Slashdot Mirror

Models of time travel based on relativity involve creating an area of spacetime where, basically, things are warped enough that moving in space in the right way moves you backward in time. Like a rapidly rotating black hole.

These have the feature that you can't go any further back than when the area was first created (e.g. when the black hole was first 'spun up'). So if time travellers don't show up, it may just be that no naturally-ocurring areas of spacetime exist that reach back far enough. We certainly don't have the tech to make one yet, and won't for centuries minimum.

More info here.

Yeah, I set "post anonymously by default". Been meaning to undo that.

v2sw7/8PUC$hw5ln5pr7ck5ma3u8LFw2m5l8SDi2e4t5b6HTAe n7g6a!s6MSr1p9 :-)

Btw, I wrote a little Perl script to parse hackerkeys.

Depends on the God...

In these days of 0-day exploits, I just can't take the chance that someone will find a hole in ssh and create a Warhol-worm before I can install a patch. I sleep better now...

Podcasting! Seriously. Audio blogs fetched automatically.

Go here and here.

Does not require an iPod. Really simple syndication (RSS) with encosures.

I'm using a 76 line Bash script.

Current favorite feeds (RSS - not browseable web pages!);

http://www.itconversations.com/rss/recentWithEnclo sures.php
http://www.evilgeniuschronicles.org/cgi -bin/blosxom.cgi/index.rss20
http://secrets.scrip ting.com/xml/rss.xml

Some really interesting things out there...as well as garbage. I'd tell you my favorite -- hint smart show 4 on 'scene' -- though I don't want to swamp the server! For other non-tech, listen to Atomic City Fitness (health) or get angry along with Al Franken on AirAmerica (politics) (even interesting for a few hours to this libertarian).

Let's assume that's true; I am unable to comprehend It's actions. Well... Who, then, deliberately made me too stupid to understand It? Where does the fault lie? :->

In any case, the Jewish/Christian/Islamic god is logically inconsistent, so I believe It cannot exist.

We can reason about infinite quantities, no problem. For example, there are infinitely many integers, and infinitely many real numbers. We can't conceive of them all. But it's possible to prove that, even though they are both infinite in number, there are more real numbers than integers.

Well, people take up more space than just where they live. There's all the land you need to feed them, for one. With current technology, you'd need about four or five Earths to let the current six billion people all live like Americans.

Now, I do want long long life. But I see no reason to restrict our population to just the surface of the Earth...

Look up something like Tierra and actually play with it. (I wrote a simpler variant that displays the same behavior). Open-ended evolution that develops new behavior. The 'organisms' I evolved quickly developed ways of using the opcodes I provided that never occurred to me.

I am very confident that the challenge-response is secure by design. No one's been able to find any kind of hole in it. It's theoretically possible to brute-force it, but most people can't wait until the sun burns out to hack in.

Port knocking does provide a certain amount of security, but the more you try to make it secure against sniffing/replay attacks, the less reliable it becomes. Most of these systems are critically dependent on UDP packets being delivered, and delivered in the order they were sent. Neither of these is guaranteed on today's Internet. A lot of routers are programmed to just dump UDP packets on the floor if they are at all busy.

I wrote something that can be used to shield SSH and other services, but is fundamentally unhackable from the outside and is reliable because it uses TCP instead of UDP.

For some types of programs, performance (in speed and resource use) really really matters. There are targets that current VMs just can't meet. These situations are becoming increasingly rare (indeed, IMHO they are the distinct minority at this point, thank goodness), but they do exist.

Careful design can minimize a lot of this. I chose C for my secure networking program, but made sure it couldn't be subject to buffer overflow and other such attacks. If you look at the design goals and restraints, I think you'll agree that C was the right choice.

Of course this is after thinking about the design for awhile. Rarely have I just gone and said "Ok I'm going to code this function now." without thinking "Ok what will this break? What will I want to add in the future and will it mean redoing this a different way?" I spend alot more time thinking about how to get the best flexibility out of a design than actually coding. I tend to think up the data structures first, by figuring out what data I need and what I'm going to do with it. Once I have that, I construct objects around the structures and figure out what methods I need to manipulate them. Everything revolves around the data, not the process. I try to keep the objects segregated on a "need to know" basis so that it's easier to swap out one implementation for another later. I don't want to be sitting forever rewriting the entire project because I've found that quicksort sucks for this data and I'm better off with a heap than a linked list.

