I've actually designed the encryption end of a synthesizable Rijndael chip. It was lab 5 of ECE 435 at U.Va. Granted, that's a 4 1/2 credit course, and there were only 5 labs, but still. Adding the decryption would have less than doubled the work, and considerably less than doubled the silicon. Implementing AES in hardware is NOT hard. In the name of laziness, I did it in a highly parallel fashion a lot of work that could be serialized to reduce the transistor count by about a factor of 8, before getting to even slightly fancy optimization techniques.
You need some registers, some shifters, and some very minimal control logic. Doing the sbox algorithmically isn't terribly fast and requires a fair amount of logic, so generally you just use a 256 byte ROM for the sbox. With die space being as expensive as it was when DES was being designed, it's understandable that they did some weird things to make it fit on the chip. These days, nobody blinks at 10k transistors, even on embedded devices.
Sure, their 4x4 sbox is going to take a lot less space on the chip, but does that really buy anything? Their design document shows that 32 of them are necessary to do a whole round in a single step, while only 4 are needed for Rijndael. That's 2048 bits of ROM on CS2 and 8192 bits of ROM for Rijndael, but CS2 takes 33 rounds while the 128-bit version of Rijndael takes only 10. The amount of hardware required for comparable throughput is about the same, though Rijndael's pipeline is an order of magnitude shorter, due to fewer rounds and the rounds not having to go through that barrel-shifter network.
One time a spam message made it past my filters, and in the half second prior to marking it spam (which would thus delete it), I saw a reference to a product that I remembered I'd been meaning to get for a while. Left mouse button already clicked down, I dragged it away from the trash icon prior to releasing it. I examined the link, and it appeared to be a referrer link to a fairly reputable merchant that evidently hasn't yet noticed that when you get a bunch of hits from one referrer that don't actually have an http referrer, you're probably doing business with a spammer. I then went to a different merchant's website and ordered the product.
Did spam actually do something useful? No. If all the time I've had to spend over the years dealing with spam had instead been spent doing more useful things, I probably would have noticed this product and purchased it long ago.
A lot of people seem to think that on those rare occasions that spam advertises something appealing that it's okay to purchase from that marketer. It's not. That marketer is a drag on your time, bandwidth, disk space, and the economic interests of legitimate marketers, and happened to get fantastically lucky. But what about their discount prices? Unless the deal is a fraud (which it often is) you can usually do as well or better searching froogle, overstock.com, ebay, etc., and spending less time on the effort than it takes to read your spam.
If you have ever made the mistake of signing up for Mensa (I almost did, for the sake of getting brain-teasers in the mail), don't put it on your resume unless you're certain it will only be read by people who are members of Mensa.
I don't have hiring authority, but my boss does have me screen potential hires at job fairs and do interviews. I've seen a couple of resumes that mention Mensa. They are, without exception, from people who would fall into the 3rd quartile of the people at my company in terms of innate technical talent, but they strike me as the sort who would be mostly untrainable, dropping them into the 2nd quartile after our rather intense training process, and then due to unwillingness to pick up the skills we want them to have if they conflict with their own curiosities, down into the first quartile after six months on the job, because the people hired with them are now much more valuable to us.
That's not to say that I reject any resume that mentions Mensa, just that I have yet to put one in our fairly short call-back pile. I could definitely see a manager starting to form that association after a while.
For many certifications, there's a week or multi-week training process. This training can be incredibly valuable, or useless. The reputation for quality of the training should be a critical consideration in your decision.
If you've played D&D with enough people, you know that as a result of playing D&D with some people you're less likely to trust them with complex, difficult, important things.
If you've ever inadvertently mentioned that you play D&D to people who match the "living in parents' basement" archetype, you know that some of the most visible D&D players in the world are not exactly discreet people who should be trusted with sensitive information.
