From that link: It is file-based and a service indexes it (whereas in ZFS it is block-based and on-the-fly). And they first introduced it in Windows Server 2000. Amazing. I'm sure it is a ugly hack since Windows has no soft/hard-links IIRC.
Say File A is one block big. File A is publicly available on the server, not writable by users. Eve produces a SHA256 hash collision of file A and stores this file B in ~. Someone wants to retrieve file A but gets file B (e.g. like evilize exe for MD5). Alternatively, if always the oldest file is kept, Eve has to know the next version of the file.
Given big blocks and time until cryptoanalysis for SHA256 is at the state of where it is with MD5, why not?
I frequently hear that newspapers should adapt their 'business model' to the Internet. But what are their options really? Since the salary is not free, consumers will have to pay for content that isn't just what any blogger can read from his tea leaves. Otherwise we won't have investigative journalism anymore and stories that go deep. I think I would consider paying for investigative stories that provide background.
For example, newspapers could come up with free articles that introduce to the topic and awake interest. That should cover what bloggers also cover. But then provide a link to the article that gives deep background knowledge (and charge for it).
Ok, maybe this is what they are trying to do already, I'm going to RTFA now...
There is already a Skype API for (gui) programs to use. It operates on text commands. For example, you can already integrate Skype into Pidgin: http://code.google.com/p/skype4pidgin/ And with some pidgin plugin for encryption (both on the Windows and Linux side, e.g. OTR or PGP), you can have private (text) conversations.
Is America a democracy, yes or no? Do Americans not vote who will represent themselves yes or no?
America is a Republic. So No to the first question.
Interesting, maybe the root of the problem is that US-Americans don't know they live in a democracy;-) Wikipedia says it is a constitutional republic and representative democracy. Alternative answer: "America are two continents." </smarty-pants>
A politicians main desire is to get elected, or reelected.
Yes, and they are afraid of organized groups;-) if you get a few people together for a need or objection you have, they'll probably hear you out and help you... since they want to be reelected! Tell them, otherwise politicians are on autopilot and just do what they think is right.
hint: "Praat Language Lab was developed to help students and language teachers learn to use the Praat software to improve spoken English. Many colleges and universities use Praat to provide visual feedback to spoken sound." apply google with hint
If the program is too complex, the problem may be complex.
In an article in The Atlantic[11], security expert Bruce Schneier described a simple way for people to defeat the No Fly List:
Use a stolen credit card to buy a ticket under a fake name. Print a fake boarding pass with your real name on it and go to the airport. You give your real ID, and the fake boarding pass with your real name on it, to security. They’re checking the documents against each other. They’re not checking your name against the no-fly list—that was done on the airline’s computers. Once you’re through security, you rip up the fake boarding pass, and use the real boarding pass that has the name from the stolen credit card. Then you board the plane, because they’re not checking your name against your ID at boarding.
Among other problems, it is unknown
- who is on the list,
- what criteria are used to get on the list
- how you can get off the list
Effectively, it is a reversal of the presumption of innocence. Terrorists should be treated as criminals, we should not forget that they are human. The situation is truly Kafkaesque, with the public being happy to not be on the list.
Verifiability. And that is almost impossible if you don't provide a printout. All the solutions that provide a printout could succeed though, for example Bingo voting or Punchscan. So far companies such as Diebold sell "we know this is 100% secure, trust us" and that seems to be what sufficed for the people choosing a product. Cost, loss of democracy and provable security haven't been a criterion it seems.
Is there a way for the researchers to use the sinkhole to clean the worm?
Maybe they can inject instructions to the worm so it shutsdown but not before it spreads the "fix" to other computers? So along counting the number of PC's infected they also help in cleaning the worm. Impossible?
If you just sniff traffic, that doesn't mean you can inject instructions. And even if, how do you make sure *you* don't ruin the users computers? It is a ethical problem as soon as you mess with other peoples machines; These Botnet hijackers explain that too. So, no, researchers are not going to do that. Also, too complex technically.
Slashdot Mirror
Oh yeah? Well tux is cuter so I'm not switching.
From that link: It is file-based and a service indexes it (whereas in ZFS it is block-based and on-the-fly). And they first introduced it in Windows Server 2000. Amazing. I'm sure it is a ugly hack since Windows has no soft/hard-links IIRC.
http://blogs.technet.com/josebda/archive/2008/01/02/the-basics-of-single-instance-storage-sis-in-wss-2003-r2-and-wudss-2003.aspx
No need to mod me up.
I have an idea for an attack vector.
Say File A is one block big. File A is publicly available on the server, not writable by users. Eve produces a SHA256 hash collision of file A and stores this file B in ~. Someone wants to retrieve file A but gets file B (e.g. like evilize exe for MD5).
Alternatively, if always the oldest file is kept, Eve has to know the next version of the file.
