I think this is pretty on the nose. It's my opinion that the industry is not going to lose a whole lot of money to copying/piracy. They can't stop people from putting stuff on the web, but they can make it hard to find. The fact is that most consumers don't want to go hang out in #mp3warez or somewhere to find the latest pop tune. They will just head over to www.sony.com or wherever to pick up their songs. All the labels need to do is hire a few network savvy lawers to send out cease and desist letters so that the pirate sites have to keep their heads down. As long as pirate sites are hard for the masses to find, the masses will just buy the music on the official site. Just like with software. Last time I checked, the software industry was doing just fine despite the fact that it's trivial to pirate software. Even with sites like www.warez.com, getting pirated software is a pain in the ass. It's pretty much nothing but broken links and overloaded servers. Why should I spend two hours trying to find a working server with whatever new game is out, when I can spend five minutes having it FedEx'd to me? It's just not worth my time. If the software company is savvy and sells downloads of the program, I can have a legit copy even faster.
However, what is a threat to the music labels are the legitimate sites with MP3s. There is every reason to believe that www.mp3.com or some similar site will start taking market share and mind share away from Sony, BMI, and the others. While the big labels like to think that they are in the music creation business, it is more accurate to say that they are in the manufacturing and distribution business. There are lots and lots of companies and bands capable of making a studio quality recording of decent music. However, there are very few companies with the infrastructure to make millions of physical copies of that music and ship it to thousands of stores all over the world. Now that the Internet allows someone to dispose of the physical aspect of the music and just ship the bits around, the big labels are going to lose the edge that keeps them on top. I would hope that this is what keeps them awake at night, and that the piracy story is just a cover. However, you never know. Upper management may actually be so clueless as to think that they are in the "music" business and not the "manufacturing" business.
Forget using your hand to see the flicker in your screen. Stretch a rubber band out and hold it up in front of the monitor. Then pluck it like a guitar string. You should be able to see the rubber band pulse up and down with sine waves if you get the tension right.
Also, the reason that a monitor is partially black isn't really an aliasing thing. It's just that any CRT is really only partially lit at any given time. The entire image never exists on the screen at once, it only exists in video memory and your brain. Simply taking a still photograph of a TV will demonstrate this.
On the other hand, when you see a monitor on TV the black band will be moving either up or down the screen at some frequency. The rate at which the band moves is an aliasing artifact whose rate is determined by the refresh rate of the monitor and the rate at which it is being "sampled" by the camera.
Yep, this is correct. I don't know why they keep naming their products after years. One of these days, they are going to slip too far and look like idiots. If I recall correctly, they barely got Win95 out on time. At least with Windows '00 they have a good 18 months left to ship before they look like boneheads.
I wonder what they are going to do for naming after Win '00? They were (are?) going to drop the Win95 line and have consumers use a version of NT/Win'00. However, they have backed off of that and claim that they are going to keep shipping the Win95 code base until about 2003. Assuming that they will have another update after Win98, what will they call it? Windows 2001? Windows 2002? Won't that be just a little confusing to the consumer? Maybe they will release NT upgrades in even years and Win9X upgrades in odd years;-)> Not to mention what Win9X is going to look like after four more years of crap is stuffed into it.
Exactly how would you propose someone using DES just add 4 bits to their keys? There is no way to just randomly extend the keys for most symmetric algorithms. Not to mention reworking your key handling infrastructure. Sure, you can rip out DES and replace it with something better (like triple DES, which does seem to be pretty secure), but you can't just magically add four bits to it.
As an interesting aside, the guys who wrote the paper on differential cryptanalysis of DES determined how much stronger DES would be if they used independent sub-keys in each of the 16 rounds of encryption. They determined that using a 768-bit key (by using an independent 48-bit key for each of the 16 rounds.), they would only add (I forget the exact number) something like 10 or 20 bits to the strength of the algorithm. So, even though it is easy to redesign the key schedule algorithm for DES to use much larger keys, you can't make it much stronger. DES is inherently weak.
If you read the article, you will note that one of the features of this chip is that it can use a different key for each block it encrypts. Given a design like this, it's pretty easy to imagine that it could be used at the heart of a brute-force key cracker. Most encryption chips have relatively slow key initialization phases that prevent them from making effective cracking engines. This chip does not have that bottleneck. Now, whether or not you can feed keys into it fast enough to be really useful can't be determined from the article. Who knows, maybe the chip includes a way to increment the value in a key. It would only take a handful of transistors to implement, and would make it a nice dual-purpose chip.
