On thing you could offer as well is a prize to the first company to ship X number of tons (set to require at least 2-3 container ship loads) of stuff while releasing less than Y amount of CO2 into the atmosphere.
Basically you have to push at least one company over the barrier to using a better trans-oceanic shipping method, and then capitalism and competition will do the rest.
And if some company decides to start shipping the cargo by a cheaper method, they can charge people less money. Soon every company will be forced to ship using a cheaper method if they want to stay competitive.
It sounds like there is evidence if you look at some of the other comments. Apparently the job didn't really exist when they hired him. They hired him for a fake position in the hopes that his presence in the position would cause the business to materialize that would make the position exist. That sounds like bad faith to me.
Popular for aircraft carriers. Maybe for cargo ships too? How is the waste dealt with in an aircraft carrier. How do aircraft carriers and submarines avoid unplanned criticality excursions?
The buyers in this case and most others are not planning for a future. They are extracting as much wealth as possible as quickly as possible with no regard for a future that will never be. If it blows up in 2, 3, or five years is only a matter of finding more suckers to take money from while Novell's business prospects end.
Exactly! That is exactly what I feel Attachmate will do to Novell and Suse. It is one of the reasons I think any company that buys non-Open Source software is insane. They are just setting themselves up to be fleeced in just this way.
Yes, and no. I consider it to be dishonest to customers. And if it weren't for the debt they had been saddled with, they would've been plenty profitable enough to avoid doing it at all.
Additionally, programmers are not easily replaceable. Every single project I've ever worked on inside a corporation had an amazing amount of 'tribal knowledge' locked in the heads of various developers. So not only are you battening down the hatches for the present when you lay them off, you're mortgaging your future by destroying the core intellectual base for the stuff you have.
Seniority was a big criteria when they did this, but the morale destruction caused a lot of their most senior and competent people to leave.
The whole fiasco painted a picture (to me) of management that didn't see a quality product as the key to improving their bottom line, but rather was more interested in the appearance of a quality product and making short-term decisions in the interests of the bottom line. They traded on their reputation with their customers to the detriment of those same customers.
You could argue that having the company go under would be even worse for those customers. But the only reason why that was a danger at all was because of previous decisions that teated profits as an end to themselves rather than as a reward for a job well done.
Attachmate's strategy for the economic downturn was to lay off most of their development staff while still collecting maintenance from all their customers. And they only had to follow that strategy because the private equity group that owns them had sucked a ton of money out of the company by saddling it with a gigantic debt.
I don't feel very good about the prospects for sane, customer focused management from this particular company.
When I was designing the CAKE protocol [cakem.net] in 2003 I already had the idea of doing this. It was 'Key Addressed Crypto Encapsulation' for a reason. The idea was to choose whichever transport method was handy for the message.
A friend's interest has got me working on this again. Hopefully I can get a working system together soon so other people can play with it.
While I agree with you, not one of the Linux desktop systems I manage for friends has ever been compromised. Of course, it occupies a much smaller market share.
And who do you think Joe Average relies on to tell h(im/er) what's good? People like us who read stuff like that, that's who. For years now IE marketshare has been being depressed because people like us keep telling Joe Average to stop using it, even though it's what is pre-installed on Joe Average's computer. So changing our opinions is exactly what Microsoft is after.
Unfortunately the statements added are basically 'noop' statements that should have no effect whatsoever on anything. It's almost like the original Mozilla engineer (who is not the author of the article BTW) added a comment and had the benchmark result drastically change.
So the author's opinion is fairly well supported by the evidence. In order for me to consider that opinion to be hard fact I would have to see very similar small changes affecting other SunSpider benchmarks in similarly drastic ways.
I'm really quite surprised at the number of people who rush to defend Microsoft on this one. In my opinion the evidence here is, while not damning, certainly very suggestive of benchmark gaming.
0) What algorithms do you propose as replacements?
That is tricky. Currently SHA2-256,384,512 are the only viable replacements, but I would say that's only provisional and should wait for the results of the NIST hash algorithm competition.
1) How hard can it be? Maybe you can "walk the talk" by deleting/disabling all the CA certs in your browser that use bad algorithms- e.g. algorithms that you did not propose in 0). Same goes for not using browsers, ssh servers and clients that do not support algorithms in 0).
Don't be surprised if you find that some CAs are still using MD2!
This is a completely different issue than say "Oh, it's still perfectly good for some things, you don't have to stop using it!". If someone else is using it that you need to interoperate with you don't have any choices besides not interoperating, or implementing the algorithm.
But you still don't have to say "It's just fine, for some things!" and you don't have to make it easy for people to use for new things. For example, you shouldn't be providing an option for people to create an MD2, or MD5 signature anymore, and your UI should strongly discourage the use of an SHA-1 based signature of anything.
That's exactly what I thought. SHA-1 has been demonstrated to have weaknesses, not trivially exploitable ones right now, but weaknesses all the same. But what this person is doing doesn't exploit any of them. They don't get to blame the ease with which they cracked passwords on SHA-1.
