what happens if ISPs are ordered to block all encrypted packets for which the DHS doesn't hold the keys in escrow?
Not gonna happen. This would be insanely computationally expensive. Real-time DPI hardware for an OC-192 link costs about $10K (IIRC), and that's just for unencrypted packets. Checking against a list of RSA, AES, etc. keys for each connection would require an astronomical amount of computing power, and that's just for one backbone.
Apple has done it what three times since the beginning. Once by my count (Mac OS -> Mac OS X). Changing a processor architecture isn't the same as writing a new OS.
The first PowerPC machines had a 68K emulator in ROM (IIRC,) so that's not really an OS transition. The current Intel machines run the emulator in userspace, but the core OS isn't any different -- it's running the same code as its PowerPC brethren, just compiled for x86 instead of PowerPC.
Bringing an encrypted laptop across, however, may prompt them to force you to reveal the key. Correction: they can _ask_. The US has no forced key surrender laws.
They can ask, and if you're an American, you can decline. The fifth amendment protects your right to refuse to turn over encryption keys.
They're allowed to inspect your machine (under a recent, tragically unjust court ruling), but you don't have to help them do so (other than allowing them physical access.)
Anyone actually flown without going through this in recent years? How did you do that? Since the Gonzales case, I've taken all of my domestic flights without ID. The dialog usually went something like this:
TSA agent: ID please.
Me: I decline to show ID, and would like to opt for self-selected secondary screening.
TSA agent: What? ID please.
Me: [repeats above statement]
TSA agent: You have to show ID.
Me: That is incorrect. I am not required to show ID for domestic flights.
TSA agent: Well... uh... [goes to check with supervisor]
TSA supervisor: You don't want to show your ID?
Me: I decline to show [etc.]
At this point, they usually treat me suspiciously as they pat me down, do a wand sweep, tag my bag for explosives, and finally, almost begrudgingly let me through. In cases where they don't believe that I am allowed to fly without ID, I pull out a copy of the relevant court decision, with the applicable findings highlighted.
Tiger will get patches for a _long_ time to come, heck 10.3 (2003) was still being pushed security patches in 2007. Your G4 is, at a minimum, a four year old machine. It's not unreasonable for them to want to phase out support for those chips. PowerPC Mac are supported by Leopard, meaning that you'll have a fully supported OS for your G4 for another couple years. I don't think that's unreasonable at all.
Oh, I personally wouldn't let some of the stories you read online scare you away from Leopard. 10.5.3's fixed a lot of bugs, and the performance increases alone are reason enough to upgrade.
I'd like to second the parent's recommendation. I've got an iPod touch, and I've actually taken to using it as my "always-ready" PC. Here's why:
- apt-get (with Cydia, a rather nice GUI) - full BSD subsystem (available through Cydia) -- note: this is not the same as the stripped down one on the device, or the one available through Installer.app -- it's a full-fledged toolset, akin to that on desktop Mac OS X - full OpenSSH port (both client and server) - usable as a drive, with contents shared via both AppleShare and Samba - 420Mhz ARM w/ 128 MB RAM - really light - portable: its as thin as a pencil - cheap ($229 for 8G refurb from Apple -- that includes a 1 year warranty) - real-world battery life of around 5 hours using WiFi (my best for surfing, etc is around 5:05) - real-world battery life of around 8 hours for non-WiFi "desktop replacement" stuff (typing, mucking about on the command-line, etc.) - real-world battery life of around 16 hours for music playback - kick-ass browser (likely better than you'll be able to do on an old subnotebook)
There is one downside: DOOM isn't in a playable state yet, although there is a port in progress. Still, I think SCUMMVM and Frotz make up for that;-)
For the same price as the Nokia, you can get a refurbished iPod Touch.
- 8GB SSD - 420Mhz ARM processor - comparable screen - no stylus (pro or con depending on personal preference) - OS X - Strong aftermarket software community - dedicated hardware H.264 decoding
Personally I chose the touch, but I almost got the N800.