When I actually get around to coding, my first concern is clarity. If I can't read my code, I'm going to be screwed when I have to debug it tomorrow, and totally lost when I need to add a feature or rework something next month. I tend to name my variables and functions for what they are, sometimes with fairly long names. Sure it's a pain in the ass to type cosine_offset and I can typo it alot, but it's a hell of alot easier than figuring out that w stands for cosine offset a month from now. Compilers catch name typos, they won't tell you what the hell you were thinking when you wrote the code. I find the stupid "hungarian warts" where you get names like pfstrqlrdwFOO are absolutely worthless. The only prefixer I use is p, for pointer, because pointer screwups are bad and it's possible to forget something is a pointer and requires different operands. I can usually figure out if something's an int or float or string pretty easy by following the names and what functions it comes from/goes to. GetInputString(myinput) makes it pretty obvious what myinput is, I don't need pcstrz in front of it.

Having other people able to read your code is a huge bonus. Readability = less time debugging = more time to improve or optimize later. I don't know ASM, but if my code is readable by someone who does, it's alot easier to get them to help me if they don't have to spend a week going "WTF is this variable for? What is the point of this function?"

Another thing I do that was taught to me by a very realisticly-oriented CS professor is go for low linecount. Outside of clarity, linecount is king. Why? Because fewer lines are easier to comprehend, tend to have fewer bugs, can be easier to optimize (into ASM for example). Functions over 50 lines are rare for me. My functions do exactly one thing that they're named for, I don't group an entire 9 step procedure into a single long function. If I have to do that then it'll be a function calling a bunch of other functions in order. That way when I have a bottleneck, I can just rewrite 25 lines of code instead of poring over 250 looking for where the slow code is and misunderstanding parts of it.

Granted I'm not the best programmer. I'm probably not even an average programmer around here given my lack of experience. I had a basic course in ASM at college that mostly covered MIPS, and an EE course that covered up through basic CPUs and registers. I know some of the concepts but have never written in ASM. Maybe when I finish the main parts of my current project I'll learn x86 ASM so I can optimize it.

All the details of where to stick the bits are in my blog, and can also be read at Planet SuSE

Go read the page. There's no real contradiciton there. Consider a flip-book animation. Each page is one 2-D slice of a 3-D 'universe'; you get an illusion of time by only seeing one slice at a time. Now, all the ways we can think of to move back in time (black holes, Tipler cylinders, etc.) involve warping up space something fierce. What if you made a flip-book mobius strip? I.e. the 'static sculpture' contains some paths where items can flow 'around' back to 'before' they left, that's all.

Besides, if time isn't in some sense a physical exent, how could you 'travel' along it? If the past doesn't physically exist to travel to, how could you ever get there?

'Meta-time' (on my page I call it 'hyper-time', same difference) is only necessary to have room for alternate universes. E.g., a 4-D arrangement of 3-D flip-books. If you don't have alternate universes, you don't need the concept.

The paradox isn't a property of time, it's a property of the language used to try to describe it.

And the 'change-wave' idea is a result of trying to apply 'normal' ideas of time to a situation where they fundamentally don't apply. Consider - how many seconds per second does the change-wave move? From a given point in time, how do you tell how 'far' the change-wave has 'advanced'? You need a hypertime to describe it, and at that point you might as well just have alternate universes. What happens when the wave gets to the time travel event itself? Why doesn't it flow 'back' along with the time traveller and undo the change that spawned it?

Oh, plenty have. Heck, I have.

Short version: If you go back in time, you either can change the past, or you can't. If you can, the only logically consistent explanation is that you've created an alternate universe. ("Change waves" and other such malarkey don't add up.) So it's not really time travel, it's basically travel into alternate universes.

