Slashdot Mirror

Tempest works on both CRT and LCD screens, to answer to first poster.

The easiest way to foil Tempest is to cut the top 30% out of the picture - it doesn't affect image quality that much, although everything is a little more blurred than normal. The great thing is, you can put other information in the top 30% of the signal without affecting what the monitor shows to you - but to those monitoring you all they see is the top 30%. So run a simple screensaver type program that only writes to the top 30% of the signal, and plan your bomb making in the bottom 70% in perfect secrecy.

See more here: Ross Anderson's Page at Cambridge University. Includes special fonts designed for Tempest fooling.

~~

List of Jargon Resources Mirror Sites USA:

• http://www.akrotech.com/~darkstar/jargon
• http://memes.org/jargon
• http://www.journalism.wisc.edu/jargon/
• http://www.mindspring.com/~li mbert/hacking/jargon.htm
• http://www.iscvt.org/jargon/jargon.html
• http://www.babcom.com/jargon/index.html
• http://www.hackboy.com/jargon
• http://www.pulhas.org/
• http://www2.netdoor.com/~lhand
• http://avatar.deva.net/
• http://www.blee.net/jargon
• http://www.fortuneci ty.com/skyscraper/jolt/15/jargonindex.html
• http://www.jargon.8hz.com/
• http://culture.0wnz-u.org/
• http://www.houseofhack.com/jargon
• http://jollyrogers.com/jargon/
• http://handel.math.psu.edu/jargon

• http://celestrion.totalaccess.net/do cs/jargon/
• http://www.pir.net/pir/jargon/
• http://www.technozen.com/tetsuo/jargon/
• http://ude.org/jargon
• http://web.chad.org/usr/doc/jargon-file/

• http://karnak.nmc.siu.edu/jargon/

Australia:

• http://ecco.bsee.swin.edu.au/text/jargon/

• http://ecco.bsee.swin.edu.au/text/jargon

Czechoslovakia: ttp://www.instinct.org/texts/jargon-file/

Finland: http://zone.pspt.fi/jargon/

Germany:

• http://www.ude.org/jargon
• http://www.ghks.de/computer/jargon/
• http://www.math.fu-berlin.de/~rene/jargo n/
• http://hex.rz.ruhr-uni-bochum.de/jargon/
• http://www.informatik.hu-berlin.de /~bergt/jargon

Gret Britain: http://jargon.strugglers.net

Greece: http://www.hack.gr/jargon

Italy: http://beatles.cselt.stet.it/mirrors/jargon

Japan: http://www.vacia.is.tohoku.ac.jp/jargon/

Norway: http://www.pvv.ntnu.no/misc/jargon/ Poland: http://www.uci.agh.edu.pl/jargon/

Spain: http://www.undersec.com/jargon

Sweden: http://ftp.sunet.se/jargon/

U.K.:

• http://www.new.ox.ac.uk/admin/jargon/
• http://g.pet.cam.ac.uk/g/jargon/

I'd know the answer to this, but is there any way to verify that the plaintext version you supplied matches what's been encrypted?

Yes, they can force you to give them the key so that they can decrypt it, but there is hope: StegFS is an encrypted/stenographic filesystem for Linux (based on ext2) which provides plausable deniablility, i.e. it has n levels of access (diffrent passwords) and you may encrypt data at any level of access, but there is _no_way_ to prove that a higher level exists from a lower level. This means that when the cops make you give them the password you just give them the passwords to the lower levels, but not the higher levels.

The only hole in this system is that the cops may know you posses some information which you have not yeat shown them, so they could assume that their are unrevieled levels.

I would really like to see the linear algebra based plausable denaiablility algorithm implemented for PGP key files. It would make your key files 16 times larger, but would allow you to have n It might be possible to have a psychological solution to the password problem, i.e. use long passwords which you can remember, but which you can also force yourself to forget (by chanting simmilar sounding things hundreds of times). It is an interesting idea.