Given big blocks and time until cryptoanalysis for SHA256 is at the state of where it is with MD5, why not?
I frequently hear that newspapers should adapt their 'business model' to the Internet. But what are their options really? Since the salary is not free, consumers will have to pay for content that isn't just what any blogger can read from his tea leaves.
Otherwise we won't have investigative journalism anymore and stories that go deep.
I think I would consider paying for investigative stories that provide background.
For example, newspapers could come up with free articles that introduce to the topic and awake interest. That should cover what bloggers also cover. But then provide a link to the article that gives deep background knowledge (and charge for it).
Ok, maybe this is what they are trying to do already, I'm going to RTFA now...
We're already doing it on Earth and don't know how to control it nor what the consequences will be. So I'd be a little cautious about terraforming.
Infecting Mars with Earth-seeds seems quite harmless OTOH, and very interesting.
A faster and more direct tube for Chinese to receive US spam.
44u. http://www.spamhaus.org/statistics/countries.lasso
Don't forget sharks, [...] and occasionally attack the cables.
With their lasers!
There is already a Skype API for (gui) programs to use. It operates on text commands.
For example, you can already integrate Skype into Pidgin: http://code.google.com/p/skype4pidgin/
And with some pidgin plugin for encryption (both on the Windows and Linux side, e.g. OTR or PGP), you can have private (text) conversations.
America is a Republic. So No to the first question.
Interesting, maybe the root of the problem is that US-Americans don't know they live in a democracy ;-)
Wikipedia says it is a constitutional republic and representative democracy.
Alternative answer: "America are two continents." </smarty-pants>
A politicians main desire is to get elected, or reelected.
Yes, and they are afraid of organized groups ;-) if you get a few people together for a need or objection you have, they'll probably hear you out and help you ... since they want to be reelected!
Tell them, otherwise politicians are on autopilot and just do what they think is right.
hint: "Praat Language Lab was developed to help students and language teachers learn to use the Praat software to improve spoken English. Many colleges and universities use Praat to provide visual feedback to spoken sound."
apply google with hint
If the program is too complex, the problem may be complex.
http://en.wikipedia.org/wiki/No_Fly_List
In an article in The Atlantic[11], security expert Bruce Schneier described a simple way for people to defeat the No Fly List:
Use a stolen credit card to buy a ticket under a fake name. Print a fake boarding pass with your real name on it and go to the airport. You give your real ID, and the fake boarding pass with your real name on it, to security. They’re checking the documents against each other. They’re not checking your name against the no-fly list—that was done on the airline’s computers. Once you’re through security, you rip up the fake boarding pass, and use the real boarding pass that has the name from the stolen credit card. Then you board the plane, because they’re not checking your name against your ID at boarding.
Among other problems, it is unknown
- who is on the list,
- what criteria are used to get on the list
- how you can get off the list
Effectively, it is a reversal of the presumption of innocence. Terrorists should be treated as criminals, we should not forget that they are human. The situation is truly Kafkaesque, with the public being happy to not be on the list.
shouldn't TCP do that by itself?
Anyway, I consider this is a good thing, it'll probably increase goodput (less outdated, duplicate packets, preferring "closer" networks).
Now that he has resigned from Microsoft, there is no need to fight. He should get a /. account too, then we can all bash M$ together.
Exactly. They built a perpetuum mobile that requires less than 1 kWh.
Ahh...I love politics.
You mean 'people'
Without a printout you can never verify if the system counted you correctly. Read up on the links I gave on how this still keeps your vote secret.
Verifiability. And that is almost impossible if you don't provide a printout. All the solutions that provide a printout could succeed though, for example Bingo voting or Punchscan.
So far companies such as Diebold sell "we know this is 100% secure, trust us" and that seems to be what sufficed for the people choosing a product. Cost, loss of democracy and provable security haven't been a criterion it seems.
I'd bring a hammer.
is to market yourself as a 'iPhone killer'
because its ./configure script fails
Is there a way for the researchers to use the sinkhole to clean the worm?
Maybe they can inject instructions to the worm so it shutsdown but not before it spreads the "fix" to other computers? So along counting the number of PC's infected they also help in cleaning the worm. Impossible?
If you just sniff traffic, that doesn't mean you can inject instructions. And even if, how do you make sure *you* don't ruin the users computers? It is a ethical problem as soon as you mess with other peoples machines; These Botnet hijackers explain that too.
So, no, researchers are not going to do that. Also, too complex technically.
No, computer virii in SG-1 don't need a network connection.
The researchers behind this botnet hijack did report to the appropriate people: http://www.youtube.com/watch?v=2GdqoQJa6r4&feature=youtube_gdata
And they also say counting IP addresses is off by a factor of 10.
so 7 million IP adddresses really mean 700.000 computers
Analysing is always the first step, I'm sure they or other people are coming up with something. Like selling their malware remover software ;-)