When I was growing up, the father of one of the neighborhood kids, who used to do (and maybe still does?) covert work and now mostly does high-level analysis, wargames, etc., for military intelligence would run a game for a bunch of us in the neighborhood. He created an incredibly detailed and self-consistent world, and adapted it on the fly to accomodate the most stupid and brilliantly clever things we tried to do within it to keep the experience engaging enough that we could play his campaign for months on end, with pre-adolescent to adolescent attention spans.
Maybe these traits improve the likelyhood that someone could get away with doing something deceptive long enough to really do damage to a security-sensitive operation, but what is the cost of excluding them? Role-players, especially DMs and such, tend to be extremely good at working with scenarios that are untestable, which describes many security-sensitive operations. When you're preparing for a raid into hostile territory, something the IDF does a lot of, you need lots of people who can put themselves in that situation during the planning phase, and who can then think on their feet when the plan goes out the window the moment people start shooting.
Sure, maybe these people have personalities less well suited for being gate guards at your secure facilities, but they have cultivated on their own time operational skills that would take years of training and experience to develop otherwise, and with the short careers typical in military service, that's not a viable option.
By combining advanced cloning, genetic engineering and nanotechnology, Google will provide a pony, free, to every boy or girl in the world that wants one. The ponies are photosynthetic, so they require no food, and they are infused with nanobots that recycle their own waste, so there's really no reason your parents can't let you have one.
Of course, some windows machines need to have open ports, like, say, if they're offering *services*. So really, your mundane desktop need not be affected. It's the production server you should be quite terrified about.
The obvious conclusion to draw from this is that the NSA is capable of very fast (maybe near-polynomial) factoring. Think about it. They changed the sboxes in DES, and decades later an attack was found against everything but a small class. They rolled out SHA-1 to replace SHA-0, and decades later SHA-0 was found to be very easy to generate collisions for, much more so than SHA-1 is. Now they're pushing elliptic curves for asymmetric crypto, though they've been resisting pushing RSA for a long time. An alternative explanation is that RSA alone is insecure, but if that were the case, they'd probably have suggested an improvement by now.
The market *is* providing it, but since the ban lists are the greatest assets of the companies providing the service, they are kept secret, which is really bad for the consumer, especially the involuntary consumer. While I would argue that "less problematic content filtering" is analogous to "less problematic toxic waste", this would allow -- in theory -- an inherently better solution than the commercial vendors can provide in the competitive market, and unlike public utilities, this service does not completely obsolete the commercial services, the strongest argument against government services like this.
I'm not trying to say that it's the right way to do the wrong thing, but the people pushing this deliberately crafted it to avoid constitutional problems that have affected other bills, and while I can't currently view the bill as it currently stands, it appears that they may have succeeded. Constitutional issues may still come up if the state attempts to actually *use* this service, or mandate its use anywhere, but the law itself may pass constitutional tests.
Please note, the requirement is that the ISPs provide a mechanism by which their customers may, at their option, disable access to those sites from their account. This is on a per-customer basis, which is an improvement over Pennsylvania's statewide effort that was thrown out recently. The list of blocked sites would be an official state list, meaning it's prone to public scrutiny, which is a positive step away from the secret list content filters.
Unfortunately, implementing this requires one of two things:
1) IP-level filtering, which will block non-adult sites on the same hosting services.
2) Transparent proxying, which breaks lots of things, and is relatively easy to circumvent unless even more things are broken.
As far as I can tell, the law creates a registry which the service providers must either block or provide customers software to block. It doesn't seem to require that they clairvoyantly block proxies, which is technically infeasible. Unfortunately, the full text is not available, as the Utah legistlature's web server is returning an error on the text as amended, which is 10 times as long as the text as introduced.
While this is a stupid use of taxpayer money, I don't find the issue of a central, publicly-scrutinizable list of adult sites to be blocked voluntarily to be a bad thing. The real danger is that they will mandate that it be used in schools, libraries, etc., in which case it's truly a 1st Amendment issue. The amount of money they've allocated to build the registry ($100,000) is about enough money to run a dozen obscenity cases if you're REALLY lucky, so the list is going to be full of errors. This is bad policy regardless, but if it is used anywhere in any state-run institution, whether or not by mandate, it's censorship, and mistaken censorship at that.
