Replacing them with a new programming language that will run arbitrary programs on your computer is not going to solve that because a new language isn't going to have perfect security either.
Why people seem to think security is something that can never be perfected is beyond me. Just because people fail at it regularly, does not mean it actually is impossible.
Unless you count Java Card based devices, which are pretty widespread. But yeah, why make hardware that does less than the least common denominator of practically every viable microprocessor ever designed?
Like I said with PoE, there is constant monitoring of the electrical characteristics of the line. A dog biting into a live PoE link that had already completed negotiation would most likely trip the detection, and power would be removed within a tenth of a second. The dog could be especially unlucky and manage to hit it in just the right way to cause itself harm, but the probability of this is low AFAICT. Stray ends of PoE cable do not supply power until they detect a signature using a low voltage, low current probe, and damaging oneself with them (unless you were playing around with electronics components) would be very unlikely.
I can't speak for USB, Firewire, or the proposed 100W USB; I simply have not read those specs. I do see that some mention of other specs (e.g. HDBaseT) opting to comply with the PoE standard.
Having looked at the PoE specs, it would be very hard to start a fire or shock oneself with that technology. It is very careful about only providing juice when it sees a valid endpoint on the other side and ensuring that the line resistance is not too high. About the only way to defeat it would be to inject a point resistance on a very short patch cable (within a few feet of the switch) which would dissipate the heat budget for a 300-foot cable in a small area without exceeding the resitsance budget. That would be hard to do simply by running over a cable with a chair.
Given USB's repeated history of slipshod designs I'm less confident that a sane power negotiation protocol will be designed in. (Anyone know?)
The TFA mentions them seeking government standards that require devices to be powerable off USB. While I'm in favor of ending the vendor-specific-charger nonsense through standardization perhaps even to the point of legislation, I would hate to see such a manuver sabotage PoE's place in the market just when laptop and tablet power is getting low enough to have a one-plug enterprise-worthy power+data solution.
There's no way humankind will be getting out of this solar system if they are all fighting over the last remaining tanks of propane, and given what we know about humanity, if there is to be an intelligent agent to speed up the heat death, we are probably destined to do so.
Hrm... maybe horders are actually hyperintelligent beings?
You may be right, the segment wanting to target e.g. EC2 may be larger and more determinant; OP is just what I see from my perspective. The apps in question are not something you'd put on the cloud except possibly as emergency backup instances. There are of course some insane people that do put stuff like their LWAP controllers on the cloud, and companies more than happy to sell them on that idea:-/
As to security, VMs are far from it when it comes to the network side. Implementation of dot1br is lagging terribly, and the GRE tunneling stuff lacks hardware acceleration. Someone who knows what they are doing with internal host policy is just as capable of securing such a setup as you describe -- which method is right depends on the tradeoffs involved. Do you really need live snapshots of your FTP server? If not, it might not merit a VM.
(It is all a bit silly as we see where this is going: eventually VM instances will need to become lighter, resulting in a stripped down OS, which will congeal to essentially being a process, and then we are back full circle to mainframe.)
...from my own anecdotal perspective, is that VMs are very often used as a way to isolate commercial software products into their own little box where they don't have to play nice with other applications on the box -- and which VM's are supported for these products depends entirely on the vendor. Major vendors who have these products are only just now beginning to think beyond VMWare, and when they do, they are thinking HyperV before Xen. Not many shops want to be supporting more than one virtualization suite -- the only reason they do is because some vendors demand VMWare for their crap, and the price difference between that and supporting a second suite is workable. Once the VMWare premium is out of the picture, because vendors went to HyperV, there will be less of a compelling reason to maintain support for a second suite.
So closed source software vendors may dictate which suite wins between HyperV and Xen.
The big plus side of this is that when Hans Gruber wants to get access to your system, he has to keep you alive, rather than cut off your hand and/or eyeball.
That's where the power consumption trade-off is best.
Well, at least this useless craze is adding more economic drivers for power-efficient compute power, but I think we already had plenty of those drivers.
Otherwise it's kind of dispiriting to see the continued drain of computing and intellectual resources by the financial sector, be it bitcoin using CPU cycles better used for medicine/science or very smart people and advanced equipment chasing dollars in HF trading shops.
Sigh.
When you spend more time keeping core than you do playing, the game is broken.
The catch is in the "knowingly exposed" part. Not all users know that by typing an IP address in a box called "SMTP gateway" in their mail client that they are exposing their email to a third party.
For years us folks who run networks have been telling users not to write anything in an email that they would not put on the back of a postcard.
Problem is these days the kids don't know what a postcard is.
