This is just LiveJournal's answer to EZboard's single signon. You can register for any EZboard blog, and reuse the registration information with other EZboard blogs. It's centralized, but it's a feature that LiveJournal and its affiliates don't have. Google and Yahoo also have common sign-ons across their various services. So the LiveJournal people had to do something to keep up.
It's not helpful for e-commerce, corporate intranets, campus-level signons, online banking, or spam prevention.
This will probably be deployed within the movie industry, to keep tight control over pre-released material.
The Academy of Motion Picture Arts and Sciences, the people who give out the Oscars, has an internal piracy problem with its members, who get pre-release DVDs of the Academy Award nominees. They've had to resort to making slightly different tagged DVDs for each member. It's quite possible that Academy members would each get a special DVD player with very restrictive DRM and fingerprint authorization.
That device will be the next Hollywood status symbol.
OK, we have a covert channel and a way to exploit it. How can that be fixed?
First, remember that public key exchange is usually a very small component of a cryptographic session. Usually, you do all the public key work at startup, exchange private keys for the session, and then just use the private keys. So an inefficient solution that protects the public key computations is acceptable.
In the paper, Percival writes "Further, OpenSSL utilizes a "sliding window" method
of modular exponentiation, decomposing x:= (a^d)
mod p into a series
of squarings x:= x^2 mod p and multiplications x:= x ^ (a*2*k+1) mod p." When there's a zero bit in d, the squaring and multiplication are unnecessary, and the SSL implementation apparently skips them. That creates the covert channel. It should be sufficient to revise the code so that it always does the squaring and the multiplication, and then uses the zero bit in D to decide whether or not to use the result. Because some superscalar CPUs might manage to look ahead and avoid the squaring and computation, a nice solution would be to compute both x:= (a^d)
mod p and x:= (a^(d XOR K) mod p, where K is all binary ones out to the maximum length of d. This makes the computation symmetrical, independent of the value of d. This should roughly double the cost of the public key computation, which is probably tolerable.
It's now important to also examine private key mechanisms for similar vulnerabilities. In particular, DES implementations should be checked. Because those execute millions of times during a long data transfer, even if there's a low-bandwidth leak, an exploit may be possible. Some lookup-table based implementations of DES might have exploitable cache semantics, and that needs to be explored.
Ah, yes, "Lucas, the Prince of Darkness". Lucas Electric was notorious for their, well, dim electrical automotive products. Much of the bad reputation and subsequent decline of the British automotive industry resulted from the low quality of Lucas components.
Somehow, Lucas never figured out that they were in a damp country and needed to protect against corrosion. They also stopped upgrading their technology some time in the 1950s.
Somebody has to wire coax or fibre to your pole transformer. BPL is just from the pole transformer to the house. Who's going to do that long cable run?
Spamhaus points out that 200 known spam operations are responsible for 80% of spam. They have names for most of the key people involved. Most of them are in the US, even though "bulletproof web hosting" services in China and money laundering in some tax haven may make them appear to be offshore.
The US Federal Trade Commission says that over 80% of spam involves some violation of Federal law. Not just the CAN-SPAM act, but mail fraud, false advertising, money laundering, computer crime, drug counterfeiting, and racketeering. There should be no problem filing charges.
If we had an FBI director who made this a priority, most spam could be eliminated in a year.
Just divert some of the FBI Baltimore people who do child pornography, who are already experienced at tracking people on the Internet, off that job and onto tracking down the major spam operators.
In a sense, CAN-SPAM has been effective. Spamming by even vaguely legitimate companies is down. Almost all spamming now involves felony criminal activity of one kind or another.
What really happened at LinuxWorld is described here, by Martin Brown, one of the staff who resigned.
LinuxWorld's web site has been automated.
"We have no control over the website; even the new one, which went live recently, is completely out of our control. Many people don't understand how this can be the case - even with the recent issues, many assume we have full and absolute control over content on the website. This simply wasn't the case. Instead the LinuxWorld.com website is an automatic amalgam of articles and posts from across Sys-Con that may, or may not, be Linux related. Our only direct way into providing content for our site was through our also recently enabled blogs (http://mc.linuxworld.com./ We have no control over the articles automatically added and syndicated on the site."
Remember, LinuxWorld's "staff" wasn't paid. So with no pay and no control, of course they quit.
"Quitting" is barely a meaningful concept in a situation like that.
DeBeers and the World Diamond Council has been planning for this for years. They created the Kimberly Process, a paperwork scheme to make diamonds traceable, supposedly to reduce trade in "conflict diamonds". They've been able to get the UN, the EU, and the WTO to sign off on this.