Did the submitter even RTFA? The court overturned one conviction on the grounds that the jury must have been nuts. This has NO bearing on any other case. The real story is that the other conviction was UPHELD on appeal.
Has anyone tried making wireless work on *Windows* lately? Sometimes it works out of the box. Usually, on the same machine even, with high-quality hardware and complete driver support, it fails inexplicably, or worse, the error message report conditions inconsistent with observed behavior. Wireless on Linux may be a pain, but at least it's deterministic.
If you ignore a very small number of details, there's not even much difference between multi-core and multi-pipeline, which has been around for a very long time, and has been tweaked around in so many ways that it's very difficult to put an integer figure on it for most chips. Athlons, for example have 3 units each for int math, fp math, and memory ops, but bogomips comes out to 2 X clock speed.
From Oracle's perspective, they're charging based on how much someone could actually use their product. Instead of lab-testing every customer's hardware configuration, they charge per processor, because it's a decent heuristic, or at least it has been for a long time. They could get an even better approximation by charging by some multiple of the square root of total on-die cache, but then people would complain that it's too complicated.
The bottom line is that Oracle decided to charge based on performance, and is no more able to reach a consensus on how to measure it than anyone else in the industry is.
One of the huge advantages of unix/linux for a system administrator is the powerful shell, text processing tools, command-line system maintenance and control tools, and plaintext configuration files, output, and logs, that can be strung together to perform complex and precise tasks in a matter of seconds. This is all available with the cygwin environment, but obviously only works with other unix-style applications that have been ported to that environment, and can hardly be called a part of the operating system itself. Is windows ever going to have functionality like this, or will we always be stuck spending days writing VB interfaces for any custom configuration or diagnostic tools we want to make?
Actually, it must be ratified by.75 of the states, however those states decide to do it. In most states, the legislature does this. (where e is a number greater than zero) Each legislator was elected by a margin of.5 + e, and the measure had to pass by.5 + e, and.75 of the states had to ratify. So (.75)(.5 + e)(.5 + e) =.1875 + e. So, basically, 19% of the population has to approve it, but given the power of special interest groups and single-issue voting blocs in elections (apparently a majority of Republicans are pro-choice) the reality is that it requires far less than 19%.
As much as I disagree with restrictive drinking and drug laws, I have to admit that there really is a compelling state interest in legislating the use of substances that can cause people to have judgement and perception impaired to the point that they are a danger to everyone around them. The law is supposed to be rather hands-off to competent adults, but when you drop acid or have 10 drinks, you're nothing resembling competent. I still think it's a bad policy move to legislate morality, but in some cases there's a good non-moral justification for it.
Given that I, my brother, and my father (whoever is available) all provide tech support for my Grandmother, I think she's getting one of these from the family for Christmas next year.
My old roommate moved into a large house recently, and was having some reception problems in the upper floors, so he hacked his firmware to boost the power to 150 mW. Then he added an antenna that he calculates should amplify it to over 4 Watts. We're fairly sure that he should be getting reception for 1/4 mile to a mile horizontally now, so he decided to play with the wardrivers trying to figure out where his base station is, and name it "clitoris". I'm personally waiting to see how long until he gets a knock on the door from the FCC.
Slashdot Mirror
Ah, that *is* cool. Thanks for explaining it! The document linked is a bit sparse. Mind filling it out a little? We're all really curious.
I've actually designed the encryption end of a synthesizable Rijndael chip. It was lab 5 of ECE 435 at U.Va. Granted, that's a 4 1/2 credit course, and there were only 5 labs, but still. Adding the decryption would have less than doubled the work, and considerably less than doubled the silicon. Implementing AES in hardware is NOT hard. In the name of laziness, I did it in a highly parallel fashion a lot of work that could be serialized to reduce the transistor count by about a factor of 8, before getting to even slightly fancy optimization techniques.