How do they prevent priority inversion? For example a process I have granted unlimited (or very large) amounts of service too, and a process I have granted only tiny bits of service too, and another in between. The "unlimited" one waits for a disk I/O to complete. The "tiny" one starts an extreamly slow X operation (like fetching the glyphs for a all 64K chars in a 16bit true type font at some huge scale...or a mouse grab...or a PEX operation). The disk I/O completes, and the large one wants to display something, but it can't as the tiny one is doing something. The "in between" process wakes now, and starts doing a non-X thing (say five hours of ray tracing). It has more resources allocated to it then the "tiny" process so I assume it gets to suck them up, but less then the "large" one, which won't matter until the "tiny" one gets enough slop from the middle one to continue.

There are several assumptions that you make in this scenario that are fundamentally overturned by Nemesis.

Firstly, you fundamentally can't do proper QoS support just using a purely priority-based model. Instead you offer scheduling guarantees - for example, for a process with a relatively low requirement for CPU, you might offer 1ms of processing time per 100ms of real time. For a CPU intensive process, you might give it 2ms of processing time per 5ms of real time. Even though the "low-priority" task is being offered far less time than the "high-priority" task, it is still guaranteed to receive the allocation that has been made to it. The Nemesis scheduler can enforce these deadlines, since the kernel itself is incredibly lightweight - more so than many microkernels.

Secondly, the major problem with offering QoS is working out who is actually causing/benefitting from the work being carried out by the kernel/servers. In a vertically-structured system such as Nemesis, most of the data-path work is moved into the applications themselves, (in shared libraries) rather than being done by servers. So in the case of video, clients render their own pixels into their own memory, and invoke a protected trap into the framebuffer device driver to actually transfer those pixels (over the PCI bus) into their windows on the screen. The trap code respects the CPU scheduling deadlines, effectively causing all of the time consumed in rendering and blitting to be accounted to the application. You can have multiple applications on Nemesis all rendering to the screen (animations, or video being streamed from the disk/network), and the display server is using absolutely no CPU time itself. The display server only has to actually do any work itself when applications want to create/destroy/move windows, or to handle mouse and keyboard events. There is also a separate "X-server" process providing certain X facilities such as the clipboard for legacy applications. Clearly if you have two processes wanting to do a mouse grab, only one of them can do so at any one time - but the important thing is that this shouldn't cause your real-time video conference to break up.

The same idea is used for network and disk access - the disk driver schedules disk block reads/writes, and the network driver schedules ethernet frames. In each case access controls ensure that applications cannot access packets/blocks that they have no authorisation for; by splitting the work up into very small chunks, the task of scheduling (using guarantees rather than simple priorities) is made much more straightforward. Tasks such as protocol processing for TCP/UDP, or interpreting disk blocks to form file data, are performed by the applications using standard shared libraries.

More information about Nemesis can be found at:

• The Nemesis SourceForge site, complete with downloads
• Published papers and other documentation on Nemesis, including the structure of the OS and its devices

How do they prevent priority inversion? For example a process I have granted unlimited (or very large) amounts of service too, and a process I have granted only tiny bits of service too, and another in between. The "unlimited" one waits for a disk I/O to complete. The "tiny" one starts an extreamly slow X operation (like fetching the glyphs for a all 64K chars in a 16bit true type font at some huge scale...or a mouse grab...or a PEX operation). The disk I/O completes, and the large one wants to display something, but it can't as the tiny one is doing something. The "in between" process wakes now, and starts doing a non-X thing (say five hours of ray tracing). It has more resources allocated to it then the "tiny" process so I assume it gets to suck them up, but less then the "large" one, which won't matter until the "tiny" one gets enough slop from the middle one to continue.

There are several assumptions that you make in this scenario that are fundamentally overturned by Nemesis.

Firstly, you fundamentally can't do proper QoS support just using a purely priority-based model. Instead you offer scheduling guarantees - for example, for a process with a relatively low requirement for CPU, you might offer 1ms of processing time per 100ms of real time. For a CPU intensive process, you might give it 2ms of processing time per 5ms of real time. Even though the "low-priority" task is being offered far less time than the "high-priority" task, it is still guaranteed to receive the allocation that has been made to it. The Nemesis scheduler can enforce these deadlines, since the kernel itself is incredibly lightweight - more so than many microkernels.

