Slashdot Mirror
Slashback: OSX Security, DoD Filtering, Anonymous Posting
University of Wisconsin's Mac OS X Challenge. HABITcky writes "The University of Wisconsin Security Challenge has ended after 38 hours, intermittent DoS attacks, 4000 ssh login attempts, a bandwidth spike of 30 Mbps, and 6 million logged ipfw events. During this time there were 'no successful access attempts, nor any claims of a successful attempt.' You may remember this challenge was proposed in response to the 'woefully misleading' ZDnet article, Mac OS X hacked under 30 minutes, which was previously discussed here on Slashdot."
Skeptics investigate cold fusion.smooth wombat writes "As a follow-up to a previous Slashdot posting, Purdue University is investigating the claims of Rusi Taleyarkhan who claimed in 2004 to have created nuclear fusion at room temperature. The investigation came about from complaints from colleagues who suspect something is amiss. Taleyarkhan, who used to work at Oak Ridge National Laboratory, has, since working at Perdue, removed the equipment the co-workers were using to try and replicate the results, claimed results for experimental runs were positive for fusion despite the co-workers never seeing the raw data and opposed the publication of results which contradicted his findings."
More on DoD web filtering. timetrap writes "I work in a mobile combat communications unit, while I'm not in the sandbox right now, I can attest to the DoD policy on blocking web access. First of all when you are down range don't expect to even get DSL speeds from a satellite, we usually roll with about 256kbs for the data side of our trunk. So blocking sites is very important, otherwise 4 or 5 people could start streaming audio and pretty much knock down any legitimate use of the network. We filter websites with smartfilter and yes the military system admins in the IPO office will unblock any web site that isn't blocked by local policy (no pr0n, no streaming audio, no civilian web mail: both the hot and the g varieties, and no chat programs; although irc is used by the DoD) This is no Orwellian conspiracy, but quick and easy system administration; apply smartfilter: check! If you want to check the current smartfilter blocked sites goto: securecomputing and submit some sites to check." Slashdot's own Jamie took a look at Smartfilter back in '99 as a part of the Censorware project and it still remains a mysterious black box to this day. While some would advocate full disclosure using censorware still appears to be merely passing the buck.
AT&T cuts 10,000 jobs after BellSouth merger. mytrip writes to tell us that immediately following their $67 billion acquisition of BellSouth, AT&T plans on cutting about 10,000 jobs.
More child-proofing efforts for MySpace. conq writes "BusinessWeek has an interview with Connecticut Attorney General Richard Blumenthalin in which he describes measures MySpace and other similar sites should take to protect children. From the article: 'We're going to be suggesting some very specific measures that MySpace can take based on our conversations with MySpace as well as with other law enforcement authorities at the state and local levels. We've received hundreds of complaints from parents who are concerned about these issues, and we want to be sure that the measures we propose are technologically feasible and financially viable.'"
Why Windows Vista will Suck: a rebuttal. shrapnull writes "Hot on the heels of Extreme Tech's 'Why Windows Vista Won't Suck', Steven J. Vaughan-Nichols has an alternate position posted on DesktopLinux, and sent to subscribers of Novell's 'Suse Linux Cool Solutions' newsletter."
Harvard researcher punished for reporting bugs. Guillermito writes "A story previously discussed came to a sad conclusion two weeks ago. The bottom line is this means that it is forbidden to use reverse engineering tools to find bugs in a software. You also have to prove that you own a valid license for each version of the tested software. To publish a proof of concept that contains a few dozens of copyrighted bytes is also forbidden. It's a nice precedent for any company selling a defective product."
Assemblyman Biondi backpedals on NJ anonymous posting bill. Quadraginta writes "Earlier, denizens of Slashdot reacted to a story about a bill to be introduced to the New Jersey legislature that would require hosts of forums, bulletin boards and the like to keep track of the real identity of anonymous posters. Seems like there was a strong reaction all over. Assemblyman Biondi now appears to be backpedalling furiously. From a letter quoted after the link: 'I am getting inundated with responses which I will review and use to better educate myself on the implications of this bill. If, after reviewing all of the correspondence and the opinion of OLS, it turns out that the bill is, in fact, unworkable, I will certainly reconsider and withdraw it.'"
