I like the TiBooks, but this is absolutely bullshit:
> The ironic thing is you could get a $2,500 apple powerbook, run MS Office under Virtual > PC-- ie EMULATION-- and get better performance than a $4,000 Compaq
Unless you have some benchmarks to back it up, don't go spreading around nonsense like this. Even the $3200 TiBook is a 800 MhZ G4, which is approximately as fast as a 1.8 Ghz celeron (see, for instance, cpuscorecard.com). If you think a 1.8 Ghz celeron laptop costs $4,000 (even from Compaq), well, you need a lesson in shopping. =)
He said he's from Sweden. Much of Europe doesn't use the comma to split up long numbers, they use the space instead (the comman replaces our decimal point). So it's 4,500.
Callamon, you are asserting lots of things that are just wrong. Most of the things you're claiming will solve the problem are easily circumvented.
It is a simple matter, once a computer has been compromised, to run any binary of the hacker's choice *without* even needing to write to disk. The point of most buffer overflow (for instance) attacks is that they allow the execution of *arbitrary* code. You can use that to set up a network connection, listen for a binary and write it into memory, and then jump into the code.
You also can't 'disable' commands (without perhaps modifying the kernel, which seems pretty sketchy), because the system calls will still be available and can be called from the code that the hacker uploads.
Obviously the point is to make the file system server dictate permissions; otherwise, the file system might as well be local. It's true that talking directly to the drive will probably be faster (though you will also no doubt need kernel mods so it can notice that the drive's contents is changing underneath it, and this can be a mess and impact performance), but it's unlikely that this speed will be a bottleneck since after all you're limited by how fast you can send that data out over another network connection. Of course, the money you save not buying weird proprietary hardware could sure make a difference elsewhere...
Well, I'm talking about mounting it over the network such that it only has access to 'read' from the file system. Though it's not unlikely that once compromised it'd be easy to circumvent local access controls, I think it'd be about as easy to get write-access to the file system share as it would be to directly hack the file system server.
But if you really are serving static content, burning a CD with the website on it and using a large memory cache would probably be much more economical.;)
M-x make-frame-on-display... which creates a new frame (ie, window) on an X display. You can do this and then two folks can simultaneously edit the same file! Unfortunately, there is only one minibuffer, so some commands and editing styles are troublesome. But we used to do our homework this way; it's really fun...
Lisp is not cool because it is not a markup language.
That said, being able to write 'code' that is 'data' is a highly overrated feature of lisp. What kind of uses of this are there aside from self-modifying code?
I agree with you. For an example of a wealth of music not influenced by money, just browse the many artists on mp3.com. If you spend a few minutes you can probably find something that you like, made by someone who actually cares about their music, and someone you can have a real conversation with.
In the future, I forsee that the following will be profitable business models:
- Touring and playing live shows (for it is impossible to MP3 the experience of going to a concert)
- Services that find music for you that you will probably like
But NOT recording a disc for a day in the studio and selling the same thing a gillion times.
Well, I'm sure you are just being sarcastic, but I do actually think it's a great page. If you want some context, do a search for "untitled game" and read interviews with the creator. It is more clever than most "art" I have seen.
> Thats the most ignorant web page i have ever seen. Art project? Pagemill for the VIC20 > could have made something nicer... I was hoping for some screenshots - seeing how quake > hasn't been installed on my computer since right said fred was topping the dance
These are mostly modifications to the game engine itself; therefore the zip files come with the executable. You don't need to have quake installed to play. But anyway, if you don't like that kind of art, I guess you should browse elsewhere.
If there's no confirmation, and the slashdot editors don't bother to try to confirm themselves, what the hell is the point of posting this? To "scoop" everyone (even though someone else is already carrying the rumor)? Let's save the rumor mongering for fuckedcompany, and (unless it's something really, really interesting) try to report more developed stories on the news sites.
Unfortunately I can't get to the site, but from what the abstract says, this doesn't apply to JPEG at all. Is there some sort of document explaining why this is supposed to cover JPEG, or is it simply wishful thinking?
JPEG uses the DCT ("discrete cosine transform") on 8x8 blocks to separate high frequencies from low, then drops out high frequencies and does standard lossless compression. This abstract apparently describes some method of digitizing a signal (apparently in a one-dimensional way) and using standard lossless compression on it.
Building on a computer lets you do more spectacular things, work in more abstract domains, and never have to deal with issues like buying parts or having them fail. Civil engineering isn't the only kind of "construction" to be done! There are construction kits for all sorts of things: video games, mazes, robots, circuits, music...