Secondly, the major problem with offering QoS is working out who is actually causing/benefitting from the work being carried out by the kernel/servers. In a vertically-structured system such as Nemesis, most of the data-path work is moved into the applications themselves, (in shared libraries) rather than being done by servers. So in the case of video, clients render their own pixels into their own memory, and invoke a protected trap into the framebuffer device driver to actually transfer those pixels (over the PCI bus) into their windows on the screen. The trap code respects the CPU scheduling deadlines, effectively causing all of the time consumed in rendering and blitting to be accounted to the application. You can have multiple applications on Nemesis all rendering to the screen (animations, or video being streamed from the disk/network), and the display server is using absolutely no CPU time itself. The display server only has to actually do any work itself when applications want to create/destroy/move windows, or to handle mouse and keyboard events. There is also a separate "X-server" process providing certain X facilities such as the clipboard for legacy applications. Clearly if you have two processes wanting to do a mouse grab, only one of them can do so at any one time - but the important thing is that this shouldn't cause your real-time video conference to break up.

The same idea is used for network and disk access - the disk driver schedules disk block reads/writes, and the network driver schedules ethernet frames. In each case access controls ensure that applications cannot access packets/blocks that they have no authorisation for; by splitting the work up into very small chunks, the task of scheduling (using guarantees rather than simple priorities) is made much more straightforward. Tasks such as protocol processing for TCP/UDP, or interpreting disk blocks to form file data, are performed by the applications using standard shared libraries.

More information about Nemesis can be found at:

• The Nemesis SourceForge site, complete with downloads
• Published papers and other documentation on Nemesis, including the structure of the OS and its devices

How do they prevent priority inversion? For example a process I have granted unlimited (or very large) amounts of service too, and a process I have granted only tiny bits of service too, and another in between. The "unlimited" one waits for a disk I/O to complete. The "tiny" one starts an extreamly slow X operation (like fetching the glyphs for a all 64K chars in a 16bit true type font at some huge scale...or a mouse grab...or a PEX operation). The disk I/O completes, and the large one wants to display something, but it can't as the tiny one is doing something. The "in between" process wakes now, and starts doing a non-X thing (say five hours of ray tracing). It has more resources allocated to it then the "tiny" process so I assume it gets to suck them up, but less then the "large" one, which won't matter until the "tiny" one gets enough slop from the middle one to continue.

There are several assumptions that you make in this scenario that are fundamentally overturned by Nemesis.

Firstly, you fundamentally can't do proper QoS support just using a purely priority-based model. Instead you offer scheduling guarantees - for example, for a process with a relatively low requirement for CPU, you might offer 1ms of processing time per 100ms of real time. For a CPU intensive process, you might give it 2ms of processing time per 5ms of real time. Even though the "low-priority" task is being offered far less time than the "high-priority" task, it is still guaranteed to receive the allocation that has been made to it. The Nemesis scheduler can enforce these deadlines, since the kernel itself is incredibly lightweight - more so than many microkernels.

Secondly, the major problem with offering QoS is working out who is actually causing/benefitting from the work being carried out by the kernel/servers. In a vertically-structured system such as Nemesis, most of the data-path work is moved into the applications themselves, (in shared libraries) rather than being done by servers. So in the case of video, clients render their own pixels into their own memory, and invoke a protected trap into the framebuffer device driver to actually transfer those pixels (over the PCI bus) into their windows on the screen. The trap code respects the CPU scheduling deadlines, effectively causing all of the time consumed in rendering and blitting to be accounted to the application. You can have multiple applications on Nemesis all rendering to the screen (animations, or video being streamed from the disk/network), and the display server is using absolutely no CPU time itself. The display server only has to actually do any work itself when applications want to create/destroy/move windows, or to handle mouse and keyboard events. There is also a separate "X-server" process providing certain X facilities such as the clipboard for legacy applications. Clearly if you have two processes wanting to do a mouse grab, only one of them can do so at any one time - but the important thing is that this shouldn't cause your real-time video conference to break up.

The same idea is used for network and disk access - the disk driver schedules disk block reads/writes, and the network driver schedules ethernet frames. In each case access controls ensure that applications cannot access packets/blocks that they have no authorisation for; by splitting the work up into very small chunks, the task of scheduling (using guarantees rather than simple priorities) is made much more straightforward. Tasks such as protocol processing for TCP/UDP, or interpreting disk blocks to form file data, are performed by the applications using standard shared libraries.

