ZFS can provide anywhere between 200% and 10% redundancy depending on what mode and stripe size you use. It should also automatically repair when failed disks are replaced.
Database performance is generally more related to IO/s, not GB/s. Thumper may still win an equal-cost comparison against eterprisey SAN equipment because it gets more spindles.
People have been working on that for 10 years or so, but it's tricky to actually make it work. For example, opportunistic IPSec has gone through several revisions, all of which seem to have various flaws that make it unusable in practice. Or if you want to encrypt all traffic at the application level you end up having to modify every protocol and then every implementation, and then waiting for people to adopt it...
There are many ways to implement court-ordered wiretapping. The CALEA debate is not about whether IP networks should be wiretappable but about how it should be done and who should pay for it. Before CALEA, the FBI had to install Carnivore sniffing equipment at ISPs. I guess they think that's too much work, so they want every router at every ISP to be upgraded to have built-in wiretapping, so they don't have to lug any equipment around. And they want the ISPs to pay for these upgrades. And according to the article, now they want the ISPs to also filter the traffic for them, so they get only the traffic they want.
IMO this is an expensive, complex, failure-prone solution to the problem.
That actually doesn't sound too bad; if I got MSN at 10Mbps and everything else at 5Mbps I wouldn't complain, since there's a definite diminishing marginal utility to bandwidth and I'm already getting 5Mbps today. But if ISPs start offering plans that are more like 5.5Mbps for "enhanced partners" and 0.5Mbps for everything else, I could imagine a stifling effect on innovation. But it's very difficult to argue against allowing ISPs to provide more than they are today.
So without getting ALL local ISPs on board with compatible configurations, its unlikey that youtube's ISP will get consistant improvement for youtube.
That's the whole point of network extortion (er, "innovation"): in this case YouTube would pay money to every last-mile ISP for priority over the last-mile bottleneck.
If the hardware can decrypt it, why can't software decrypt it?
There are software HD-DVD and Blu-ray players, but they are full of obfuscated code to slow down reverse engineering (aka the proverbial sixteen-year-old with a six pack of Mountain Dew and a cracked copy of SoftIce).
They are deploying this hardware, so someone can determine what the algorithm is.
The algorithms are already documented in the AACS spec; you're welcome to read it. The secrets are the player keys, which are hidden deep in some ROMs or obfuscated Windows binaries.
Using brute force techniques we should be able to crack the keys, right? I'm curious what makes this encryption so challenging to crack compared to other encryption schemes.
You're right; you can't crack any modern crypto with brute force, and thus you can't crack AACS with brute force either.
If you have an unknown PCI device the BIOS can set a "taint bit" or something, and HD-DVD/Blu-ray player software would simply refuse to run at all. Now maybe you can bypass that with a PCI bus master that is not enumerated, but I don't know if such a thing is possible.
Oh, and I think LaGrande prevents this DMA attack.
I'm pretty sure GPUs don't support encrypted framebuffers. HDCP is implemented in the refresh logic or the TDMS transmitter, after the pixels have already been read out of the framebufffer.
Vista's Protected Video Path will presumably disable all such recorder software. DirectX recording may work on XP, but I suspect the XP-based HD-DVD/Blu-ray players will use "proactive renewal" where you have to install new DRM patches every month to keep up with all the hacks. These patches will probably incorporate PunkBuster-style scans for known "bad processes".
I am just pondering the technical requirements for an open standard for DRM that allows interoperability and transferability, and I find myself wondering if it just cannot be done. I mean, I suppose you could have secret keys that only those vendors that are licensed are allowed to have, but if any of the keys leak.....
In the latest DRM systems such as AACS, each player has a separate key, and if a player key leaks then future data will be encrypted in such a way that the leaked key won't work. The spec is actually quite interesting to read.
A cheap Kill-a-watt meter can't measure a processor, so it must be the whole system. Comparing an entire Intel server against an entire AMD server is an apples-to-apples comparison.