Read their
Industry scheme for regulation. Note the phrase "Not to buy any diamonds from suspect or unknown sources of supply". That's all about market control.
Before the "Kimberly Process", diamonds were generally bought and sold, even in DeBeers showings, with no indication of origin. So introducing synthetic diamonds into the market was easier. With the "Kimberly Process" in place, it's much tougher.
The diamond industry has been lobbying countries to require that synthetic diamonds be labelled in some way. The term "cultured diamonds" is widely used, but there's litigation in Germany to require some more negative term, like "synthetic".
DeBeers has also developed identification devices, the DiamondSure and the DiamondView to try to sort out synthetic and natural diamonds.
The diamonds produced in high-pressure presses can be identified without much trouble. But grown diamonds are tougher to identify.
Long term, diamond prices will probably crash, like sapphire did once you could buy sapphire bar, tube, and rod.
This controversy won't be over until there's an OpenOffice distribution avaialble that requires no proprietary code whatsoever.
The reason this is so important is that if all the source is openly available, nobody can make it go away. It's essential to avoid "drug dealer marketing" - the first one is free, but then it's going to cost you.
There have been too many products that started out "open", and then started to cost money once they had users locked in.
The typical progression for psuedo-free software is
The product is free for download. A user community emerges.
A new version comes out, with modest restrictions and price, and the free version is deprecated.
"The biggest threat Red Hat faces right now is that IBM could settle with SCO and then release its own Linux along with workstations and servers based on the Cell processor."
Huh?
Other than that IBM is winning against SCO and that the cell architecture is intended for game machines and embedded applications, what's wrong with this picture?
Also, if Microsoft tried to buy Red Hat, even Bush's out-to-lunch antitrust enforcement unit would have to do something.
Actually, Apple's kernel is a collection of parts from BSD, Mach, and IOKit. It's a monolithic kernel like Mach 2.5, not a microkernel like Mach 3.0, although some parts from the Mach 3.0 code base were supposedly used.
IOkit is written in the "embedded subset" of C++, an idea from 1999 that never caught on. Drivers are loadable kernel modules, as with Linux, but the structure is quite different.
Any driver can crash the kernel. It's not a microkernel at all.
Server software technology keeps getting worse, as.NET, J2EE, Perl, PHP, Flash etc. are deployed for pages that could just as well be static.
How many barrels of oil per day go into "ad personalization"?
Although interesting, Mach was developed at a university and shows a huge number of problems as a result.
Sad, but true. The developers of Mach chose to start with BSD and tried to hack it into a microkernel, one section at a time. This was a flop. Mach 2.5, which Apple uses, is basically BSD with some Mach features. Mach 3 is more of a microkernel, but is so awful that nobody uses it.
There are really only two microkernels that work - VM, for IBM mainframes, and QNX. In both cases, incredible care was put into getting the key primitives - interprocess communication and scheduling - right. If those are botched, the system never recovers.
Mach suffered from too much "cool idea" syndrome.
There's too much generality in key primitives that need to work fast. Message passing has too many options. The ability to build heterogeneous multiprocessor clusters out of whatever you have lying around complicates the simpler cases. And sharing memory across the network isn't worth the trouble.
It's clear from VM and QNX how a microkernel should work. Interprocess communication and scheduling need to play well together. Interprocess communication primitives should be like subroutine calls, not I/O operations. Try for an overhead of about 20%, and don't get carried away with the "zero copy" mania. Organize the I/O system so that the channel drivers that manage memory access are separate from the device drivers that manage the device functions.
The new, "research" ASIMO can run, unlike the older units, which are strictly walkers. There's very little detailed information on how Honda controls running, although the older algorithms for walking can be found in papers and patents.
If anyone has solid information on this, I'd be interested in obtaining it. Thanks.
Actually, the RFID aspect of this is incidental. What they're really talking about is requiring network authorization to play a disk. The MPAA can fantasize about that, but it's not going to happen. Not in a world where DVD players cost $29.95.
Imagine Xmas morning, when the authentication servers are overloaded, it takes hours to get a new disk authorized, and new DVD players won't play old disks until you contact the call center for an upgrade authorization.
I was looking at Nuclear Regulatory Commission incident reports today, when suddenly a pop-up appeared saying "You have been randomly selected to participate in a survey" to obtain information about their users.
Never saw that before on a Government site. Anyone else seeing this? It seems to appear infrequently.