On the other hand, if you are travelling into "the" past, the past that gave rise to you, then you must "already" be there, and be part of that history. In this case, all of time can be thought of as one static four-dimensional sculpture, and normally we only see one 3D slice of it at a time.

The former seems to be consistent with quantum mechanics. The latter is consistent with general relativity. Unfortunately, QM and GR are not consistent with each other, and no one has a clue how to reconcile them yet. Until we do, or find a way to do practical time travel experiments, we won't know which model really holds.

Public key stuff has had buffer overflows and exploits before. I have my sshd disabled until and unless I give it the correct signal; I don't have to panic whenever it has a hole discovered.

There are less stealthy but more secure alternatives. I wrote one.

It's true that it can't be described by standard models, but if the black hole is charged or rotating (or both) then the event horizon is distored to the point where the 'singularity' (the place where all current models break down) is reachable.

One potential consequence is time travel, to give an idea of how odd the math gets.

I do feel somewhat bad replying to a commercial announcement, with a freeloader announcement ;-> But there are a lot of unemployed hackers out there, and a lot of people who'd test it out and give WineX a louder voice. Do support free, commercial software if you have the means.

I already did that. It's called Ostiary. Much lower bandwidth & CPU requirements, actual cryptographic security, some level of confirmation that the message was received, etc.

I did this with Ostiary. Uses salted HMAC-MD5, fixed-length data, etc. Secure from replay, man-in-the-middle, sniffer, and other attacks. Still vulnerable to DOS, but what isn't?

I admit that the human factor limits the reliability of any system. But this is designed to protect against bugs in ssh. I trust at least myself not to do anything really stupid.

It does have an open port. The client connects, and gets 16 bytes (sizeof(md5 hash)) as a salt. It then hashes this using HMAC-MD5 with a secret password, and sends the result (16 bytes) back. Fixed-length data all the way, essentially zero chance of buffer overruns. Essentially impossible to crack, except for dictionary attacks. So low-resource it runs fine on my Mac SE/30 webserver.

I call it Ostiary (mirror here) and I think it's damn secure.

There'll be a Linux Gazette article about it this month (Feb) when it comes out.

It does have an open port. The client connects, and gets 16 bytes (sizeof(md5 hash)) as a salt. It then hashes this using HMAC-MD5 with a secret password, and sends the result (16 bytes) back. Fixed-length data all the way, essentially zero chance of buffer overruns. Essentially impossible to crack, except for dictionary attacks. So low-resource it runs fine on my Mac SE/30 webserver.

I call it Ostiary (mirror here) and I think it's damn secure.

There'll be a Linux Gazette article about it this month (Feb) when it comes out.

Ostiary is a program that can protect OpenSSH in a similar way to port knocking. It allows for secure remote script execution. It was written by a member of MDLUG.

Anyway, what I'm saying is, what's your secret?

I've got a few. Firstly, my advice is to always compile wine yourself. There's a lot of options, and packagers often choose the lowest common demoninator rather than the options which would yield the best performance for your particular computer. The wine source code comes with a nice script which almost compleatly automates the process. Secondly, to have both wine and winex installed and to try both to see which gives the best results. There's a scipt called getcvswinex which will download the latest winex cvs source, compile it, and keep it from messing with your normal wine build. Transgaming's game search is also good for getting an idea of what games should and should not run with winex. There's also a site called Frank's Corner which I've found to be a really helpful resource in finding what people have been able to get running, and how.

Java? Really? I love Java and Sun, but Java isn't the fastest thing in the world. For something that uses advanced algorithms that are usually optimized in Assembly, is Java really a good choice?

Fortress of Insanity

Then props to Dell. I'm just saying Microsoft should force all vendors to do the same.

Fortress of Insanity

All of the things listed in the patch that are suppose to help security, such as the firewall, are useless. Why, you ask? Because Dell, HP, Compaq, whoever, they don't ship pre-patched like they should. Why doesn't Microsoft get off their fat ass and require that computer manf. patch with SP2? HMMM? Insert a freaking update CD into the box, setup a 1-800 number that the Windows installer contacts to get the latest updates. There's a ton of things Microsoft COULD do, patching isn't enough.

