Note that I didn't type, "6250bpi spool":-) And I just threw out a few of those old cartridges with the metal plate on one side; what were those called? Anyway, so I'm old, and the last time I put something on a tape it was 8mm.
How much cash would it take to make a programmer with access talk?
Actually since I typed the original note I've been trying to figure out how to work the "sex" angle. I know a few secrets, probably.
The trick is that the verifier only checks the first 6 characters of the first two passwords. Thus cranking the thing backwards indeed gets you those strings, but there's no telling what the actual pages are (and I tried getting everything of the form "mid222x" for all ascii "x", but found nothing).
Definitely assume that anybody you really don't want knowing your command structures will know them. Do you keep the documentation (or source code) in a locked vault with genuine security (not just "don't tell anybody where the vault is")? Do you have strong entry/exit security (can you take an 8mm tape home with nobody noticing)? Are your internal machines firewalled completely from the public Internet? Most importantly, how much do you trust the people who know how it works? Are you sure none of them wouldn't sell information for a few tens of thousands of dollars (or sex)?
Re:How come old technology keeps making headlines?
on
P2P in 2001
·
· Score: 2
if that is your idea of distributed computing, then that includes ANY software (not even unioned by software or use types) interacting with another peice of software.
No, it doesn't. For example, I don't consider a simple FTP client connecting to an FTP server based on a user-supplied address to be a distributed application. But an automated file downloader that operates off a local preference database and that locates its "servers" by using some search algorithm it runs itself, well that's in the gray area. Of course if the app is able to serve as well as act as a pure client, there's no discussion.
For a fun little diversion, go to the midbartech website and try to get information about one of the Cactus products. You'll get to a page that has a one-field form asking for a password. Get your browser to show you the source for the page, and groove on the unbelievably sophomoric obfuscated password verifier. Ha!
Re:How come old technology keeps making headlines?
on
P2P in 2001
·
· Score: 1
Distributed computing implies that there will be more than more CPU in more than one PC, working together to accomplish a single result.
That's certainly one application, but it's by no means the only meaning of "distributed computing". I think the basic idea is that the application code exists around the network on the machines that want/need/request services.
A network of "simple" point-to-point file transfer agents is not really that simple.
Are the record labels just clueless or is there some other diabolical plan in the wings?
Sure there's a plan: digital speakers (usb?) that include tamper-proof decoding hardware. Of course they can't prevent you from mic'ing the speakers, but then microphones are just tools of pirates and kiddie-pr0n drug-snorting criminals anyway.
How come old technology keeps making headlines?
on
P2P in 2001
·
· Score: 2, Offtopic
So now distributed computing has this neat new "p2p" hax0r acronym, and the fact that you can write distributed applications if you've got networked computers is news. That Ray Ozzie is planning on writing a distributed application is news. That the army wants to hook GIs together in a wireless network is news.
Sorry, but does anybody remember CORBA? DCOM? Or any of the zillion other frameworks for writing distributed applications that've been around for over a decade? A whole freaking lot of corporate applications ALREADY DEPLOYED are distributed applications that, in some way or another, are "p2p" applications. The one I'm personally most familiar with is Tivoli, which was a distributed app with installed clients interoperating via a distributed framework as far back as 1992. Does that make us Tivoli people futuristic super-geniuses? No, it doesn't -- because distributed apps have been on people's minds since networking was born. I mean, duhh. But hack together something that lets people swap ripped songs, and *poof* it's a "new wave".
And does anybody else feel like we've been hearing about soldiers wired together for years and years (and years)?
The issue discussed is NOT content -- it has nothing to do with whether you're boycotting copy-protected CDs, or Disney movies, or whatever. Do you like building your own machine from parts scrounged via PriceWatch? Do you like building your own bleeding edge Linux kernel and optimizing the driver for your video card? Well the article is about the distinct possibility that corporate interests will negotiate a legal solution that directly implies that writing your own software or building your own hardware is ILLEGAL.
No, they won't, because given any MD5 hash there are an infinitude of files that hash to it.
Now if you also send the file size, you reduce the possibility of collision.
But there's still a minor problem of iterating through the set of candidates. If you send me the MD5 hash for a 500KB file, you'll need to get cranking on computing the MD5 hash of each 4 million bit number. 2^4000000000 different MD5 hashes will take a few lifetimes of the universe to perform with any computing device bounded by time quanta.
I mean it's not for image compression specifically, but it definitely reminds me of IFS image compression in some ways. I'll bet that compression is very time consuming, but that's fine if you're warehousing data. I wonder if the clients are pre-loaded with a body of parameterized functions, so that the server just sends information describing what functions to run and what the parameters are. I guess if it's all based on polynomials all it needs to send are vectors of constants.