More information about Nemesis can be found at:

• The Nemesis SourceForge site, complete with downloads
• Published papers and other documentation on Nemesis, including the structure of the OS and its devices

You didn't appear to drag yourself too far up or too far away from the streets given your gutteral [sic] language skills.

"Guttural" does not mean "of or pertaining to the gutter", you mindless moron, nor does it in any other way imply anything about education or social position. It's totally unrelated. And don't bother trying to lie your way out of it by claiming that your fucked-up, wrong usage is "acceptable" somewhere. It may be used your way by illiterate imbeciles other than you, but not even by many of them -- and the opinions of illiterate imbeciles like you are of no interest or significance anyway.

The first clause in that sentence is gibberish also. Try "You don't appear to have dragged. . ." instead. Cretin.

You can flame people for their "language skills" when and if you ever gain some "language skills" of your own, but not before. Just in case I'm not being clear enough, how's this: You are a stinking, brainless, invertebrate animal that thrives on a diet of its own shit.

The two trees were last resynced in Wine-991212 (i.e. a little under two months ago).

If you are interested in what's changed, you can try here. That gives some idea of the difference (the statistics quoted are for a diff -u between the current Corel tree and Wine-991212). Essentially, it is a 32 000 line patch, totalling just over 1Mb and affecting 251 files, so it should keep us busy for an afternoon or two :-)

See http://www.cl.cam.ac.uk/users/rja14/eternity/etern ity.html (html version) (ps version)
All theoretical though.

Closest to implemented is: http://www.cypherspace.org/~adam/eternity/ and read about it here.

See http://www.cl.cam.ac.uk/users/rja14/eternity/etern ity.html (html version) (ps version)
All theoretical though.

Closest to implemented is: http://www.cypherspace.org/~adam/eternity/ and read about it here.

Does anyone else occasionally get these strange gray lines which refuse to refresh, especially when scrolling up a page?

Per that article, the Chinese government has two overriding needs: to keep their tight control over China and to embrace the Internet for economic gain. IMHO, these goals are mutually exclusive.

We have no real evidence that a use of the internet for economic purposes *inherently* implies it's use for political purposes. It is up to us (non-Chinese) to make/keep those purposes mutually exclusive. This means we must help people in China who have somethingh nasty to say about their government to get their message out. This means anonymous remailers, anonymous web hosting, etc. It also means putting economic preasure on China to reform.

Also, adding StegFS in the default Linux kernel distribution would help a lot too, as it gives people plausable deniability for having it installed (the system it's self gives you plausible deniability for not giving up the key). Making crypto a standard part of the kernel would really help a lot of people in these situations.

Jeff

Interestingly, the UK government has laws going through, as I'm sure everybody knows, that would allow law enforcement to demand encryption keys from anyone without the need for judicial oversight or reasonable grounds, and also to then require you not to tell anyone. I'm sure the promulgation of stories like this one is supported by the agencies that stand to benefit.

Wow! That is just plain evil. This means someone should start a campaign to get Linux boxes in the UK to use StegFS. StegFS (Steganographic File System) is an encrypted ext2 file system which allows for plausable deniability, i.e. you can give them the password to a lower encryption level and they will have no way to prove higher encryption levels exist, thus there is nothing they can do to make you give up you encrypted data (it also wipes unused blocks so none of this taking the disk to find shit you deleted).

Now, the requiring you not to tell anyone is a seperate issue. I donno what to do about this. I suppose you could just tell people anyway.. maybe someone could run a web page which publishes lists of incedents where they have used this power? Is anyone tring to fight this?

Jeff

Well, have you looked at this animation recently? Black areas indicate identical pixels. You're in trouble, fella.

1. There's a difference between imitating GUI concepts (such as curved edges and other 'look and feel' factors) and blatantly copying a piece of copyright art, even if done using the 'look and copy' method rather than the 'cut and paste'. People going on about GUI similarities between WIN95 and MacOS should look at this GIF animation showing a screenshot off sawmill.themes.org, with elements of the original MacOS X screenshot differenced out. Black means identical pixels.

