SMP is not as important as you think, because there aren't very many multi-processor systems available right now. In fact, it's almost impossible to get one. By the summer, the machines will be more commonly available, and THEN it gets important as to what the OS does with it. At the moment with 9.1, SMP just isn't going to work. With OS X, it'll work, just not as well as they know they can make it.
The video support stuff is troll. I'm running OS X right now besides me on an original first-generation iBook. It has no fancy card, no fancy drivers, just straight out of the box Public Beta code. The interface runs just fine. I'm not using it to try and get 32645256 fps so it's just fine. Seeing as there probably won't be any real major game releases until later in the Spring/early Summer, the accelerated video is not as important as you think it is.
At the end of the day, Apple has seen the light (for they have found the Love of Unix). They have also made a realisation that MS hasn't - at the consumer level, all the gizmos and tweeks don't matter, because they aren't competeing with MS or Linux, or anybody else in that market. Jobs has already stated Apple's biggest competitor from here on in is Sony. Go figure. Plus, they're not going to do what MS did with various OS releases and pretend everything is fine only to let users and OEMs realise it isn't.
People are seeing this as them releasing an "unfinished" OS, but I really have to say - when was the last time you saw a finished OS? Would people get really upset if Linus turned around one day and said "OK, we're going to go to kernel 3.0 within the year and it's going to have 'X', 'Y' and 'Z' in it" and then a few weeks before launch he turns around and says "look, Z is a bit screwed right now, and we really want to get X and Y working properly first"? What if X and Y were going to completely redefine Linux, the computing market as a whole, and take everybody off into a new direction, and Z was support for a particular grpahics card?
All of this seems to me like overplaying the lack of some features that don't need to be there right now in a poor FUD campaign. Pity. Undermines the integrity of people like MSNBC (as if I ever believed they had any integrity).
.. when you live in one of the most right-wing countries in the world (politically)? I don't know why, but even though Aussies are generally quite laid back, their political views are so right wing in my experience that I almost want to vomit.
Admittedly, not everybody in Oz is like that, but the fact that there are sufficient people in the country to support a party that is like that says something about the politcal sense of it's citzens.
Oh yeah, and in case you hadn't noticed, you live in a Democracy. In fact, it's the law that you have to vote. If you don't like it, lobby Parliament and vote them out next time. The chances of this being enforceable are pretty slim however.
2001-04-01 11:59:59 - The point being I reckon a "Mir went down" story will appear as an April Fools. Of course it will never come down. They probably don't know how to bring it down, never mind when.:-)
Does anybody out there have links to some good reference material on this?
Sure. There is a mailing list over at SecurityFocus called SECPROG that discusses secure programming practises. The idea is to produce a white paper that describes how to write secure code. The draft can be seen here and is probably the definitive how-to in existence at the moment.
Hang on, the only way to be sure of this is to have tested the hypothesis. That means they're picking up cell calls on Saturn's moons. Doesn't this strike anybody else as being perhaps odd? I know Vodafone are on a campagin of world domination, but I didn't know they had bought out telcos out there!:-)
I wasn't aware that IPsec was so far along. I was planning on writing some code for a 'secure' server and had been looking at FreeBSD and writing up a lot of my own daemons like FTP et al, but now I'll probably take a longer look at the stack on OpenBSD. Does anybody know how far they've got with implementing these features in userland so far? Any plans for other OSes to get compliant so we can start seeing proper IPsec infrastrucutres popping out of the mists?
Also thought the SMP stuff was good, but I'm still under the impression that the OpenBSD crowd aren't that keen on it. I can understand why, but I think that they've pretty much got the security sussed now, so perhaps it's time they started looking further afield - the remote install stuff looks good and is not only good for rolling out over a LAN but makes OEM installs for machines to sell easier as well.
I think this was typical of the BSD crowd though (myself included) by discussing all the bad stuff with Linux without actually mentioning any of the good stuff. Although, like I said, I'm a BSD bigot, so I'm not quite sure what the good stuff in Linux is.:-) I bet that last comment gets me marked down as flamebait or troll.
Great idea, but the idea is really broad. It would be very hard to produce a generic solution that could allow for plug-in modules as you suggest, but I am intersted in at least working out the rough spec to see if it *could* be done.
However, there are real problems inherent in the approach. Telephony billing really needs to be real-time rather than ISP billing which is just a parse of a load of scripts. I can see the concept, I'm just having problems seeing how you can make this as flexible as you want it to be....
BTW Your precious Yahoo uses Google as search engine, which runs on what OS?
I hate to point this out to you, but Yahoo used to be exclusively BSD, and Google are more than likely going to migrate over to BSD. Nearly every mature organisation I know has at some point moved from Windows to Linux and then eventually from Linux to BSD. I work in the ISP industry, and internal to that industry within the UK, Linux is a joke, BSD takes top spot every time.
First - They are going to have to deal with the environmentalists. That alone is going to be a big task. When the pipeline was built, the various pro-environment groups were not nearly as strong as today. Getting them to even remotely buy-off on this is going to be next to impossible, if not totally impossible.
This is completely different - this is a tunnel. This is a project that like the Channel Tunnel will be "built" by boring out soft rock at a depth of several hundred feet below the sea bed. There is no enviromental reason why this project should not go ahead. In fact, most environmentalists would probably realise that if made into a passenger link it may actually be good for the environment rather than all the planes you Americans and Russians seem so fond of using.
Second- They are going to have to figure out a way to make this thing work in tempitures that range from 60 below zero f to +90f in the summer. The climate is not hospitable to things that have moving parts or that can get buried.
Again, doesn't matter. We're talking several hundred feet below here - to make it safe they're taking the tunnel in around 20 miles on each side so that it slowly emerges from the depths of the earth in a safe manner. Oh, and apart from the fact it will be quite warm down there anyway, I'm sure that the Russians will have thought about heating if required.
Third - Much of the land is covered in permafrost. In order to build anything on it that will last, you have to dig to bedrock and fill with some other material. (Permafrost melts into a mud/jello-like substance in the summer. Outside Fairbanks you can see roofs of sunken houses that were built on it by foolish settlers.)
Now I'm suspecting you're either a troll or a karma-whore. Read the article. It's a tunnel. That's right a TUNNEL. Go and get a dictionary and look up the word "tunnel". Now, read that point you've written one more time - do you still think it applies? No, because it's a TUNNEL. It's several hundred feet below ground. That's what tunnels are like... (the state of education today, eh?)
Fourth - There is absolutly NO economic reason to build the thing in the first place. Who is going to use it? The population density in Alaska and Siberia is very close to empty. There are not many people there. For the amount of track you would have to lay for so few people, what is the point?
Who said anything about people using it? It means that large amounts of US exports can be made to Asia and Russia far more cheaply than at present, and vice versa. There is a huge economic reason to build it for cargo, etc. You're being arrogant enough to think you and other will be allowed to ride on it...
Fifth - Good luck trying to get the governments of the US, Russia and Canada to agree on any of the details. I expect the wrangling by them, as well as the unions and other people who would want a peice of this to eat up 60 billion just amongst themselves. And that is before any track is laid.
This kind of happened with the Channel Tunnel, and even now the scheme owes a lot of money and the company has been on the ropes many a time. They'll learn from their lessons, I'm sure.
Oh, and to those people who were talking about the differences in rail gauges, this is perfectly normal. The standard British gauge was used for years after we built our railways and the engineers went flying all over the world to manage the construction of other country's railways. The original gauge was determined by the gauge of the wheels made by a particularly popular cart maker in Newcastle in the 1820's because the original idea was to put standard carts onto the tracks.