Though, as I understand it, there are algorithms that involve multiple rounds of hashing with a bit of salt added each time. Those would be good because there is no clear way to compute them faster and you can have a few hundred or a few thousand rounds and force a password guess to take at least a few milliseconds to evaluate even on fantastic hardware.
While this article really has nothing to do with the security of SHA-1, SHA-1 does have weaknesses that should make anybody think twice before using it.
And I really hate it when people say "Oh, well, it isn't good for this, but how about this?! I mean, we can't toss out a perfectly good algorithm!". What possesses people to hang onto algorithms that are broken for which there are essentially drop in replacements for that aren't.
Hash algorithms are really tricky to use correctly, and know when you can and can't use them when they have a specific weakness is not a trivial determination to make. And replacing the stupid thing is pretty simple. So just get over it already and drop the bad algorithm. How hard can it be?
I bet it shows up in the next release of Fedora, so early 2Q 2011. They may add te patch to an update kernel for Fedora 14, but I suspect that won't happen.
I have been blessed to have not to have to have dealt with much PHP code, so I don't have a strong opinion. From everything I hear though, I really dread the prospect.
I know. I cringe just thinking about the interesting and weird perl constructs I will have to decipher in the future. And worse, most of them will only work for the very narrow range of cases which they were specifically designed to handle. Like the IP address module I looked at that sort of created an IP address datatype, but required you to call its member functions in specific orders in order to work.
I'm sorry. I was not thinking about the cross-wind, tacking example. Yes, a sailboat can go faster than windspeed in the case, and that's because the keel allows the boat to extract the kinetic energy with reference to the ocean rather than in reference to the boat.
With no air the cart could not advance on the treadmill. In fact, without your perfectly efficient bearings any and all carts would stay stationary. It's the propellors contact with air that allows the cart to advance on a treadmill.
Why would a boat travelling downwind bring the air to a stop? It seems to me like it would only be able to slow it down to the same speed the boat was going.
The keel, on the other hand, allows the boat to stay stationary relative to the ocean with regards to the vector of the wind. This allows the boat to bring the air's speed down to the same speed as the water on the ocean. That's significantly more kinetic energy that can be extracted.
Slashdot Mirror
On thing you could offer as well is a prize to the first company to ship X number of tons (set to require at least 2-3 container ship loads) of stuff while releasing less than Y amount of CO2 into the atmosphere.
Basically you have to push at least one company over the barrier to using a better trans-oceanic shipping method, and then capitalism and competition will do the rest.
Thanks. :-) Fixed it. :-)
And consumers have no choice about what they buy? If some company figures out a cheaper way to ship, they can charge less money for their products.
And if some company decides to start shipping the cargo by a cheaper method, they can charge people less money. Soon every company will be forced to ship using a cheaper method if they want to stay competitive.
It sounds like there is evidence if you look at some of the other comments. Apparently the job didn't really exist when they hired him. They hired him for a fake position in the hopes that his presence in the position would cause the business to materialize that would make the position exist. That sounds like bad faith to me.
Popular for aircraft carriers. Maybe for cargo ships too? How is the waste dealt with in an aircraft carrier. How do aircraft carriers and submarines avoid unplanned criticality excursions?
Impose tariffs based on what kind of cargo ship the stuff came in on. That's what they can do about it.
The buyers in this case and most others are not planning for a future. They are extracting as much wealth as possible as quickly as possible with no regard for a future that will never be. If it blows up in 2, 3, or five years is only a matter of finding more suckers to take money from while Novell's business prospects end.
Exactly! That is exactly what I feel Attachmate will do to Novell and Suse. It is one of the reasons I think any company that buys non-Open Source software is insane. They are just setting themselves up to be fleeced in just this way.
Yes, and no. I consider it to be dishonest to customers. And if it weren't for the debt they had been saddled with, they would've been plenty profitable enough to avoid doing it at all.
Additionally, programmers are not easily replaceable. Every single project I've ever worked on inside a corporation had an amazing amount of 'tribal knowledge' locked in the heads of various developers. So not only are you battening down the hatches for the present when you lay them off, you're mortgaging your future by destroying the core intellectual base for the stuff you have.
Seniority was a big criteria when they did this, but the morale destruction caused a lot of their most senior and competent people to leave.
The whole fiasco painted a picture (to me) of management that didn't see a quality product as the key to improving their bottom line, but rather was more interested in the appearance of a quality product and making short-term decisions in the interests of the bottom line. They traded on their reputation with their customers to the detriment of those same customers.
You could argue that having the company go under would be even worse for those customers. But the only reason why that was a danger at all was because of previous decisions that teated profits as an end to themselves rather than as a reward for a job well done.
Attachmate's strategy for the economic downturn was to lay off most of their development staff while still collecting maintenance from all their customers. And they only had to follow that strategy because the private equity group that owns them had sucked a ton of money out of the company by saddling it with a gigantic debt.