"Fair" comparisons (like 65nm vs. 65nm) are interesting to academics, but what matters to customers is what you can buy from Intel now vs. what you can buy from AMD now.
We don't know what subnetted IPv6 will look like yet.
Sure we do. You get a/N prefix from your ISP, all subnets are/64, so you have 2^(64-N) subnets in your site.
If everything is done with global addresses, for lack of a good subnetting RFC, you'll lose all anonymity (as you would with any all-global addressing scheme).
It depends on what you mean by "anonymity". If you mean that nobody can tell how many hosts are on your network, you have a point, but I'm not sure how many people care about that.
I see this as a big problem with IPv6 at home (along with the fact theat my NAT box is currently 100% successful in preventing actual attacks - I'll hate to give it up).
A "deny all incoming connections" firewall will prevent just as many attacks as NAT.
I've never seen the benefit of site-local addresses, so the lack of them in IPv6 doesn't bother me.
In IPv6, the MAC address is kept in the ethernet frame but also in the low 48 bits of the IP address. Thus, routers do not need to have an ARP lookup table to get the MAC address - they can simply copy-and-paste from the IP address in the packet (for the final step) or the IP address of the next router in the path (for all other steps).
This is not correct; such a scheme would not support manually-assigned addresses, privacy addresses, or cryptographically-generated addresses. IPv6 has neighbor discovery (and its cache) just like IPv4 has ARP.
Slashdot Mirror
ZFS can provide anywhere between 200% and 10% redundancy depending on what mode and stripe size you use. It should also automatically repair when failed disks are replaced.
Database performance is generally more related to IO/s, not GB/s. Thumper may still win an equal-cost comparison against eterprisey SAN equipment because it gets more spindles.
When it comes to OS X, there are no problems about some hardware vendors being worse than others...
People have been working on that for 10 years or so, but it's tricky to actually make it work. For example, opportunistic IPSec has gone through several revisions, all of which seem to have various flaws that make it unusable in practice. Or if you want to encrypt all traffic at the application level you end up having to modify every protocol and then every implementation, and then waiting for people to adopt it...
There are many ways to implement court-ordered wiretapping. The CALEA debate is not about whether IP networks should be wiretappable but about how it should be done and who should pay for it. Before CALEA, the FBI had to install Carnivore sniffing equipment at ISPs. I guess they think that's too much work, so they want every router at every ISP to be upgraded to have built-in wiretapping, so they don't have to lug any equipment around. And they want the ISPs to pay for these upgrades. And according to the article, now they want the ISPs to also filter the traffic for them, so they get only the traffic they want.
IMO this is an expensive, complex, failure-prone solution to the problem.
That actually doesn't sound too bad; if I got MSN at 10Mbps and everything else at 5Mbps I wouldn't complain, since there's a definite diminishing marginal utility to bandwidth and I'm already getting 5Mbps today. But if ISPs start offering plans that are more like 5.5Mbps for "enhanced partners" and 0.5Mbps for everything else, I could imagine a stifling effect on innovation. But it's very difficult to argue against allowing ISPs to provide more than they are today.
So without getting ALL local ISPs on board with compatible configurations, its unlikey that youtube's ISP will get consistant improvement for youtube.
That's the whole point of network extortion (er, "innovation"): in this case YouTube would pay money to every last-mile ISP for priority over the last-mile bottleneck.
OK, after you spend a trillion dollars and a hundred years cracking a Blu-ray movie, be sure to share it with the rest of us.
They'd burn even more VC money than they do now. After all, what's the difference between unprofitable and more unprofitable?
If the hardware can decrypt it, why can't software decrypt it?
There are software HD-DVD and Blu-ray players, but they are full of obfuscated code to slow down reverse engineering (aka the proverbial sixteen-year-old with a six pack of Mountain Dew and a cracked copy of SoftIce).
They are deploying this hardware, so someone can determine what the algorithm is.