Re:Will heat be a problem?
on
Linux On HP Blades
·
· Score: 2, Interesting
Now obviously part of the air conditioning is covered in your monthly fee, but they don't scale it based on how much heat you're making. All hosting firms worry about is ethernet drops and rack units.
Well, the dumb ones maybe. Somebody has to pay for the power, both for your rack of heaters and for the air conditioning. If an ISP doesn't figure out a way to pass those costs on (proportionately, you'd hope) to customers, it's eventually going to fail.
In fact it seems to me that a smart.com would try to optimize their power/page ratio and negotiate better terms from their ISP based on that effort. Convince the ISP to stick it to the people in the next rack!
Calling this scheme "penny-per-page" makes it sound simple, but the basic problem of defining what it is that the user pays for doesn't go away that easily. What about simple page reloads because of browser hiccups? What about sites like Slashdot, where new content slowly encroaches upon old? What about archives? What about Akamai?
Those aren't new questions, they're the same basic things you encounter as soon as pay-per-anything is considered. I think that complexity makes the subscription model (Salon) more appealing from a management and marketing standpoint, because it's easy to describe and appreciate the value proposition.
The draw? Simple. I bought one as a Christmas gift for my parents. I upload pictures of my kids, and every few days they wake up to some new images. They don't need to think about it at all. They have a computer, but there's no way they'd ever get comfortable with the process of downloading an image and printing it, no matter how simple that seems.
The Ceiva is an OK solution. I haven't found any hacks for it. Their service is nothing special, but functional.
and I don't see any sites getting rid of Flash just because Lynx doesn't support it.
That's because they're foolish. I regularly send "I'm a pain in the ass" mail to whatever marketing address I can find to inform people that locking potential customers out of their promotional websites is the height of stupidity. Use of Flash or other plugins may be OK for optional "tours" or whatever, but to block a customer from the main page due to lack of a plugin is a clear case of marketing people gone wild without adult supervision.
The idea that flash animation is required to grab attention is based on a misunderstanding of the context. If I go to a commercial web site, chances are I've gone there on purpose to gather information. I do not need to be impressed. I do not need eye candy to keep me "stuck" to the site. I just want information.
The same goes for access sites at banks or credit card companies (like Citibank, for example) that feel the need to drown me in stupid flyover popup menus. Why why why? I just want to check my balance, and your 100K of Javascript does NOT make my life better.
What does this have to do with anybody's rights? If MSN shuts out other browsers, well that sucks I guess, but I have no inalienable right to read MSN with Opera. And there wasn't much in the article about anybody's "rights", just a discussion of the meaning of W3C standards.
Seems like the last thing that the labor pool needs is a whole bunch of entry-level web developers. Aren't there a lot of those looking for work nowadays?
If you have lm_sensors and i2c 2.6.1, you need to do a "make clean" and a "make depend" in those source trees (after building kernel 2.4.13) to deal with an apparent change in a kernel file name. Other than that those packages work fine with the new kernel (so far...).
It's probably wise to do that every time, but I've been able to get away with "make clean all install" until now.
... in the war to drive out small-scale developers in favor of well-controlled large corporate entities. People paying that much money for the privilege of developing software are very likely to be quite aggressive in convincing themselves that they're happy. And note that much of the fees here will come from big fat IT budgets for internal application development. CIOs just want an empire like anybody else, and this sort of thing really fuels the fires.
Though I agree with Minsky that these things are silly, they'd be at least a little bit more meaningful if some or all of the judges did not know they were judging such a thing. If you took volunteers and told them they were (for example) staffing a career counseling intranet chat system, and had them interact with a blind mix of real people and machine systems, then I'd be more impressed by machines convincing judges that the machines are people.
Losing the fan but not the heatsink is not going to cause flame-out. And losing the heatsink is really only an issue for people in earthquake zones and LAN partiers.
If you're really really scared, get one of the heatsinks that bolts onto the motherboard instead of clipping onto the socket.
Really effective DRM (that is, DRM that's based on something other than the DMCA to make it "effective") would require some fundamental changes in the world of computing devices (of all sizes). Regardless of the strength and cleverness of cryptographic packaging technologies, if there is a pathway through the computer for digital plaintext then the DRM scheme is ipso facto defective.
On the other hand, the introduction of pure hardware schemes that retain the cyphertext of the protected material until it is transformed (within a tamper-proof sanctioned device) into perceivable media (image on screen, sound from speakers) would have a chance of real effectiveness. Now this would represent a profound change to the way we normally think about computing devices and about the freedom we have to put together systems of any type using whatever basic parts can be found. Such work would still be possible of course, but DRM-protected media would be unusable without the presence of secure tamper-proof decoding hardware.
The need for such hardware (which, by the way, is not sci-fi: check Intel's work on secure digital interfaces for digital flat-screen displays) implies a controllable market, since some organization would have the power to issue or not issue licenses and keys to manufacturers.