Does anyone know offhand how many keys/sec the chips in Deep Crack could check?
Ahhh, good old MECC software. Would you belive that when I was a young one I got paid to dupe MECC software? It was all on the up and up. My mom used to work for a place called The Learning Exchange, and we would make copies of the MECC software for local schools, helping to keep costs down for MECC and the schools. He he, I had an Apple IIe with 11 disk drives on it. One drive for the master, 10 drives for the 10 disks on a box of floppies. I'm amazed it didn't catch on fire or something. It could only write to one drive at a time, of course. But by having 10 drives, I could be opening a new box of blank floppies, feeding them into the drives, pulling the copies out, putting labels on them, putting them back in the box, and labeling the box, while the program was making copies on other disks. Those were the days.
It's easy enough to get hardware that is well supported under BeOS. However, you are right that a lot of hardware is not supported. The simple fact of the matter is that if you want an OS that has sound support and 3D support for a lot of the hardware out there, you have to use Windows. The reason for this is simply that hardware manufactures make sure their stuff works with Windows. A few try to make sure it works under Linux and/or BeOS, but not many.
So, if you want to judge an OS based upon hardware support, Windows is the hands down winner every time. It isn't even a contest. I hope this changes soon, but as long as Windows has such a large market share, a lot of vendors won't bother with drivers for anything else. That's just a fact of life. If you want to use OS's with small market shares, be prepared to plan your hardware purchases around that fact. It's not hard to do.
Oh, and the greyscale mode that your card in is only meant for installing drivers with. Be limits the VGA mode to greyscale so that you won't be able to mistake the fact that there isn't a driver for that card. They were worried that if they used color in the VGA driver, people would not realize that they had an unsupported card and think that the poor performance was indicitive of the BeOS in general. It's really only meant to be used long enough to install a real driver for you card.
Also, now would be an excellent time to dig out your R4 CD and make sure that you have registered it with Be. All registered users have R4.5 CD's on their way (shipping now, I believe.)
While the idea of an advertising splash-screen at boot time is annoying, it might not be that bad. If there was some way to flash a new image into the BIOS, you could have (for example) a Tux splash screen at boot.
However, the article implies that it could be more than that. According to the article, "an Internet-service provider such as America Online Inc. could theoretically put its sign up icon directly on the desktop of any PC that uses the Phoenix start-up software". Doesn't this imply that the BIOS would have Windows-specific code in it? I shudder at the implications for non-Windows users if the BIOS assumes that your OS is Windows, and tries to make system calls. Hell, I shudder a the implications for Windows lusers if this is true. The ultimate impossible-to-delete icon on your desktop. I think I see declining market share in Phoenix's future if this is true.
You are comparing apples and oranges here. The latest round of worms and trojan horses that are moving thru email don't do anything that needs root permissions. It would be quite easy to write a Linux program that would look thru the users mailbox, get a bunch of email address, and send a copy of itself to all of those users. Then, just for kicks, it could do a "find" in the users home directory for all.c,.h,.cpp, files etc. and rm them. The fact that the worms aren't able to destroy the whole system doesn't mean that they can't spread and make the user's life hell.
The only thing that would keep this from spreading like wildfire is that the Linux community isn't in the habit of sending binaries around to each other, and so would probably be suspicious of such an attachment. But, as Linux becomes more mainstream you can expect this to change. It's only a matter of time before the newer Linux users start emailing around little gnome applets for their toolbars, etc. And when that happens, you can expect that the worms and trojan horses will soon follow. Expect some nasty back-doors too, as it's trivial to have a little program listen on an unsecure port and spawn off a shell for anyone who connects. Or when certain IP addresses connect. But I digress.
I'm not really sure what the solution is. Security will probably have to become much more fine-grained. Users should be able to have much more control over what a program is allowed to do. For example, I might not worry too much about running some binary that was emailed to me if I could keep it from performing file operations outside of a given directory, and from opening any sockets. Such a system should allow one to specify a wide variety of permissions for each individual binary that you might have. However, trying to make such a system usable by average-joe users would be very hard. Hell, it would be hard to make it easy to use even for savvy users. I can imagine what such a system would look like underneath the hood, but I don't know what you would use for a decent user interface. If it wasn't easy to use, most users would end up just giving everything all permissions, and we would be right back where we are now.