The algorithms are already documented in the AACS spec; you're welcome to read it. The secrets are the player keys, which are hidden deep in some ROMs or obfuscated Windows binaries.
Using brute force techniques we should be able to crack the keys, right? I'm curious what makes this encryption so challenging to crack compared to other encryption schemes.
You're right; you can't crack any modern crypto with brute force, and thus you can't crack AACS with brute force either.
If you have an unknown PCI device the BIOS can set a "taint bit" or something, and HD-DVD/Blu-ray player software would simply refuse to run at all. Now maybe you can bypass that with a PCI bus master that is not enumerated, but I don't know if such a thing is possible.
Oh, and I think LaGrande prevents this DMA attack.
I'm pretty sure GPUs don't support encrypted framebuffers. HDCP is implemented in the refresh logic or the TDMS transmitter, after the pixels have already been read out of the framebufffer.
Vista's Protected Video Path will presumably disable all such recorder software. DirectX recording may work on XP, but I suspect the XP-based HD-DVD/Blu-ray players will use "proactive renewal" where you have to install new DRM patches every month to keep up with all the hacks. These patches will probably incorporate PunkBuster-style scans for known "bad processes".
HDCP only protects pixels flowing over the DVI/HDMI cable; it doesn't help while the pixels are in the framebuffer.
I am just pondering the technical requirements for an open standard for DRM that allows interoperability and transferability, and I find myself wondering if it just cannot be done. I mean, I suppose you could have secret keys that only those vendors that are licensed are allowed to have, but if any of the keys leak.....
In the latest DRM systems such as AACS, each player has a separate key, and if a player key leaks then future data will be encrypted in such a way that the leaked key won't work. The spec is actually quite interesting to read.
The competition is probably only open to new designs, and Apple has released very few new case designs in the last year.
FB-DIMMs are available at NewEgg for twice the price of regular DDR2. Hopefully it will be cheaper from server vendors.
A cheap Kill-a-watt meter can't measure a processor, so it must be the whole system. Comparing an entire Intel server against an entire AMD server is an apples-to-apples comparison.
"Fair" comparisons (like 65nm vs. 65nm) are interesting to academics, but what matters to customers is what you can buy from Intel now vs. what you can buy from AMD now.
Grids blow away supercomputers for processing power.
If that's true, you're welcome to run Linpack on your grid and submit it to the Top500.
No, if someone doesn't realize the difference between DVD and HD DVD, they will buy whatever's cheaper: a DVD player.
You can buy players for $300-$400 that play back HD WMV9 (i.e. VC1) and H.264 (i.e. mpeg4) with no problem.
Er, name them. I've been looking for such a box for a long time with no luck.
Even worse, there is a Broadcom ASIC that performs the actual decoding. The Pentium 4 must just be used for DRM and drawing the menus.
We don't know what subnetted IPv6 will look like yet.
/N prefix from your ISP, all subnets are /64, so you have 2^(64-N) subnets in your site.
Sure we do. You get a
If everything is done with global addresses, for lack of a good subnetting RFC, you'll lose all anonymity (as you would with any all-global addressing scheme).
It depends on what you mean by "anonymity". If you mean that nobody can tell how many hosts are on your network, you have a point, but I'm not sure how many people care about that.
I see this as a big problem with IPv6 at home (along with the fact theat my NAT box is currently 100% successful in preventing actual attacks - I'll hate to give it up).
A "deny all incoming connections" firewall will prevent just as many attacks as NAT.
I've never seen the benefit of site-local addresses, so the lack of them in IPv6 doesn't bother me.
In IPv6, the MAC address is kept in the ethernet frame but also in the low 48 bits of the IP address. Thus, routers do not need to have an ARP lookup table to get the MAC address - they can simply copy-and-paste from the IP address in the packet (for the final step) or the IP address of the next router in the path (for all other steps).
This is not correct; such a scheme would not support manually-assigned addresses, privacy addresses, or cryptographically-generated addresses. IPv6 has neighbor discovery (and its cache) just like IPv4 has ARP.