Being forced to surrender encryption keys would most likely be considered analagous to being forced to contribute blood or tissue samples for DNA analysis. Courts already allow that.
It may be true that this practice runs contrary to the spirit of the Fifth Amendment, though I think the legal hair-splitting runs along the distinction between evidence and testimony. (And before you reply with the old, "make the key the confession" trick, none other than Mike Godwin himself has opined that that would be cute but ineffective.)
they'll be used in prosecution and trial rather than proactively enforced.
I agree, and that raises the question of how these laws protect me from terrorists. Surely it's not intended to frighten a terrorist into second thoughts because he now knows he might be prosecuted for illegal encryption in addition to mass murder.
Slashdot Mirror
Note that I didn't type, "6250bpi spool"
Actually since I typed the original note I've been trying to figure out how to work the "sex" angle. I know a few secrets, probably.
The trick is that the verifier only checks the first 6 characters of the first two passwords. Thus cranking the thing backwards indeed gets you those strings, but there's no telling what the actual pages are (and I tried getting everything of the form "mid222x" for all ascii "x", but found nothing).
Definitely assume that anybody you really don't want knowing your command structures will know them. Do you keep the documentation (or source code) in a locked vault with genuine security (not just "don't tell anybody where the vault is")? Do you have strong entry/exit security (can you take an 8mm tape home with nobody noticing)? Are your internal machines firewalled completely from the public Internet? Most importantly, how much do you trust the people who know how it works? Are you sure none of them wouldn't sell information for a few tens of thousands of dollars (or sex)?
No, it doesn't. For example, I don't consider a simple FTP client connecting to an FTP server based on a user-supplied address to be a distributed application. But an automated file downloader that operates off a local preference database and that locates its "servers" by using some search algorithm it runs itself, well that's in the gray area. Of course if the app is able to serve as well as act as a pure client, there's no discussion.
For a fun little diversion, go to the midbartech website and try to get information about one of the Cactus products. You'll get to a page that has a one-field form asking for a password. Get your browser to show you the source for the page, and groove on the unbelievably sophomoric obfuscated password verifier. Ha!
That's certainly one application, but it's by no means the only meaning of "distributed computing". I think the basic idea is that the application code exists around the network on the machines that want/need/request services.
A network of "simple" point-to-point file transfer agents is not really that simple.
Sure there's a plan: digital speakers (usb?) that include tamper-proof decoding hardware. Of course they can't prevent you from mic'ing the speakers, but then microphones are just tools of pirates and kiddie-pr0n drug-snorting criminals anyway.
Sorry, but does anybody remember CORBA? DCOM? Or any of the zillion other frameworks for writing distributed applications that've been around for over a decade? A whole freaking lot of corporate applications ALREADY DEPLOYED are distributed applications that, in some way or another, are "p2p" applications. The one I'm personally most familiar with is Tivoli, which was a distributed app with installed clients interoperating via a distributed framework as far back as 1992. Does that make us Tivoli people futuristic super-geniuses? No, it doesn't -- because distributed apps have been on people's minds since networking was born. I mean, duhh. But hack together something that lets people swap ripped songs, and *poof* it's a "new wave".
And does anybody else feel like we've been hearing about soldiers wired together for years and years (and years)?
Read the damn article.
The issue discussed is NOT content -- it has nothing to do with whether you're boycotting copy-protected CDs, or Disney movies, or whatever. Do you like building your own machine from parts scrounged via PriceWatch? Do you like building your own bleeding edge Linux kernel and optimizing the driver for your video card? Well the article is about the distinct possibility that corporate interests will negotiate a legal solution that directly implies that writing your own software or building your own hardware is ILLEGAL.
No, they won't, because given any MD5 hash there are an infinitude of files that hash to it.
Now if you also send the file size, you reduce the possibility of collision.
But there's still a minor problem of iterating through the set of candidates. If you send me the MD5 hash for a 500KB file, you'll need to get cranking on computing the MD5 hash of each 4 million bit number. 2^4000000000 different MD5 hashes will take a few lifetimes of the universe to perform with any computing device bounded by time quanta.
I mean it's not for image compression specifically, but it definitely reminds me of IFS image compression in some ways. I'll bet that compression is very time consuming, but that's fine if you're warehousing data. I wonder if the clients are pre-loaded with a body of parameterized functions, so that the server just sends information describing what functions to run and what the parameters are. I guess if it's all based on polynomials all it needs to send are vectors of constants.
Neat idea. Patents: here and here.
Well, the dumb ones maybe. Somebody has to pay for the power, both for your rack of heaters and for the air conditioning. If an ISP doesn't figure out a way to pass those costs on (proportionately, you'd hope) to customers, it's eventually going to fail.