Tritium production in the United States is still active in the United States.
Not quite. The TVA's Watts Bar reactor has a few rods being irradiated, and DOE hopes to get some tritium out by 2007. The facility to extract tritium from the rods, at Savannah River, isn't finished yet.
This thing runs on tritium, which is made in nuclear reactors. Or used to be. The US no longer has a tritium production capability, and hasn't had one since 1988 when K reactor at Savannah River shut down. Tritium currently costs around $100,000/gram.
Current production is around 1500g/year, mostly from old CANDU reactors in Canada.
There's a modest demand for tritium. It's needed to recharge H-bombs. Fusion researchers need sizable quantities of it. It's used for night lights in exit signs, watches, and gunsights. Tritium has a half life of about 12 years, so you lose 5.5% every year as it decays to helium-3.
So a new product that requires tritium faces a major supply problem.
The hazards of tritium exposure aren't high, but some precautions are required.
Cleanup procedures for a broken tritium exit sign are as follows:
Identify all individuals possibly exposed to the H-3.
Individuals possibly exposed should immediately:
Shower with soap and water (or at least wash face and hands).
Change clothing (retain in plastic bag).
Drink plenty of fluids.
Collect a urine sample immediately and then 24-hour cumulative samples and follow Nuclear Regulatory Commission (NRC), state, or health physics consultant advice on where to send them for analysis.
Call the NRC Regional Office.
Call the State Radiation Protection Program.
Call manufacturer of signs for technical information.
Be prepared to hire a health physics consultant to deal with initial monitoring, decontamination, and disposal of the exit sign and contaminated materials.
The protective clothing required for cleanup usually consists of gloves and booties. The broken sign should be placed in an air-tight container by a health physics consultant. If silica gel is available it should be placed in the container with the broken sign. The silica gel will collect tritiated water. At a minimum, the broken sign and any miscellaneous pieces should be double bagged and sealed in plastic. Disposal of the broken sign should be arranged through the manufacturer or a health physics consultant.
And people screw up, even with ordinary exit signs. Here's a Nuclear Regulatory Commission report from 2004:
USAF personnel in the Johnston Atoll in the Pacific were attempting to remove the "batteries" from an exit sign they believed to be battery powered. During the attempt to open the case, they destroyed the sign only to discover that it was a tritium sign. All tritium modules were broken.
Five personnel were in the room at the time and all were potentially exposed to the tritium. The Radiation Safety Officer (RSO) isolated the room and the personnel clothing, etc. Pre-cleanup surveys indicated greater than 6 times the normal background survey readings in the room. The RSO double-bagged the sign and tritium module debris. The room and work areas were decontaminated. Post-cleanup surveys indicated normal background readings. Personnel uptake and dose evaluations are currently being assessed.
So, like the nuclear batteries of the 1960s, this will be a specialized technology of very limited application.
"Computer Economics" is a small consulting firm whose head, Frank Scavo, has a blog. He asked readers of his blog to click on a poll page. Then he issued a press release as if this was some significant result. That's where this data came from.
He does this regularly.
His poll question this week is "Is your organization outsourcing any IT functions to offshore providers?" You can answer it here.
This is probably less meaningful than Slashdot polls. No CowboyNeil option, either.
"The Emperor's New Mind" is bad enough. "The Physics of Immortality", by Tipler, is worse. Tipler proposes the idea that, because the universe is expanding, there will eventually be enough space to build a simulator for the universe at its present size, and this will be done, thereby recreating everything that exists now. Only better.
It really is that bad. Nature called it "a masterpiece of psuedoscience".
AI as a field has its own problems, but these guys aren't helping.
That sounds like the stuff I was hearing in San Francisco in 1998. Mindshare! Viral marketing! Big companies are too inflexible! Profit doesn't matter! It's the New Economy!
And where are we today? Microsoft is #1 in Internet browsers. IBM is #1 in open source applications. WalMart is #1 in retail. The number of programmers in the US is down 25% since 2000. Almost all the dot-coms are dead.
There are interesting things to be done in software, but the "make money fast by selling stuff on the Internet" ideas have been done.
It's not helpful for e-commerce, corporate intranets, campus-level signons, online banking, or spam prevention.
The Academy of Motion Picture Arts and Sciences, the people who give out the Oscars, has an internal piracy problem with its members, who get pre-release DVDs of the Academy Award nominees. They've had to resort to making slightly different tagged DVDs for each member. It's quite possible that Academy members would each get a special DVD player with very restrictive DRM and fingerprint authorization.