The person who made the mistake will know not to do it again. Don't be so sure. Remember this is NBC we're talking about. This same group of idiots decided that the $1.85 (or thereabouts) profit they were seeing on iTunes episode sales wasn't enough. So they took gathered up their golden eggs, took aim at the goose, and started a free streaming service with a much smaller viewership (Hulu) -- completely obliterating an entire revenue stream in the process. Rational thought does not appear to be their strong point.
Actually, I haven't used Display Postscript on Mac OS X -- it doesn't exist. I have used it in my (extremely limited) experience with NeXT -- but that's another story.
XAML/XPS concepts compared to Display Postscript is a massive difference in display technologies that are part of the new Windows API sets, that Carbon or Cocoa cannot provide to developers. (Go to Channel 10 and watch videos on why XAML/XPS was created and how it trumps every aspect of other display/print technologies. - Let alone how it is an integrated aspect of the video API system in Vista, making programming freaky simple for advanced features and new UI platforms like 3D.)
While I haven't used XAML/XPS, I have used Display Postscript -- at least I have through Apples other UI-related APIs. See Display Postscript is pretty much never used by applications themselves. Instead, apps use the Core ___ libraries for their graphics needs (Core Graphics, Core Video, and Core Animation). These libraries provide functionality that is an "integrated part of the video API system" -- and they have been for 4+ years. (Core Graphics, Core Video have -- Core Animation is new). And yes, Core Animation provides the much-touted 3D that XAML/XPS offers.
Author doesn't realize Microsoft and IBM wrote most of the GUI and UI guidelines that OS X even uses today.
Writing guidelines doesn't mean jack if you ignore them at every turn. Microsoft may have written the guidelines, but it doesn't look like their programmers consult them.
Vista and Office 2007 moving away from word lists (MENUS) is the right direction, too bad Apple isn't innovating on UI and just keeps throwing the same UI slop at users and telling them it is good.
You realize newer doesn't automatically mean better, right? At some point, the existence of a UI standard for 20+ years gives it the advantage of familiarity amongst most users; even if a newer concept is technically superior, user's familiarity with the old concept may outweigh that superiority. To use a class./ car analogy: There are much better control systems out there than the same old steering wheel/pedals arrangement. But that boring wheel/pedals setup has one advantage: with the exception of a few cosmetic differences, it basically works the same on all cars. Sure the position, font, and color of menus are different on different platforms -- but they basically work the same. If you know how to work a drop-down menu on one platform, you can work it on any platform.
Carbon x64bit support that has been promised forever from Apple
I don't remember them promising that. I remember them nagging developers to change to Cocoa since about 2002. It doesn't surprise me that they're trying to get rid of Carbon -- it was designed as a transition API from Mac OS 8/9 to OS X -- and that transition was complete a _long_ time ago.
Plus, 64-bit Carbon support isn't completely absent from Leopard. Most of the non-UI portions of Carbon _are_ available to 64-bit apps. Your UI can be done with Cocoa, and the rest with Carbon (if you so desire.)
So for 'real developers' like Adobe (OS X) is a failure, and has failed paths. Which means if you want a 64bit version of Adobe products, you will have to move to Windows for the peformance and benefits.
With all due respect, Adobe's had quite a while to update their code base. Apple's been advising developers to move to Cocoa for 6+ years. At this point, the only part of Adobe's 64-bit transition that Apple is responsible for is the removal of the UI portions from 64-bit Carbon. This means that all Adobe has to do is create a Cocoa interface for their apps (which I thought they did for CS3, but I could be wrong) -- the rest of their codebase can likely remain much the same.
This brings up the horrid Carbon/Cocoa platforms and migration paths, and even then not even touching on the development tool constrast between the two platforms.
Where to begin... First, Carbon's considered an old platform, even by Apple. Yes, some things are still written in it -- but they shouldn't be. All new
The dirty little secret of Windows is that they already are doing pretty much that. Windows XP/Vista make use of something called WOW, short for Windows on Windows -- a compatibility layer that allows 16-bit apps to run on the 32-bit versions of NT. Unfortunately, this layer doesn't exist in 64-bit Windows -- at least not in its current 16-bit-supporting form. Instead, WOW provides 32-bit app support.
