sticker, examine the books of children of school board members, who mandated the stickering."

"This book discusses evolution. President George W. Bush said, "On the issue of evolution, the verdict is still out on how God created th

. . . was this lousy certificate

So do I. In fact I keep looking for people to help us develop this.... To no avail. :( Aparently the people who want this most don't have the ability to implement it, and the people who have the ability (assuming they exist) aren't interested.

If anyone wants to help, join the boinc_opt mailing list and send a message.

BTW, David is the titular director of SETI@home, but currently has no managerial duties beyond the BOINC project.

From this link a good average differential between a processor at load and idle is 40W. If you turn the computer off instead, that's maybe 80W. (Broad average over many computers).

Now Here we see that 2million years of computing time has been used, so (times 40W/hr) that comes to 700,000MWHr.

No the 2000 U.S. consumption of energy was ~21 billion MWHr. (Here, and trust the government to use quadrillions of BTUs as a unit). So to date, SETI has used 0.003% of U.S. annual energy consumption. And that's almost enough energy to power the City of Red Deer, Alberta for 17 months! Someone else can tell us how many libraries of congress you could have read with that much light.

Feel free to check my units and zeros, I've been wrong before, as long as someone can tell the Brits what a quadrillion is.

What I took last semester:

EE 105: Microelectronic devices and circuits

What I'm taking this semester:

EE 140: Analog Integrated Circuits

What I took last semester:

EE 105: Microelectronic devices and circuits

What I'm taking this semester:

EE 140: Analog Integrated Circuits

"The top 1% of Americans own 40-50% of the wealth in America, more than the bottom 95% combined."

Actually, http://tiger.berkeley.edu/sohrab/politics/wealthdi st.html

Looking at some real data rather than some made up data, we find the top 1% have 34% of the total wealth in America.

Also, there is a very interesting Stanford study that shows that these numbers massively overstate the wealth of the richest Americans because they are gross numbers. Bill Gates has $26bn of Microsoft stock. *But*, if he sold it he'd have to pay capital gains taxes. His "after tax" wealth would be a (still obscenely large) $18bn. If we assume that capital gains have been disporortianately earned by the richest then this skews the numbers quite considerabley.

Anyway... I'm not saying America doesn't have terrible wealth inequality, just that people have a tendancy to make up stats in this area :-)

# Q. Where is the code? # A. No code is available yet. I am still pondering the pertinence of allowing code in the wild. The good old full-disclosure debate... If you think I should release the code for PWNtcha, feel free to explain your arguments to me.

Interesting point. In fact, I noticed this with a game called Netrek that I used to play in the early '90s at Cal (it's still around--the game and the University :)

Basically, people got sucked into an open source game with a very flat learning curve and complex teamplay by going to labs and seeing people playing it during work breaks and late at night (despite a NO GAMES) policy that was spottily enforced by the "web trolls". A lot of the cultural aspects of the CSUA, a CS student social organization, also stemmed from people hanging out and working in close proximity to each other in these labs.

When home PCs (and broadband in dorms) became more ubiquitous, a lot of this was lost; the geeks didn't hang out so much anymore. Interestingly enough, at about the same time you started getting an upsurge of people wanting to major in CS-related topics due to their perceived profitability in the dot-com market, so you got a far higher percentage of non-hardcore-geek types who just did the academic work and that was that.

http://sims.berkeley.edu/

Great combination of CS, Law, Business...
Loving the program.

/*-
  * Copyright (c) 1992, 1993
  * The Regents of the University of California. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  * notice, this list of conditions and the following disclaimer in the
  * documentation and/or other materials provided with the distribution.
  * 3. All advertising materials mentioning features or use of this software
  * must display the following acknowledgement:
  * This product includes software developed by the University of
  * California, Berkeley and its contributors.
  * 4. Neither the name of the University nor the names of its contributors
  * may be used to endorse or promote products derived from this software
  * without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  */

Yeah, and Solaris x86 has been around since 1992. Hasn't killed Linux yet.

One-time pad (OTP) is the only "unbreakable" encryption.

True, but incomplete -- under the right circumstances, even an OTP can be broken.

To ensure that an OTP is unbreakable, you not only have to ensure that the key is used only once, but you also have to ensure that the key is completely unpredictable. This means starting with a truly random source, and ensuring against introducing bias in sampling that random source.

The problem with this is that most random sources have relatively low bandwidth. Those who really care may want to visit David Wagner's links page at: http://www.cs.berkeley.edu/~daw/rnd/. About halfway down the page is a section on random number generation hardware.

Most of these aren't very useful to provide key material for OTPs though -- they just don't provide enough random bits fast enough to provide much bandwidth.

That, of course, brings us back to the Achille's heel of OTP: the key is just as large as the message. If you can distribute the key securely, why don't you just send the original message by that secure route and be done with it? Clearly there are situations in which this doesn't apply, but it renders the OTP useless for most.

On a more or less unrelated aside, I was a bit disappointed -- if there's been any mention of elliptical curve cryptograpy, I've missed it...

--
The universe is a figment of its own imagination.

Yeah, I was thinking the same thing. I remember learning in my Cryptography class back in school that DES wasn't considered very secure by many cryptographers back in the 80's and how surprising it really is that it took so long to come up with another standard. In fact, the known insecurity of DES is the reason that people started doing DES multiple times: 3DES. Here is some more information on 3DES: http://en.wikipedia.org/wiki/3DES and http://kingkong.me.berkeley.edu/~kenneth/courses/s ims250/des.html

In other words, wait for a silver bullet?