That device will be the next Hollywood status symbol.
First, remember that public key exchange is usually a very small component of a cryptographic session. Usually, you do all the public key work at startup, exchange private keys for the session, and then just use the private keys. So an inefficient solution that protects the public key computations is acceptable.
In the paper, Percival writes "Further, OpenSSL utilizes a "sliding window" method of modular exponentiation, decomposing x := (a^d)
mod p into a series
of squarings x := x^2 mod p and multiplications x := x ^ (a*2*k+1) mod p." When there's a zero bit in d, the squaring and multiplication are unnecessary, and the SSL implementation apparently skips them. That creates the covert channel. It should be sufficient to revise the code so that it always does the squaring and the multiplication, and then uses the zero bit in D to decide whether or not to use the result. Because some superscalar CPUs might manage to look ahead and avoid the squaring and computation, a nice solution would be to compute both x := (a^d)
mod p and x := (a^(d XOR K) mod p, where K is all binary ones out to the maximum length of d. This makes the computation symmetrical, independent of the value of d. This should roughly double the cost of the public key computation, which is probably tolerable.
It's now important to also examine private key mechanisms for similar vulnerabilities. In particular, DES implementations should be checked. Because those execute millions of times during a long data transfer, even if there's a low-bandwidth leak, an exploit may be possible. Some lookup-table based implementations of DES might have exploitable cache semantics, and that needs to be explored.
Ah, yes, "Lucas, the Prince of Darkness". Lucas Electric was notorious for their, well, dim electrical automotive products. Much of the bad reputation and subsequent decline of the British automotive industry resulted from the low quality of Lucas components.
Somehow, Lucas never figured out that they were in a damp country and needed to protect against corrosion. They also stopped upgrading their technology some time in the 1950s.
Somebody has to wire coax or fibre to your pole transformer. BPL is just from the pole transformer to the house. Who's going to do that long cable run?
The US Federal Trade Commission says that over 80% of spam involves some violation of Federal law. Not just the CAN-SPAM act, but mail fraud, false advertising, money laundering, computer crime, drug counterfeiting, and racketeering. There should be no problem filing charges.
If we had an FBI director who made this a priority, most spam could be eliminated in a year. Just divert some of the FBI Baltimore people who do child pornography, who are already experienced at tracking people on the Internet, off that job and onto tracking down the major spam operators.
In a sense, CAN-SPAM has been effective. Spamming by even vaguely legitimate companies is down. Almost all spamming now involves felony criminal activity of one kind or another.
Remember, LinuxWorld's "staff" wasn't paid. So with no pay and no control, of course they quit. "Quitting" is barely a meaningful concept in a situation like that.
Read their Industry scheme for regulation. Note the phrase "Not to buy any diamonds from suspect or unknown sources of supply". That's all about market control.
Before the "Kimberly Process", diamonds were generally bought and sold, even in DeBeers showings, with no indication of origin. So introducing synthetic diamonds into the market was easier. With the "Kimberly Process" in place, it's much tougher.
The diamond industry has been lobbying countries to require that synthetic diamonds be labelled in some way. The term "cultured diamonds" is widely used, but there's litigation in Germany to require some more negative term, like "synthetic".
DeBeers has also developed identification devices, the DiamondSure and the DiamondView to try to sort out synthetic and natural diamonds. The diamonds produced in high-pressure presses can be identified without much trouble. But grown diamonds are tougher to identify.
Long term, diamond prices will probably crash, like sapphire did once you could buy sapphire bar, tube, and rod.
All advertising, all the time!
The reason this is so important is that if all the source is openly available, nobody can make it go away. It's essential to avoid "drug dealer marketing" - the first one is free, but then it's going to cost you. There have been too many products that started out "open", and then started to cost money once they had users locked in.
The typical progression for psuedo-free software is
Examples are Intellicad, Sendmail, and QNX
I still subscribe to some IEEE Transactions, but IEEE's "Computer" has degenerated into PR crap. I finally dropped the ACM publications entirely.
Huh?
Other than that IBM is winning against SCO and that the cell architecture is intended for game machines and embedded applications, what's wrong with this picture?
Also, if Microsoft tried to buy Red Hat, even Bush's out-to-lunch antitrust enforcement unit would have to do something.
Actually, Apple's kernel is a collection of parts from BSD, Mach, and IOKit. It's a monolithic kernel like Mach 2.5, not a microkernel like Mach 3.0, although some parts from the Mach 3.0 code base were supposedly used.
