When a profession is made by 95% of incompetent, overpriced and ego-inflated people, even if the demand is high, survival is quite unlikely. Too bad for the few good ones around.
Nowadays, "webmasters" who are still in business have mutated into "web developers" or "system administrators".
Well, it's still better that to "recycle" all the mass of your liquid, fosile fuel by dumping it into the athmosphere which is preceisely what you're doing right now...
You're right because 2^69 operation is an awfull lot of work: as someone of Bruce Schneier's web log said, if you had a processor clocked at 4ghz capable of testing one hash per cycle, it would still take 4000 year to breakj a single hash. Clearly, this isn't feasible today or, at least, not without a lot of resources (hugh clusters of code-breaking computers).
You're wrong because you don't have to parse the whole file: SHA-1 works by dividing the data to computer into chunks of identical size (padding them if necessray, SHA-1 uses blocks of 512 bits) and applying a set of operation to each block in turn, using the previous block as initial state.
So it means that, if you have a way to create a collision between to hash function, all you have to do to "patch" your ISO image is work on the LAST chunk of data and make sure it ends up with the correct state. So you'll have to computer the hash of the full ISO only once per image.
...does it finally address the problem when it will sometime send your partition table to nevereverland at install ? Because without an explicit "yes, we fixed it and it will never happen again" commitment, Fedora is never comming near any of my HDs again.
Digital certificates already do all these things your web site does and they do it better. Why better ? because:
1/ With the notable exception of the CRL, they don't depend on a central server to be available to be verified. 2/ They can enforce non-repudiation of transactions and digital signature (i.e.: What is someone CHANGES some details on you site and the pretend they never did it?) 3/ They aren't as brittle as to rely on user-supplied password. 4/ They can easily be expanded to use secure devices.
The only advantage your system has over digital certificates is the fact that you can choose to provide only the details you want to a third party. And while this is not something that can be directly done with digital certificates, it's something that can be trivially implemented using them (sending signed and encryted VCards, for instance).
If you start woriying about that kind of issues, then you've got far worth problems consider: What about cell phones with cameras ? While it's rather easy to prevent all your PCs from acessing USB mass storage device through the installation of filtering drivers, it's far more effective to make sure that the sensitive data is not accessible in the first place.
However, it does so by correcting a technically-invalid-but-working one to a technically-valid-and-working-for-everything-but-X P one.
Well, I have experienced the problem and I can tell you you're wrong: Once Fedora Core 2 finished it's installation on my system, no other OS could sucesfully boot any more: XP (including the recovery consle), Mandrake, Red Hat (that's all I tried) all crash when they ennumerate the HDs. My Fedora install did go a bit further but crashed during USB enumeration (for whatever and possibly unrelated reason).
So, I don't know if the partition table that XP writes to the disk is valid or not, but the one "fixed" by fedora certainly isn't.
The company I work for developped an invoice archiving system for small to medium company.
Without going into the details, we researched several scanning solution and the best price/quality machine we found was the Canon DR-2080C.
It's a double-side, monopass, color scanner designed for archiving documents. You can load it with 15-20 pages a go, set it to scan all documents to PDF and have it automatically deskew (which is really nice if you're going to OCR the documents afterward). The only issue we've had with it was with a Dell system that wouldn't recognize it no matter what (Dell's forlks are working on it, I'm told).
As much as I'd like to agree with you (and I've said the exact same thing for a long time), blaming the users and their tendancy to expect computers to "just work" isn't going to win. It's simply too remote from facts to be a valid point any more.
In fact, I now consider that the fact that a "normal" user simply cannot use a computer properly (regardless of OS and application) as a sign of failure from the technical community (and, as a programmer as well as a sysamin, I take that rather personally).
It's people like you and me that needs to change the way they see the computers. You simply can't expect everyone else to take 5 years of their life learning what a compuer and how to operate it properly in a dangerous environement. WE have to learn how to make computers both simpler and safer to use as the trade-offs chosen by the software available today clearely miss the mark on one or both account.
