I'm not saying the FIPS 140-2 is bad. It just has limited scope. It doesn't mean you've got "military grade" crypto. It certifies a product to work within certain constraints. My point is, user needs to make sure those constraints are relevant to their problem.
it might be worthwhile to work with a FIPS 140-2 testing lab to have the algorithms tested.
Very good point. With open source, you can get any certifications or assurances you want.
OK, I missed your point before, because I'd never even considered picking THAT nit.:)
You consider it abuse when they call it Open even when it's a real product being released under a real OSS license. Under what circumstances would you consider the word "Open" to be NOT abusive?
It's a closed commercial product, and they forked and GPLed a subset of the source.
Dunno just annoyed at people abusing the OSS blanket for publicity.
Where do you think Firefox came from? Do you think releasing Mozilla was abusive?
I don't think everything needs to be done for wholely untainted altruistic reasons. It's not like they're throwing out some old bones to chew on. This is an actual useful bit of software.
And without knowing anything about what I'm doing, you make a recommendation for a service provider? My requirements are a bit more complex than that.:)
"why OpenVZ outshines the competition, comparing it to VServer, Xen and User Mode Linux."
Of course, Andrey works for the software company that wrote this thing, and their closed full-featured flavor, Virtuozzo. The VZ method is a good one, and has excellent performance, but it has its drawbacks, too. Personally, I don't like that my VPSes need to use my VPS provider's kernel, which lacks features I desperately want (like stateful iptables matching), and which forces me to reboot whenever they upgrade their kernel (my VPS can't be migrated to a host running a different kernel), and I can't upgrade until my provider does.
VServer, Xen, and UML all make different tradeoffs. VZ goes for performance. Saying one outshines the others is just trolling. That's mostly on the part of the/. submitter, but Andrey slants it a little too.
I don't want to crap on the OpenVZ project. They're working on very cool stuff, and I applaud SWSoft for opening the thing up. I just want people to keep the comparisons in context.
Different problems in computer science scale differently. You haven't given us enough data to really know what problem you're solving, so you're really not going to get a reasonable answer.
I work for a company that has a large commercial application. We knew we needed to scale our data set and processing power to be huge, so we made sure from the start that the heavy lifting could be divided into little chunks, and thrown to the cluster. For our purposes, back end scalability is basically linear. When we need more, we just bring another rack of little 1U critters online. There are a few theoretical bottlenecks, but we'll never see them before we have our own nuclear power plant to run the data centers.
For other applications we use, there is *no* scalability. The algorithm has to be single threaded. It doesn't matter if I run it on a cluster, or a machine bristling with CPUs. So we basically buy the data center equivalent of a gaming PC: The fastest processor and memory that fits our budget.
So there are the ends of the spectrum. Your scalability will be somewhere between zero and infinity, depending on the problem at hand.
Disclaimer: I'm not deep in the crypto world, but I follow it occasionally out of personal interest.
By "FIPS validated", I assume you mean FIPS 140-2. This basically standardizes procedures for implementing crypto and certifies that you didn't make horrible mistakes doing so. EG, that your security is appropriate to the situation, that key handling is done properly, etc. By itself it doesn't guarantee that the product will be secure for your situation.
A couple examples: It allows 56-bit DES. These days, DES can be broken by modest levels of brute force, so it can only secure your data against people who have a modest level of interest. Or another: It guarantees key handling is done right, but once it's given you the key, do YOU handle it right?
It's designed to keep government employees who know *nothing* about crypto from buying products that don't solve their problems. It doesn't guarantee success, but it prevents some of the most common mistakes.
#1 - Why do you want a FIPS seal of approval? I assume this isn't a requirement handed to you from elsewhere, or we wouldn't be having this conversation. Do you think you're not capable of evaluating the software?
#2 - Why do you want open source? Open source lets a much wider range of people audit the software than FIPS, and for a wider range of situations. But it's up to you to make sure that someone actually did this work if it doesn't have a cert.
FIPS gives you less to evaluate. Open source gives you the usual open source advantages: if you upgrade your OS, you're not at the mercy of your crypto provider to update (And re-FIPS-certify!) the encryption software.