IOkit is written in the "embedded subset" of C++, an idea from 1999 that never caught on. Drivers are loadable kernel modules, as with Linux, but the structure is quite different.
Any driver can crash the kernel. It's not a microkernel at all.
Server software technology keeps getting worse, as .NET, J2EE, Perl, PHP, Flash etc. are deployed for pages that could just as well be static.
How many barrels of oil per day go into "ad personalization"?
Should this be read as "Dan Gillmor was laid off by the Mercury News and is now just another blogger?"
Sad, but true. The developers of Mach chose to start with BSD and tried to hack it into a microkernel, one section at a time. This was a flop. Mach 2.5, which Apple uses, is basically BSD with some Mach features. Mach 3 is more of a microkernel, but is so awful that nobody uses it.
There are really only two microkernels that work - VM, for IBM mainframes, and QNX. In both cases, incredible care was put into getting the key primitives - interprocess communication and scheduling - right. If those are botched, the system never recovers.
Mach suffered from too much "cool idea" syndrome. There's too much generality in key primitives that need to work fast. Message passing has too many options. The ability to build heterogeneous multiprocessor clusters out of whatever you have lying around complicates the simpler cases. And sharing memory across the network isn't worth the trouble.
It's clear from VM and QNX how a microkernel should work. Interprocess communication and scheduling need to play well together. Interprocess communication primitives should be like subroutine calls, not I/O operations. Try for an overhead of about 20%, and don't get carried away with the "zero copy" mania. Organize the I/O system so that the channel drivers that manage memory access are separate from the device drivers that manage the device functions.
This is how you get uptime measured in years.
If anyone has solid information on this, I'd be interested in obtaining it. Thanks.
Imagine Xmas morning, when the authentication servers are overloaded, it takes hours to get a new disk authorized, and new DVD players won't play old disks until you contact the call center for an upgrade authorization.
Never saw that before on a Government site. Anyone else seeing this? It seems to appear infrequently.
Not quite. The TVA's Watts Bar reactor has a few rods being irradiated, and DOE hopes to get some tritium out by 2007. The facility to extract tritium from the rods, at Savannah River, isn't finished yet.
There's a modest demand for tritium. It's needed to recharge H-bombs. Fusion researchers need sizable quantities of it. It's used for night lights in exit signs, watches, and gunsights. Tritium has a half life of about 12 years, so you lose 5.5% every year as it decays to helium-3. So a new product that requires tritium faces a major supply problem.
The hazards of tritium exposure aren't high, but some precautions are required. Cleanup procedures for a broken tritium exit sign are as follows:
When an Exit Sign Containing Tritium (3H) Is Damaged (broken with the release of 3H):
The protective clothing required for cleanup usually consists of gloves and booties. The broken sign should be placed in an air-tight container by a health physics consultant. If silica gel is available it should be placed in the container with the broken sign. The silica gel will collect tritiated water. At a minimum, the broken sign and any miscellaneous pieces should be double bagged and sealed in plastic. Disposal of the broken sign should be arranged through the manufacturer or a health physics consultant.
And people screw up, even with ordinary exit signs. Here's a Nuclear Regulatory Commission report from 2004:
USAF personnel in the Johnston Atoll in the Pacific were attempting to remove the "batteries" from an exit sign they believed to be battery powered. During the attempt to open the case, they destroyed the sign only to discover that it was a tritium sign. All tritium modules were broken.
Five personnel were in the room at the time and all were potentially exposed to the tritium. The Radiation Safety Officer (RSO) isolated the room and the personnel clothing, etc. Pre-cleanup surveys indicated greater than 6 times the normal background survey readings in the room. The RSO double-bagged the sign and tritium module debris. The room and work areas were decontaminated. Post-cleanup surveys indicated normal background readings. Personnel uptake and dose evaluations are currently being assessed.
So, like the nuclear batteries of the 1960s, this will be a specialized technology of very limited application.
Until the opposition figures this out and gets shotguns.
He does this regularly. His poll question this week is "Is your organization outsourcing any IT functions to offshore providers?" You can answer it here.
This is probably less meaningful than Slashdot polls. No CowboyNeil option, either.
It really is that bad. Nature called it "a masterpiece of psuedoscience".
AI as a field has its own problems, but these guys aren't helping.
And where are we today? Microsoft is #1 in Internet browsers. IBM is #1 in open source applications. WalMart is #1 in retail. The number of programmers in the US is down 25% since 2000. Almost all the dot-coms are dead.
There are interesting things to be done in software, but the "make money fast by selling stuff on the Internet" ideas have been done.