In fact it seems to me that a smart
Calling this scheme "penny-per-page" makes it sound simple, but the basic problem of defining what it is that the user pays for doesn't go away that easily. What about simple page reloads because of browser hiccups? What about sites like Slashdot, where new content slowly encroaches upon old? What about archives? What about Akamai?
Those aren't new questions, they're the same basic things you encounter as soon as pay-per-anything is considered. I think that complexity makes the subscription model (Salon) more appealing from a management and marketing standpoint, because it's easy to describe and appreciate the value proposition.
The draw? Simple. I bought one as a Christmas gift for my parents. I upload pictures of my kids, and every few days they wake up to some new images. They don't need to think about it at all. They have a computer, but there's no way they'd ever get comfortable with the process of downloading an image and printing it, no matter how simple that seems.
The Ceiva is an OK solution. I haven't found any hacks for it. Their service is nothing special, but functional.
The Mythical Man Month was written by Fred Brooks, not Ed Yourdon.
That's because they're foolish. I regularly send "I'm a pain in the ass" mail to whatever marketing address I can find to inform people that locking potential customers out of their promotional websites is the height of stupidity. Use of Flash or other plugins may be OK for optional "tours" or whatever, but to block a customer from the main page due to lack of a plugin is a clear case of marketing people gone wild without adult supervision.
The idea that flash animation is required to grab attention is based on a misunderstanding of the context. If I go to a commercial web site, chances are I've gone there on purpose to gather information. I do not need to be impressed. I do not need eye candy to keep me "stuck" to the site. I just want information.
The same goes for access sites at banks or credit card companies (like Citibank, for example) that feel the need to drown me in stupid flyover popup menus. Why why why? I just want to check my balance, and your 100K of Javascript does NOT make my life better.
What does this have to do with anybody's rights? If MSN shuts out other browsers, well that sucks I guess, but I have no inalienable right to read MSN with Opera. And there wasn't much in the article about anybody's "rights", just a discussion of the meaning of W3C standards.
Seems like the last thing that the labor pool needs is a whole bunch of entry-level web developers. Aren't there a lot of those looking for work nowadays?
If you have lm_sensors and i2c 2.6.1, you need to do a "make clean" and a "make depend" in those source trees (after building kernel 2.4.13) to deal with an apparent change in a kernel file name. Other than that those packages work fine with the new kernel (so far ...).
It's probably wise to do that every time, but I've been able to get away with "make clean all install" until now.
... in the war to drive out small-scale developers in favor of well-controlled large corporate entities. People paying that much money for the privilege of developing software are very likely to be quite aggressive in convincing themselves that they're happy. And note that much of the fees here will come from big fat IT budgets for internal application development. CIOs just want an empire like anybody else, and this sort of thing really fuels the fires.
Though I agree with Minsky that these things are silly, they'd be at least a little bit more meaningful if some or all of the judges did not know they were judging such a thing. If you took volunteers and told them they were (for example) staffing a career counseling intranet chat system, and had them interact with a blind mix of real people and machine systems, then I'd be more impressed by machines convincing judges that the machines are people.
Losing the fan but not the heatsink is not going to cause flame-out. And losing the heatsink is really only an issue for people in earthquake zones and LAN partiers.
If you're really really scared, get one of the heatsinks that bolts onto the motherboard instead of clipping onto the socket.
Really effective DRM (that is, DRM that's based on something other than the DMCA to make it "effective") would require some fundamental changes in the world of computing devices (of all sizes). Regardless of the strength and cleverness of cryptographic packaging technologies, if there is a pathway through the computer for digital plaintext then the DRM scheme is ipso facto defective.
On the other hand, the introduction of pure hardware schemes that retain the cyphertext of the protected material until it is transformed (within a tamper-proof sanctioned device) into perceivable media (image on screen, sound from speakers) would have a chance of real effectiveness. Now this would represent a profound change to the way we normally think about computing devices and about the freedom we have to put together systems of any type using whatever basic parts can be found. Such work would still be possible of course, but DRM-protected media would be unusable without the presence of secure tamper-proof decoding hardware.
The need for such hardware (which, by the way, is not sci-fi: check Intel's work on secure digital interfaces for digital flat-screen displays) implies a controllable market, since some organization would have the power to issue or not issue licenses and keys to manufacturers.
Being forced to surrender encryption keys would most likely be considered analagous to being forced to contribute blood or tissue samples for DNA analysis. Courts already allow that. It may be true that this practice runs contrary to the spirit of the Fifth Amendment, though I think the legal hair-splitting runs along the distinction between evidence and testimony. (And before you reply with the old, "make the key the confession" trick, none other than Mike Godwin himself has opined that that would be cute but ineffective.)
I agree, and that raises the question of how these laws protect me from terrorists. Surely it's not intended to frighten a terrorist into second thoughts because he now knows he might be prosecuted for illegal encryption in addition to mass murder.