A followup on Chinese TLDs. nqz writes "In this story on ComputerWorld, ICANN and the China Internet Network Information Center (CNNIC) both dispute a previous story discussing China's new top-level domains containing Chinese characters."
The original article said it would be up through Friday, why the early shutdown? Maybe it stayed up for 38 hours or whatever and then someone got in, so they post-pre-maturely ended the contest the minute before the crack?
CIO = Chief Information Officer
[Fuck Beta]
o0t!
More like - was done without authorization, and was shut down. From the site linked:
Yesterday we discovered the Mac OSX "challenge" was not an activity authorized by the UW-Madison. Once the test came to the attention of our CIO, she ended it. The site, test.doit.wisc.edu, will be removed from the network tonight.
Our primary concern is for security and network access for UW services. We are sorry for any inconvenience this has caused to the community.
Still, shut down or 'ended,' not being hacked is a good show. Congrats to OS X.
I think Apple would be well-served by having a continously running OS X security challenge, for both OS X and OS X Server. Offer a reward every time you demonstrate a hole, and fix them fast.
I dunno. I would think a massive, pipe-clogging bandwidth spike, which resulted in the removal of said site, would qualify as a successful attack.
I guess it all just depends on exactly what you want to do.
Chas - The one, the only.
THANK GOD!!!
Does it matter what they say? Any Chinese portal with enough heft can just start handing out Chinese TLDs whenever they like. (For that matter, so could I, but noone would know). Does anyone know the current state of international tld support in browsers? And what encoding is/would it support?
For that matter, if China (mainland) blazes the path for Chinese TLDs, would they go with gb2312 and thus sort of make China (mainland)'s TLD scheme the default for the world as opposed to Taiwan's Big5?
Myself, I'd be happy to see utf-8 tlds, but that's small potatoes compared to my fervent whish for a utf-8 clean php release. Does slashdot support
It did, in the old days. They rewrote it a long time ago, I think in the jump to Nt 4.0. The userspace command line tools are still BSD based in XP though.
...nobody broke into the box to read the statement.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
I'm not a marine, but I do work for the DOD, and I can tell you that most political websites, right or left, are blocked. Again, not a conspiracy, just simple work place web surfing management. When you're on a network that doesn't belong to you, or that you don't pay to have access to, you shouldn't complain about the policies in place. I don't bitch at my friends for not letting me fuck their wives when I come to visit their houses.
Note to self: No more arguing with the faithful.
And that's why when it says on your military ID "Property of the U.S. Government" they're not just talking about the ID card ... =)
"I hate to advocate drugs, alcohol, violence or insanity but they've always worked for me" - HST
Software researchers are the most impacted by this, as it's hard for a PhD to claim natural stupidity as a defense. It's expected of most end-users (even when that is unfair) so they can get away with it.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
There is a fairly simple solution to the problem of vendors forbidding security reaseachers from examining their products. At the next big security confab float and get a lot of signatures on a resolution something like this:
"Some companies object to our legitimate research, even though we report our findings responsibly. So be it. We resolve to continue to locate defects in these irresponsible vendor's products. However since they now make it a crime to do the right thing, we resolve to anonymously publish our results for these products to the most vile and wicked cracking gangs we can contact as ready to use fully weaponized exploits. We further assert that we do not fear any legal reprecussions on the grounds that if any Fed can tag us we aren't worthy to continue in this line of research."
Let the business press cogitate on that announcement a day or two and see how fast vendors start backpeddling.
Democrat delenda est
For those who don't want to read the entire article, here is the cliffsnote version.
I understand operating systems and am very smart and I have 20 computers and a dog named spot.
linux power.
Vista will suck because it won't be free.
linux power.
The graphics will suck because it takes an expensive computer to run Aeroglass.
linux power.
Memory management will suck because linux has had good memory management for years.
linux power.
Superfetch will suck because GCC has had it for years, and your dog can run off with your USB card. (Never mind that it's just a *cache*, and it won't do anything but slow your computer down again after your dog starts chewing on it)
linux power.
TCP/IP improvements will suck because it's been in other OS's for years.
linux power.
Security will be bad because they found a bug in vista.
linux power.
I'm sorry. The number you have reached is imaginary. Please rotate your phone 90 degrees and try again.
I would like to point out that those people who state that MacOS X hacking is of little interest to the hacking community because the Mac has little market presence should pay attention to the draw this challenge precipitated.