Anyway, the difference in gauge is easily solved - the UK and France have completely different gauges but there is some sophisticated technology in place on the Chunnel trains to take care of this, and I'm sure that the same engineers will be able to help out with this problem. In fact, I suspect the same engineers from the chunnel will be brought in to handle this project, given their experience.
Yes, although it probably won't change much. It will however make them think, and here is why.
Do you ever get those free industry papers and magazines sent to you? In the UK there are ones like Computer Weekly and "Computing" (imaginative titles, eh?) and I get one from the US called "tele.com"... I suspect most people who read/. do get these things at work. Why do you think they get these things at work? Purchasing power. They know that you probably have the influence of perhaps several hundred thousand or maybe even millions of dollars of purchasing power over the next few years. In other words, there are some people on slashdot whose spend on disks (RAID arrays, etc.) are going to be equivalent to 100s of ordinary home users. I'm likely to spend to have influence over around $1 million worth of RAID arrays and disks over the next few years on my own... and that's just me...
Let's suppose that IBM introduce this system for their drives. We all decide to boycott IBM and buy Matrox instead. We end up with crappier drives, but we feel good inside. IBM may possibly turn around and say "Hey, where did that $20 million worth of RAID business go?" and we can all turn around and wave at them saying "Over here! We're with the nice boys from Matrox who haven't put copyright-protect on..." and IBM may just possibly re-consider.
I agree with another poster that in a day and age when you can't make a disk read-only in hardware that manufacturers should be considering protecting the "copyright" as laid down by an institution that exists in another country to my own (I live in the UK), and telling me what I can and can't have on my disks.
There is also the whole can of worms about how this is actually going to work, and as to whether it could all get a bit Big Brother down in the firmware...
Great, just what we need: another overblown client with its own "full OOP language, XML, and socket connections".
Another? No, please do share, I'd be interested to see the others. I think you'll find that Flash was the original and is still the only one with a reasonable user base. If you had read the documentation off of that page, you would have noticed statements in his project report (it appears to be a final year project at Imperial), like "a recent study showed that over x% of browsers have flash players installed" and "there is even a flash player written in java", etc. Show me the other languages, please do.
Another set of security holes in the client.
Now this I am interested in. If you have some exploit code, please feel free to let BUGTRAQ know. If you only have an inkling of an idea, get over to VULN-DEV. Don't assume that because you don't understand something it must inherently be unsecure.
Another reason to buy nothing but Microsoft and Apple because that's the only place Macromedia will bother to support this stuff fully.
As others have pointed out, what this module actually does is allow for the creation of SWF files which Flash merely "plays". SWF has been opened up by Macromedia for some time now, there are players available for a variety of platforms, and you're now evidently justr trying to troll.
More duplication of functionality and code bloat.
Yeah, I've heard about these crazy kids who are trying to duplicate the Unix functionality of OSes like Solaris and HP-UX into this thing for PCs called "Linux" or something. Those crazy kids, eh? Hasn't anybody told them how brain dead it is to duplicate like that...
More content that's entertaining and distracting rather than informative.
I bet that if you live in the US you only ever watch PBS and if you live in the UK you only ever watch Panorama. I used to agree that Flash stuff just cluttered the page and was slow and ugly. Now that people have got the hang of making functional flash and have started to grasp design concepts to ensure information is presented in the best manner, I'm quite happy about it. Oh, and the fact that either in the last 2 years they've made the files smaller, or I haven't really noticed that I've gone from 28.8 modem to 2Mbps DSL.:-)
And all defined at the convenience of a single vendor who wants to use their market position to do an end-run around open standards.
I'll say this again - Macromedia have opened up SWF to the world. It might not be truly open, but it is in the Sun/Solaris 8 sense of the word "open", but perhaps even more so. Cynical bastard.
And another chance for people like you to sell lots of books and training on repackaged old technology.
Yeah, because the huge amounts of documentation and sample code out there for this project and others like it really does suck, eh? I bet you think that Linus get a check from O'Reilly every year for several million dollars with a note saying "thanks for getting interest back in this old crock of shit Unix again!" don't you?
Sorry, I am most unimpressed.
That much was obvious. What wasn't obvious is as to why you are so unimpressed when your arguments against Flash are unfounded in the real world.
Macromedia has a legal right to do this sort of thing, but for users, it's a good idea to turn this sort of thing off and complain to any web master whose site it is an important component of.
Using your arguments, I could turn around and say "Television is bad! Turn it off and complain to the manufacturers!" or "NASA? Are you MAD?!?! What a huge waste of money! Why on earth should we care about our Universe? Stop all that messing around and let's all go back to throwing rocks at each other, because that's what *I'm* comfortable with!"
Perhaps I'm missing something here, but the business model for Open Source doesn't stand up to long term economic scrutiny very well in the same way that the business plans of many dot.coms don't either - if there is no revenue, nobody gets paid, etc., etc...
This means that to support Open Source businesses are going to have to get more into the service side of the industry which is absolutely terrible. This is terrible because service industries cost more to run, require more staff, and worse of all, requires the "consumer" to stump up cash for stuff that is free.
Perhaps I'm being ignorant, but I really have problems understanding why companies like VA and Redhat are valued as they are. A utility company being paid to deliver water to the tap is one thing, but an entire business model based on people's laziness to download the OS and on selling them tech. support contracts? This doesn't feel right.... please, explain to me how this works in an economic sense in the long term and how Redhat's "custom development, consulting, training" is not going to fail in the face of a geek with a compiler, usenet and some man pages?
Not true. In the UK the legal precedent has been set - i.e. ISPs are not considered carriers but content providers. Therefore, under UK law all content is the responsibility of the ISP that a user is connected to. You're right in that ISPs should be considered carriers and not providers, but it depends on which bit bit you mean - they should certainly be held accountable for material held on their own servers, but it's a fine line when it comes to transparent cacheing as the material is held in the same way it would be if a user had FTP'ed the content up...
Give it a few years and you will find more and more ISPs will start to filter. Especially in the UK where there is likely to be some precedents set down in the future based around the Obscene Publications Act and transparent proxy caches.
If I, as an ISP, am serving you the customer, material which is deemed illegal in either your country or mine, I am deemed liable. It doesn't matter if the webserver it came from is on the other side of the world and I have no control, as under UK law I am responsible for the storage (transparent cache) and distribution (via my modem racks, DSL circuits, Frame Relay, whatever) of obscene material.
Trust me, give it 5 years and the "bad stuff" will disappear, but at least in the UK we don't have the strong Bible belt and we are more "European" in our attitudes towards this kind of stuff these days (read as "the British have loosened up in the past few years and shagging goats is almost acceptable these days"). This is especially good as the whole Obscene Publications Act defines material to be illegal in a highly subjective manner - the society deems it OK, so the law will as well.
Try the PAO distribution. There is a special distro knocking around for laptops of FreeBSD called PAO available at http://www.jp.freebsd.org/PAO/ which is a Japanese site. The only problems I've ever had with the BSDs is PCMCIA ethernet cards when I'm trying to install over the network. Apart from that, they're great. I had OpenBSD on an old cruddy AMD X5 latop for years, and that same machine is now running NetBSD perfectly.;-)
With PAO in particular, a lot of the work is now going to go into developing the FreeBSD PCMCIA framework, so eventually, no special distro required - just wack in the CD and 20 minutes later boot into 5.x-STABLE!;-)
On the car front Volvo are apparently keen on eye-tracking technology. As you probably know, Volvo pride themselves on the safest cars in the world (seeing as they invented crash testing more or less, I think we should let them keep that title), and there have been reports on the sort of technology they want to implement in the near future.