I don't feel very good about the prospects for sane, customer focused management from this particular company.
When I was designing the CAKE protocol [cakem.net] in 2003 I already had the idea of doing this. It was 'Key Addressed Crypto Encapsulation' for a reason. The idea was to choose whichever transport method was handy for the message.
A friend's interest has got me working on this again. Hopefully I can get a working system together soon so other people can play with it.
While I agree with you, not one of the Linux desktop systems I manage for friends has ever been compromised. Of course, it occupies a much smaller market share.
And who do you think Joe Average relies on to tell h(im/er) what's good? People like us who read stuff like that, that's who. For years now IE marketshare has been being depressed because people like us keep telling Joe Average to stop using it, even though it's what is pre-installed on Joe Average's computer. So changing our opinions is exactly what Microsoft is after.
Unfortunately the statements added are basically 'noop' statements that should have no effect whatsoever on anything. It's almost like the original Mozilla engineer (who is not the author of the article BTW) added a comment and had the benchmark result drastically change.
So the author's opinion is fairly well supported by the evidence. In order for me to consider that opinion to be hard fact I would have to see very similar small changes affecting other SunSpider benchmarks in similarly drastic ways.
I'm really quite surprised at the number of people who rush to defend Microsoft on this one. In my opinion the evidence here is, while not damning, certainly very suggestive of benchmark gaming.
You richly deserve the +5 you got. :-)
Oh, so this is acceptable behavior now because "everybody's doing it"? When did that start being a valid excuse?
0) What algorithms do you propose as replacements?
That is tricky. Currently SHA2-256,384,512 are the only viable replacements, but I would say that's only provisional and should wait for the results of the NIST hash algorithm competition.
1) How hard can it be? Maybe you can "walk the talk" by deleting/disabling all the CA certs in your browser that use bad algorithms- e.g. algorithms that you did not propose in 0). Same goes for not using browsers, ssh servers and clients that do not support algorithms in 0).
Don't be surprised if you find that some CAs are still using MD2!
This is a completely different issue than say "Oh, it's still perfectly good for some things, you don't have to stop using it!". If someone else is using it that you need to interoperate with you don't have any choices besides not interoperating, or implementing the algorithm.
But you still don't have to say "It's just fine, for some things!" and you don't have to make it easy for people to use for new things. For example, you shouldn't be providing an option for people to create an MD2, or MD5 signature anymore, and your UI should strongly discourage the use of an SHA-1 based signature of anything.
That's exactly what I thought. SHA-1 has been demonstrated to have weaknesses, not trivially exploitable ones right now, but weaknesses all the same. But what this person is doing doesn't exploit any of them. They don't get to blame the ease with which they cracked passwords on SHA-1.
Though, as I understand it, there are algorithms that involve multiple rounds of hashing with a bit of salt added each time. Those would be good because there is no clear way to compute them faster and you can have a few hundred or a few thousand rounds and force a password guess to take at least a few milliseconds to evaluate even on fantastic hardware.
While this article really has nothing to do with the security of SHA-1, SHA-1 does have weaknesses that should make anybody think twice before using it.
And I really hate it when people say "Oh, well, it isn't good for this, but how about this?! I mean, we can't toss out a perfectly good algorithm!". What possesses people to hang onto algorithms that are broken for which there are essentially drop in replacements for that aren't.
Hash algorithms are really tricky to use correctly, and know when you can and can't use them when they have a specific weakness is not a trivial determination to make. And replacing the stupid thing is pretty simple. So just get over it already and drop the bad algorithm. How hard can it be?
I bet it shows up in the next release of Fedora, so early 2Q 2011. They may add te patch to an update kernel for Fedora 14, but I suspect that won't happen.
I have been blessed to have not to have to have dealt with much PHP code, so I don't have a strong opinion. From everything I hear though, I really dread the prospect.
I know. I cringe just thinking about the interesting and weird perl constructs I will have to decipher in the future. And worse, most of them will only work for the very narrow range of cases which they were specifically designed to handle. Like the IP address module I looked at that sort of created an IP address datatype, but required you to call its member functions in specific orders in order to work.
There are a very surprisingly large number of older sites that still user *shudder* perl for their web backends.
I'm sorry. I was not thinking about the cross-wind, tacking example. Yes, a sailboat can go faster than windspeed in the case, and that's because the keel allows the boat to extract the kinetic energy with reference to the ocean rather than in reference to the boat.
With no air the cart could not advance on the treadmill. In fact, without your perfectly efficient bearings any and all carts would stay stationary. It's the propellors contact with air that allows the cart to advance on a treadmill.
Why would a boat travelling downwind bring the air to a stop? It seems to me like it would only be able to slow it down to the same speed the boat was going.
The keel, on the other hand, allows the boat to stay stationary relative to the ocean with regards to the vector of the wind. This allows the boat to bring the air's speed down to the same speed as the water on the ocean. That's significantly more kinetic energy that can be extracted.