People not so warned, however, may have a "reasonable expectation of privacy" based on what they have and have not been told about email and their ISP service, the same way a person walking around in the nude in their apartment does as long as they aren't standing in front of an open window. And no, fine print in the terms of use doesn't cut it in today's busy world, no more than a landlord busting in with a camera rolling on our nudist would be able to get over on pointing to the part of the lease that says they can enter to check the fire alarms. The IRS might lose this one if it gets taken to court.
And it gotten so bad in some areas that if you are unemployed for whatever reason, then there's something wrong with you. Many companies wont even consider folks who are currently unemployed.
Obviously braindead HR there. People that will leave one employer to work for you will leave you just as readily for the next employer.
a) cyrrus. done. b) there is. pine. c) also pretty easy.
Personally I have 40K messages on an imaps store. A full text search does take a few minutes, but only because the hardware is utterly ancient -- less powerful than many modern cell phones. I should get around to upgrading that.
Encryption algorithms are one of the few areas where software developers pay close attention to efficiency in both software and hardware implementations, because they need to run on embedded devices with extremely constrained power and computational resources.
However, with everything moving to dynamic languages running on VMs that can come up with things to do with "spare" CPU cycles, like thumb through their garbage collection area, re-JIT codepaths, and recalculate heuristics, we're probably headed in the wrong direction in the software area overall when it comes to power efficiency -- especially since the rationale for using these types of languages is primarily to cut development time and in that setting, asking developers to put in performance/economy hints will get the cold shoulder. Meanwhile rapid prototyping means everyone is perfectly happy to reinvent wheels, since it has become so very easy to do so.
No, the reason it doesn't work on slashdot is that the cognitively challenging chosen task is usually a classic video game. With looped music. That gets stuck in your head.
Suppose a private individual decides to allow drivers to use some of his privately owned land to take a shortcut to avoid a swamp.
Now suppose there are competing grits delivery companies. Delivery Companes A and B start using the shortcut, and they sell off their SUVs because they no longer have to muck through the swamp. Company C uses the shortcut, but since he cannot trust it to stay there, he holds on to the SUVs. Company C goes out of business because Companies A and B don't need to buy as much gasoline since they do not have SUVs, and they underbid company C for new contracts.
Then the private individual decides he wants to close the shortcut to build a large statue of Natalie Portman.
The business of grits delivery being one with tight margins, Company A and B cannot afford to buy SUVs on such short notice. Company A goes bankrupt trying to finance SUVs, and Company B just stops grits delivery to people that live on the other side of the swamp.
Now nobody on the other side of the swamp has any grits at all. Sure they all saved a few pennies on 4AM deliveries of hot grits in the meantime, but it wasn't worth going cold turkey.
The moral of the story is that building something useful but ephemeral, especially if the stability of that thing is unpredictable, destabilizes markets by playing on their inherent vulnerability to human greed and shortsightedness. There may be zero legal obligation to ensure the stability of the service, and your standard disclaimers in the EULA that you can end it at any time may protect you from any sort of legal action, but for a company with a "do no evil" motto, marketing, advertising, and then killing such a product tends to produce consequences far from their stated ideal.
I remember seeing "The Zombies" perform a reunion show in an old arts theater surrounded by an audience that looked for all getout like a milquetoast PTA meeting.
They decided to perform a few Argent numbers. Until the plaster started falling on them.
With today's sound systems you don't need to be Deathklok to damage some of these old buildings.
Data from seemingly unrelated surveys has been used many times in the past to prove important theries. So your question is like asking Hubbel "why do you spend so much time looking at starlight spectra?"
Oodles and oodles of methodical empirical data gathering happen all the time these days, but the only status reports the mass media is interested in carrying are those that feather the imagination of the general public. Like discovering things we might just possibly be able to send a probe to someday. (And wondering whether there is more to be discovered even closer to us.)
Just because there are few mass media articles about data gathering in pursuit of other goals, does not mean none is occuring, and not all research critical to proving that theory is/was done with that intent.
Well, the above explanations are all very educational. The computer programmer in me wants to answer using short circuit logic, however: we have always been able to see these particular stars. We just didn't know they were so close, because we were looking at still frames.
I'm more concerned that the title correctly used an s-apostrophy. When that happens I'm deeply suspicious that Slashdot has been taken over by a secret cabal of English majors.
Slashdot Mirror
Replacing them with a new programming language that will run arbitrary programs on your computer is not going to solve that because a new language isn't going to have perfect security either.
Why people seem to think security is something that can never be perfected is beyond me. Just because people fail at it regularly, does not mean it actually is impossible.