In conclusion, I think it's important for us to think about ways to deal with this type of problem before it actually becomes a problem. Just saying that "worms can't destroy my whole system, so I'm safe" is pretty naive. Everyone who thinks that should run the following command, and tell me how they feel afterword: "rm -rf ~", and don't forget to pretend that your user account isn't allowed to run "/bin/mail".
It's hard to say that a cluster is always going to be more reliable. Keep in mind that many possible hardware failures will prevent you from sync'ing the data after the failure. As a result, you can fail over but you will lose data. No matter how hard you try, you can't always keep the two halves of the cluster in-sync without severe performance penalties.
While such a solution would work great for an FTP server, or for static pages, it is probably not appropriate for a site like eBay where the data changes constantly, and any loss of data can be have severe consequences. Losing winning bids would not be tolerated for long.
Just a couple of choice pieces of FUD from the M$ web page.
--------quote on---------- 3.When security is compromised on the System Service Processor, which runs on the Ultra 5 workstation controlling domain operations and performance monitoring, all running domains on the E 10000 can be brought down with a short command sequence. --------quote off---------- So, let me get this straight. The workstation which is responsible for "controlling" operations can be used to stop operations? What was Sun thinking, including a command that would turn things off! Of course, we all know that one of the main features of NT Server over NT Workstation is that the "Shutdown" command has been removed from the "Start" menu.
--------quote on------------ 4.System boards that are hosting non-pageable kernel data structures cannot be removed from a domain without interrupting service. The Solaris operating system has to undertake a special "quiesce," or suspend, operation while the critical pages are migrated to another board. --------quote off------------ This is supposed to be a problem? Now, I think it's pretty neat that you can migrate kernel memory off of a certain piece of hardware and swap it out at all. We're supposed to believe that under NT you can do this at all? Much less without telling the kernel first? The only conceivable way to allow this to happen without telling the kernel to clear the board out first would be to make sure that all the kernel memory has had a copy paged out to disk. Or perhaps keep multiple copies of all kernel data structures (and hope they don't get out of sync.) Maybe NT does do the last one. That would certainly explain why it's a memory hog.
Pretty amazing if you ask me. This web page is clearly meant for the PHBs of the world, as anybody with any knowledge at all of how computers work is simply going to laugh at this.
The way I see it, IBM has a duty to help knock down Microsoft. After all, Microsoft's success in the PC market is largely due to IBM not taking the market seriously. While M$ apologists like to pretend the B.G. is the greatest businessman ever, his current success is due largely to IBM.
Specifically, I see them making two moves which helped M$. One, they licensed MS-DOS from M$ instead of just buying it outright. IBM certainly had the upper hand in the negotiations, but I don't think they took the PC market seriously. Had they known how large the market was going to become, I am certain they would have bought an OS instead of renting one.
Second, M$ became a trusted name to business because the letters "IBM" were on the outside of the box. Nobody bought a PC because M$ wrote the OS. They bought them because IBM put their name on them.
So, I figure it's kind of a karma thing for IBM to step up to the plate and help knock down this monster that is largely their own creation. Of course, if M$ wasn't there, IBM would maybe be the dominant company in the PC business. I think, in hindsight, that we would have been better off. For one, IBM was getting hassled for anit-trust reasons long before M$ was. I think DOJ would have been willing to smack IBM down long ago. Second, PC's would probably be much more reliable. While you can fault IBM for lots of things, you have to admit that they take reliability very seriously.
If everyone even used exportable 40-bit encryption, this whole system would become useless. 40 bits won't protect you if they decide to focus their attention on you, but if we all used it this gill-net approach to intelligence gathering would not work. It would be far too much effort to scan everything.
This is probably just bad formatting. I'm guessing that it should be 10^12, which is (roughly) 1 Gig. The original probably had a superscript for the 12, which got lost somewhere.
The fact that you believe that sharp corners increase radar visibility AND belive that a plane that appears to have had all smooth curves removed in favor of sharp corners is radar invisible probably means you are wrong. Nothing personal, but these two beliefs are logically inconsistant. Either the F-117 is not really a stealth aircraft, or you don't understand how sharp edges affect radar.
On a similar note, comparing the tech required to design a plane to the tech required to scan text is really apples and oranges. The first is pretty much computation fluid dynamics, and is primarily floating-point operations. It also doesn't parallelize very well due to the high I/O requirements between nodes. That's why scientists in the field still like big vector processing Crays instead of SMP machines.