Someone patent the use of computer network to transfert music file to it's end users and require royalties to the music industry for using it's patent. When they say the transfert isn't their doing, send them back to this case and give them a taste of their own medicine.
On the surface it seems this amendment would stop patenting general purpose algorithms. On the other hand, a suitably lax definition of "technical problem" makes this all moot. "The LZW arithmetic coding algorithm" is not patentable. "Using the LZW algorithm for data comression" however is.
Actually, I don't quite agree here: others amendment makes it clear that, in order for something to be "patentable", they must a) not be made only of the assembly of unpatentable items (art. 13a and 13b) and b) involve an "inventive" (and patentable) step (Art. 13c)
Therefor, it can be argued that, if LZW is not patentable, mearly applying it to data compression isn't either since it doesn't invlove anything that is patentable and it doesn't invlove and "new way" to solve the technical problem at hands.
1/ Nothing besides a couple of "helpful suggestions" on public mailing lists states that windows update might change URL.
2/ If you look at the netcraft grph, you'll see that the "linux" entry isn't the MS web site, it's a MS-owned IP. What it simply shows is that, for some times, Netcarft's probes where not served directly ba MS's servers but by Amakai's cache. Simple as that.
3/ ALL the articles and web pages are missquoted: they usually specifically say the OPPOSIT of what's stated in the/. summary. Even the part about WU downtime being due to the worm.
I would suggest permanently baning the poster from ever submitting news again. Remember folks: it's not because you WANT it to be true that it is true.
Beside the fact that mail isn't by far the only "feature" of Internet, there are so many obvious flaws in his proposition of scrapping SMTP that I doubt the guy had more than two minutes to think abou it:
1/ Authentication: Like many pointed out, this would require a central authority. This is already turning into a legal blackmail for SSL certificates so imagine if EVERYONE had to get a "valid" cert. And what about countries like china: the governement will never yield control to a western agency and there will then need to be granted certification ruights and, unltimately, gain the ability to censore anyone in their territory. In other places, it will be easy for spammers to get valid certs and you're back to your initial position.
2/ Certifying mail servers... Well, this is either Paladium (where every software has to be "certified" to run on a machine) or SMTP over TLS (which already exists, BTW) which would run the costs of running a mail server through the roof and exhibit the same flaws as proposition 1/
3/ Resource control: that MUST be central or someone could simply use different services to route his mass mailing. If it's central, it is also a central point of failure. It also places a LOT of power in the hand of a single authority.
I think the least we need now is someone "redesigning Internet" following such ideas.
The fact is, SMTP is based on the flawed assumptions that every e-mail sent is one that the recipient wants to see because nobody would ever spam, and that there's no harm in letting the message travel unencrypted because nobody would ever snoop.
Shutting down SMTP won't solve the spam problem: no matter what transport mechanism you use, it's not there that the problem lies.
The ideal solution (which would be using today's technologies and protocols) would be to have all mails digitally signed with a trusted certificate or rejected. Add to that the requirement for the transport connection to be a valid TLS (with a cert matching the sender's domain name) and you'll have an effective way of filtering and shutting down spammers (and Nigerians).
The problem is that this is simply not feasible today: there is no way to distribute so many certificates and even if there was, it would place WAY too much power in the hands of the authorities delivering these certificates.
Seriously, this guy apparently forgot two of the kost fundamental rules of justice: the penalty must be in proportion to the fault and justice must be equal for all. While in theory jailing someone "to make an exemple" might work for some time, it is making justice by exception AND abusive penalty.
For the above reason, my thought is that this guy is only after the publicity as such a proposal wouldn't go through a real court.
If VME had ever put this out for that kind of money for a genuine trial, it would have been all over the Net.
While I agree with everything else you said, I remember about this particular instance of "please do our job for us": It WAS all over the net about two years ago except there wasn't a "one million dollar price" (but there was a Ferrari). Of course, it make everybody laugh at the time as well except a few scientists in the fields who where pretty much annoyed over the fact that not only did they more or less publically accused them of being incompetents, but they also didn't provide the testers with:
1/ The algorythm used. 2/ Anything but the cyphertext.