2. Being able to emulate MacOsX's precise look on Win32 and X machines will harm Apple's campaign to market Macs as a trendy alternative - which is why they spent so much time and money developing it. Of course, you are are perfectly entitled to develop a similar look using their ideas. You shouldn't be able to just copy it directly.

3. This isn't about the right to emulate. That was settled in Apple's case versus Microsoft. This is about the right to copy.

As an analogy, think of Leonardo Da Vinci's Mona Lisa. Originally a masterpiece. However, any half-decent artist can paint a very good copy of it. The true artist, though, takes the eyes, the smile and the use of color and paints his own masterpiece.

Alex

Alex

I found www.damtp.cam.ac.uk/user/hawking/QA .html intresting after reading the main link.

Perutz's conclusion is that many people previously involved in bio-warfare projects are now sowing FUD to enhance their own prestige and to generate opportunities in spurious counterterrorism (as Henry Sokolski notes below, fears of terrorism have generated $10 billion annually in spending by the U.S. government alone).

Perutz quotes an article by Henry Sokolski, the director of the Nonproliferation Policy Education Center in Washington, saying:

Last year President Clinton announced the US would spend $10 billion on countering terrorism, including biological and chemical threats, for fiscal year 2000. Would there be better things to spend such large sums of money on? As for biological attacks worldwide, seventy have occurred in the last century causing nine deaths, but only eighteen of these seventy attacks were made by terrorists. There are risks not only in underestimating the chemical and biological domestic terrorist threat, but in overestimating it as well.

It lives at http://stu.magd.cam.ac.uk/~jakdaw/xmms/

</SHAMELESS PLUG> - Jakdaw (too lazy to log in)

I haven't seen Stephen Hawking listed here, but I think he'd deserve the "honor." Maybe he wouldn't be considered a geek, but still. This page should convince you.

> I'll start writing that just as soon as people start saying it--and not a moment before.

You've obviously never had to organize data by date. It's a damn sight easier to use ISO 8601 than to have to make assumptions about whether 10/11/12 is October 11, 1912 or 2012, November 10 1912 or 2012, November 12, 1910 or 2010 or any other goofball combination. Descending order makes perfect sense: "yyyymmdd", and it can be easily extended with "hhmmss".

There is some good research out there showing how we can have sane realtime and quality of service guarantees for apps; this is vital for timing critical tasks like burning CDs and videoconferencing; with Linux we should be able to compile kernels safely whilst doing those things. But currently, we're blocked on patches getting into the kernel. Ah well.

You make a very, very good point. Isn't there a way the Linux and *BSD kernel could be patched to disallow execution from a stack? I know there's plenty of memory protection and such in there, so can't we put in one more layer of protection?

So, let's just change chips. :-) Of course, that's hardly enough. Can't we clear up a lot of these exploits by fixing the stack? The answer is yes, we could clear up a lot of them. But that sadly, it's not going to cure the class of problem completely.

Why should stack and data pages be executable? Why are any pages that are executable also writable? Well, there are a couple reasons for that. Certainly it hasn't always been that way. But the signal trampoline code from gcc(1) makes this very attractive, and it's a bit annoying to change. You still have to deal with issues of mmap(2), which can ask for pages with any access bits it cares for.

And let's not pretend please that C is the issue here. It's not. You're diddling the instruction set. I don't care if you used a Pascal compiler. You could still diddle it. Then again, there's something to be said for having a cleaner library. See the end of this missive for a simple, elegant, and effective approach to one class of these problems in C by someone famously inclined toward the simple and elegant.

What I strongly suggest that anyone interested in this do is read existing literature on this. Yes, it's work, but it's really, really good for you. Start with the paper StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks. And yes, the buffer overrun in the version of Perl referenced by this paper has long since been fixed. But then read about how to defeat this. You can also check out disabling an executable stack on Solaris, and why this isn't a cure-all.

Even with a non-executable stack, you can still be bitten. Several such exploits have appeared on bugtrak. Here's one. The short explanation for why this isn't a panacea is that if I push a pointer to "/bin/sh" and a (char *)0 on the stack in a place right before an system(3) (well, or or execl(3) or execve(2) or whatever) then it'll still suck to be you. Notice I haven't executed any code that I put on the stack. I just managed to change some of the arguments to existing calls.