On the other hand, scanning text is entirely an integer problem. It is also easy to parallelize it to a massive scale. You could do it effectively using 8088 PC's if you had to. Just pass each message or packet off to a different node, and each node has it's own copy of the "dictionary" you are searching for. Easy. Note that the report does NOT claim that the NSA has been scanning phone calls for years. Only that they have been scanning text-based communications. It's really easy to build computers to scan huge amounts of text.
So, I don't think you are correct in calling the whole Eschelon report "X-Files" stuff. It's quite resonable to think that they could have built most of this thing using off-the-shelf parts. Or that they could have had custom chips built using standard processes.
Oh, and if you want a more reliable source, some of this stuff was discussed at US Congressional hearings back in the 1970's. At that time, a Congressman likened the NSA to a giant ear which was listening to the world. He also said that if that ear was turned inward, there would be nowhere to hide from it. And this was in the 1970's. If you really belive that the NSA is not sniffing and analyzing every bit of communication that it can get it's hands on, your not looking very hard because it's not really a secret. We are talking about the NSA. Spying on the electronic communications of foreign powers is their job. No one is accusing the Department of Agriculture of spying. It's the NSA. It's what they do. Why do people keep trying to pretend that the NSA isn't doing it's job?
The limiting factor in GigE performance is not the bus in your machine. It's the CPU on the receiver. At least if you are talking about TCP performance. It takes a fair amount of horsepower to put the individual ethernet packets back together into the reliable data stream that your program gets.
Of course, by the time your PC has a 133MHz 64-bit PCI bus, it will also have a 1.5GHz CPU which can handle it. The fastest TCP performance I have seen over GigE using standard packets is ~350Mbps for a single TCP stream (memory to memory of course. Good luck making FTP go that fast.) I managed to get almost 500Mbps between the same multi-processor boxes by using three TCP streams, each running at about 160Mbps.
The patent for this gives some theoretical numbers for the power of the laser. I'm don't remember enough physics to check it for accuracy, but you might. Take a look at page 5 of the patent. It's number 5675103 at www.patents.ibm.com.
According to the author, "A reasonable power density, pulse duration, and pulse repitition rate for this laser is 5 megawatts per square centimeter, 10 nanoseconds, and 200 pulses per second, respectively." There is more detail in the patent, so you may want to check it out.
If you think that 900KB/sec is slow for 10bT, what do you think the average is? Ethernet is not known for it's ability to work well at high levels of utilization, and 900KB/sec is 7.2Mb/sec. At this level of utilization and up, the contention between different hosts trying to talk at once drives up the collision rate which keeps the tranfer rates down.
My vote is for USWest. Just two days ago, some tech at our local CO decided to removed the cross connects on one of our PRI's. W.T.F.!!! They also perpetually complain that they don't have enough capacity because of all those darn modem users, while at the same time running huge ad campaigns trying to get you to buy a second line for your modem!!!
Actually, I think I would have to conclude that they pretty much all suck. I'm not sure that the cable companies are much better, but at least the towns that have both will get a little competition.
The implications are greatest for those who write free software. The ruling seems to apply only to source code. It's hard to argue that object code, which is understandable only by machines, qualifies as "speech." So companies that sell binaries may not be affected at all. They will still be enjoined from exporting encryption without a license. However, distributing GPL source code without binaries is not only easy, it's common practice. If this ruling stands, it'll be one more thing that puts the "free" in "free software".
I'm not worried about the security implications of telling people about the root account. I'm well aware of the fact that virtually every Unix box has one. What worries me most is the impression it gives to the world to tell people to email you at root instead of a regular account. In my experience, everybody who knows anything at all about system administration tries to minimize their use of the root account. Conversely, the people who use "root" as their primary account instead of creating a non-privledged account are almost by definition inexperienced and/or lazy.
I think it's a great idea for the Linux community to have a resource for tuning information. However, if you want that resource to be taken seriously the people running it at least need to look like they know what they are doing.
I don't buy the alias theory. Someone who has managed to get root's mail aliased to some other account also knows that it takes abount 10 seconds to create an arbitrary alias to use for situations like this. Of course, this is all a mooot point since the web page now gives a nice clean alias to use for submitting tips.;-)>
Seems like a bad idea to me too. Aside from the numerous security risks that come from using root as a regular account, it implies that the person running this machine is too lazy to even bother creating a non-super account. Or too ignorant to know any better. Either way, it presents a really bad image.