Personally, I'd get an abstract of FIPS, and then do a bit of legwork to make sure that the open source solution of your choice is protecting against relevant attacks that FIPS deals with. Make sure it's using a popular, well reviewed algorithm. Make sure it manages keys sanely. Make sure they're committed to a good review process to make sure future changes don't screw things up.
Either way, make sure your *process* is secure. No software will save you if you make people enter the key on the keyboard, and they end up just writing the key on sticky notes and keep it with their laptop.
You're correct. This is why I said the idea was bunk.:) My point was to contrast against light bulb manufacturers, who have absolutely no incentive to bury a better product. The power companies at least have one in a greatly oversimplified scenario.
"Better" is more complicated than just having superior technology. Open formats helps make a product better. In the case of video, cheap porn makes the product better. Saying Sony's product was better is a very narrow view.
You're talking about the wonders of OLEDs in terms of resolution and contrast ratios, but this isn't about replacing LCD screens. I agree OLEDs are wonderful for that, but this article was about using OLEDs are primary lighting sources.
So, I'm ignoring points 2 and 3. They're right, but they're irrelevant.
As for #1: How do you know how much it will cost when their R&D isn't done yet? Do you have any reason to believe they'll be cheaper to manufacture than a compact fluorescent, after you figure in things like a power supply for the OLED?
#4: That makes for great displays, but this is different from lighting up physical objects. Even if it's easy to produce specific wavelengths, you still need to produce a wide range of wavelengths to make objects look right. Producing a 6-wavelength panel will drive the complexity (and costs) up a fair bit.
Anyway, my complaint wasn't that OLED is an impossible technology for this use. I just have some questions about it, and I'm really disappointed that this article didn't even try to address them.
They still sell the old-style ones. If you look at the end of the bulb, it probably says "CW", which is "cool white". You want a triphosphor bulb. Look for the Color Rendering Index (CRI). CW is around 60. 80+ will give you good color. If they don't advertise the CRI, there's probably a reason.:)
The 60Hz flicker is due to a magnetic ballast. Newer electronic ballasts eliminate this. It's not a function of the bulb.
Everything they're saying about OLEDs, people have said about regular LEDs for some time. Sure, they're efficient and cool, but they've never become a primary lighting source for a couple important reasons:
#1, they're too expensive. Compact fluorescents - which are are a 4x efficiency gain over incandescents - are only just starting to catch on now that they're under $2.
#2, the color rendering sucks. You know how old fluorescents used to made you look undead? LED's suck even more.
So, instead of addressing either of those hard issues, they give us an article full of: "The researchers believe that eventually", "Before this becomes a reality", "If that barrier can be overcome", etc. Thanks for the fluff.
Also, I'm not normally a grammar nazi, but for the love of god, 23 sentences:21 paragraphs is a ratio to be ashamed of.
Using waste heat for heating is fine, but it only works when you WANT heat. In the middle of summer, your waste heat is just battling the air conditioner, or at best, simply wasted as it blows out the open window.
Also, regardless of price, gas is more energy efficient than electric heat.
See my example of an improved air conditioner. The patent covers the operating principle, and the copyright covers the specific implementation. Someone creating a clone by directly copying the design would be in violation of both the copyright and patent.
In software, you don't have to "worry" about violating someone's copyright any more than you have to worry about it in creating an air conditioner. In both cases, unless you take someone's design and copy it, you're not violating the copyright.
In both cases, the patent covers the operating principle, even if you come up with an independant design.
Honestly, I'd be hard pressed to find an example where this *isn't* the case. Can you name one?
I agree that there are bad problems with software patents (many of which apply to all patents really), but this argument is unconvincing.
Software patents are the only things I know of where the patented objects are also covered under copyright law.
They don't cover the same thing. Patents cover algorithms. Copyright covers the implementation of the algorithm.
An analogy would be a patent for a way to make a more efficient air conditioner, vs the copyrighted mechanical drawings of an air conditioner implementing that technique.
1) I don't mean 24/7. I mean when data is actively being sent, eg, during a call.