Looks like every hacker and their uncle had a go at this one. I wonder how many unique IP addresses were used to access the challenge.
I read that pile of crap that somone claims to be an article about Why Vista Will Suck and all I got out of it is this guy is a $%@^$@# idiot. Great, he's got a copy of Vista and a fast machine. Most of his complaints can either be dismissed because Vusta is still a BETA or not attributed to Microsoft at all. Is it really Microsoft's fault if you're not careful around your USB drive? And who cares if Linux and Mac OS X have had feature X for years? Isn't Vista going to benefit from using feature X if everyone else has? How can this be a reason why Vista will suck? Isn't this more of a reason why Microsoft's marketing managers suck? What about his anecdotal argument concering security? There was a patch for the WMF swcurity hole. Let's analyze the argument. First of all, the patch was released in January. The CTP was released in February. You do the math. Not to mention that perhaps there was an old portion of XP in the January release of Vista that's since been removed from the February CTP. Did Stephen check? Probably not. If security patches being released for an OS are all the proof he needs that it's insecure than he'd better add OS X and Linux to the list. All in all, this was a poorly written and researched article with little evidence to back up his claims.
It's not.
Part 1: Taleyarkhan, who used to work at Oak Ridge National Laboratory, has, since working at Perdue, removed the equipment the co-workers were using to try and replicate the results
, (comma)
Part 2: claimed results for experimental runs were positive for fusion despite the co-workers never seeing the raw data
and (Proper use of a conjunction in a sentence containing a list of verb phrases)
Part 3: opposed the publication of results which contradicted his findings.
Each part of this sentence is not a sentence in and of itself (with the exception of part one, which is completely acceptable), which would constitute a run-on sentence. It is grammatically correct even though it is quite surprising and irregular, being the work of a Slashdot editor. This sentence is logically equivalent to:
Joe, who used to manage Cisco-based networks at Sandia National Labs, has, since completing his dissertation, published papers on network topologies, lectured at various institutions and released software to aid in the management of large-scale networks.
Sure, its clumsy and difficult to read, but still valid.
AFAIK, there are no voices giving out any other viewpoint(s).
You can read an in-depth review of the matter here:
http://www.petitiononline.com/mmfa2/petition.html
The petition was created by the people at Media Matters
[Fuck Beta]
o0t!
"I work in a mobile combat communications unit, while I'm not in the sandbox right now, I can attest to the DoD policy on blocking web access.
There are several levels of DoD blocking. First, the DoD policy on web access, policy, and security in general, very broad, next is the Departments level, i.e. Army, Navy, etc, then there is the base policy and then the command policy and unit policy all the way down to the company. The "general rule" is that no one can have policy rules lower then that of above. This means a platoons policy can not be more lax then the base policy. This sort of transitive policy based appliance leaves much room for interpretation at all levels of policy implementation. Every service is different, every level is different and every network right down to the hardware is different. So, when you talk about blocking you have to be very specific as it is nearly impossible to just nail down an exact, cut and dry policy. Web content filtering, ACL's and the likes are different from service to service and mission to mission.
First of all when you are down range don't expect to even get DSL speeds from a satellite, we usually roll with about 256kbs for the data side of our trunk.
This is too far from the truth depending on the environment. The Ku band in Iraq is quite substantial in fact the smallest direct BGP Sat link might be a T-1 up to 8 and 32Meg or so via a Sat package called the DKET. This is speaking for the Marine side by the way. Also lateral links are about 3Meg at the smallest level via another Ku Sat package. This of course has its caveats. At this level we are talking about a non-mobile infrastructure were as a mobile infrastructure would be a Microware shot thru a TSR or MUX link at anywhere from 96k to 512k or more depending on voice needs and breakdown of classified to unclassified network needs. (Data bandwidth is shared between the two types of DoD networks when multiplexed, voice generally rides its own trunk card thru the multiplexer, typically a Promina node does this multiplexing or at lower levels in the unit they have what is called an FCC multiplexer)
So blocking sites is very important, otherwise 4 or 5 people could start streaming audio and pretty much knock down any legitimate use of the network. We filter websites with smartfilter and yes the military system admins in the IPO office will unblock any web site that isn't blocked by local policy (no pr0n, no streaming audio, no civilian web mail: both the hot and the g varieties, and no chat programs; although irc is used by the DoD)
This is somewhat accurate. From the Corps standpoint, when I first went to Iraq this was not the case. We could chat all day long until it was "locked down". This is done at the BGP point via the highest headquarters out there, CentCom etc. Even then it isn't full proof, I found ways around it, i.e. bypass or just good ole bribing the E-3 at the terminal.