Let me put up a copy of some mail from Ted T'so, who said it well:

Well with a non-executable stack most security conscious system administrators will sleep better :) I can guarantee that. (Not too much better as holes always exist but quite a lot).

The advantage of the patch is that it will stop the current set of attacks that take the form of "find buffer overrun in a program", followed by "apply standard toolkit to exploit buffer overrun by putting executable code on the stack".

The disadvantage of the patch is that after we apply, within a few months we will see a new toolkit of the form "corrupt the stack to point the return address into someplace entertaining in libc --- like right before an an execl call in the implementation of popen()."

The danger is people thinking that with this patch, they don't need to worry about finding and fixing buffer overrun bugs in their code....

Here's the promised gem of insight from Dennis:

> ..... If most implementers will ship gets() anyway,
> there's little practical effect to eliminating it from the Standard.

On the other hand, we removed it from our library about a week after the Internet worm. Of course, some couldn't afford to do that.

Dennis

Read here: Attacks on Copyright marking systems

A paper available from:
http://www.cl.cam.ac.uk/~fapp2/ papers/ih98-attacks/ Courtesy of Fabien A. P. Petitcolas, Computer Laboratory, University of Cambridge.

Basically the idea of using watermarks is flawed and the watermark can be easily removed or destroyed using simple tools available today. Note - watermarking can be also done to sound files... something else to remember!

Aaron Helleman

Read here: Attacks on Copyright marking systems

A paper available from:
http://www.cl.cam.ac.uk/~fapp2/ papers/ih98-attacks/ Courtesy of Fabien A. P. Petitcolas, Computer Laboratory, University of Cambridge.

Basically the idea of using watermarks is flawed and the watermark can be easily removed or destroyed using simple tools available today. Note - watermarking can be also done to sound files... something else to remember!

Aaron Helleman

No. Since energy stays constant and thde size of the universe (if closed) will never get to infinity, the energy (whether it is in the form of the kinetic energy you speak of, E=mc^2, or whatever) will just get less dense as the universe expands. The cosmological constant is a force (not completely explained) that, in a snese, helps the third law along: By forcing the expansion of the universe, it prevents a return to order that the recollapse of everything would be.

Check out Hawking on black holes and the increase of entropy that they create...much of the information applies. (the articles are linked from his hompepage at cambridge).(Link)

The best book on programming for the layman is "Alice in Wonderland", but that's because it's the best book on anything for the layman.

Anyway, here's a bunch of links within there:

Friedmann Universes: The three basic models of the universe that start off just after the big bang singularity.

No-Boundary Universe: Stephen Hawking's pet theory until at least '96. I don't know where he stands on it now.

An explanation of Space-Time: What this NYT article is saying is flat. Hmm... it's not that good.

Stephen Hawking and Roger Penrose debated on the nature of Space-Time in '95.

Does that help?

Droit devant soi on ne peut pas aller bien loin...

Anyway, here's a bunch of links within there:

Friedmann Universes: The three basic models of the universe that start off just after the big bang singularity.

No-Boundary Universe: Stephen Hawking's pet theory until at least '96. I don't know where he stands on it now.

An explanation of Space-Time: What this NYT article is saying is flat. Hmm... it's not that good.

Stephen Hawking and Roger Penrose debated on the nature of Space-Time in '95.

Does that help?

Droit devant soi on ne peut pas aller bien loin...

Here is Analog

I use Webalizer, too.

factor 19991119
19991119: 139 143821

More about the ISO 8601 Standard on date and time notation.

It has many advantages:

• No confusion about american/european day/month ordering
• Alphanumeric sorting possible

Could we all start to use the ISO date format... It would make life just that much easier! Thanks. See here for more about ISO 8601, which BTW is also covered in ANSI X3.30-1985(R1991).

Date formats like MM-DD-YYYY and DD-MM-YYYY are ambiguous and confusing, especially for the majority of any calendar year. I really wish people would start using International Standard Date and Time Notation, which is YYYY-MM-DD (see ISO 8601). They're much less confusing, can't mean something different in another notational system, and put units from largest to smallest. Adding in the time continues the trend with YYYY-MM-DD-hh-mm-ss.