It's time for one of the major desktop manufacturers to cut a deal with Apple to make Mac desktop machines. With your UID, you should know what happened last time they tried that...
all they'll know is that some pr0n, bomb-making literature, racist/hate traffic appeared on the internet and it was your IP address that was the source. You thought the RIAA was bad, wait until DHS gets on your case. The DHS can blow me. All three of those things are legal to publish, download, and possess in the US.
Kinda like NearlyFreeSpeech.net -- except without true free speech. TPB's got to comply with Swedish (and EU) law -- so anything that can be construed as hate speech is illegal. Compare and contrast that to NearlyFreeSpeech.net, which has this "beliefs" page. They've been around since 2002, and as long as I've been using them, stayed completely true to those beliefs.
Disclaimer: I'm in no way associated with NearlyFreeSpeech.net -- I'm simply a happy customer of theirs who enjoys the free speech protections and FreeBSD cluster hosting they offer. They don't have any form of affiliate program, so I couldn't be monetarily compensated for this post even if I wanted to be.
Re:They broke Philips/NXP CRYPTO1
on
NXP RFID Cracked
·
· Score: 1
Sigh. When the hell are people gonna learn -- don't design your own crypto. There are a number of great algorithms out there with long histories of security and well-researched designs. Use one of them. Worried about people with ungodly amounts of CPU time cracking your cipher? Use AES-256. Need a secure algo that's simple to implement in hardware or software? Use TEA (well... use Corrected Block TEA). Etc. If you have to rely on your cipher's inner workings being secure (i.e. security through obscurity), then you've chosen a crappy algorithm.
Are you still in favor of that payment model if I tell you that commercial bandwidth today costs between $20/megabit and $300/megabit with the average price around $100/megabit? In other words, you can have your 15-meg FiOS line, but if you nail it at 15 megs for more than 36 hours in a month, you'd pay $1500. Based on this, I assume that the US is different than Europe (or at least Germany.) I currently have a couple servers in a datacenter in Germany, and I pay _way_ less than $100/mbit -- more like $15.xx/mbit (after conversion from Euros). And it's not bottom-of-the-barrel bandwidth either -- I have reliable, very low latency (around 10-20ms) pings to most of Europe too.
Bandwidth seems to be _far_ more expensive in the US, both for residential lines, and for servers. (I could be wrong on this, as I haven't bought bandwidth in a US datacenter in a couple years.)
As for what business model should the ISPs use... well... for starters, adopt the business model of clearly stating exactly what your accounts do and do not provide. If you say "unlimited", make sure you really are selling unmetered connections. Don't say "fair use policy applies" -- say "customers on this plan may transfer up to ___ GB per month." Don't manipulate people's traffic -- that includes faking RST packets to hurt BitTorrent, but it also includes manipulating DNS queries to point unused domains to your "parking" (read: spam) pages. Don't prevent outbound access on any port -- in the US I was shocked to find that the ISP that serviced the building I was staying in blocked all outbound connections on ports 25, 587, and 2500. If you start blocking ports, you're not providing an Internet connection -- you're providing a limited form of Internet access. Basically, the ISPs should adopt the model of actually providing what they claim, and not treating their customers like children.
if they maintained a pool of trained searchers that could be called upon for difficult queries (paid at maybe a fourth the rate of salaried employees). This is, BTW, the perfect job for all the stoner geeks out there. It's simple, requires minimal effort, yet it's (apparently) not something the average person can do.
Just one of the many interesting societal changes that the Internet may cause. It's not hard to imagine (in 10-20 years) "'net searcher" being an actual profession...
Here it appears they are leveraging the monopolies they do have to force their way into the windows browser market by using the anti-competitive practice known as product tying. [wikipedia.org] Oh come off it. It's not product tying if all the user needs to do is uncheck a checkbox. Should it be ticked by default? No, probably not. But is it product tying? Well... I don't think any reasonable person would seriously suggest that this is anything like what Microsoft did Internet Explorer.
it's down to lazy coding. If Microsoft works anything like many "enterprise software" development shops, then it's also due to the "everything is a framework" syndrome -- each piece of functionality is abstracted to hell and back, and all those abstraction layers, factories, wrappers, etc. eat up memory.