Unless you count Java Card based devices, which are pretty widespread. But yeah, why make hardware that does less than the least common denominator of practically every viable microprocessor ever designed?
Corporations that already have PoE deployed for their IP phone systems, APs, cameras, and alarms, that's who.
but it's not like manufacturers were interested in adding complexity to their laptops for a very small subset of users
You are aware that corporations, not just individual consumers, buy lots of computers and gadgets, no?
Like I said with PoE, there is constant monitoring of the electrical characteristics of the line. A dog biting into a live PoE link that had already completed negotiation would most likely trip the detection, and power would be removed within a tenth of a second. The dog could be especially unlucky and manage to hit it in just the right way to cause itself harm, but the probability of this is low AFAICT. Stray ends of PoE cable do not supply power until they detect a signature using a low voltage, low current probe, and damaging oneself with them (unless you were playing around with electronics components) would be very unlikely.
I can't speak for USB, Firewire, or the proposed 100W USB; I simply have not read those specs. I do see that some mention of other specs (e.g. HDBaseT) opting to comply with the PoE standard.
Having looked at the PoE specs, it would be very hard to start a fire or shock oneself with that technology. It is very careful about only providing juice when it sees a valid endpoint on the other side and ensuring that the line resistance is not too high. About the only way to defeat it would be to inject a point resistance on a very short patch cable (within a few feet of the switch) which would dissipate the heat budget for a 300-foot cable in a small area without exceeding the resitsance budget. That would be hard to do simply by running over a cable with a chair.
Given USB's repeated history of slipshod designs I'm less confident that a sane power negotiation protocol will be designed in. (Anyone know?)
The TFA mentions them seeking government standards that require devices to be powerable off USB. While I'm in favor of ending the vendor-specific-charger nonsense through standardization perhaps even to the point of legislation, I would hate to see such a manuver sabotage PoE's place in the market just when laptop and tablet power is getting low enough to have a one-plug enterprise-worthy power+data solution.
There's no way humankind will be getting out of this solar system if they are all fighting over the last remaining tanks of propane, and given what we know about humanity, if there is to be an intelligent agent to speed up the heat death, we are probably destined to do so.
Hrm... maybe horders are actually hyperintelligent beings?
I espy what he did there!
You may be right, the segment wanting to target e.g. EC2 may be larger and more determinant; OP is just what I see from my perspective. The apps in question are not something you'd put on the cloud except possibly as emergency backup instances. There are of course some insane people that do put stuff like their LWAP controllers on the cloud, and companies more than happy to sell them on that idea :-/
As to security, VMs are far from it when it comes to the network side. Implementation of dot1br is lagging terribly, and the GRE tunneling stuff lacks hardware acceleration. Someone who knows what they are doing with internal host policy is just as capable of securing such a setup as you describe -- which method is right depends on the tradeoffs involved. Do you really need live snapshots of your FTP server? If not, it might not merit a VM.
(It is all a bit silly as we see where this is going: eventually VM instances will need to become lighter, resulting in a stripped down OS, which will congeal to essentially being a process, and then we are back full circle to mainframe.)
...from my own anecdotal perspective, is that VMs are very often used as a way to isolate commercial software products into their own little box where they don't have to play nice with other applications on the box -- and which VM's are supported for these products depends entirely on the vendor. Major vendors who have these products are only just now beginning to think beyond VMWare, and when they do, they are thinking HyperV before Xen. Not many shops want to be supporting more than one virtualization suite -- the only reason they do is because some vendors demand VMWare for their crap, and the price difference between that and supporting a second suite is workable. Once the VMWare premium is out of the picture, because vendors went to HyperV, there will be less of a compelling reason to maintain support for a second suite.
So closed source software vendors may dictate which suite wins between HyperV and Xen.
The big plus side of this is that when Hans Gruber wants to get access to your system, he has to keep you alive, rather than cut off your hand and/or eyeball.
That's where the power consumption trade-off is best.
Well, at least this useless craze is adding more economic drivers for power-efficient compute
power, but I think we already had plenty of those drivers.
Otherwise it's kind of dispiriting to see the continued drain of computing and intellectual resources
by the financial sector, be it bitcoin using CPU cycles better used for medicine/science
or very smart people and advanced equipment chasing dollars in HF trading shops.
Sigh.
When you spend more time keeping core than you do playing, the game is broken.
The catch is in the "knowingly exposed" part. Not all users know that by typing an IP address in a box called "SMTP gateway" in their mail client that they are exposing their email to a third party.
For years us folks who run networks have been telling users not to write anything in an email that they would not put on the back of a postcard.