Slashdot Mirror
I think this is pretty on the nose. It's my opinion that the industry is not going to lose a whole lot of money to copying/piracy. They can't stop people from putting stuff on the web, but they can make it hard to find. The fact is that most consumers don't want to go hang out in #mp3warez or somewhere to find the latest pop tune. They will just head over to www.sony.com or wherever to pick up their songs. All the labels need to do is hire a few network savvy lawers to send out cease and desist letters so that the pirate sites have to keep their heads down. As long as pirate sites are hard for the masses to find, the masses will just buy the music on the official site. Just like with software. Last time I checked, the software industry was doing just fine despite the fact that it's trivial to pirate software. Even with sites like www.warez.com, getting pirated software is a pain in the ass. It's pretty much nothing but broken links and overloaded servers. Why should I spend two hours trying to find a working server with whatever new game is out, when I can spend five minutes having it FedEx'd to me? It's just not worth my time. If the software company is savvy and sells downloads of the program, I can have a legit copy even faster.
However, what is a threat to the music labels are the legitimate sites with MP3s. There is every reason to believe that www.mp3.com or some similar site will start taking market share and mind share away from Sony, BMI, and the others. While the big labels like to think that they are in the music creation business, it is more accurate to say that they are in the manufacturing and distribution business. There are lots and lots of companies and bands capable of making a studio quality recording of decent music. However, there are very few companies with the infrastructure to make millions of physical copies of that music and ship it to thousands of stores all over the world. Now that the Internet allows someone to dispose of the physical aspect of the music and just ship the bits around, the big labels are going to lose the edge that keeps them on top. I would hope that this is what keeps them awake at night, and that the piracy story is just a cover. However, you never know. Upper management may actually be so clueless as to think that they are in the "music" business and not the "manufacturing" business.
Forget using your hand to see the flicker in your screen. Stretch a rubber band out and hold it up in front of the monitor. Then pluck it like a guitar string. You should be able to see the rubber band pulse up and down with sine waves if you get the tension right.
Also, the reason that a monitor is partially black isn't really an aliasing thing. It's just that any CRT is really only partially lit at any given time. The entire image never exists on the screen at once, it only exists in video memory and your brain. Simply taking a still photograph of a TV will demonstrate this.
On the other hand, when you see a monitor on TV the black band will be moving either up or down the screen at some frequency. The rate at which the band moves is an aliasing artifact whose rate is determined by the refresh rate of the monitor and the rate at which it is being "sampled" by the camera.
Yep, this is correct. I don't know why they keep naming their products after years. One of these days, they are going to slip too far and look like idiots. If I recall correctly, they barely got Win95 out on time. At least with Windows '00 they have a good 18 months left to ship before they look like boneheads.
;-)> Not to mention what Win9X is going to look like after four more years of crap is stuffed into it.
I wonder what they are going to do for naming after Win '00? They were (are?) going to drop the Win95 line and have consumers use a version of NT/Win'00. However, they have backed off of that and claim that they are going to keep shipping the Win95 code base until about 2003. Assuming that they will have another update after Win98, what will they call it? Windows 2001? Windows 2002? Won't that be just a little confusing to the consumer? Maybe they will release NT upgrades in even years and Win9X upgrades in odd years
Exactly how would you propose someone using DES just add 4 bits to their keys? There is no way to just randomly extend the keys for most symmetric algorithms. Not to mention reworking your key handling infrastructure. Sure, you can rip out DES and replace it with something better (like triple DES, which does seem to be pretty secure), but you can't just magically add four bits to it.
As an interesting aside, the guys who wrote the paper on differential cryptanalysis of DES determined how much stronger DES would be if they used independent sub-keys in each of the 16 rounds of encryption. They determined that using a 768-bit key (by using an independent 48-bit key for each of the 16 rounds.), they would only add (I forget the exact number) something like 10 or 20 bits to the strength of the algorithm. So, even though it is easy to redesign the key schedule algorithm for DES to use much larger keys, you can't make it much stronger. DES is inherently weak.
If you read the article, you will note that one of the features of this chip is that it can use a different key for each block it encrypts. Given a design like this, it's pretty easy to imagine that it could be used at the heart of a brute-force key cracker. Most encryption chips have relatively slow key initialization phases that prevent them from making effective cracking engines. This chip does not have that bottleneck. Now, whether or not you can feed keys into it fast enough to be really useful can't be determined from the article. Who knows, maybe the chip includes a way to increment the value in a key. It would only take a handful of transistors to implement, and would make it a nice dual-purpose chip.
Does anyone know offhand how many keys/sec the chips in Deep Crack could check?