Now that's not to say that abstraction is bad -- but sometimes developers tend to "lose the plot" so to speak and end up abstracting too much, doing so at the cost of memory. Aero seems to be suffering from this, as has ungodly performance requirements, especially considering that Quartz was doing similar effects on 400Mhz G4's w/ 128 MB of RAM, 7+ years ago...
You start buying aftermarket, that is no longer the case. Well, actually it is. RAM is considered by Apple to be user-upgradable. So even if you do pop in a 3rd party stick, you'll still get Apple support. Likewise with the hard drive (on most models, there are one or two exceptions.)
Yeah, it's OSS, but it's crap. There are quite a few open-source boards that are written with security in mind -- but up until the 3.x branch of phpBB, security was hardly even an afterthought. Same thing with Wordpress. Just because it's popular open source software doesn't mean it's indicative of the level of quality found throughout all open source projects.
It's the same reason hackers devote so much time exploiting Windows - more bang for your buck. phpBB is everywhere. It's not so much that as it is the fact that phpBB 1.x/2.x have a appalling number of security flaws. It's wildly insecure, so much so that there's actually a mod (crackertracker) designed to help harden installations against the inevitable attacks.
I'd be willing to bet that most of the phpBB installs were 1.x/2.x -- the phpBB team actually paid for an audit of the 3.x line, and so far it seems to be much more secure code.
Slashdot Mirror
what happens if ISPs are ordered to block all encrypted packets for which the DHS doesn't hold the keys in escrow?
Not gonna happen. This would be insanely computationally expensive. Real-time DPI hardware for an OC-192 link costs about $10K (IIRC), and that's just for unencrypted packets. Checking against a list of RSA, AES, etc. keys for each connection would require an astronomical amount of computing power, and that's just for one backbone.
Darwin (its kernel) is open-source (at least some versions)
1) xnu's the kernel -- Darwin refers to the whole open source OS.
2) All desktop releases of Darwin (i.e. each 10.x and 10.x.x release of OS X) are open source.
</pedant>
It's also illegal.
They can ask, and if you're an American, you can decline. The fifth amendment protects your right to refuse to turn over encryption keys.
They're allowed to inspect your machine (under a recent, tragically unjust court ruling), but you don't have to help them do so (other than allowing them physical access.)
Anyone actually flown without going through this in recent years? How did you do that? Since the Gonzales case, I've taken all of my domestic flights without ID. The dialog usually went something like this:
TSA agent: ID please.
Me: I decline to show ID, and would like to opt for self-selected secondary screening.
TSA agent: What? ID please.
Me: [repeats above statement]
TSA agent: You have to show ID.
Me: That is incorrect. I am not required to show ID for domestic flights.
TSA agent: Well... uh... [goes to check with supervisor]
TSA supervisor: You don't want to show your ID?
Me: I decline to show [etc.]
At this point, they usually treat me suspiciously as they pat me down, do a wand sweep, tag my bag for explosives, and finally, almost begrudgingly let me through. In cases where they don't believe that I am allowed to fly without ID, I pull out a copy of the relevant court decision, with the applicable findings highlighted.
Tiger will get patches for a _long_ time to come, heck 10.3 (2003) was still being pushed security patches in 2007. Your G4 is, at a minimum, a four year old machine. It's not unreasonable for them to want to phase out support for those chips. PowerPC Mac are supported by Leopard, meaning that you'll have a fully supported OS for your G4 for another couple years. I don't think that's unreasonable at all.
Oh, I personally wouldn't let some of the stories you read online scare you away from Leopard. 10.5.3's fixed a lot of bugs, and the performance increases alone are reason enough to upgrade.