One of these technologies is eye-tracking. A small sensor would be mounted in the ceiling above the driver's seat and track the movement of the head and in particular the pupils of the eyes. The details are sketchy, particularly withr regard to how this information would be used and as to what happens when the person is wearing glasses or corrective lenses.
I suppose in principle you could detect drowsiness, lack of concentration, etc. and that information may be useful to the driver there and then. The only problem is, if it's all going to a blackbox, insurance companies are going to want the information to work out as to how often you checked your mirrors, whether you constantly look at your passenger as you are talking to them, etc. and I'm not sure what the safety advantage is in doing this.
... but the pictures like the ones here and here seem to say it all. Nasty stuff, but then most plants have "incidents" on a regular basis. It's just that Chernobyl didn't get stopped early enough. No doubt this thread will be filled with Xenophobic "Hahaha, the Russians are crap and have no money, and the US is better, hahaha" comments when in actual fact, since Chernobyl, the US has easily been able to compete on the "incidents" front with any other country...
Anyway, it would be nice if there were an English translation out there of this...
This looks to me as though it attempts to be a solution to a problem that hasn't really been defined yet. Java, Internet C, Inferno, whatever, they are all trying to address the same problem of portable code that is quick to write that can be embedded onto a user's desktop without an installation routine.
The concept is pretty powerful, but nobody has actually turned around and asked why we would want to do this. In fact, nobody has really defined what it is we want to do. Because of that, we end up with a mish-mash of solutions, none of which quite hit the spot. At the moment Java is taking the lead because it has the largest user and developer base out of all of them. But I'm sat here, still thinking to myself whatever happened to "push" technology that was being touted 4 or 5 years ago?
I can see the "point" to Inferno, as I can see the point to many projects like it, however I just don't think it will succeed. Looking at the page, it appears to be designed to handle embedded systems programs in a distributed manner. I'm kind of curious as to why I would want to do this in a browser. Nice idea, but as many people have pointed out, wrong application of the priniciple IMHO.
Well, people are only seeing the edge of this argument. I think to bring people up to speed on how this situation developed is too big a task to take on in a reply to a post on slashdot, but basically, here is a brief synopsis. OK, it's quite long, but it's still only 10% of the story.
BT were privatised many moons ago, and were given the responsibility to handle the UK's telecoms infrastructure as they had done before when it was a government-owned entity. The regulator Oftel was setup to ensure that BT did it's job properly and also allow the new cable players (Nynex, etc.) get a grip on the market, and to ensure everything was nice and competitive. After some years, the cable companies were starting to realise that to provide cable service in a country like the UK was prohibitively expenisve. There are still some towns where the roads date back to Roman times, the majority of housing is not laid out in the relatively straight-forward grid-ish system US cities are laid out in, costs were high, uptake was low, etc. So they all came together under the banner of Cable & Wireless. The only other major company in the field even today is NTL.
Meanwhile BT had got DSL working in the labs, but realised that the cost was too high to deploy at that time, and anyway, they owned the exchanges, the cable companies hadn't got the infrastrucutre to sort it all out, etc., etc.... Oftel steps in and say "Oi! What are you doing about high bandwidth solutions for end users and allowing for a competitive local loop?", to which BT said "Well, we're going to install DSL over the next few years, and we'll let providers re-sell DSL services over our network. We will invoice them for the line, and the customer will still be free to choose which carrier they wish to use for voice services".
Oftel came back with "Not good enough. Unbundle the local loop and let the other guys into your exchanges to install their own equipment!" to which BT responded in their best McEnroe impression "You can not be serious! These exchanges cost a fortune to maintain, the system will lead to chaos if we have to let anybody in, the security will go to pot, and the whole damned thing will turn into a huge mess. Anyway, we want to keep control of the local loop". Still, Oftel persisted, and BT grudgingly agreed, after they were permitted to charge accordingly for use of exchange floorspace, and for moving lines across.
They started by rolling out DSL to about 25% of the population. I've got it through Easynet on the corporate plan. Unfortunately, when we looked at this as a provider, we realised that BT had stiffed us. The only way to offer cheap services is to commit to minimum order requirements. Therefore, providers have to pay a fortune for simple IP routing between the customer's premises and the NOC. There are hidden charges everywhere, and it's stifling the business. Regardless of this, a group of companies started hassling BT for ULL (Unbundling Local Loop) so they could put in some nifty SDSL hardware and start getting things moving. I know of a guy who went into negotiations that went something like this:
Provider: "So, how much is it to put our equipment in your local exchange? What's the rent, charges for moving lines over, etc.?
BT: "Looking at your current plans, for such-and-such an exchange, we're talking about £1 million for the next year"
Provider: "£1 million? For a year? What about the charges after that?"
BT: "Oh, sorry. Did we say £1 million? We meant to say £5 million."
Provider: "£5 million for the year?"
BT: "That's right, £10 million"
Provider: "You just said £5 million!"
BT: "No, we just said £20 million. We're quite clear about the price - it's £30 million".
Provider: "This is getting silly now!"
BT: "No it isn't, £50 million is a great price!"
Provider: "How did we get from £1 million to £50 million in such a short space of time. Can we see your breakdown of costs please?"
BT: "We have always maintained the cost for this exchange to be £60 million. We don't do cost breakdowns, sorry."
Provider: "I'm going to complain to Oftel"
BT: "They fully support our pricing policy and think that £75 million is a fair price to pay..."
etc ad infinitum...
So, you see, BT is in charge and not doing a very good job. Apparently they originally expected a total national market for DSL services of about 4,000 customers. Now that there areover half a million people pleading to get DSL, who knows. I'm one of the lucky ones that gets 2Mb/sec to my home/office paid for by the company. When we looked at the prices at first, we did consider setting up as a proper DSL provider, but then you realise it's all smoke and mirrors.
So, does that mean that one day someone can charge for wheat? Or charge others to tinker with the genetic code for wheat? I mean ye gods, I may be crazy, but this is f*cking RETARDED!
This already happens. There are certain types of animal feed and even paritcular types of seeds for certain crops that have been "fiddled" with that farmers pay extra for. It's GM food (genetically modified), and you've been eating it for years - fruit, vegetbales, everything. Perhaps the true GM-free organic frenzy hasn't hit the US yet, but in the UK it's a well-formed bandwagon these days.
The point about patents, is that they are not ever-lasting, but they enable a company or individual who has invented or discovered something, perhaps at considerable cost, and who now wishes to capitalise on that work.
Let's suppose a company spends $1 billion pounds on discovering that switcing a paritcular gene makes you immune to HIV. That's one hell of a bill to pay, but it's certainly a worthy cause. They need to recoup that $1 billion and make some more money so that they can research other genes and their relationship with cancer. So they patent this knowledge.
They then have exclusive rights to develop the medication based on this knowledge. They sell it at $5 a pop, and they'll make about $5 billion back within a few years (HIV is more prevalent in developing countries than you think). They've made their money, the drug is out there, they've saved millions of lives. 20 years down the line, the patent expires, and everybody can use this knowledge.
At a more mundane level (and an application that already exists), suppose somebody works out that by tweaking a particular bit of DNA in wheat, the crop yield ends up higher - pretty damned useful stuff, especially in famine areas. If they spend $1 billion on developing that, are you saying they should give it away free of charge? How do we then invest in the next generation? How do we benefit from gene research in the long run? How is research into genes funded at all?
It is patents that allow investment in creative and speculative projects to happen. At the end of the day, everybody wins ultimately - think about the benefit to mankind as a whole, not just to you. Next time kids, think before flying off the handle.
Had you ever actually considered what using the Internet must be like for non-English speaking countries? Probably something equally unpleasing to the eye.