You need some registers, some shifters, and some very minimal control logic. Doing the sbox algorithmically isn't terribly fast and requires a fair amount of logic, so generally you just use a 256 byte ROM for the sbox. With die space being as expensive as it was when DES was being designed, it's understandable that they did some weird things to make it fit on the chip. These days, nobody blinks at 10k transistors, even on embedded devices.
Sure, their 4x4 sbox is going to take a lot less space on the chip, but does that really buy anything? Their design document shows that 32 of them are necessary to do a whole round in a single step, while only 4 are needed for Rijndael. That's 2048 bits of ROM on CS2 and 8192 bits of ROM for Rijndael, but CS2 takes 33 rounds while the 128-bit version of Rijndael takes only 10. The amount of hardware required for comparable throughput is about the same, though Rijndael's pipeline is an order of magnitude shorter, due to fewer rounds and the rounds not having to go through that barrel-shifter network.
One time a spam message made it past my filters, and in the half second prior to marking it spam (which would thus delete it), I saw a reference to a product that I remembered I'd been meaning to get for a while. Left mouse button already clicked down, I dragged it away from the trash icon prior to releasing it. I examined the link, and it appeared to be a referrer link to a fairly reputable merchant that evidently hasn't yet noticed that when you get a bunch of hits from one referrer that don't actually have an http referrer, you're probably doing business with a spammer. I then went to a different merchant's website and ordered the product.
Did spam actually do something useful? No. If all the time I've had to spend over the years dealing with spam had instead been spent doing more useful things, I probably would have noticed this product and purchased it long ago.
A lot of people seem to think that on those rare occasions that spam advertises something appealing that it's okay to purchase from that marketer. It's not. That marketer is a drag on your time, bandwidth, disk space, and the economic interests of legitimate marketers, and happened to get fantastically lucky. But what about their discount prices? Unless the deal is a fraud (which it often is) you can usually do as well or better searching froogle, overstock.com, ebay, etc., and spending less time on the effort than it takes to read your spam.
If you have ever made the mistake of signing up for Mensa (I almost did, for the sake of getting brain-teasers in the mail), don't put it on your resume unless you're certain it will only be read by people who are members of Mensa.
I don't have hiring authority, but my boss does have me screen potential hires at job fairs and do interviews. I've seen a couple of resumes that mention Mensa. They are, without exception, from people who would fall into the 3rd quartile of the people at my company in terms of innate technical talent, but they strike me as the sort who would be mostly untrainable, dropping them into the 2nd quartile after our rather intense training process, and then due to unwillingness to pick up the skills we want them to have if they conflict with their own curiosities, down into the first quartile after six months on the job, because the people hired with them are now much more valuable to us.
That's not to say that I reject any resume that mentions Mensa, just that I have yet to put one in our fairly short call-back pile. I could definitely see a manager starting to form that association after a while.
For many certifications, there's a week or multi-week training process. This training can be incredibly valuable, or useless. The reputation for quality of the training should be a critical consideration in your decision.
http://www.fourmilab.ch/documents/ohmygodpart.html
Be careful that you're not creating a normal distribution around the real value. That's fingerprintable too.
If you've played D&D with enough people, you know that as a result of playing D&D with some people you're less likely to trust them with complex, difficult, important things.
If you've ever inadvertently mentioned that you play D&D to people who match the "living in parents' basement" archetype, you know that some of the most visible D&D players in the world are not exactly discreet people who should be trusted with sensitive information.
When I was growing up, the father of one of the neighborhood kids, who used to do (and maybe still does?) covert work and now mostly does high-level analysis, wargames, etc., for military intelligence would run a game for a bunch of us in the neighborhood. He created an incredibly detailed and self-consistent world, and adapted it on the fly to accomodate the most stupid and brilliantly clever things we tried to do within it to keep the experience engaging enough that we could play his campaign for months on end, with pre-adolescent to adolescent attention spans.