Rant over.

Fortress of Insanity

DRM is bad. Although it is effective at stopping pirates, it also hurts the people who want to legally use what they pay for. Everytime any attempt has been made to stop pirates, it has done nothing but hurt those who paided for it. Take iTunes: You can't take your music to platforms where iTunes doesn't exist. Take the bogus CD track on some music CDs: Couldn't play them in your PC, some CD players, some car CD players, etc.

Although DRM will stop pirates, it stops legit users too.

Fortress of Insanity

What's next? Patent air? Patent leather shoes?! Patent the patent process?! STOP THE MADNESS! AHHHHHHH!

Fortress of Insanity

Most TOS say they have the right to revoke your account at any time, and probably mention something about bandwidth limits. I know when Ameritech.net (my ISP) was merging with SBC Yahoo!, the new TOS said something about bandwidth usage. Because of this, I didn't upgrade (they can't force me to upgrade either).

Yes, the fine print DOSE matter.

Fortress of Insanity

http://www.linuxquestions.org/questions/showthread .php?threadid=126031
"jeremy
root"

You shouldn't post to forums as root, it's a sure sign you're a newbie ;)

Fortress of Insanity

Next on IBM:
Fly to the moon using Linux
Install Perl on your credit card
TCP/IP over cups-and-string
Nanobots made simple with C

STAY TUNED!!

Fortress of Insanity

Very interesting. It's a great idea, I support it. Linux does not compare to BSD in many areas, even areas outside of license. The one problem I see is Java. BSD lacks a good Java port. Yes, FreeBSD has a nice Java port going, but it does not compare to Linux' port from Sun.

If Sun were to port Java to BSD (I think this is a pretty big if), then there is no reason not to use BSD. Maybe this will even kick start BSDs devleopment.

Fortress of Insanity

It's always nice to see BSD being used in strange new ways. I like knowing that using it allows me to move to any platforms in the future without any difficulty. With uncertainty of the x86 platform and lack of portability of Linux distributions not to mention little drivers outside of the x86 realm, NetBSD makes a perfect platform. I'm not even going to mention the problems of the GPL license.

This is why BSD is so great. You have actual portability. It's truly open and free. Stable and secure. Much better code base then Linux with a better development group. The only area it's lacking is XFree86, but in time drivers will come around.

Fortress of Insanity

Myth: The GPL is the only open source license
Truth: Although it's the most popular, it's not the only license.

Sadly, I think this is what most people think of when they think of open source.

Fortress of Insanity

Now I can run my PDA for more then 8 hours... Hooray? So helpful? Thanks guys? :confused:

Fortress of Insanity

Back to VHS! Wait, no, laser discs! Wait, no, 8-tracks!!

Fortress of Insanity

Dear NWS,

As I understand, you've recently upgraded your workstations to some slick IBM machines running Linux. Congrats. Now, about your old workstations. I'd be willing to take the off your hands, I won't even charge anything. I just want to see them go to a good home, not some dumpster behind your building -- ya know, [insert their address here].

Thank you,
Me.

Fortress of Insanity

I think a better question is "Is it worth it?" What does one gain by using a video phone? Nothing, really. If there was some advantage over a normal phone, we'd already be using them.

Fortress of Insanity

That's why I wrote Ostiary, because I can't afford to keep up with all the latest patches the instant they come out. It can be used to remotely enable and disable services (by starting/stopping, them, altering the hosts.allow/deny files, etc.)

The protocol it uses is so brick stupid it's effectively unhackable. It can still be DOSed, of course, but nobody's come up with a way to directly subvert it. It's very small and light, there's even a Palm client for it. No, it's not the answer to everything, but several people have found it useful already.

NetCraft reports Linux and Apache (Red hat version). http://uptime.netcraft.com/up/graph?site=rsync.gen too.org

Fortress of Insanity

Security goes beyond patching servers.

Fortress of Insanity

First Debian, now Gentoo.... Conspiracy! Either that or a horror movie.