I'd like to second the parent's recommendation. I've got an iPod touch, and I've actually taken to using it as my "always-ready" PC. Here's why:
;-)
- apt-get (with Cydia, a rather nice GUI)
- full BSD subsystem (available through Cydia) -- note: this is not the same as the stripped down one on the device, or the one available through Installer.app -- it's a full-fledged toolset, akin to that on desktop Mac OS X
- full OpenSSH port (both client and server)
- usable as a drive, with contents shared via both AppleShare and Samba
- 420Mhz ARM w/ 128 MB RAM
- really light
- portable: its as thin as a pencil
- cheap ($229 for 8G refurb from Apple -- that includes a 1 year warranty)
- real-world battery life of around 5 hours using WiFi (my best for surfing, etc is around 5:05)
- real-world battery life of around 8 hours for non-WiFi "desktop replacement" stuff (typing, mucking about on the command-line, etc.)
- real-world battery life of around 16 hours for music playback
- kick-ass browser (likely better than you'll be able to do on an old subnotebook)
There is one downside: DOOM isn't in a playable state yet, although there is a port in progress. Still, I think SCUMMVM and Frotz make up for that
For the same price as the Nokia, you can get a refurbished iPod Touch.
- 8GB SSD
- 420Mhz ARM processor
- comparable screen
- no stylus (pro or con depending on personal preference)
- OS X
- Strong aftermarket software community
- dedicated hardware H.264 decoding
Personally I chose the touch, but I almost got the N800.
Actually, I haven't used Display Postscript on Mac OS X -- it doesn't exist. I have used it in my (extremely limited) experience with NeXT -- but that's another story.
XAML/XPS concepts compared to Display Postscript is a massive difference in display technologies that are part of the new Windows API sets, that Carbon or Cocoa cannot provide to developers. (Go to Channel 10 and watch videos on why XAML/XPS was created and how it trumps every aspect of other display/print technologies. - Let alone how it is an integrated aspect of the video API system in Vista, making programming freaky simple for advanced features and new UI platforms like 3D.)
While I haven't used XAML/XPS, I have used Display Postscript -- at least I have through Apples other UI-related APIs. See Display Postscript is pretty much never used by applications themselves. Instead, apps use the Core ___ libraries for their graphics needs (Core Graphics, Core Video, and Core Animation). These libraries provide functionality that is an "integrated part of the video API system" -- and they have been for 4+ years. (Core Graphics, Core Video have -- Core Animation is new). And yes, Core Animation provides the much-touted 3D that XAML/XPS offers.
Author doesn't realize Microsoft and IBM wrote most of the GUI and UI guidelines that OS X even uses today.
Writing guidelines doesn't mean jack if you ignore them at every turn. Microsoft may have written the guidelines, but it doesn't look like their programmers consult them.
Vista and Office 2007 moving away from word lists (MENUS) is the right direction, too bad Apple isn't innovating on UI and just keeps throwing the same UI slop at users and telling them it is good.
You realize newer doesn't automatically mean better, right? At some point, the existence of a UI standard for 20+ years gives it the advantage of familiarity amongst most users; even if a newer concept is technically superior, user's familiarity with the old concept may outweigh that superiority. To use a class ./ car analogy: There are much better control systems out there than the same old steering wheel/pedals arrangement. But that boring wheel/pedals setup has one advantage: with the exception of a few cosmetic differences, it basically works the same on all cars. Sure the position, font, and color of menus are different on different platforms -- but they basically work the same. If you know how to work a drop-down menu on one platform, you can work it on any platform.
Carbon x64bit support that has been promised forever from Apple
I don't remember them promising that. I remember them nagging developers to change to Cocoa since about 2002. It doesn't surprise me that they're trying to get rid of Carbon -- it was designed as a transition API from Mac OS 8/9 to OS X -- and that transition was complete a _long_ time ago.
Plus, 64-bit Carbon support isn't completely absent from Leopard. Most of the non-UI portions of Carbon _are_ available to 64-bit apps. Your UI can be done with Cocoa, and the rest with Carbon (if you so desire.)
So for 'real developers' like Adobe (OS X) is a failure, and has failed paths. Which means if you want a 64bit version of Adobe products, you will have to move to Windows for the peformance and benefits.