And what, exactly, are we doing now which is much different? It's nice to see thing like the Solar Array mentioned in the FA going up, but that is really only feasible in places like the Western Mojave, where we get 300-odd days of sun a year. It just wouldn't fly in, say, Seattle. Yes, the amount of time to get a reactor designed and built is long, but this is true of any large scale project. The previously mentioned solar array won't have any opertational capacity until at least 2007 (And I wouldn't expect them to actually be on time) And they don't mention how much longer until the full 500MW capacity will be online, with build out to start in 2008 it will be a while.
We do need to get something building now, and this array is a nice start, but it's not the silver bullet we need. Fission won't be it either I expect, but it would be a good delaying tactic until we do find one, or at least the next delaying tactic. If we can get something like an IFR reactor going, we may be able to buy ourselves a lot of time to figure out Fusion.

and if they may still be valid?

For example, he doesn't seem to know what an IV is, and suggests there's something fundamentally wrong with them:

Every time a packet is sent this shared key is paired with another key called an Initialization Vector, together these form the encryption in the packet. The Initialization Vector is included in the packet, which makes it security vulnerability. That is not the only problem with Initialization Vectors; the other problem is there is a limited amount of them, only 16,777,216.

If I didn't know better, I'd draw the conclusion, "Wow, stay away from these things called initialization vectors. Oh no! My DriveCryptLeetMagicFantastico uses this thing called AES-CBC that requires initialization vectors! It must be broken!"

He also says that CRC32 is a good measure to increase protection, except that it's just poorly implemented in WEP.

There are many better write-ups on WEP security available, like this one.

But programming is supposed to be a science and a process. If you prepare a precision algorythm and carefully test it before coding with all manner of valid and absurd inputs, then it shouldn't matter what level of so called skill a programmer has when the coding proceeds.

Oh, you mean a 'good programmer' is one who by lucky accident gets working code without using developing a complete algorythm first? What do you guys do, design microwave ovens for a living?

There's no such thing as a good vs average programmer. There's only those who follow the algorythm and the lucky artists.

First, without a good programmer on hand, who do you think is going to design the 'precision algorithm' or the test plans? For any given problem there are countless different solutions (most of which, as the aphorism says, are simple, easy and wrong), and figuring out which solutions will be appropriate to the problem domain, and scale well as the problem evolves, is an unavoidably creative process, for which you need creative people (i.e. good programmers).

Second, even when you have an algorithm already in hand, you need to have someone who can write the code in such a way that it can be easily understood, maintained and extended. This is also an unaviodably creative process: for any given algorithm and any given implementation language, there are, again, countless concrete implementations, each with their own advantages and handicaps. If you hire an average programmer, one without imagination or initiative, you can only hope that they will stumble, by pure luck, on the minority of implementations that don't paint you into some unfortunate corner two years down the road (requiring an astronomical investment in re-engineering the program). Hiring creative and independant people (i.e. again good programmers) will greatly increase the liklihood that the resulting programs will be well engineered.

Anyone who doesn't understand these two simple facts is either a nitwit of a PHB or an average programmer. Engineering of any type is hard, unavoidably so, and software engineering is harder than most other disciplines. The only people who think otherwise are either not aquainted with real-world software engineering (ivory tower types) or are simply blowhard dilettantes with no real interest in the problem (often with a silver bullet to sell).

I came up with this idea a year or two ago,

That's a much older idea. Thousands of persons in the IT industry have thought of it, as it's an obviously good concept, but nobody pursues it because the prerequisites aren't in place yet.

First, we need a widely accepted micropayment system. Then, we need people to start renting out their unused nighttime CPU cycles via an anonymous, automated auction (like SETI@home, but greedier). Once those two things are in place (and there are groups pushing for both of them), then automated bandwidth trading will naturally follow after (obseleting much of Akamai's business model).

Of course, it may require ISPs to revise their TOSs, but if micropayments are working by then, this won't be a problem. (Of course, micropayments don't look like they'll arrive soon, or even ever, but hey)

More generally, the cost of any reasonably broad problem with users' security will fall back on the merchants/banks/companies somehow, and thus are or should be on the radar for any security manager for a large web company that involves money changing hands.

These issues are taken seriously by many of the players in the market. For instance, one company I consulted for scrapped and reimplemented a multimillion dollar system when we demo'ed client security issues that they could not work around in their present system.

Now, it is probably a bad idea for eBay to recommend particular computer desktop setups for security. All the popular systems of today have design issues[1] that make security issues pop up "all the time." However, what happens on the user end definately do matter to them.

Eivind.

[1] There are design issues are both on the user interface level and technical level. For an overview of secure interface design, see Interaction Design for End User Security. The tech level is "everything" running with too many privileges, mostly.

Most captchas out there can be easily defeated with a variety of methods. The implementation you describe would be horridly complex. Rather pointless when you can write a robot capable of solving them as much as you want versus hooking up a system dependent on humans.

You've obviously got a lack of knowledge on how spammers operate, nowhere would you ever see a setup like this in the wild.

Do these fastest super computer claims take into account grid or other distributed computing? An example that comes to mind is the computers running SETI@home could be thought of as a SETI@home super computer. It would only be fair to include such "virtual" super computers for a true comparison.

Throw 20,000 idle computer processors at it...

BOINC