Seeing as the Internet is supposed to be the medium that allows a break-down of barriers between nations and a free flow of information, don't you think that it might be a good idea to include as many languages as possible rather than exclude anybody who doesn't use a language that conforms to your standards?
I think you need to realise now, that English is not the only language in the world - in fact we're in a vast minority. It's possible that at some point enough people will undertake the task of learning enough foreign languages to free up communication between ourselves, and perhaps ulitmately one language will be considered the accepted standard - however, don't expect that to be English.
Errmm.... surely if his GPS data is encrypted with his private key then isn't that enough to "prove" that at least he believes that his GPS is with him?
The problem here is dealing with the GPS data. You basically have to prove that the data has come a GPS receiver that has been unmodified. There is nothing stopping me fixing the stream of GPS data to the application signing it, to make it look as though I was anywhere in the world. Therefore there are several areas you have to lock down to make sure that this data is authenticable:
1. The position determined by the GPS receiver is accurate, and can not be manipulated by somebody with a small transceiver nearby convincing the GPS receiver that you are located somewhere else. On a 3 or 4 satellite track, you may not be able to move youself very far, but in the US you could probably "cross" a state boundary, and in Europe you could probably mangle things around to move across country borders.
2. Once you can be sure that the data being received by the GPS receiver is genuine, you have to get it into the PC untampered. What's more, it has to make it all the way to being signed without being vulnerable to tampering at any point. If the longitude and latitude is stored somewhere in memory location 'X' just before being signed, I could conceivably tamper with it.
3. You then of course have to sign it, and then ensure that this mechanism is strong and that it can't be manipulated either at this stage or further along the transmission.
The problem really is that signing the location is the wrong approach - you have both your private and public key, and you can sign *ANYTHING* you want to authenticate it as belonging to you, but in actual fact, you need the GPS receiver to store the private/public pair and not divulge it to anybody else. How then, do you stop people tampering with the receiver?
Thinking about it, I think that may be the best approach - the GPS does the crypto internally, and you build measures to ensure that it can't be tampered with. Even then, you still have to make sure you're talking to a real GPS receiver etc. so challenge/response stuff may have to be added in. Nasty.
I'm sorry, but you evidently haven't the slightest clue what you are talking about. I've been working with security people for some time now, and know a fair bit myself. In fact, tomorrow afternoon, looking at my diary, I have to go to a meeting to discuss the live penetration test a client has requested on his network. So, let's go through a few of these "facts" of yours, shall we?
There are several issues that make online banks easy targets:
The only issue that makes them targets is that they have lots of money. They are not easy however...
1. Extreme conservitism - Oftentimes, their internal systems are quite old. While this tends to make their systems quite stable, it also means that they are generally insecure.
Are you living in the 1990's? I don't know of a single bank in the UK that has systems that are in use that are not on sale today. You see, this was this little "Y2K" bug that they had to get rid of, so they had to throw out the old, bring in the new. My cash machine down the road runs Windows NT 4.0. Are you saying they should be on W2K? I don't think you undrestand that there are real advantages to running code a few years out of date - it's been audited. Clever that isn't it?
2. Sensitivity to bad press - online banking systems, when compromised, are often hushed up quickly, due to the fact that the publicity will scare clients away.
Firstly, to hush something like that up is illegal at least in the UK. Secondly, they will own upto it - they want to catch the bastards. A few years ago a few banks got hit by dudes with some EMP blasters, and were blackmailed for a total of £400 million. They hushed it up for a few months, then went to Special Branch. They learnt their lesson that time - now, within a few minutes they will be on the phone. The more we go through this, I'm convinced you're living in 1994 or something.
3. browser ssl - it doesn't matter if the site's key is 128-bit; if the browser functions at 40-bit, then that's the key size used for encryption. This is a problem with all ssl-based connections.
Yeah, this post is definitely out of a timewarp. How many people do you know with browsers that only have 40-bit crypto? You need to tell them to upgrade. How many banks do you know that will accept 40-bit crypto? None. In fact, my on-line banking service loads a Java applet that runs it's own crypto on top of SSL. Go figure.
4. user passwords - people in general are dumb about choosing passwords. They often choose easy to guess passwords. It doesn't matter what security mechinisms you have in place; if a password can be compromised, the cracker has access.
My bank requires me to know the full sort code and account number, a security PIN just for access to that system, and then there are around half a dozen "authentication challenges" along the lines of "First school attended" etc. If you get any of these wrong more than 3 times in a row, the account is locked out, and I then have to phone them up to get it unlocked. The statement "if a password can be compromised, the cracker has access" also betrays your complete and total lack of experience in the security field as well. You have based your whole argument on that sentence without taking into account how big the word "if" is at the start. How exactly are you going to compromise this password then? Brute force the website? I think they might notice. Use 'phf' to get/etc/passwd? I think they may have patched that one already...
5. poor sysadmin training - this is the plague of the industry. Most sysadmins don't know much of anything about security. The one's that do are rare.
I wonder if that's why they have something called a "recruitment procedure" that makes sure the admins do know what they are doing. I wonder if that's why the banks spend thousands on training programs for them. I wonder if just possibly those admins have slightly more of a clue than you do.
In your arguments as to why on-line banking is a "joke", you have not come up with one single, solitary argument that stands upto any scrutiny. For you to start mouthing off about security would be a bit like me mouthing off about baseball. I think I know the basics, and I've read some stuff written years ago about it, but in actual fact, I haven't really got much of a clue.
BASIC was probably the most important thing that ever happened to me. When I was 11 at Secondary school, I was pretty typical of most geeks (without realising it) and just didn't "get along" with most other kids. So, I went and sat in the library, and had to pretend to read. The books were crap, until I came across one called something like "Programming the BBC Micro in BASIC" which was a real '10 PRINT "Hello world!"' kind of book.
At the time it was Lent (coming up to Easter), and so it being a Catholic school, there was the oppurtunity to not go for school dinners, and instead spend the money on getting into the computer room by donating it to charity. I thought, what the hell, I'm a fat git anyway (still am as it happens) so spent the whole of Lent in there. After 4 weeks, I had learnt the BBC inside out. I was by far ahead of most of the school (including those much older than me), at programming, and from then on I used to spend the small amount of pocket money I got on computer magazines and books. For the last 11 years I have lived, breathed and loved technology, programming and everything that was a part of it all. Even my grades in Maths and Physics went up. At GCSE level under the new national curriculum I was given an A* (top 2% of the country), in Computing, and ended up doing a degree in Software Engineering.
I'm now, at the age of 22, the Technical Director of an ISP and I get to write code as much as I want. I get paid a decent amount of money, I'm happy with my life, and I've certainly escaped the poverty trap that was waiting for me if I hadn't got out early enough (I started working part-time at the age of 15).
In short, if I hadn't picked up that book and just started learning BASIC - even just the "Hello World" stuff, I would not be here right now. I think that as a result, giving people that first taste of the possibilities - that they don't need to be good with a pen or a brush to be creative, and to show them that they can actually create things, is fantastic. And yes, this is probably waffling bullshit, but I will quite happily physically fight any person to the death who says that any initiative to teach kids the basics of coding is pointless. We haven't all got Daddy to buy us the latest laptop (PSX2 will drop to $100 within the year, making it affordable to all), nor are we all endowed with the fantastic skills to be anything that we want to be.
Sometimes kids just need to be shown that they can do this complicated shit and be like us when they grow up if they want to be. In the UK at least, geeks are respected by everybody with any sense.
If there were a lawyer who was prepared to handle spam cases where they assist in suing the spammer, I'm sure there would be a reasonable market once a few high-priced cases got through.