With all due respect, Adobe's had quite a while to update their code base. Apple's been advising developers to move to Cocoa for 6+ years. At this point, the only part of Adobe's 64-bit transition that Apple is responsible for is the removal of the UI portions from 64-bit Carbon. This means that all Adobe has to do is create a Cocoa interface for their apps (which I thought they did for CS3, but I could be wrong) -- the rest of their codebase can likely remain much the same.
This brings up the horrid Carbon/Cocoa platforms and migration paths, and even then not even touching on the development tool constrast between the two platforms.
Where to begin... First, Carbon's considered an old platform, even by Apple. Yes, some things are still written in it -- but they shouldn't be. All new
The dirty little secret of Windows is that they already are doing pretty much that. Windows XP/Vista make use of something called WOW, short for Windows on Windows -- a compatibility layer that allows 16-bit apps to run on the 32-bit versions of NT. Unfortunately, this layer doesn't exist in 64-bit Windows -- at least not in its current 16-bit-supporting form. Instead, WOW provides 32-bit app support.
Kinda like NearlyFreeSpeech.net -- except without true free speech. TPB's got to comply with Swedish (and EU) law -- so anything that can be construed as hate speech is illegal. Compare and contrast that to NearlyFreeSpeech.net, which has this "beliefs" page. They've been around since 2002, and as long as I've been using them, stayed completely true to those beliefs.
Disclaimer: I'm in no way associated with NearlyFreeSpeech.net -- I'm simply a happy customer of theirs who enjoys the free speech protections and FreeBSD cluster hosting they offer. They don't have any form of affiliate program, so I couldn't be monetarily compensated for this post even if I wanted to be.
Sigh. When the hell are people gonna learn -- don't design your own crypto. There are a number of great algorithms out there with long histories of security and well-researched designs. Use one of them. Worried about people with ungodly amounts of CPU time cracking your cipher? Use AES-256. Need a secure algo that's simple to implement in hardware or software? Use TEA (well... use Corrected Block TEA). Etc. If you have to rely on your cipher's inner workings being secure (i.e. security through obscurity), then you've chosen a crappy algorithm.
Bandwidth seems to be _far_ more expensive in the US, both for residential lines, and for servers. (I could be wrong on this, as I haven't bought bandwidth in a US datacenter in a couple years.)
As for what business model should the ISPs use... well... for starters, adopt the business model of clearly stating exactly what your accounts do and do not provide. If you say "unlimited", make sure you really are selling unmetered connections. Don't say "fair use policy applies" -- say "customers on this plan may transfer up to ___ GB per month." Don't manipulate people's traffic -- that includes faking RST packets to hurt BitTorrent, but it also includes manipulating DNS queries to point unused domains to your "parking" (read: spam) pages. Don't prevent outbound access on any port -- in the US I was shocked to find that the ISP that serviced the building I was staying in blocked all outbound connections on ports 25, 587, and 2500. If you start blocking ports, you're not providing an Internet connection -- you're providing a limited form of Internet access. Basically, the ISPs should adopt the model of actually providing what they claim, and not treating their customers like children.
Just one of the many interesting societal changes that the Internet may cause. It's not hard to imagine (in 10-20 years) "'net searcher" being an actual profession...
[/post-apocalyptic sci-fi geek rambling]
Now that's not to say that abstraction is bad -- but sometimes developers tend to "lose the plot" so to speak and end up abstracting too much, doing so at the cost of memory. Aero seems to be suffering from this, as has ungodly performance requirements, especially considering that Quartz was doing similar effects on 400Mhz G4's w/ 128 MB of RAM, 7+ years ago...
Yeah, it's OSS, but it's crap. There are quite a few open-source boards that are written with security in mind -- but up until the 3.x branch of phpBB, security was hardly even an afterthought. Same thing with Wordpress. Just because it's popular open source software doesn't mean it's indicative of the level of quality found throughout all open source projects.
I'd be willing to bet that most of the phpBB installs were 1.x/2.x -- the phpBB team actually paid for an audit of the 3.x line, and so far it seems to be much more secure code.