This is no Orwellian conspiracy, but quick and easy system administration; apply smartfilter: check! If you want to check the current smartfilter blocked sites goto: securecomputing and submit some sites to check."
Once again, take this with a grain of salt. Though this seems like it applies to all agencies and to all services at all times it really doesn't. The mobile and deployed units are in constant flex so nothing is really ever solidified when it comes to policy. The ONLY real way to know for sure is to go out there and site down behind their network and try it yourself, or ask someone you know out there to do it. I have a couple dozen friends out there right now on the Net Admin side so if you have a specific inquiry post it and I will see what I can come up with.
"Digg.com is eating slashdot alive right now. Better stories, better tech, better forum. It's only a matter of time slashdot becomes irrelevant unless they can turn it around."
I really hope a lot of people leave Slashdot for Digg because the only people that read Digg are complete and utter morons. The intelligent people have already realized that Digg is complete garbage and the idiots that are to stupid to understand that can flock to the idiocy that is Digg. It only makes the community here better by filtering out some of the morons. Digg reminds me of an AOL chat room that is filled with nothing but below average script kiddies...
Digg is the perfect example of what's wrong with all this "Web 2.0" garbage. Flashy website that's incredibly bloated with no real content and a horribly dumb community.
those people who state that MacOS X hacking is of little interest to the hacking community because the Mac has little market presence should pay attention to the draw this challenge precipitated.
I completely agree with you. a 4,5% share seems low but many hackers would get a terrific ego boost by being able to shut up once for all the mac fanboys. Also some attacks on windows rely on unpatched machines with this and that service running and reachable through firewalls, which could well mean an attack on the 10% or less of the total of windows machines which in turns makes like an 8-6% or even less share. Crackers still take time to engineer them, though.
Mod parent up, please.
---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
And a new computer to support it, at least according to him.
We're going to be suggesting some very specific measures that MySpace can take based on our conversations with MySpace as well as with other law enforcement authorities at the state and local levels.
Not sure what the point of this article is, he doesn't even say what his "specific measures" are. Probably just some political move.
I don't know what the big deal is about myspace, just politician noise, I guess. What kind of 14 year old girl is going to go out with a 30 year old man? If they do, there is probably some other problem (like they are starved for affection). I remember here on slashdot a few years ago there was a story about a girl who got seduced by a predator, but her mother was encouraging it!
So yeah, there is a problem here, but making laws about myspace isn't going to help anything.
Qxe4
"Why Windows Vista won't be known to suck."
1700 PACIFIC U.S. MON - FRI TOP
00:00 AP Newscast
03:00 Sporting News Radio Sports
06:00 The Al Franken Show
It's not about left-wing or right-wing or centrist or any of that. It's about money and power just as it has always been. Play the follow-the-money game (and hone some research skills too, woohoo!) more often and you will come to see this.
Left, right today. God, Satan yesterday. You notice it's always two, and only two, diametrically opposed ideas that can be compromised but cannot be reconciled (with other ideas existing only in an extremely marginalized form that is unlikely to be implemented, such as libertarianism). Your basic divide-and-conquer strategy. The left-wing vs. right-wing is an idealistic clash that does a great job of distracting people from basic critical thinking skills and a willingness to stick to the facts as determined by evidence when making decisions. It's a distraction, and it's a deliberate and effective one.
I'll give an example. Generally a left-winger is for greater personal freedom and more economic restrictions (particularly income redistribution, but there are others). Generally a right-winger is for greater economic freedom (tax cuts and the like) but more restrictions on personal freedom. Well, guess what? Both require a rather large government to properly realize their stated goals. So you have everyone squabbling over which set of restrictions they prefer, meanwhile, the elected officials continue to enjoy an ever-increasing national budget and more and more laws to appease their campaign contributors (recent changes to copyright law, anyone?). No matter how you carry out the left vs. right debate, a minimal government will never be the result. As stated above, a very effective distraction. For the people who stand to gain from less real freedom, and this subset of the population includes the major media outlets, it has served its purpose well. You don't need a conspiracy of any sort either; all that is required is that those who desire power act in their own interests while no one does anything to check them because they're too concerned about who will win the next American Idol.