Fortress of Insanity

They are working at AOL.

Blogzine
Fortress of Insanity

Fortress of Insanity

In case of Slashdotting, you can read the article below.

Page 1:

*POINT-COUNTERPOINT SPECIAL* What's Wrong with the Open Source Community?
James Turner leads off on the "too many itches" syndrome and other problems - Steve Suehring offers his Counterpoint
December 1, 2003

Summary
Just as, in the Java world, there are many competing MVC frameworks for JSP development, so many Open Source developers - says LinuxWorld senior editor James Turner - "scratch the same itch." In this week's installment of our "Point-Counterpoint" series, LinuxWorld editors James Turner and Steve Suehring slug it out over that most contentious of issues: does the Open Source community on occasion shoot itself in the foot? James says it does, constantly; Steve disagrees.

By James Turner Steve Suehring
Page 1 of 2

Advertisement
James Turner: 5 problems with the Open Source community

There's no question that the Open Source community has a lot going for it. Besides a staggering amount of developer power that can be turned against important problems, the Open Source movement also has a passion and commitment to its work that the commercial software world often envies. But sometimes, the Open Source community can be its own worst enemy. Here are a few reasons why.

1. Too many developers "scratch the same itch."

We hear that Open Source developers come up with new ideas because they "had an itch to scratch." In other words, there was some need they had for a new application, and they "scratched" it by coming up with a tool. The problem is, it's not uncommon to end up with two or three (or more!) different packages doing the same thing. For a specific example, look at what's happened with the Linux sound systems, where there are now several competing packages that have to be supported by each distribution. Or in the Java world, look at how many competing MVC frameworks there are now for JSP development.

A little competition can be a good thing. After all, Linux is all about offering a competing vision for the operating system domain. But when too many competing visions exist, and aren't winnowed down to a small number of options over a short period of time, you end up with a mish-mash of conflicting standards, and a user community that ends up having to download and install a plethora of different packages that all do the same thing.

A perfect example of the "too many itches" syndrome is the absurd number of Linux distributions that exist out there. There's absolutely no reason for there to be more than two or three distributions. And because each one does things slightly differently, we've ended up with the problem that applications and drivers are rarely made available in binary form, because there are too many versions of too many releases of Linux to support.

As an application developer, you would have to provide 5 - 10 different binary installs, one for each distribution. Now multiply that times the five or more active releases of a distribution that may be in active circulation, and you see why so few packages are available as anything but source (especially the most recent releases of packages that have not been compiled and included into Linux distributions yet.)

The next question to consider is, why don't we see more consolidation of technology? The answer: because...

2. Open Source developers love a good feud.

BSD vs Linux. Gnome vs KDE. Debian vs Red Hat. For every interesting Open Source technology, there are two bitterly feuding camps that spend as much time taking potshots at each other as in improving their own products.

It's hard to imagine how much better a lot of Open Source software would be if these groups cooperated and consolidated their efforts, rather than act like the Hatfields and McCoys. Unfortunately, the downside of personal commitment to projects is that people come to use them as a measure of self-w

Dear god, Linux was mentioned on Slashdot! Bring on the follow jokes which we heard oh so many times:

1: SCO jokes
2: Cluster jokes
3: Microsoft jokes

Can't Slashdot think up any new jokes? Of course not.

Fortress of Insanity

The reason people use Linux over BSD is because Linux is a buzz word. Everyday you hear Linux, Linux, Linux. Management only know of Linux, they only look for Linux developers, and so on. Nothing to do with "technical merits".

Fortress of Insanity

I'm not trying to justify what they have done. Ignoring the rules of any licenses isn't right. All I'm saying is they should use BSD instead... now.

Fortress of Insanity

This is what *BSD is for. It works just as well as Linux, better in my opinion (hey zealots, keyword is opinion), and has a truly free license -- one where you can redistribute in both source and binary form. I suggest Linksys, Broadcom, Google, and whoever else is under fire from FSF and EFF to use NetBSD (great for embedded devices) instead of Linux.

Fortress of Insanity