Maybe these traits improve the likelyhood that someone could get away with doing something deceptive long enough to really do damage to a security-sensitive operation, but what is the cost of excluding them? Role-players, especially DMs and such, tend to be extremely good at working with scenarios that are untestable, which describes many security-sensitive operations. When you're preparing for a raid into hostile territory, something the IDF does a lot of, you need lots of people who can put themselves in that situation during the planning phase, and who can then think on their feet when the plan goes out the window the moment people start shooting.
Sure, maybe these people have personalities less well suited for being gate guards at your secure facilities, but they have cultivated on their own time operational skills that would take years of training and experience to develop otherwise, and with the short careers typical in military service, that's not a viable option.
Google Pony (beta):
By combining advanced cloning, genetic engineering and nanotechnology, Google will provide a pony, free, to every boy or girl in the world that wants one. The ponies are photosynthetic, so they require no food, and they are infused with nanobots that recycle their own waste, so there's really no reason your parents can't let you have one.
Of course, some windows machines need to have open ports, like, say, if they're offering *services*. So really, your mundane desktop need not be affected. It's the production server you should be quite terrified about.
The obvious conclusion to draw from this is that the NSA is capable of very fast (maybe near-polynomial) factoring. Think about it. They changed the sboxes in DES, and decades later an attack was found against everything but a small class. They rolled out SHA-1 to replace SHA-0, and decades later SHA-0 was found to be very easy to generate collisions for, much more so than SHA-1 is. Now they're pushing elliptic curves for asymmetric crypto, though they've been resisting pushing RSA for a long time. An alternative explanation is that RSA alone is insecure, but if that were the case, they'd probably have suggested an improvement by now.
The market *is* providing it, but since the ban lists are the greatest assets of the companies providing the service, they are kept secret, which is really bad for the consumer, especially the involuntary consumer. While I would argue that "less problematic content filtering" is analogous to "less problematic toxic waste", this would allow -- in theory -- an inherently better solution than the commercial vendors can provide in the competitive market, and unlike public utilities, this service does not completely obsolete the commercial services, the strongest argument against government services like this.
I'm not trying to say that it's the right way to do the wrong thing, but the people pushing this deliberately crafted it to avoid constitutional problems that have affected other bills, and while I can't currently view the bill as it currently stands, it appears that they may have succeeded. Constitutional issues may still come up if the state attempts to actually *use* this service, or mandate its use anywhere, but the law itself may pass constitutional tests.
Please note, the requirement is that the ISPs provide a mechanism by which their customers may, at their option, disable access to those sites from their account. This is on a per-customer basis, which is an improvement over Pennsylvania's statewide effort that was thrown out recently. The list of blocked sites would be an official state list, meaning it's prone to public scrutiny, which is a positive step away from the secret list content filters.
Unfortunately, implementing this requires one of two things:
1) IP-level filtering, which will block non-adult sites on the same hosting services.
2) Transparent proxying, which breaks lots of things, and is relatively easy to circumvent unless even more things are broken.
As far as I can tell, the law creates a registry which the service providers must either block or provide customers software to block. It doesn't seem to require that they clairvoyantly block proxies, which is technically infeasible. Unfortunately, the full text is not available, as the Utah legistlature's web server is returning an error on the text as amended, which is 10 times as long as the text as introduced.
While this is a stupid use of taxpayer money, I don't find the issue of a central, publicly-scrutinizable list of adult sites to be blocked voluntarily to be a bad thing. The real danger is that they will mandate that it be used in schools, libraries, etc., in which case it's truly a 1st Amendment issue. The amount of money they've allocated to build the registry ($100,000) is about enough money to run a dozen obscenity cases if you're REALLY lucky, so the list is going to be full of errors. This is bad policy regardless, but if it is used anywhere in any state-run institution, whether or not by mandate, it's censorship, and mistaken censorship at that.