I rather give my kid "Rocky's Boot" than a soldering iron and some ICs!
We also need relational and logic programming. But remember, always give the user the ability to shoot himself in the foot, because that's what he/really/ wants!
> Even if generating a key is a million times harder, when you're testing 2^24 salts per > key, that only makes the overall problem 7% harder.
Oops, you're right, I wasn't thinking. Anyway, being able to generate lots of weaker keys is only a problem if users trust weak keys (which becomes less likely the more that attacks like this are attempted!)
> For example, suppose you wanted to generate keys of stength 32, but knew that strength 28 was acceptable. > You start testing salts until you find one that's strength 28 or more. > You record the result, pick a new key, and continue.
Good point. Of course, RSA key generation is probably a million times slower than MD5 hashing, so this isn't really feasible from a practical standpoint. But I hadn't thought of that.
> The problem isn't the evil master mind making salt for his henchmen, > the problem is the evil master mind who makes thousands of mules. (Identities for > himself.) Signed salts do not prevent the mule problem.
The entire purpose of computationally intensive identity generation is to prevent the "mule problem". Are you saying it doesn't? Why not? While it's true that the RIAA has some computational resources to generate keys, it does in fact cost them resources to generate them. Users of the network can tune the strength of the keys they accept to a level appropriate for the amount of effort that attackers are using against the network.
> I don't believe you can so easily tune the amount of work needed to create an Identity > either.
Why not? It's easy to double the amount of work needed by increasing the number of colliding bits by 1.
> If variable strength keys can be used, > then in the processes of generating a strength K key, > the EMM also generates 2 strength K-1 keys, 4 strength K-2 keys...
Yes, but they're all the same key, since a key is the public key part, not the public key and its salt.
Slashdot Mirror
I like the TiBooks, but this is absolutely bullshit:
> The ironic thing is you could get a $2,500 apple powerbook, run MS Office under Virtual
> PC-- ie EMULATION-- and get better performance than a $4,000 Compaq
Unless you have some benchmarks to back it up, don't go spreading around nonsense like this. Even the $3200 TiBook is a 800 MhZ G4, which is approximately as fast as a 1.8 Ghz celeron (see, for instance, cpuscorecard.com). If you think a 1.8 Ghz celeron laptop costs $4,000 (even from Compaq), well, you need a lesson in shopping. =)
He said he's from Sweden. Much of Europe doesn't use the comma to split up long numbers, they use the space instead (the comman replaces our decimal point). So it's 4,500.
Callamon, you are asserting lots of things that are just wrong. Most of the things you're claiming will solve the problem are easily circumvented.
It is a simple matter, once a computer has been compromised, to run any binary of the hacker's choice *without* even needing to write to disk. The point of most buffer overflow (for instance) attacks is that they allow the execution of *arbitrary* code. You can use that to set up a network connection, listen for a binary and write it into memory, and then jump into the code.
You also can't 'disable' commands (without perhaps modifying the kernel, which seems pretty sketchy), because the system calls will still be available and can be called from the code that the hacker uploads.
Obviously the point is to make the file system server dictate permissions; otherwise, the file system might as well be local. It's true that talking directly to the drive will probably be faster (though you will also no doubt need kernel mods so it can notice that the drive's contents is changing underneath it, and this can be a mess and impact performance), but it's unlikely that this speed will be a bottleneck since after all you're limited by how fast you can send that data out over another network connection. Of course, the money you save not buying weird proprietary hardware could sure make a difference elsewhere...
Well, I'm talking about mounting it over the network such that it only has access to 'read' from the file system. Though it's not unlikely that once compromised it'd be easy to circumvent local access controls, I think it'd be about as easy to get write-access to the file system share as it would be to directly hack the file system server.
;)
But if you really are serving static content, burning a CD with the website on it and using a large memory cache would probably be much more economical.
M-x make-frame-on-display ... which creates a new frame (ie, window) on an X display. You can do this and then two folks can simultaneously edit the same file! Unfortunately, there is only one minibuffer, so some commands and editing styles are troublesome. But we used to do our homework this way; it's really fun...
Lisp is not cool because it is not a markup language.
That said, being able to write 'code' that is 'data' is a highly overrated feature of lisp. What kind of uses of this are there aside from self-modifying code?
You don't need to write to the disk to make a compromised server serve up bogus content.
Furthermore, we can already do this same thing by mounting a network file system (say) in read-only mode. Other than being funky, what's the point?