Slashdot Mirror
SMP is not as important as you think, because there aren't very many multi-processor systems available right now. In fact, it's almost impossible to get one. By the summer, the machines will be more commonly available, and THEN it gets important as to what the OS does with it. At the moment with 9.1, SMP just isn't going to work. With OS X, it'll work, just not as well as they know they can make it.
The video support stuff is troll. I'm running OS X right now besides me on an original first-generation iBook. It has no fancy card, no fancy drivers, just straight out of the box Public Beta code. The interface runs just fine. I'm not using it to try and get 32645256 fps so it's just fine. Seeing as there probably won't be any real major game releases until later in the Spring/early Summer, the accelerated video is not as important as you think it is.
At the end of the day, Apple has seen the light (for they have found the Love of Unix). They have also made a realisation that MS hasn't - at the consumer level, all the gizmos and tweeks don't matter, because they aren't competeing with MS or Linux, or anybody else in that market. Jobs has already stated Apple's biggest competitor from here on in is Sony. Go figure. Plus, they're not going to do what MS did with various OS releases and pretend everything is fine only to let users and OEMs realise it isn't.
People are seeing this as them releasing an "unfinished" OS, but I really have to say - when was the last time you saw a finished OS? Would people get really upset if Linus turned around one day and said "OK, we're going to go to kernel 3.0 within the year and it's going to have 'X', 'Y' and 'Z' in it" and then a few weeks before launch he turns around and says "look, Z is a bit screwed right now, and we really want to get X and Y working properly first"? What if X and Y were going to completely redefine Linux, the computing market as a whole, and take everybody off into a new direction, and Z was support for a particular grpahics card?
All of this seems to me like overplaying the lack of some features that don't need to be there right now in a poor FUD campaign. Pity. Undermines the integrity of people like MSNBC (as if I ever believed they had any integrity).
.. when you live in one of the most right-wing countries in the world (politically)? I don't know why, but even though Aussies are generally quite laid back, their political views are so right wing in my experience that I almost want to vomit.
Admittedly, not everybody in Oz is like that, but the fact that there are sufficient people in the country to support a party that is like that says something about the politcal sense of it's citzens.
Oh yeah, and in case you hadn't noticed, you live in a Democracy. In fact, it's the law that you have to vote. If you don't like it, lobby Parliament and vote them out next time. The chances of this being enforceable are pretty slim however.
2001-04-01 11:59:59 - The point being I reckon a "Mir went down" story will appear as an April Fools. Of course it will never come down. They probably don't know how to bring it down, never mind when. :-)
Does anybody out there have links to some good reference material on this?
Sure. There is a mailing list over at SecurityFocus called SECPROG that discusses secure programming practises. The idea is to produce a white paper that describes how to write secure code. The draft can be seen here and is probably the definitive how-to in existence at the moment.
Hope that helps.
it can detect a cell phone on Saturns moons
:-)
Hang on, the only way to be sure of this is to have tested the hypothesis. That means they're picking up cell calls on Saturn's moons. Doesn't this strike anybody else as being perhaps odd? I know Vodafone are on a campagin of world domination, but I didn't know they had bought out telcos out there!
I wasn't aware that IPsec was so far along. I was planning on writing some code for a 'secure' server and had been looking at FreeBSD and writing up a lot of my own daemons like FTP et al, but now I'll probably take a longer look at the stack on OpenBSD. Does anybody know how far they've got with implementing these features in userland so far? Any plans for other OSes to get compliant so we can start seeing proper IPsec infrastrucutres popping out of the mists?
:-) I bet that last comment gets me marked down as flamebait or troll.
Also thought the SMP stuff was good, but I'm still under the impression that the OpenBSD crowd aren't that keen on it. I can understand why, but I think that they've pretty much got the security sussed now, so perhaps it's time they started looking further afield - the remote install stuff looks good and is not only good for rolling out over a LAN but makes OEM installs for machines to sell easier as well.
I think this was typical of the BSD crowd though (myself included) by discussing all the bad stuff with Linux without actually mentioning any of the good stuff. Although, like I said, I'm a BSD bigot, so I'm not quite sure what the good stuff in Linux is.
Great idea, but the idea is really broad. It would be very hard to produce a generic solution that could allow for plug-in modules as you suggest, but I am intersted in at least working out the rough spec to see if it *could* be done.
However, there are real problems inherent in the approach. Telephony billing really needs to be real-time rather than ISP billing which is just a parse of a load of scripts. I can see the concept, I'm just having problems seeing how you can make this as flexible as you want it to be....
BTW Your precious Yahoo uses Google as search engine, which runs on what OS?
I hate to point this out to you, but Yahoo used to be exclusively BSD, and Google are more than likely going to migrate over to BSD. Nearly every mature organisation I know has at some point moved from Windows to Linux and then eventually from Linux to BSD. I work in the ISP industry, and internal to that industry within the UK, Linux is a joke, BSD takes top spot every time.
Anyway, does it actually fucking matter?
First - They are going to have to deal with the environmentalists. That alone is going to be a big task. When the pipeline was built, the various pro-environment groups were not nearly as strong as today. Getting them to even remotely buy-off on this is going to be next to impossible, if not totally impossible.
This is completely different - this is a tunnel. This is a project that like the Channel Tunnel will be "built" by boring out soft rock at a depth of several hundred feet below the sea bed. There is no enviromental reason why this project should not go ahead. In fact, most environmentalists would probably realise that if made into a passenger link it may actually be good for the environment rather than all the planes you Americans and Russians seem so fond of using.
Second- They are going to have to figure out a way to make this thing work in tempitures that range from 60 below zero f to +90f in the summer. The climate is not hospitable to things that have moving parts or that can get buried.
Again, doesn't matter. We're talking several hundred feet below here - to make it safe they're taking the tunnel in around 20 miles on each side so that it slowly emerges from the depths of the earth in a safe manner. Oh, and apart from the fact it will be quite warm down there anyway, I'm sure that the Russians will have thought about heating if required.
Third - Much of the land is covered in permafrost. In order to build anything on it that will last, you have to dig to bedrock and fill with some other material. (Permafrost melts into a mud/jello-like substance in the summer. Outside Fairbanks you can see roofs of sunken houses that were built on it by foolish settlers.)
Now I'm suspecting you're either a troll or a karma-whore. Read the article. It's a tunnel. That's right a TUNNEL. Go and get a dictionary and look up the word "tunnel". Now, read that point you've written one more time - do you still think it applies? No, because it's a TUNNEL. It's several hundred feet below ground. That's what tunnels are like... (the state of education today, eh?)
Fourth - There is absolutly NO economic reason to build the thing in the first place. Who is going to use it? The population density in Alaska and Siberia is very close to empty. There are not many people there. For the amount of track you would have to lay for so few people, what is the point?
Who said anything about people using it? It means that large amounts of US exports can be made to Asia and Russia far more cheaply than at present, and vice versa. There is a huge economic reason to build it for cargo, etc. You're being arrogant enough to think you and other will be allowed to ride on it...
Fifth - Good luck trying to get the governments of the US, Russia and Canada to agree on any of the details. I expect the wrangling by them, as well as the unions and other people who would want a peice of this to eat up 60 billion just amongst themselves. And that is before any track is laid.
This kind of happened with the Channel Tunnel, and even now the scheme owes a lot of money and the company has been on the ropes many a time. They'll learn from their lessons, I'm sure.
Oh, and to those people who were talking about the differences in rail gauges, this is perfectly normal. The standard British gauge was used for years after we built our railways and the engineers went flying all over the world to manage the construction of other country's railways. The original gauge was determined by the gauge of the wheels made by a particularly popular cart maker in Newcastle in the 1820's because the original idea was to put standard carts onto the tracks.