2) The average power doesn't matter. TDMA (including GSM) only transmits during its time slot, so it has a pulsing power signature (the carrier starting and stopping) at a frequency you can hear. In CDMA, the only pulsing is the coding, which is at the data rate - much higher than you can hear.
Regardless of how it happens, though, the basic point is, TDMA makes speakers buzz, and CDMA doesn't.
#1, get a better cell phone. With TDMA phones (GSM, D-AMPS, iDEN) you get a lot of noise as the transceiver switches on and off several times a second, transmitting at full power. iDEN phones (NexTel) have always been *by far* the worst about this, in my experience. If you get a CDMA phone (eg, Verizon), the phones on a cell share a common, continuous, low-level signal, which does not cause this kind of interference.
#2, shield your amplifier. (In cheap computer speakers, it's built into one of the speakers, or the subwoofer.) Surround it in tin foil, and ground the foil. Other possibilities are poor grounding on the signal wire - replace it with a shielded wire, and ground the shield to your computer's case and where it reaches the amp.
Since when was the spirit of open source based on "We'll do a bunch of work for you for free"?
That's subtly different from why I work on OS projects. I want to do a bunch of work to solve a problem, and then make it so that no one ever has to solve that problem again, because everyone can benefit from my work.
The difference is that (for me, at least), the motivation is to multiply the work accomplished in the world, per unit of manpower I put into the work. Just doing work for free, while perhaps generous, isn't the same.
No, politicians running from accountability like cockroaches from the light won out.
I'd be happier if this kind of stuff actually did bring us some security. Unfortunately, we're only getting less secure against the corruption of our own government.
Slashdot Mirror
I'm not saying the FIPS 140-2 is bad. It just has limited scope. It doesn't mean you've got "military grade" crypto. It certifies a product to work within certain constraints. My point is, user needs to make sure those constraints are relevant to their problem.
Very good point. With open source, you can get any certifications or assurances you want.
OK, I missed your point before, because I'd never even considered picking THAT nit. :)
You consider it abuse when they call it Open even when it's a real product being released under a real OSS license. Under what circumstances would you consider the word "Open" to be NOT abusive?
Where do you think Firefox came from? Do you think releasing Mozilla was abusive?
I don't think everything needs to be done for wholely untainted altruistic reasons. It's not like they're throwing out some old bones to chew on. This is an actual useful bit of software.
And without knowing anything about what I'm doing, you make a recommendation for a service provider? My requirements are a bit more complex than that. :)
In this case it's an OSS version of a closed-source product called Virtuozzo, commonly abbreviated VZ. I think it's a perfectly descriptive name.
"why OpenVZ outshines the competition, comparing it to VServer, Xen and User Mode Linux."
/. submitter, but Andrey slants it a little too.
Of course, Andrey works for the software company that wrote this thing, and their closed full-featured flavor, Virtuozzo. The VZ method is a good one, and has excellent performance, but it has its drawbacks, too. Personally, I don't like that my VPSes need to use my VPS provider's kernel, which lacks features I desperately want (like stateful iptables matching), and which forces me to reboot whenever they upgrade their kernel (my VPS can't be migrated to a host running a different kernel), and I can't upgrade until my provider does.
VServer, Xen, and UML all make different tradeoffs. VZ goes for performance. Saying one outshines the others is just trolling. That's mostly on the part of the
I don't want to crap on the OpenVZ project. They're working on very cool stuff, and I applaud SWSoft for opening the thing up. I just want people to keep the comparisons in context.
Different problems in computer science scale differently. You haven't given us enough data to really know what problem you're solving, so you're really not going to get a reasonable answer.
I work for a company that has a large commercial application. We knew we needed to scale our data set and processing power to be huge, so we made sure from the start that the heavy lifting could be divided into little chunks, and thrown to the cluster. For our purposes, back end scalability is basically linear. When we need more, we just bring another rack of little 1U critters online. There are a few theoretical bottlenecks, but we'll never see them before we have our own nuclear power plant to run the data centers.