Ahhh, good old MECC software. Would you belive that when I was a young one I got paid to dupe MECC software? It was all on the up and up. My mom used to work for a place called The Learning Exchange, and we would make copies of the MECC software for local schools, helping to keep costs down for MECC and the schools. He he, I had an Apple IIe with 11 disk drives on it. One drive for the master, 10 drives for the 10 disks on a box of floppies. I'm amazed it didn't catch on fire or something. It could only write to one drive at a time, of course. But by having 10 drives, I could be opening a new box of blank floppies, feeding them into the drives, pulling the copies out, putting labels on them, putting them back in the box, and labeling the box, while the program was making copies on other disks. Those were the days.
I tried this one at Radio Shack, but the clerk just gave me this blank look ;-)>
It's easy enough to get hardware that is well supported under BeOS. However, you are right that a lot of hardware is not supported. The simple fact of the matter is that if you want an OS that has sound support and 3D support for a lot of the hardware out there, you have to use Windows. The reason for this is simply that hardware manufactures make sure their stuff works with Windows. A few try to make sure it works under Linux and/or BeOS, but not many.
So, if you want to judge an OS based upon hardware support, Windows is the hands down winner every time. It isn't even a contest. I hope this changes soon, but as long as Windows has such a large market share, a lot of vendors won't bother with drivers for anything else. That's just a fact of life. If you want to use OS's with small market shares, be prepared to plan your hardware purchases around that fact. It's not hard to do.
Oh, and the greyscale mode that your card in is only meant for installing drivers with. Be limits the VGA mode to greyscale so that you won't be able to mistake the fact that there isn't a driver for that card. They were worried that if they used color in the VGA driver, people would not realize that they had an unsupported card and think that the poor performance was indicitive of the BeOS in general. It's really only meant to be used long enough to install a real driver for you card.
Also, now would be an excellent time to dig out your R4 CD and make sure that you have registered it with Be. All registered users have R4.5 CD's on their way (shipping now, I believe.)
While the idea of an advertising splash-screen at boot time is annoying, it might not be that bad. If there was some way to flash a new image into the BIOS, you could have (for example) a Tux splash screen at boot.
However, the article implies that it could be more than that. According to the article, "an Internet-service provider such as America Online Inc. could theoretically put its sign up icon directly on the desktop of any PC that uses the Phoenix start-up software". Doesn't this imply that the BIOS would have Windows-specific code in it? I shudder at the implications for non-Windows users if the BIOS assumes that your OS is Windows, and tries to make system calls. Hell, I shudder a the implications for Windows lusers if this is true. The ultimate impossible-to-delete icon on your desktop. I think I see declining market share in Phoenix's future if this is true.
You are comparing apples and oranges here. The latest round of worms and trojan horses that are moving thru email don't do anything that needs root permissions. It would be quite easy to write a Linux program that would look thru the users mailbox, get a bunch of email address, and send a copy of itself to all of those users. Then, just for kicks, it could do a "find" in the users home directory for all .c, .h, .cpp, files etc. and rm them. The fact that the worms aren't able to destroy the whole system doesn't mean that they can't spread and make the user's life hell.
The only thing that would keep this from spreading like wildfire is that the Linux community isn't in the habit of sending binaries around to each other, and so would probably be suspicious of such an attachment. But, as Linux becomes more mainstream you can expect this to change. It's only a matter of time before the newer Linux users start emailing around little gnome applets for their toolbars, etc. And when that happens, you can expect that the worms and trojan horses will soon follow. Expect some nasty back-doors too, as it's trivial to have a little program listen on an unsecure port and spawn off a shell for anyone who connects. Or when certain IP addresses connect. But I digress.
I'm not really sure what the solution is. Security will probably have to become much more fine-grained. Users should be able to have much more control over what a program is allowed to do. For example, I might not worry too much about running some binary that was emailed to me if I could keep it from performing file operations outside of a given directory, and from opening any sockets. Such a system should allow one to specify a wide variety of permissions for each individual binary that you might have. However, trying to make such a system usable by average-joe users would be very hard. Hell, it would be hard to make it easy to use even for savvy users. I can imagine what such a system would look like underneath the hood, but I don't know what you would use for a decent user interface. If it wasn't easy to use, most users would end up just giving everything all permissions, and we would be right back where we are now.