Please, please, please? With sugar on top?

Also, he demonstrated displaying one thing on your screen, and another thing on the attackers screen, which has the potential to be used two ways: either to foil an attacker, or the possibility of a Tempest virus, which secretly transmits your cryptographic key to the white van waiting outside, while displaying something else altogether on your screen!

Ross Anderson's homepage has links to his papers on this topic.

Hidding the existance of a message is called steganography. Its more common to high the message in a single image or MP3 as they have more bits to obscure the payload. See http://www.cl.cam.ac.uk/~fapp2/stegano graphy (among others) for more info.

-Henry

This case is lamentable because it was defeated so easily, in a way that shouldn't have been allowed to happen.

Encryption isn't all its cracked up to be.

I guess the question is, what sort of application are you talking about? Analog itself has to be blindingly fast, so C is the obvious choice. But its CGI interface isn't of that type. Speed -- or efficiency if you prefer -- really isn't an issue. So C loses one of its big advantages. I guess a lot of CGI applications are of this type.

Instead, it has to take some small amount of user input, munge it around, and spit it out again. That's exactly the sort of thing that Perl is perfect for. Converting my application from C to Perl, I saved an enormous amount of code length. Again, I guess this is typical of many CGI applications.

Of course, one has to be very careful about security in CGI applications. I think it's swings and roundabouts here. Both languages have similar theoretical problems. But some dangerous things are easy in Perl, and thus probably get done more readily. (E.g. backticks instead of system(), open("|...") instead of popen()). This is a worry: but weighed against this is Perl's -T mode, and its ability to check input for safety very quickly with regexps. In either language you have to know what you're doing here and be very careful to apply it!

And finally, you shouldn't underestimate Perl's readability. Whether in an open source or a closed source model, one day other people will want to maintain your code. Readability is good.

In summary, I'm far from a Perl expert, having written exactly one thing in it. But for my application, and I suspect for the majority of CGI applications, efficiency wasn't the key constraint. Ease of writing and maintaining was.

It came with the story that it was called "the Japanese Method of storing dates".

(Unfortunately my program analog is used on Her Majesty's site, but fails the same test!)

Capabilities are good, but I prefer the Quality-of-Service ideas implemented in nemesis. This is an even more radical OS - it does away completely with traditional OS concepts like virtual memory and priorities. The result is an OS that can perform tasks like multimedia with blistering performance. A prerelease version is available for downloading here. It has a BSD style license.

Capabilities are good, but I prefer the Quality-of-Service ideas implemented in nemesis. This is an even more radical OS - it does away completely with traditional OS concepts like virtual memory and priorities. The result is an OS that can perform tasks like multimedia with blistering performance. A prerelease version is available for downloading here. It has a BSD style license.

Anderson and Kuhn's original paper is well worth reading for a very informative look at what Soft Tempest technologies can do for both attack and defence. I strongly recommend against speculating about any part of this technology until you've read this clear and extraordinary paper.
--

There was an interesting sidebar to an article in Scientific American about a year ago describing a technique to hide data on a screen so that the user could not detect it's presence, yet the data could be picked up by Van Eck freaking.

Microsoft was funding a project to use this to put product serial numbers on the screen so they could drive a truck through an office park and pick out software pirates. Honest.

There was an interesting sidebar to an article in Scientific American about a year ago describing a technique to hide data on a screen so that the user could not detect it's presence, yet the data could be picked up by Van Eck freaking.

Microsoft was funding a project to use this to put product serial numbers on the screen so they could drive a truck through an office park and pick out software pirates. Honest.

A Newton bio While Newton belived in the concept of god, he had rejected the idea of christianity, considering it a 4th century bastardisation. He wrote many times on the subject of religon and was a devout man, a chrisitan in the sense the word is applied to today he was not. His appointment as professor did not require him to swear an oath (a christian one) unto god, this was at the dispensation of the king.

For example, there's an excellent FAQ on Unicode and UTF-8 in Linux that to me seems to imply that UTF-8 is sufficient. Rebuttals welcome.