Problem is these days the kids don't know what a postcard is.
People not so warned, however, may have a "reasonable expectation of privacy" based on what they have and have not been told about email and their ISP service, the same way a person walking around in the nude in their apartment does as long as they aren't standing in front of an open window. And no, fine print in the terms of use doesn't cut it in today's busy world, no more than a landlord busting in with a camera rolling on our nudist would be able to get over on pointing to the part of the lease that says they can enter to check the fire alarms. The IRS might lose this one if it gets taken to court.
And it gotten so bad in some areas that if you are unemployed for whatever reason, then there's something wrong with you. Many companies wont even consider folks who are currently unemployed.
Obviously braindead HR there. People that will leave one employer to work for you will leave you just as readily for the next employer.
a) cyrrus. done.
b) there is. pine.
c) also pretty easy.
Personally I have 40K messages on an imaps store. A full text search does take a few minutes, but only because the hardware is utterly ancient -- less powerful than many modern cell phones. I should get around to upgrading that.
Encryption algorithms are one of the few areas where software developers pay close attention to efficiency in both software and hardware implementations, because they need to run on embedded devices with extremely constrained power and computational resources.
However, with everything moving to dynamic languages running on VMs that can come up with things to do with "spare" CPU cycles, like thumb through their garbage collection area, re-JIT codepaths, and recalculate heuristics, we're probably headed in the wrong direction in the software area overall when it comes to power efficiency -- especially since the rationale for using these types of languages is primarily to cut development time and in that setting, asking developers to put in performance/economy hints will get the cold shoulder. Meanwhile rapid prototyping means everyone is perfectly happy to reinvent wheels, since it has become so very easy to do so.
No, the reason it doesn't work on slashdot is that the cognitively challenging chosen task is usually a classic video game. With looped music. That gets stuck in your head.
This deserves a car analogy.
Suppose a private individual decides to allow drivers to use some of his privately owned land to take a shortcut to avoid a swamp.
Now suppose there are competing grits delivery companies. Delivery Companes A and B start using the shortcut, and they sell off their SUVs because they no longer have to muck through the swamp. Company C uses the shortcut, but since he cannot trust it to stay there, he holds on to the SUVs. Company C goes out of business because Companies A and B don't need to buy as much gasoline since they do not have SUVs, and they underbid company C for new contracts.
Then the private individual decides he wants to close the shortcut to build a large statue of Natalie Portman.
The business of grits delivery being one with tight margins, Company A and B cannot afford to buy SUVs on such short notice. Company A goes bankrupt trying to finance SUVs, and Company B just stops grits delivery to people that live on the other side of the swamp.
Now nobody on the other side of the swamp has any grits at all. Sure they all saved a few pennies on 4AM deliveries of hot grits in the meantime, but it wasn't worth going cold turkey.
The moral of the story is that building something useful but ephemeral, especially if the stability of that thing is unpredictable, destabilizes markets by playing on their inherent vulnerability to human greed and shortsightedness. There may be zero legal obligation to ensure the stability of the service, and your standard disclaimers in the EULA that you can end it at any time may protect you from any sort of legal action, but for a company with a "do no evil" motto, marketing, advertising, and then killing such a product tends to produce consequences far from their stated ideal.
I remember seeing "The Zombies" perform a reunion show in an old arts theater surrounded by an audience that looked for all getout like a milquetoast PTA meeting.
They decided to perform a few Argent numbers. Until the plaster started falling on them.
With today's sound systems you don't need to be Deathklok to damage some of these old buildings.
Data from seemingly unrelated surveys has been used many times in the past to prove important theries. So your question is like asking Hubbel "why do you spend so much time looking at starlight spectra?"
Oodles and oodles of methodical empirical data gathering happen all the time these days, but the only status reports the mass media is interested in carrying are those that feather the imagination of the general public. Like discovering things we might just possibly be able to send a probe to someday.
(And wondering whether there is more to be discovered even closer to us.)
Just because there are few mass media articles about data gathering in pursuit of other goals, does not mean none is occuring, and not all research critical to proving that theory is/was done with that intent.
Well, the above explanations are all very educational. The computer programmer in me wants to answer using short circuit logic, however: we have always been able to see these particular stars. We just didn't know they were so close, because we were looking at still frames.
This.
Though I suspect this is a first step towards that goal.
I'm more concerned that the title correctly used an s-apostrophy. When that happens I'm deeply suspicious that Slashdot has been taken over by a secret cabal of English majors.
Maybe the prospect of 2M users calling up to try to register their boosters could result in just such a thing.