I agree with you. For an example of a wealth of music not influenced by money, just browse the many artists on mp3.com. If you spend a few minutes you can probably find something that you like, made by someone who actually cares about their music, and someone you can have a real conversation with.
In the future, I forsee that the following will be profitable business models:
- Touring and playing live shows (for it is impossible to MP3 the experience of going to a concert)
- Services that find music for you that you will probably like
But NOT recording a disc for a day in the studio and selling the same thing a gillion times.
That's interesting, though I did get really high framerates in the original Quake. Is it just the framerate or is there something else?
PS. There has been Accelerated GL Quake for about as long as 3D accelerators have existed!
Well, I'm sure you are just being sarcastic, but I do actually think it's a great page. If you want some context, do a search for "untitled game" and read interviews with the creator. It is more clever than most "art" I have seen.
> Thats the most ignorant web page i have ever seen. Art project? Pagemill for the VIC20
> could have made something nicer... I was hoping for some screenshots - seeing how quake
> hasn't been installed on my computer since right said fred was topping the dance
These are mostly modifications to the game engine itself; therefore the zip files come with the executable. You don't need to have quake installed to play. But anyway, if you don't like that kind of art, I guess you should browse elsewhere.
Strategy 1: Make fake crop circles in an attempt to raise publicity for movie.
Strategy 2: Make fake conspiracy about making fake crop circles in an attempt to get a good old-fashioned slashdotting.
There are some really neat experimental art mods for Quake 1.
Check them out at www.untitled-game.org/...
(Personally, I still play Quake 1 straight... a game doesn't stop being fun because newer games come out with flashier graphics!)
You like that stuff?
If there's no confirmation, and the slashdot editors don't bother to try to confirm themselves, what the hell is the point of posting this? To "scoop" everyone (even though someone else is already carrying the rumor)? Let's save the rumor mongering for fuckedcompany, and (unless it's something really, really interesting) try to report more developed stories on the news sites.
Unfortunately I can't get to the site, but from what the abstract says, this doesn't apply to JPEG at all. Is there some sort of document explaining why this is supposed to cover JPEG, or is it simply wishful thinking?
JPEG uses the DCT ("discrete cosine transform") on 8x8 blocks to separate high frequencies from low, then drops out high frequencies and does standard lossless compression. This abstract apparently describes some method of digitizing a signal (apparently in a one-dimensional way) and using standard lossless compression on it.
Building on a computer lets you do more spectacular things, work in more abstract domains, and never have to deal with issues like buying parts or having them fail. Civil engineering isn't the only kind of "construction" to be done! There are construction kits for all sorts of things: video games, mazes, robots, circuits, music...
I rather give my kid "Rocky's Boot" than a soldering iron and some ICs!
So does 'reevaluate' become 'rereviewuate'? What a good word!
My vote is for "... I Care Because You Do", which was trend-setting but not trendy.
We also need relational and logic programming. But remember, always give the user the ability to shoot himself in the foot, because that's what he /really/ wants!
What the hell! Throw it all in!
So? Do you want to win because we're right, or because we lie better?
> Even if generating a key is a million times harder, when you're testing 2^24 salts per
> key, that only makes the overall problem 7% harder.
Oops, you're right, I wasn't thinking. Anyway, being able to generate lots of weaker keys is only a problem if users trust weak keys (which becomes less likely the more that attacks like this are attempted!)
> For example, suppose you wanted to generate keys of stength 32, but knew that strength 28 was acceptable.
> You start testing salts until you find one that's strength 28 or more.
> You record the result, pick a new key, and continue.
Good point. Of course, RSA key generation is probably a million times slower than MD5 hashing, so this isn't really feasible from a practical standpoint. But I hadn't thought of that.
Thanks for reading...
...
> The problem isn't the evil master mind making salt for his henchmen,
> the problem is the evil master mind who makes thousands of mules. (Identities for
> himself.) Signed salts do not prevent the mule problem.
The entire purpose of computationally intensive identity generation is to prevent the "mule problem". Are you saying it doesn't? Why not? While it's true that the RIAA has some computational resources to generate keys, it does in fact cost them resources to generate them. Users of the network can tune the strength of the keys they accept to a level appropriate for the amount of effort that attackers are using against the network.
> I don't believe you can so easily tune the amount of work needed to create an Identity
> either.
Why not? It's easy to double the amount of work needed by increasing the number of colliding bits by 1.
> If variable strength keys can be used,
> then in the processes of generating a strength K key,
> the EMM also generates 2 strength K-1 keys, 4 strength K-2 keys
Yes, but they're all the same key, since a key is the public key part, not the public key and its salt.