Failing to provide any of these would have disqualified the "trial" as to being a test of the algorythm efficiency so failing both speaks for the effort the company make in helping peer review.
If the only way to break an algorythme is to try all the possible keys and if the key length is one million bits, it means that you have 2^1000000 different keys (=~ 10^999998). Now, if you use up ALL the ressources in the univers (that is matter, energy, everything) to do some calculation, you have a 10^102 Mhz computer. If we considere that this computer is able to test one key per clock cyple (which is pretty much impossible), this means that it will take this computer 10^999896 seconds to test all the keys...
So, if you assume the claim this company make are correct (and I personally doubt that very much), then they are correct: you simply can't break this encryption in this univer's life time.
This CashCard has existed here in switzerland for several years. It is, however, largely ignored except for a few places.
The reason for that is simple and the same as why, in France, the new card is not being well accepted: It has an expensive transaction cost compared to the price of the item you purshase (think 10 centims per transaction where you would use it to buy 1 Euro items), the fact that it is far from annonymous and finally the fact that the machine you use to "load" the card is compley and damn slow to manipulate (whant to buy ? Load your credit card, punch your PIN, wait until the bank answer, withdraw your card, load your cashcard, deposit, remove cash card, load it again, buy item - about 5 minutes for the average persone).
The only place here, in Geneva, where it is commonly used is for public phones and for paying for car park. Several articales of the French TV and the words from my French friends shows that the same apply to France.
This is even MORE stupid since the REAL advisory this article is based on specifically states that windows doesn't ship with any vulnerable drivers.
The only point of interrogation is that SAMPLES that when compiled without changes, will have the reported problem (http://www.kb.cert.org/vuls/id/JPLA-5BGP7V)
Slashdot Mirror
...because ?
Stop medical experiment on night elves!
The webmasters killed themselves....
When a profession is made by 95% of incompetent, overpriced and ego-inflated people, even if the demand is high, survival is quite unlikely. Too bad for the few good ones around.
Nowadays, "webmasters" who are still in business have mutated into "web developers" or "system administrators".
What next ? Water makes you wet ?
Well, it's still better that to "recycle" all the mass of your liquid, fosile fuel by dumping it into the athmosphere which is preceisely what you're doing right now...
Actually, you're both righ and wrong.
You're right because 2^69 operation is an awfull lot of work: as someone of Bruce Schneier's web log said, if you had a processor clocked at 4ghz capable of testing one hash per cycle, it would still take 4000 year to breakj a single hash. Clearly, this isn't feasible today or, at least, not without a lot of resources (hugh clusters of code-breaking computers).
You're wrong because you don't have to parse the whole file: SHA-1 works by dividing the data to computer into chunks of identical size (padding them if necessray, SHA-1 uses blocks of 512 bits) and applying a set of operation to each block in turn, using the previous block as initial state.
So it means that, if you have a way to create a collision between to hash function, all you have to do to "patch" your ISO image is work on the LAST chunk of data and make sure it ends up with the correct state. So you'll have to computer the hash of the full ISO only once per image.
...does it finally address the problem when it will sometime send your partition table to nevereverland at install ? Because without an explicit "yes, we fixed it and it will never happen again" commitment, Fedora is never comming near any of my HDs again.
... it would then be legal to mail-bomb the prime minister office with your political view ?
Or maybe DoS them with packets containing your own political agenda (flood them with DNS request for "cut.the.taxes")
Digital certificates already do all these things your web site does and they do it better. Why better ? because:
1/ With the notable exception of the CRL, they don't depend on a central server to be available to be verified.
2/ They can enforce non-repudiation of transactions and digital signature (i.e.: What is someone CHANGES some details on you site and the pretend they never did it?)
3/ They aren't as brittle as to rely on user-supplied password.
4/ They can easily be expanded to use secure devices.