For other applications we use, there is *no* scalability. The algorithm has to be single threaded. It doesn't matter if I run it on a cluster, or a machine bristling with CPUs. So we basically buy the data center equivalent of a gaming PC: The fastest processor and memory that fits our budget.
So there are the ends of the spectrum. Your scalability will be somewhere between zero and infinity, depending on the problem at hand.
Disclaimer: I'm not deep in the crypto world, but I follow it occasionally out of personal interest.
By "FIPS validated", I assume you mean FIPS 140-2. This basically standardizes procedures for implementing crypto and certifies that you didn't make horrible mistakes doing so. EG, that your security is appropriate to the situation, that key handling is done properly, etc. By itself it doesn't guarantee that the product will be secure for your situation.
A couple examples: It allows 56-bit DES. These days, DES can be broken by modest levels of brute force, so it can only secure your data against people who have a modest level of interest. Or another: It guarantees key handling is done right, but once it's given you the key, do YOU handle it right?
It's designed to keep government employees who know *nothing* about crypto from buying products that don't solve their problems. It doesn't guarantee success, but it prevents some of the most common mistakes.
#1 - Why do you want a FIPS seal of approval? I assume this isn't a requirement handed to you from elsewhere, or we wouldn't be having this conversation. Do you think you're not capable of evaluating the software?
#2 - Why do you want open source? Open source lets a much wider range of people audit the software than FIPS, and for a wider range of situations. But it's up to you to make sure that someone actually did this work if it doesn't have a cert.
FIPS gives you less to evaluate. Open source gives you the usual open source advantages: if you upgrade your OS, you're not at the mercy of your crypto provider to update (And re-FIPS-certify!) the encryption software.
Personally, I'd get an abstract of FIPS, and then do a bit of legwork to make sure that the open source solution of your choice is protecting against relevant attacks that FIPS deals with. Make sure it's using a popular, well reviewed algorithm. Make sure it manages keys sanely. Make sure they're committed to a good review process to make sure future changes don't screw things up.
Either way, make sure your *process* is secure. No software will save you if you make people enter the key on the keyboard, and they end up just writing the key on sticky notes and keep it with their laptop.
You're correct. This is why I said the idea was bunk. :) My point was to contrast against light bulb manufacturers, who have absolutely no incentive to bury a better product. The power companies at least have one in a greatly oversimplified scenario.
"Better" is more complicated than just having superior technology. Open formats helps make a product better. In the case of video, cheap porn makes the product better. Saying Sony's product was better is a very narrow view.
Did you RTFA? Or even the title of the /. article?
You're talking about the wonders of OLEDs in terms of resolution and contrast ratios, but this isn't about replacing LCD screens. I agree OLEDs are wonderful for that, but this article was about using OLEDs are primary lighting sources.
So, I'm ignoring points 2 and 3. They're right, but they're irrelevant.
As for #1: How do you know how much it will cost when their R&D isn't done yet? Do you have any reason to believe they'll be cheaper to manufacture than a compact fluorescent, after you figure in things like a power supply for the OLED?
#4: That makes for great displays, but this is different from lighting up physical objects. Even if it's easy to produce specific wavelengths, you still need to produce a wide range of wavelengths to make objects look right. Producing a 6-wavelength panel will drive the complexity (and costs) up a fair bit.
Anyway, my complaint wasn't that OLED is an impossible technology for this use. I just have some questions about it, and I'm really disappointed that this article didn't even try to address them.
They still sell the old-style ones. If you look at the end of the bulb, it probably says "CW", which is "cool white". You want a triphosphor bulb. Look for the Color Rendering Index (CRI). CW is around 60. 80+ will give you good color. If they don't advertise the CRI, there's probably a reason. :)
The 60Hz flicker is due to a magnetic ballast. Newer electronic ballasts eliminate this. It's not a function of the bulb.
Sure, the CRI can be improved. But that's only going to drive the price higher.
Everything they're saying about OLEDs, people have said about regular LEDs for some time. Sure, they're efficient and cool, but they've never become a primary lighting source for a couple important reasons:
#1, they're too expensive. Compact fluorescents - which are are a 4x efficiency gain over incandescents - are only just starting to catch on now that they're under $2.