Anyway, the difference in gauge is easily solved - the UK and France have completely different gauges but there is some sophisticated technology in place on the Chunnel trains to take care of this, and I'm sure that the same engineers will be able to help out with this problem. In fact, I suspect the same engineers from the chunnel will be brought in to handle this project, given their experience.
Will our boycott really matter?
/. do get these things at work. Why do you think they get these things at work? Purchasing power. They know that you probably have the influence of perhaps several hundred thousand or maybe even millions of dollars of purchasing power over the next few years. In other words, there are some people on slashdot whose spend on disks (RAID arrays, etc.) are going to be equivalent to 100s of ordinary home users. I'm likely to spend to have influence over around $1 million worth of RAID arrays and disks over the next few years on my own... and that's just me...
Yes, although it probably won't change much. It will however make them think, and here is why.
Do you ever get those free industry papers and magazines sent to you? In the UK there are ones like Computer Weekly and "Computing" (imaginative titles, eh?) and I get one from the US called "tele.com"... I suspect most people who read
Let's suppose that IBM introduce this system for their drives. We all decide to boycott IBM and buy Matrox instead. We end up with crappier drives, but we feel good inside. IBM may possibly turn around and say "Hey, where did that $20 million worth of RAID business go?" and we can all turn around and wave at them saying "Over here! We're with the nice boys from Matrox who haven't put copyright-protect on..." and IBM may just possibly re-consider.
I agree with another poster that in a day and age when you can't make a disk read-only in hardware that manufacturers should be considering protecting the "copyright" as laid down by an institution that exists in another country to my own (I live in the UK), and telling me what I can and can't have on my disks.
There is also the whole can of worms about how this is actually going to work, and as to whether it could all get a bit Big Brother down in the firmware...
OK, let's take this one sentence at a time...
:-)
Great, just what we need: another overblown client with its own "full OOP language, XML, and socket connections".
Another? No, please do share, I'd be interested to see the others. I think you'll find that Flash was the original and is still the only one with a reasonable user base. If you had read the documentation off of that page, you would have noticed statements in his project report (it appears to be a final year project at Imperial), like "a recent study showed that over x% of browsers have flash players installed" and "there is even a flash player written in java", etc. Show me the other languages, please do.
Another set of security holes in the client.
Now this I am interested in. If you have some exploit code, please feel free to let BUGTRAQ know. If you only have an inkling of an idea, get over to VULN-DEV. Don't assume that because you don't understand something it must inherently be unsecure.
Another reason to buy nothing but Microsoft and Apple because that's the only place Macromedia will bother to support this stuff fully.
As others have pointed out, what this module actually does is allow for the creation of SWF files which Flash merely "plays". SWF has been opened up by Macromedia for some time now, there are players available for a variety of platforms, and you're now evidently justr trying to troll.
More duplication of functionality and code bloat.
Yeah, I've heard about these crazy kids who are trying to duplicate the Unix functionality of OSes like Solaris and HP-UX into this thing for PCs called "Linux" or something. Those crazy kids, eh? Hasn't anybody told them how brain dead it is to duplicate like that...
More content that's entertaining and distracting rather than informative.
I bet that if you live in the US you only ever watch PBS and if you live in the UK you only ever watch Panorama. I used to agree that Flash stuff just cluttered the page and was slow and ugly. Now that people have got the hang of making functional flash and have started to grasp design concepts to ensure information is presented in the best manner, I'm quite happy about it. Oh, and the fact that either in the last 2 years they've made the files smaller, or I haven't really noticed that I've gone from 28.8 modem to 2Mbps DSL.
And all defined at the convenience of a single vendor who wants to use their market position to do an end-run around open standards.
I'll say this again - Macromedia have opened up SWF to the world. It might not be truly open, but it is in the Sun/Solaris 8 sense of the word "open", but perhaps even more so. Cynical bastard.
And another chance for people like you to sell lots of books and training on repackaged old technology.
Yeah, because the huge amounts of documentation and sample code out there for this project and others like it really does suck, eh? I bet you think that Linus get a check from O'Reilly every year for several million dollars with a note saying "thanks for getting interest back in this old crock of shit Unix again!" don't you?
Sorry, I am most unimpressed.
That much was obvious. What wasn't obvious is as to why you are so unimpressed when your arguments against Flash are unfounded in the real world.
Macromedia has a legal right to do this sort of thing, but for users, it's a good idea to turn this sort of thing off and complain to any web master whose site it is an important component of.
Using your arguments, I could turn around and say "Television is bad! Turn it off and complain to the manufacturers!" or "NASA? Are you MAD?!?! What a huge waste of money! Why on earth should we care about our Universe? Stop all that messing around and let's all go back to throwing rocks at each other, because that's what *I'm* comfortable with!"
Never mind... some people just never see it...
Perhaps I'm missing something here, but the business model for Open Source doesn't stand up to long term economic scrutiny very well in the same way that the business plans of many dot.coms don't either - if there is no revenue, nobody gets paid, etc., etc...
This means that to support Open Source businesses are going to have to get more into the service side of the industry which is absolutely terrible. This is terrible because service industries cost more to run, require more staff, and worse of all, requires the "consumer" to stump up cash for stuff that is free.
Perhaps I'm being ignorant, but I really have problems understanding why companies like VA and Redhat are valued as they are. A utility company being paid to deliver water to the tap is one thing, but an entire business model based on people's laziness to download the OS and on selling them tech. support contracts? This doesn't feel right.... please, explain to me how this works in an economic sense in the long term and how Redhat's "custom development, consulting, training" is not going to fail in the face of a geek with a compiler, usenet and some man pages?
Not true. In the UK the legal precedent has been set - i.e. ISPs are not considered carriers but content providers. Therefore, under UK law all content is the responsibility of the ISP that a user is connected to. You're right in that ISPs should be considered carriers and not providers, but it depends on which bit bit you mean - they should certainly be held accountable for material held on their own servers, but it's a fine line when it comes to transparent cacheing as the material is held in the same way it would be if a user had FTP'ed the content up...
Give it a few years and you will find more and more ISPs will start to filter. Especially in the UK where there is likely to be some precedents set down in the future based around the Obscene Publications Act and transparent proxy caches.
If I, as an ISP, am serving you the customer, material which is deemed illegal in either your country or mine, I am deemed liable. It doesn't matter if the webserver it came from is on the other side of the world and I have no control, as under UK law I am responsible for the storage (transparent cache) and distribution (via my modem racks, DSL circuits, Frame Relay, whatever) of obscene material.
Trust me, give it 5 years and the "bad stuff" will disappear, but at least in the UK we don't have the strong Bible belt and we are more "European" in our attitudes towards this kind of stuff these days (read as "the British have loosened up in the past few years and shagging goats is almost acceptable these days"). This is especially good as the whole Obscene Publications Act defines material to be illegal in a highly subjective manner - the society deems it OK, so the law will as well.
Anyway, enough babbling..
Try the PAO distribution. There is a special distro knocking around for laptops of FreeBSD called PAO available at http://www.jp.freebsd.org/PAO/ which is a Japanese site. The only problems I've ever had with the BSDs is PCMCIA ethernet cards when I'm trying to install over the network. Apart from that, they're great. I had OpenBSD on an old cruddy AMD X5 latop for years, and that same machine is now running NetBSD perfectly. ;-)
;-)
With PAO in particular, a lot of the work is now going to go into developing the FreeBSD PCMCIA framework, so eventually, no special distro required - just wack in the CD and 20 minutes later boot into 5.x-STABLE!
On the car front Volvo are apparently keen on eye-tracking technology. As you probably know, Volvo pride themselves on the safest cars in the world (seeing as they invented crash testing more or less, I think we should let them keep that title), and there have been reports on the sort of technology they want to implement in the near future.