In conclusion, I think it's important for us to think about ways to deal with this type of problem before it actually becomes a problem. Just saying that "worms can't destroy my whole system, so I'm safe" is pretty naive. Everyone who thinks that should run the following command, and tell me how they feel afterword: "rm -rf ~", and don't forget to pretend that your user account isn't allowed to run "/bin/mail".
It's hard to say that a cluster is always going to be more reliable. Keep in mind that many possible hardware failures will prevent you from sync'ing the data after the failure. As a result, you can fail over but you will lose data. No matter how hard you try, you can't always keep the two halves of the cluster in-sync without severe performance penalties.
While such a solution would work great for an FTP server, or for static pages, it is probably not appropriate for a site like eBay where the data changes constantly, and any loss of data can be have severe consequences. Losing winning bids would not be tolerated for long.
Just a couple of choice pieces of FUD from the M$ web page.
--------quote on----------
3.When security is compromised on the System Service Processor, which runs on the Ultra 5 workstation controlling domain operations and performance monitoring, all running domains on the E 10000 can be brought down with a short command sequence.
--------quote off----------
So, let me get this straight. The workstation which is responsible for "controlling" operations can be used to stop operations? What was Sun thinking, including a command that would turn things off! Of course, we all know that one of the main features of NT Server over NT Workstation is that the "Shutdown" command has been removed from the "Start" menu.
--------quote on------------
4.System boards that are hosting non-pageable kernel data structures cannot be removed from a domain without interrupting service. The Solaris operating system has to undertake a special "quiesce," or suspend, operation while the critical pages are migrated to another board.
--------quote off------------
This is supposed to be a problem? Now, I think it's pretty neat that you can migrate kernel memory off of a certain piece of hardware and swap it out at all. We're supposed to believe that under NT you can do this at all? Much less without telling the kernel first? The only conceivable way to allow this to happen without telling the kernel to clear the board out first would be to make sure that all the kernel memory has had a copy paged out to disk. Or perhaps keep multiple copies of all kernel data structures (and hope they don't get out of sync.) Maybe NT does do the last one. That would certainly explain why it's a memory hog.
Pretty amazing if you ask me. This web page is clearly meant for the PHBs of the world, as anybody with any knowledge at all of how computers work is simply going to laugh at this.
The way I see it, IBM has a duty to help knock down Microsoft. After all, Microsoft's success in the PC market is largely due to IBM not taking the market seriously. While M$ apologists like to pretend the B.G. is the greatest businessman ever, his current success is due largely to IBM.
Specifically, I see them making two moves which helped M$. One, they licensed MS-DOS from M$ instead of just buying it outright. IBM certainly had the upper hand in the negotiations, but I don't think they took the PC market seriously. Had they known how large the market was going to become, I am certain they would have bought an OS instead of renting one.
Second, M$ became a trusted name to business because the letters "IBM" were on the outside of the box. Nobody bought a PC because M$ wrote the OS. They bought them because IBM put their name on them.
So, I figure it's kind of a karma thing for IBM to step up to the plate and help knock down this monster that is largely their own creation. Of course, if M$ wasn't there, IBM would maybe be the dominant company in the PC business. I think, in hindsight, that we would have been better off. For one, IBM was getting hassled for anit-trust reasons long before M$ was. I think DOJ would have been willing to smack IBM down long ago. Second, PC's would probably be much more reliable. While you can fault IBM for lots of things, you have to admit that they take reliability very seriously.
Ooops. 10^12 is a Tera. 10^9 is a Gig.
If everyone even used exportable 40-bit encryption, this whole system would become useless. 40 bits won't protect you if they decide to focus their attention on you, but if we all used it this gill-net approach to intelligence gathering would not work. It would be far too much effort to scan everything.
This is probably just bad formatting. I'm guessing that it should be 10^12, which is (roughly) 1 Gig. The original probably had a superscript for the 12, which got lost somewhere.
The fact that you believe that sharp corners increase radar visibility AND belive that a plane that appears to have had all smooth curves removed in favor of sharp corners is radar invisible probably means you are wrong. Nothing personal, but these two beliefs are logically inconsistant. Either the F-117 is not really a stealth aircraft, or you don't understand how sharp edges affect radar.
On a similar note, comparing the tech required to design a plane to the tech required to scan text is really apples and oranges. The first is pretty much computation fluid dynamics, and is primarily floating-point operations. It also doesn't parallelize very well due to the high I/O requirements between nodes. That's why scientists in the field still like big vector processing Crays instead of SMP machines.