It has always amazed me how so many people would agree that throughout history, religion has been used to control people by keeping them ignorant and willing to obey, but the same folks who will agree with that find it absurd that media and propaganda and creature comforts and an overemphasis on work/business can be used the same way.
It is a miracle that curiosity survives formal education. - Einstein
The "real" AT&T, pathetic as it was in the last couple of decades of its existence, had a long and interesting history, dating to the 1870s. There's something profoundly phony about a company like SBC claiming to be a continuation of that.
But even earlier in the article he blasts windows for supporting peripherals that do not yet exist. DirectX10 graphic cards and CableCard support both get dismissed because you can't buy them yet (just as you can't buy Vista). Once again, how can Microsoft possibly fix this; by not providing support for this hardware?
Finally, now that Microsoft can't win by adding software or hardware support, Microsoft can't win by adding features. The guy has dug deep to find a little-advertised networking feature that lets you use ipsec for internal communications. He declares this to be bad. He fails to tell you that you are neither required, nor coerced to use this feature. He fails to mention that you will probably not even know it exists unless A) you run a corporate network and B) you dig deep into the OS to find it. My mind is completely numb trying to comprehend how MS is screwing the customer here. Once again, should they have just left the option out?
This guy hasn't merely set the bar too high for Vista, he's replaced the bar with a sign that says, "still too low." This is only worth reading as a reminder that people who support the right thing are more than capable of doing it in the wrong way.
TW
There are two Vista concepts at play here, SuperFetch and External Memory Devices (EMDs).
r everyone/performance.mspx
0 100).
"Windows Vista introduces a new concept in adding memory to a system. USB flash drives can be used as External Memory Devices (EMDs) to extend system memory and improve performance without opening the box. Your computer is able to access memory from an EMD device much more quickly than it can access data on the hard drive, boosting system performance. When combined with SuperFetch technology, this can help drive impressive improvement in system responsiveness."
http://www.microsoft.com/windowsvista/features/fo
SuperFetch can apparently use an EMD as additional ram and "A unique algorithm optimizes wear patterns, so that a USB device can run as an EMD for many years, even when heavily used.". I think that I'd take it with a grain of salt until I saw it working, this is still marketing fluff as the USB support won't be available until a later preview version of Vista (http://www.itnews.com.au/newsstory.aspx?CIaNID=2
I am curious about the Hybrid Hard Drives mentioned in the article on the Microsoft site. Anyone know which manufacturers are developing hard drives with a large flash cache?
While I'm as big a fan of conspiracy theories as the next guy, I'm sorry to say that no such speculation is neccessary in this case.
The guy just cannot write.
Seriously, check out Linux Desktop or Linux Watch and check out other articles by this guy (his name is Steven J. Vaughan-Nichols). It's all the same story: flawed, simpleton logic; egregious typos (he must hate copy editors, because he's obviously never let one near one of his articles); sentences so poorly constructed that although you know you're reading English you can't figure out for the life of you what the guy is saying.
Even when he's not that bad, he's bad...
DSL, for those of you who don't know it, is one of several "mini-Linux" distributions. Of the set, it's probably the most well thought of since it actually manages to pick a GUI into its goodness and, having turned version 2.0 recently, it's the most mature of the mini-Linuxes.
See, he's just a bit off-kilter; it's not that you can't parse the sentence, it just gives you that queezy feeling in your stomach that you can't explain. I don't know where this guy learned to write, but I can tell you that I won't be reading any more of his "articles."
Ok, I don't agree with the 'counter' article on why Vista will suck, as we have also been using it, and there are some rough edges, but even at this beta point it is more stable and mature than some other 'full scale' shipping OSes.
/. community truly use this article as a 'definitive' answer of what Vista will or won't do.
/. quality? And yes, that is kind of a loaded question as some of the stuff we see is questionable anyway.
However, I had to go WTH when I read the article. How can anyone here in the
#1) The person writing the article doesn't even have a video card that does Vista Glass, that means, they don't have a video Card made in the last 4 years, all it takes is a Pixel Shader 2.0 on the card, that NVidia debuted years ago at Comdex with the GeforceFX 5200 for 80 bucks.