One of these technologies is eye-tracking. A small sensor would be mounted in the ceiling above the driver's seat and track the movement of the head and in particular the pupils of the eyes. The details are sketchy, particularly withr regard to how this information would be used and as to what happens when the person is wearing glasses or corrective lenses.
I suppose in principle you could detect drowsiness, lack of concentration, etc. and that information may be useful to the driver there and then. The only problem is, if it's all going to a blackbox, insurance companies are going to want the information to work out as to how often you checked your mirrors, whether you constantly look at your passenger as you are talking to them, etc. and I'm not sure what the safety advantage is in doing this.
... but the pictures like the ones here and here seem to say it all. Nasty stuff, but then most plants have "incidents" on a regular basis. It's just that Chernobyl didn't get stopped early enough. No doubt this thread will be filled with Xenophobic "Hahaha, the Russians are crap and have no money, and the US is better, hahaha" comments when in actual fact, since Chernobyl, the US has easily been able to compete on the "incidents" front with any other country...
Anyway, it would be nice if there were an English translation out there of this...
This looks to me as though it attempts to be a solution to a problem that hasn't really been defined yet. Java, Internet C, Inferno, whatever, they are all trying to address the same problem of portable code that is quick to write that can be embedded onto a user's desktop without an installation routine.
The concept is pretty powerful, but nobody has actually turned around and asked why we would want to do this. In fact, nobody has really defined what it is we want to do. Because of that, we end up with a mish-mash of solutions, none of which quite hit the spot. At the moment Java is taking the lead because it has the largest user and developer base out of all of them. But I'm sat here, still thinking to myself whatever happened to "push" technology that was being touted 4 or 5 years ago?
I can see the "point" to Inferno, as I can see the point to many projects like it, however I just don't think it will succeed. Looking at the page, it appears to be designed to handle embedded systems programs in a distributed manner. I'm kind of curious as to why I would want to do this in a browser. Nice idea, but as many people have pointed out, wrong application of the priniciple IMHO.
Well, people are only seeing the edge of this argument. I think to bring people up to speed on how this situation developed is too big a task to take on in a reply to a post on slashdot, but basically, here is a brief synopsis. OK, it's quite long, but it's still only 10% of the story.
BT were privatised many moons ago, and were given the responsibility to handle the UK's telecoms infrastructure as they had done before when it was a government-owned entity. The regulator Oftel was setup to ensure that BT did it's job properly and also allow the new cable players (Nynex, etc.) get a grip on the market, and to ensure everything was nice and competitive. After some years, the cable companies were starting to realise that to provide cable service in a country like the UK was prohibitively expenisve. There are still some towns where the roads date back to Roman times, the majority of housing is not laid out in the relatively straight-forward grid-ish system US cities are laid out in, costs were high, uptake was low, etc. So they all came together under the banner of Cable & Wireless. The only other major company in the field even today is NTL.
Meanwhile BT had got DSL working in the labs, but realised that the cost was too high to deploy at that time, and anyway, they owned the exchanges, the cable companies hadn't got the infrastrucutre to sort it all out, etc., etc.... Oftel steps in and say "Oi! What are you doing about high bandwidth solutions for end users and allowing for a competitive local loop?", to which BT said "Well, we're going to install DSL over the next few years, and we'll let providers re-sell DSL services over our network. We will invoice them for the line, and the customer will still be free to choose which carrier they wish to use for voice services".
Oftel came back with "Not good enough. Unbundle the local loop and let the other guys into your exchanges to install their own equipment!" to which BT responded in their best McEnroe impression "You can not be serious! These exchanges cost a fortune to maintain, the system will lead to chaos if we have to let anybody in, the security will go to pot, and the whole damned thing will turn into a huge mess. Anyway, we want to keep control of the local loop". Still, Oftel persisted, and BT grudgingly agreed, after they were permitted to charge accordingly for use of exchange floorspace, and for moving lines across.
They started by rolling out DSL to about 25% of the population. I've got it through Easynet on the corporate plan. Unfortunately, when we looked at this as a provider, we realised that BT had stiffed us. The only way to offer cheap services is to commit to minimum order requirements. Therefore, providers have to pay a fortune for simple IP routing between the customer's premises and the NOC. There are hidden charges everywhere, and it's stifling the business. Regardless of this, a group of companies started hassling BT for ULL (Unbundling Local Loop) so they could put in some nifty SDSL hardware and start getting things moving. I know of a guy who went into negotiations that went something like this:
Provider: "So, how much is it to put our equipment in your local exchange? What's the rent, charges for moving lines over, etc.?
BT: "Looking at your current plans, for such-and-such an exchange, we're talking about £1 million for the next year"
Provider: "£1 million? For a year? What about the charges after that?"
BT: "Oh, sorry. Did we say £1 million? We meant to say £5 million."
Provider: "£5 million for the year?"
BT: "That's right, £10 million"
Provider: "You just said £5 million!"
BT: "No, we just said £20 million. We're quite clear about the price - it's £30 million".
Provider: "This is getting silly now!"
BT: "No it isn't, £50 million is a great price!"
Provider: "How did we get from £1 million to £50 million in such a short space of time. Can we see your breakdown of costs please?"
BT: "We have always maintained the cost for this exchange to be £60 million. We don't do cost breakdowns, sorry."
Provider: "I'm going to complain to Oftel"
BT: "They fully support our pricing policy and think that £75 million is a fair price to pay..."
etc ad infinitum...
So, you see, BT is in charge and not doing a very good job. Apparently they originally expected a total national market for DSL services of about 4,000 customers. Now that there areover half a million people pleading to get DSL, who knows. I'm one of the lucky ones that gets 2Mb/sec to my home/office paid for by the company. When we looked at the prices at first, we did consider setting up as a proper DSL provider, but then you realise it's all smoke and mirrors.
So, does that mean that one day someone can charge for wheat? Or charge others to tinker with the genetic code for wheat? I mean ye gods, I may be crazy, but this is f*cking RETARDED!
This already happens. There are certain types of animal feed and even paritcular types of seeds for certain crops that have been "fiddled" with that farmers pay extra for. It's GM food (genetically modified), and you've been eating it for years - fruit, vegetbales, everything. Perhaps the true GM-free organic frenzy hasn't hit the US yet, but in the UK it's a well-formed bandwagon these days.
The point about patents, is that they are not ever-lasting, but they enable a company or individual who has invented or discovered something, perhaps at considerable cost, and who now wishes to capitalise on that work.
Let's suppose a company spends $1 billion pounds on discovering that switcing a paritcular gene makes you immune to HIV. That's one hell of a bill to pay, but it's certainly a worthy cause. They need to recoup that $1 billion and make some more money so that they can research other genes and their relationship with cancer. So they patent this knowledge.
They then have exclusive rights to develop the medication based on this knowledge. They sell it at $5 a pop, and they'll make about $5 billion back within a few years (HIV is more prevalent in developing countries than you think). They've made their money, the drug is out there, they've saved millions of lives. 20 years down the line, the patent expires, and everybody can use this knowledge.
At a more mundane level (and an application that already exists), suppose somebody works out that by tweaking a particular bit of DNA in wheat, the crop yield ends up higher - pretty damned useful stuff, especially in famine areas. If they spend $1 billion on developing that, are you saying they should give it away free of charge? How do we then invest in the next generation? How do we benefit from gene research in the long run? How is research into genes funded at all?
It is patents that allow investment in creative and speculative projects to happen. At the end of the day, everybody wins ultimately - think about the benefit to mankind as a whole, not just to you. Next time kids, think before flying off the handle.
Had you ever actually considered what using the Internet must be like for non-English speaking countries? Probably something equally unpleasing to the eye.