#2, the color rendering sucks. You know how old fluorescents used to made you look undead? LED's suck even more.
So, instead of addressing either of those hard issues, they give us an article full of: "The researchers believe that eventually", "Before this becomes a reality", "If that barrier can be overcome", etc. Thanks for the fluff.
Also, I'm not normally a grammar nazi, but for the love of god, 23 sentences:21 paragraphs is a ratio to be ashamed of.
Using waste heat for heating is fine, but it only works when you WANT heat. In the middle of summer, your waste heat is just battling the air conditioner, or at best, simply wasted as it blows out the open window.
Also, regardless of price, gas is more energy efficient than electric heat.
Why would they? I'm all for cynicism and conspiracy theories, but try to come up with something more plausible.
For instance, the *power companies* buying the patents and shelving them.
That's also bunk, but it at least has a hint of financial incentive to it.
See my example of an improved air conditioner. The patent covers the operating principle, and the copyright covers the specific implementation. Someone creating a clone by directly copying the design would be in violation of both the copyright and patent.
In software, you don't have to "worry" about violating someone's copyright any more than you have to worry about it in creating an air conditioner. In both cases, unless you take someone's design and copy it, you're not violating the copyright.
In both cases, the patent covers the operating principle, even if you come up with an independant design.
Honestly, I'd be hard pressed to find an example where this *isn't* the case. Can you name one?
I agree that there are bad problems with software patents (many of which apply to all patents really), but this argument is unconvincing.
They don't cover the same thing. Patents cover algorithms. Copyright covers the implementation of the algorithm.
An analogy would be a patent for a way to make a more efficient air conditioner, vs the copyrighted mechanical drawings of an air conditioner implementing that technique.
1) I don't mean 24/7. I mean when data is actively being sent, eg, during a call.
2) The average power doesn't matter. TDMA (including GSM) only transmits during its time slot, so it has a pulsing power signature (the carrier starting and stopping) at a frequency you can hear. In CDMA, the only pulsing is the coding, which is at the data rate - much higher than you can hear.
Regardless of how it happens, though, the basic point is, TDMA makes speakers buzz, and CDMA doesn't.
I said wrap the amp, not the sub.
If you can't find the amp, you shouldn't attempt this mod. Wrap the tin foil around your head instead.
There are two places you can solve this problem:
#1, get a better cell phone. With TDMA phones (GSM, D-AMPS, iDEN) you get a lot of noise as the transceiver switches on and off several times a second, transmitting at full power. iDEN phones (NexTel) have always been *by far* the worst about this, in my experience. If you get a CDMA phone (eg, Verizon), the phones on a cell share a common, continuous, low-level signal, which does not cause this kind of interference.
#2, shield your amplifier. (In cheap computer speakers, it's built into one of the speakers, or the subwoofer.) Surround it in tin foil, and ground the foil. Other possibilities are poor grounding on the signal wire - replace it with a shielded wire, and ground the shield to your computer's case and where it reaches the amp.
The part you're missing is that most parents:
1) Think that children's minds are so frail that porn will hurt them
2) Can't bear to explain that there is no Santa, let alone explain sex
So, they want to make porn go away, but they want to pay someone else to do it, because they're too insecure to do it themselves.
"War is armed conflict between states, organizations, or relatively large groups of people, characterised by lethal violence between combatants or against civilians."
It's a war, even if they didn't declare it.
Since when was the spirit of open source based on "We'll do a bunch of work for you for free"?
That's subtly different from why I work on OS projects. I want to do a bunch of work to solve a problem, and then make it so that no one ever has to solve that problem again, because everyone can benefit from my work.
The difference is that (for me, at least), the motivation is to multiply the work accomplished in the world, per unit of manpower I put into the work. Just doing work for free, while perhaps generous, isn't the same.
No, politicians running from accountability like cockroaches from the light won out.
I'd be happier if this kind of stuff actually did bring us some security. Unfortunately, we're only getting less secure against the corruption of our own government.