On the other hand, scanning text is entirely an integer problem. It is also easy to parallelize it to a massive scale. You could do it effectively using 8088 PC's if you had to. Just pass each message or packet off to a different node, and each node has it's own copy of the "dictionary" you are searching for. Easy. Note that the report does NOT claim that the NSA has been scanning phone calls for years. Only that they have been scanning text-based communications. It's really easy to build computers to scan huge amounts of text.
So, I don't think you are correct in calling the whole Eschelon report "X-Files" stuff. It's quite resonable to think that they could have built most of this thing using off-the-shelf parts. Or that they could have had custom chips built using standard processes.
Oh, and if you want a more reliable source, some of this stuff was discussed at US Congressional hearings back in the 1970's. At that time, a Congressman likened the NSA to a giant ear which was listening to the world. He also said that if that ear was turned inward, there would be nowhere to hide from it. And this was in the 1970's. If you really belive that the NSA is not sniffing and analyzing every bit of communication that it can get it's hands on, your not looking very hard because it's not really a secret. We are talking about the NSA. Spying on the electronic communications of foreign powers is their job. No one is accusing the Department of Agriculture of spying. It's the NSA. It's what they do. Why do people keep trying to pretend that the NSA isn't doing it's job?
The limiting factor in GigE performance is not the bus in your machine. It's the CPU on the receiver. At least if you are talking about TCP performance. It takes a fair amount of horsepower to put the individual ethernet packets back together into the reliable data stream that your program gets.
Of course, by the time your PC has a 133MHz 64-bit PCI bus, it will also have a 1.5GHz CPU which can handle it. The fastest TCP performance I have seen over GigE using standard packets is ~350Mbps for a single TCP stream (memory to memory of course. Good luck making FTP go that fast.) I managed to get almost 500Mbps between the same multi-processor boxes by using three TCP streams, each running at about 160Mbps.
The patent for this gives some theoretical numbers for the power of the laser. I'm don't remember enough physics to check it for accuracy, but you might. Take a look at page 5 of the patent. It's number 5675103 at www.patents.ibm.com.
According to the author, "A reasonable power density, pulse duration, and pulse repitition rate for this laser is 5 megawatts per square centimeter, 10 nanoseconds, and 200 pulses per second, respectively." There is more detail in the patent, so you may want to check it out.
IBM has the patent for this online. It's patent number 5675103 for those of you who are interested. Here is a link.
If you think that 900KB/sec is slow for 10bT, what do you think the average is? Ethernet is not known for it's ability to work well at high levels of utilization, and 900KB/sec is 7.2Mb/sec. At this level of utilization and up, the contention between different hosts trying to talk at once drives up the collision rate which keeps the tranfer rates down.
My vote is for USWest. Just two days ago, some tech at our local CO decided to removed the cross connects on one of our PRI's. W.T.F.!!! They also perpetually complain that they don't have enough capacity because of all those darn modem users, while at the same time running huge ad campaigns trying to get you to buy a second line for your modem!!!
Actually, I think I would have to conclude that they pretty much all suck. I'm not sure that the cable companies are much better, but at least the towns that have both will get a little competition.
The implications are greatest for those who write free software. The ruling seems to apply only to source code. It's hard to argue that object code, which is understandable only by machines, qualifies as "speech." So companies that sell binaries may not be affected at all. They will still be enjoined from exporting encryption without a license. However, distributing GPL source code without binaries is not only easy, it's common practice. If this ruling stands, it'll be one more thing that puts the "free" in "free software".
I'm not worried about the security implications of telling people about the root account. I'm well aware of the fact that virtually every Unix box has one. What worries me most is the impression it gives to the world to tell people to email you at root instead of a regular account. In my experience, everybody who knows anything at all about system administration tries to minimize their use of the root account. Conversely, the people who use "root" as their primary account instead of creating a non-privledged account are almost by definition inexperienced and/or lazy.
;-)>
I think it's a great idea for the Linux community to have a resource for tuning information. However, if you want that resource to be taken seriously the people running it at least need to look like they know what they are doing.
I don't buy the alias theory. Someone who has managed to get root's mail aliased to some other account also knows that it takes abount 10 seconds to create an arbitrary alias to use for situations like this. Of course, this is all a mooot point since the web page now gives a nice clean alias to use for submitting tips.
Seems like a bad idea to me too. Aside from the numerous security risks that come from using root as a regular account, it implies that the person running this machine is too lazy to even bother creating a non-super account. Or too ignorant to know any better. Either way, it presents a really bad image.