Seeing as the Internet is supposed to be the medium that allows a break-down of barriers between nations and a free flow of information, don't you think that it might be a good idea to include as many languages as possible rather than exclude anybody who doesn't use a language that conforms to your standards?
I think you need to realise now, that English is not the only language in the world - in fact we're in a vast minority. It's possible that at some point enough people will undertake the task of learning enough foreign languages to free up communication between ourselves, and perhaps ulitmately one language will be considered the accepted standard - however, don't expect that to be English.
Errmm.... surely if his GPS data is encrypted with his private key then isn't that enough to "prove" that at least he believes that his GPS is with him?
The problem here is dealing with the GPS data. You basically have to prove that the data has come a GPS receiver that has been unmodified. There is nothing stopping me fixing the stream of GPS data to the application signing it, to make it look as though I was anywhere in the world. Therefore there are several areas you have to lock down to make sure that this data is authenticable:
1. The position determined by the GPS receiver is accurate, and can not be manipulated by somebody with a small transceiver nearby convincing the GPS receiver that you are located somewhere else. On a 3 or 4 satellite track, you may not be able to move youself very far, but in the US you could probably "cross" a state boundary, and in Europe you could probably mangle things around to move across country borders.
2. Once you can be sure that the data being received by the GPS receiver is genuine, you have to get it into the PC untampered. What's more, it has to make it all the way to being signed without being vulnerable to tampering at any point. If the longitude and latitude is stored somewhere in memory location 'X' just before being signed, I could conceivably tamper with it.
3. You then of course have to sign it, and then ensure that this mechanism is strong and that it can't be manipulated either at this stage or further along the transmission.
The problem really is that signing the location is the wrong approach - you have both your private and public key, and you can sign *ANYTHING* you want to authenticate it as belonging to you, but in actual fact, you need the GPS receiver to store the private/public pair and not divulge it to anybody else. How then, do you stop people tampering with the receiver?
Thinking about it, I think that may be the best approach - the GPS does the crypto internally, and you build measures to ensure that it can't be tampered with. Even then, you still have to make sure you're talking to a real GPS receiver etc. so challenge/response stuff may have to be added in. Nasty.
I'm sorry, but you evidently haven't the slightest clue what you are talking about. I've been working with security people for some time now, and know a fair bit myself. In fact, tomorrow afternoon, looking at my diary, I have to go to a meeting to discuss the live penetration test a client has requested on his network. So, let's go through a few of these "facts" of yours, shall we?
/etc/passwd? I think they may have patched that one already...
There are several issues that make online banks easy targets:
The only issue that makes them targets is that they have lots of money. They are not easy however...
1. Extreme conservitism - Oftentimes, their internal systems are quite old. While this tends to make their systems quite stable, it also means that they are generally insecure.
Are you living in the 1990's? I don't know of a single bank in the UK that has systems that are in use that are not on sale today. You see, this was this little "Y2K" bug that they had to get rid of, so they had to throw out the old, bring in the new. My cash machine down the road runs Windows NT 4.0. Are you saying they should be on W2K? I don't think you undrestand that there are real advantages to running code a few years out of date - it's been audited. Clever that isn't it?
2. Sensitivity to bad press - online banking systems, when compromised, are often hushed up quickly, due to the fact that the publicity will scare clients away.
Firstly, to hush something like that up is illegal at least in the UK. Secondly, they will own upto it - they want to catch the bastards. A few years ago a few banks got hit by dudes with some EMP blasters, and were blackmailed for a total of £400 million. They hushed it up for a few months, then went to Special Branch. They learnt their lesson that time - now, within a few minutes they will be on the phone. The more we go through this, I'm convinced you're living in 1994 or something.
3. browser ssl - it doesn't matter if the site's key is 128-bit; if the browser functions at 40-bit, then that's the key size used for encryption. This is a problem with all ssl-based connections.
Yeah, this post is definitely out of a timewarp. How many people do you know with browsers that only have 40-bit crypto? You need to tell them to upgrade. How many banks do you know that will accept 40-bit crypto? None. In fact, my on-line banking service loads a Java applet that runs it's own crypto on top of SSL. Go figure.
4. user passwords - people in general are dumb about choosing passwords. They often choose easy to guess passwords. It doesn't matter what security mechinisms you have in place; if a password can be compromised, the cracker has access.
My bank requires me to know the full sort code and account number, a security PIN just for access to that system, and then there are around half a dozen "authentication challenges" along the lines of "First school attended" etc. If you get any of these wrong more than 3 times in a row, the account is locked out, and I then have to phone them up to get it unlocked. The statement "if a password can be compromised, the cracker has access" also betrays your complete and total lack of experience in the security field as well. You have based your whole argument on that sentence without taking into account how big the word "if" is at the start. How exactly are you going to compromise this password then? Brute force the website? I think they might notice. Use 'phf' to get
5. poor sysadmin training - this is the plague of the industry. Most sysadmins don't know much of anything about security. The one's that do are rare.
I wonder if that's why they have something called a "recruitment procedure" that makes sure the admins do know what they are doing. I wonder if that's why the banks spend thousands on training programs for them. I wonder if just possibly those admins have slightly more of a clue than you do.
In your arguments as to why on-line banking is a "joke", you have not come up with one single, solitary argument that stands upto any scrutiny. For you to start mouthing off about security would be a bit like me mouthing off about baseball. I think I know the basics, and I've read some stuff written years ago about it, but in actual fact, I haven't really got much of a clue.
Think and then post!
BASIC was probably the most important thing that ever happened to me. When I was 11 at Secondary school, I was pretty typical of most geeks (without realising it) and just didn't "get along" with most other kids. So, I went and sat in the library, and had to pretend to read. The books were crap, until I came across one called something like "Programming the BBC Micro in BASIC" which was a real '10 PRINT "Hello world!"' kind of book.
At the time it was Lent (coming up to Easter), and so it being a Catholic school, there was the oppurtunity to not go for school dinners, and instead spend the money on getting into the computer room by donating it to charity. I thought, what the hell, I'm a fat git anyway (still am as it happens) so spent the whole of Lent in there. After 4 weeks, I had learnt the BBC inside out. I was by far ahead of most of the school (including those much older than me), at programming, and from then on I used to spend the small amount of pocket money I got on computer magazines and books. For the last 11 years I have lived, breathed and loved technology, programming and everything that was a part of it all. Even my grades in Maths and Physics went up. At GCSE level under the new national curriculum I was given an A* (top 2% of the country), in Computing, and ended up doing a degree in Software Engineering.
I'm now, at the age of 22, the Technical Director of an ISP and I get to write code as much as I want. I get paid a decent amount of money, I'm happy with my life, and I've certainly escaped the poverty trap that was waiting for me if I hadn't got out early enough (I started working part-time at the age of 15).
In short, if I hadn't picked up that book and just started learning BASIC - even just the "Hello World" stuff, I would not be here right now. I think that as a result, giving people that first taste of the possibilities - that they don't need to be good with a pen or a brush to be creative, and to show them that they can actually create things, is fantastic. And yes, this is probably waffling bullshit, but I will quite happily physically fight any person to the death who says that any initiative to teach kids the basics of coding is pointless. We haven't all got Daddy to buy us the latest laptop (PSX2 will drop to $100 within the year, making it affordable to all), nor are we all endowed with the fantastic skills to be anything that we want to be.
Sometimes kids just need to be shown that they can do this complicated shit and be like us when they grow up if they want to be. In the UK at least, geeks are respected by everybody with any sense.
If there were a lawyer who was prepared to handle spam cases where they assist in suing the spammer, I'm sure there would be a reasonable market once a few high-priced cases got through.