#2) Did anyone else catch this line about his reference to the Vista video requirements, " would only add that if you expect to see the fancy desktop, you need to invest in, say, an ATI Radeon XPress 200, an Nvidia nForce4, or a high-end graphics card."
Ok, hold your hand up if you know the difference between Video and Mainboard chipsets? nForce/Geforce anyone? I know 10 year olds that would laugh at this. And the ATI Radeon Xpress 200 as a base line? An integrated ATI Chipset that debuted last year? That is even crazy.
How about an NVidia PCI 5200 Graphics card made several years ago as the baseline, and Vista does Glass quite well on it even. Even generic notebooks baseline for Video anymore is ATI or Nvidia chipsets that include Pixel Shader 2.0 technology or basically hardware DirectX 9 support as others would call it.
I don't fully disagree with this person's article either, but really, is this
Make your own judgements on this, even as the article says, Vista seems to be better than XP, and who knows for sure how it will turn out...
Oh yes, and: "The challenge is as follows: simply alter the web page on this machine, test.doit.wisc.edu (128.104.16.150)." Not DOS it or other machines around it.
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
Normally I read digg entirely by RSS. Predictably, if you want any content, they want you to click through, since they haven't figured out how to transfer their ad-serving tech to RSS.
Recently, I *did* click through to something sufficiently enticing, and started reading. Woah.
They suddenly have nesting discussions (ok, only 2-level), comment rating, *and* filtering based on aggregate rating. As far as I can tell, they're only a few weeks away from the full-grown trolling ecology that is slashdot.
Don't think I'm just dissing slashdot. You should consider that this very message is pandering to you. It's a troll, albeit a troll with actual content. Despite my ph33rsom3 50 karma, I just can't resist writing a message that's informative and trying to get a good audience response.
Before you write off digg as a bunch of fucking loser teenagers who wouldn't know a VAX if somebody dropped it on their WRX (admittedly true), you should consider that they just grabbed what are probably the two most important feature from slashdot for fostering a culture encouraging intelligent commentary.
Meanwhile, slashcode in response picks up its first new features in *ages*.
Competition is goooooooooood.
I could go on at great length about the iniquity of PowerPointisation of the English language, but I won't. Suffice to say that we should not have to assume that our audience has the attention span of a flea.
Well, according to another guy behind the filter (me), every one of those sites comes up.
Like someone else said above, the policies are applied differently across the services and down to the different levels. rushlimbaugh.com proabably isn't blocked because NO ONE F'N GOES THERE and no bandwidth is being wasted on it. If a flood of users went there and started eating up / wasting bandwidth, then it's be blocked for operation reasons because the site is not mission essential.
You know, just _maybe_ there is someone pushing a political agenda here. I can't say for sure that there's not. But this isn't a "DOD" or "Marine" policy to block these sites. Every situation and site is different and what happens at one shouldn't be lumped with the entire DOD.
---John Holmes...
For this reason, it would seem stupid to use UTF-8 or UTF-16. Those don't encode everything that need to be encoded, if we're to have a truly international system.
Based on the current definitions, we should be looking at UTF-32...
The Unicode FAQ talks a lot about how nobody needs more character sets than UTF-16 can support, but (a) they don't represent all languages, or even a reasonable set, because UTF-16 can't handle that many...
With due respect, you clearly don't know what you're talking about.
UTF-8, UTF-16, and UTF-32 encode exactly the same characters. There is no character that can be encoded in UTF-32 that cannot be represented in UTF-16 or UTF-8. And there is no character that is needed to write any text in the world that would not fit into the range of characters that Unicode allows for. Period.
Moreover, the efficiency implications of decoding UTF-16 surrogate pairs or long UTF-8 sequences are hugely overblown. Yes, UTF-8 and UTF-16 are variable-length encodings, but in practice that is totally irrelevant. Even UTF-32 represents many logical characters as multi-codepoint sequences, with things like combining diacritics. The complexity of processing things like Arabic text, which is full of ligatures and positional glyph variants, dwarfs the perceived complexity of performing a few bit shifts to convert three or four UTF-8 bytes into a Unicode codepoint.
In the nicest possible way, please go and learn about how these things really work before you come back and mouth off about things you don't fully understand.