Did the submitter even RTFA? The court overturned one conviction on the grounds that the jury must have been nuts. This has NO bearing on any other case. The real story is that the other conviction was UPHELD on appeal.
Has anyone tried making wireless work on *Windows* lately? Sometimes it works out of the box. Usually, on the same machine even, with high-quality hardware and complete driver support, it fails inexplicably, or worse, the error message report conditions inconsistent with observed behavior. Wireless on Linux may be a pain, but at least it's deterministic.
The average user doesn't spend a whole lot on 24x7 support contracts or care about 7 years of patch support either.
There's a reason why it's called Enterprise Linux.
40% of the US economy is dependent on applications of quantum mechanics, and all of the rest of it indirectly feels the effects.
If you ignore a very small number of details, there's not even much difference between multi-core and multi-pipeline, which has been around for a very long time, and has been tweaked around in so many ways that it's very difficult to put an integer figure on it for most chips. Athlons, for example have 3 units each for int math, fp math, and memory ops, but bogomips comes out to 2 X clock speed.
From Oracle's perspective, they're charging based on how much someone could actually use their product. Instead of lab-testing every customer's hardware configuration, they charge per processor, because it's a decent heuristic, or at least it has been for a long time. They could get an even better approximation by charging by some multiple of the square root of total on-die cache, but then people would complain that it's too complicated.
The bottom line is that Oracle decided to charge based on performance, and is no more able to reach a consensus on how to measure it than anyone else in the industry is.
One of the huge advantages of unix/linux for a system administrator is the powerful shell, text processing tools, command-line system maintenance and control tools, and plaintext configuration files, output, and logs, that can be strung together to perform complex and precise tasks in a matter of seconds . This is all available with the cygwin environment, but obviously only works with other unix-style applications that have been ported to that environment, and can hardly be called a part of the operating system itself. Is windows ever going to have functionality like this, or will we always be stuck spending days writing VB interfaces for any custom configuration or diagnostic tools we want to make?
In an efficient market, price equals marginal cost. Marginal cost of software: zero.
I think you mean "efficient and infinitely large", as the efficient behavior only pushes the price down to the marginal cost asymptotically.
Not that I object to the notion in the slightest.
Actually, it must be ratified by .75 of the states, however those states decide to do it. In most states, the legislature does this. (where e is a number greater than zero) Each legislator was elected by a margin of .5 + e, and the measure had to pass by .5 + e, and .75 of the states had to ratify. So (.75)(.5 + e)(.5 + e) = .1875 + e. So, basically, 19% of the population has to approve it, but given the power of special interest groups and single-issue voting blocs in elections (apparently a majority of Republicans are pro-choice) the reality is that it requires far less than 19%.
As much as I disagree with restrictive drinking and drug laws, I have to admit that there really is a compelling state interest in legislating the use of substances that can cause people to have judgement and perception impaired to the point that they are a danger to everyone around them. The law is supposed to be rather hands-off to competent adults, but when you drop acid or have 10 drinks, you're nothing resembling competent. I still think it's a bad policy move to legislate morality, but in some cases there's a good non-moral justification for it.
Given that I, my brother, and my father (whoever is available) all provide tech support for my Grandmother, I think she's getting one of these from the family for Christmas next year.
I'm sure everything is coming out well done while he's getting slashdotted. Maybe that was the point.
My old roommate moved into a large house recently, and was having some reception problems in the upper floors, so he hacked his firmware to boost the power to 150 mW. Then he added an antenna that he calculates should amplify it to over 4 Watts. We're fairly sure that he should be getting reception for 1/4 mile to a mile horizontally now, so he decided to play with the wardrivers trying to figure out where his base station is, and name it "clitoris". I'm personally waiting to see how long until he gets a knock on the door from the FCC.