The only advantage your system has over digital certificates is the fact that you can choose to provide only the details you want to a third party. And while this is not something that can be directly done with digital certificates, it's something that can be trivially implemented using them (sending signed and encryted VCards, for instance).
If you start woriying about that kind of issues, then you've got far worth problems consider: What about cell phones with cameras ? While it's rather easy to prevent all your PCs from acessing USB mass storage device through the installation of filtering drivers, it's far more effective to make sure that the sensitive data is not accessible in the first place.
However, it does so by correcting a technically-invalid-but-working one to a technically-valid-and-working-for-everything-but-X P one.
Well, I have experienced the problem and I can tell you you're wrong: Once Fedora Core 2 finished it's installation on my system, no other OS could sucesfully boot any more: XP (including the recovery consle), Mandrake, Red Hat (that's all I tried) all crash when they ennumerate the HDs. My Fedora install did go a bit further but crashed during USB enumeration (for whatever and possibly unrelated reason).
So, I don't know if the partition table that XP writes to the disk is valid or not, but the one "fixed" by fedora certainly isn't.
The company I work for developped an invoice archiving system for small to medium company.
Without going into the details, we researched several scanning solution and the best price/quality machine we found was the Canon DR-2080C.
It's a double-side, monopass, color scanner designed for archiving documents. You can load it with 15-20 pages a go, set it to scan all documents to PDF and have it automatically deskew (which is really nice if you're going to OCR the documents afterward). The only issue we've had with it was with a Dell system that wouldn't recognize it no matter what (Dell's forlks are working on it, I'm told).
There is, however, no Linux driver available.
I fully agree...
:)
A ten year ban from using any computer, network or GSM phone seems WAY better
I know that the metric system is hard on our anglosaxon friends, but that's no reason for /.ers to stay three orders of magnitudes off...
As much as I'd like to agree with you (and I've said the exact same thing for a long time), blaming the users and their tendancy to expect computers to "just work" isn't going to win. It's simply too remote from facts to be a valid point any more.
In fact, I now consider that the fact that a "normal" user simply cannot use a computer properly (regardless of OS and application) as a sign of failure from the technical community (and, as a programmer as well as a sysamin, I take that rather personally).
It's people like you and me that needs to change the way they see the computers. You simply can't expect everyone else to take 5 years of their life learning what a compuer and how to operate it properly in a dangerous environement. WE have to learn how to make computers both simpler and safer to use as the trade-offs chosen by the software available today clearely miss the mark on one or both account.
Someone patent the use of computer network to transfert music file to it's end users and require royalties to the music industry for using it's patent. When they say the transfert isn't their doing, send them back to this case and give them a taste of their own medicine.
Actually, I don't quite agree here: others amendment makes it clear that, in order for something to be "patentable", they must a) not be made only of the assembly of unpatentable items (art. 13a and 13b) and b) involve an "inventive" (and patentable) step (Art. 13c)
Therefor, it can be argued that, if LZW is not patentable, mearly applying it to data compression isn't either since it doesn't invlove anything that is patentable and it doesn't invlove and "new way" to solve the technical problem at hands.
Well, not since april's fool, anyway...
/. summary. Even the part about WU downtime being due to the worm.
1/ Nothing besides a couple of "helpful suggestions" on public mailing lists states that windows update might change URL.
2/ If you look at the netcraft grph, you'll see that the "linux" entry isn't the MS web site, it's a MS-owned IP. What it simply shows is that, for some times, Netcarft's probes where not served directly ba MS's servers but by Amakai's cache. Simple as that.
3/ ALL the articles and web pages are missquoted: they usually specifically say the OPPOSIT of what's stated in the
I would suggest permanently baning the poster from ever submitting news again. Remember folks: it's not because you WANT it to be true that it is true.
...it certainly was good.
Beside the fact that mail isn't by far the only "feature" of Internet, there are so many obvious flaws in his proposition of scrapping SMTP that I doubt the guy had more than two minutes to think abou it:
1/ Authentication: Like many pointed out, this would require a central authority. This is already turning into a legal blackmail for SSL certificates so imagine if EVERYONE had to get a "valid" cert. And what about countries like china: the governement will never yield control to a western agency and there will then need to be granted certification ruights and, unltimately, gain the ability to censore anyone in their territory. In other places, it will be easy for spammers to get valid certs and you're back to your initial position.
2/ Certifying mail servers... Well, this is either Paladium (where every software has to be "certified" to run on a machine) or SMTP over TLS (which already exists, BTW) which would run the costs of running a mail server through the roof and exhibit the same flaws as proposition 1/
3/ Resource control: that MUST be central or someone could simply use different services to route his mass mailing. If it's central, it is also a central point of failure. It also places a LOT of power in the hand of a single authority.
I think the least we need now is someone "redesigning Internet" following such ideas.
The fact is, SMTP is based on the flawed assumptions that every e-mail sent is one that the recipient wants to see because nobody would ever spam, and that there's no harm in letting the message travel unencrypted because nobody would ever snoop.
Shutting down SMTP won't solve the spam problem: no matter what transport mechanism you use, it's not there that the problem lies.
The ideal solution (which would be using today's technologies and protocols) would be to have all mails digitally signed with a trusted certificate or rejected. Add to that the requirement for the transport connection to be a valid TLS (with a cert matching the sender's domain name) and you'll have an effective way of filtering and shutting down spammers (and Nigerians).
The problem is that this is simply not feasible today: there is no way to distribute so many certificates and even if there was, it would place WAY too much power in the hands of the authorities delivering these certificates.
Seriously, this guy apparently forgot two of the kost fundamental rules of justice: the penalty must be in proportion to the fault and justice must be equal for all. While in theory jailing someone "to make an exemple" might work for some time, it is making justice by exception AND abusive penalty.
For the above reason, my thought is that this guy is only after the publicity as such a proposal wouldn't go through a real court.
While I agree with everything else you said, I remember about this particular instance of "please do our job for us": It WAS all over the net about two years ago except there wasn't a "one million dollar price" (but there was a Ferrari). Of course, it make everybody laugh at the time as well except a few scientists in the fields who where pretty much annoyed over the fact that not only did they more or less publically accused them of being incompetents, but they also didn't provide the testers with:
1/ The algorythm used.
2/ Anything but the cyphertext.
Failing to provide any of these would have disqualified the "trial" as to being a test of the algorythm efficiency so failing both speaks for the effort the company make in helping peer review.
If the only way to break an algorythme is to try all the possible keys and if the key length is one million bits, it means that you have 2^1000000 different keys (=~ 10^999998). Now, if you use up ALL the ressources in the univers (that is matter, energy, everything) to do some calculation, you have a 10^102 Mhz computer. If we considere that this computer is able to test one key per clock cyple (which is pretty much impossible), this means that it will take this computer 10^999896 seconds to test all the keys...
So, if you assume the claim this company make are correct (and I personally doubt that very much), then they are correct: you simply can't break this encryption in this univer's life time.
This CashCard has existed here in switzerland for several years. It is, however, largely ignored except for a few places.
The reason for that is simple and the same as why, in France, the new card is not being well accepted: It has an expensive transaction cost compared to the price of the item you purshase (think 10 centims per transaction where you would use it to buy 1 Euro items), the fact that it is far from annonymous and finally the fact that the machine you use to "load" the card is compley and damn slow to manipulate (whant to buy ? Load your credit card, punch your PIN, wait until the bank answer, withdraw your card, load your cashcard, deposit, remove cash card, load it again, buy item - about 5 minutes for the average persone).
The only place here, in Geneva, where it is commonly used is for public phones and for paying for car park. Several articales of the French TV and the words from my French friends shows that the same apply to France.
This is even MORE stupid since the REAL advisory this article is based on specifically states that windows doesn't ship with any vulnerable drivers.
The only point of interrogation is that SAMPLES that when compiled without changes, will have the reported problem (http://www.kb.cert.org/vuls/id/JPLA-5BGP7V)