64 bit is nice, but I doubt the chip will be more powerful then an x86 chip at twice speed.
As others have pointed out, the POWER4 1.1 GHz and 1.3 GHz beat 2.8 GHz P4s in floating point. You may not know that in some integer tests, G4s spank Athlons. For instance,
from the distibuted.net rc5-64 finishing announcement:
Our peak rate of 270,147,024 kkeys/sec is equivalent to 32,504 800MHz Apple PowerBook G4 laptops or 45,998 2GHz AMD Athlon XP machines or (to use some rc5-56 numbers) nearly a half million Pentium Pro 200s.
If those numbers are accurate, a mobile G4 at 800 MHz is 1.42 times as fast as a 2 GHz Athlon XP at rc5-56 encryption. Clock-for-clock the mobile G4 would then be
3.54 times as fast as an Athlon XP when doing rc5-56 encryption. The workin set is very small, so caches didn't come into play. However, you can get a G4 box with 2 MB L3 cache per CPU.
Don't get me wrong, I'm glad I have my trusty Intell box. However, give credit where credit is due. IBM/Apple/Motorolla designed one heck of a CPU family. The POWER4 chip performs almost as well as the Alpha, but doesn't double as a space heater and is very easily virtualizable (which is important for os390).
BeOS is still sitting on/dev/hda2. I loved that the UI was simple, lightweight, and fast. It made me forget that my machine is only 266 MHz.
However, it had some pretty bad nasties:
Woke up one morning to find my floppy drive spinning. Floppy had a notch in it from rubbing on the read head in the same spot all night. Read head died from overheating, I think.
Frequent kernel panics
Reliable kernel panic from settinga Semaphore
NetPositive bookmarks' data stored in the metadata fork of theFS, so tar, cp, et. al. would save the bookmark file, but it was useless because the URL was left behind (Discovered this after reinstalling the OS just in case my kernel image on disk was corrupted. Nothing like installing your backups to discover that some idiot put essentail data in the metadata fork.
Cars are much better today: more reliable, safer for passengers, better on the environment, etc. That did not come for free: consumers said what they wanted and they got it but someone has to pay the bill.
Check inflation. I think automobile costs as a percentage of the cost of living index and/or the average houehold income, have remained fairly stable for a few decades. I could be wrong, but the magic of compund interest does alot over 26 years. A geometric average of 3% anual inflation will double costs after 24 years. (e^0.72 =~ 2)
The cunsumer price index is currently showing aobut 2.3 % seasonally-adjusted anual growth, but inflation is pretty well in check. We've had a few bouts of bad inflation since 76. I think 1.8x -2.2x inflation since 1976 isn't unreasonable. The market sets the prices of cars and technology allows more features for the price over time.
The nature of technological advances is to do things more efficiently. Over time in many areas, we can do the same thing for much less money (after adjusting for inflation). Someone has to pay the costs, but they are one-time costs of technological advancement that get distributed over many years of product sales. In this case, you do practically get something for nothing. If you think security has gotten worse, you were wither running MULTICS, or you're currently running the wrong OS/software packages on your commodity hardware. (Debian and SELinux are good choices on the Llinux side. OpenBSD 3.2 is comming out soon, wink, wink, nudge, nudge, say no more.) Oh, and if you need reliability, use RAID and have a backup server. Your cost for a given level of performance/security/relaibility has absolutely plumetted, especialy in the performance realm.
First, have a reference for MS recomending weekly reboots?
Second, you hit the nail on the head about patches... 5 9's means you have a max of what, 3 patches/config changes per year that require a reboot? Acrobat 4, at least, requiresa reoot upon install or upgrade, as do several other packages.
<rant> My biggest pet pieve is developers forcing users into poor security practices. I think mentality in development is very different between the *nix and Win32 worlds. NT 4.0 will forever bluescreen from a printf("\t\b\b"). That strikes me as rediculous. XP merely reboots from the smae printf. The same mentality seems to trickle down to the applications developers. I explaned to my GF why she must always use an unprivledged account for her day-to-day work then installed Marcomedia Fireworks (I cen't rememberthe version) on her Win2K box. It refused to run in an unprivledged account! Besides servers/daemons requiring port numbers below 1024, I can't think of any software that must be run as a privledged user under *nix. (Fireworks is desktop software for goodness sakes!) Most *nix network apps can now tunnel over ssh and/or TLS/SSL. Until MS takes action to back up its claims of caring more about security, it's silly for users to demand more out of their apps than out of thier OS. Oh well, I guess most of us security freaks get our start cracking windows boxes, so worse Windows security now may mean better OS security in general 10 years down the line.</rant>
If you are downloading music that is copyrighted, and you haven't payed for it, you ARE STEALING.
And if you cross the street ouside of the crosswalk, you are SETTING FIRE TO CARS. However, few people know that if you drive with an open alcohol container in your vehicle, you are SELLING CRACK TO KIDS! If you smoke marajuana, you are enacting THEERMONUCLEAR TERRORISM! Perople must be warned! Yes, we all know that one kind of illegal act is often identically equal to a more severe and destructive illegal act. We must get the word out on the lesser known examples.
Thank Jebus for Hillary Rosen and her public service announcements that copyright infringement == theft! Praise Gud that the public is now understanding the moral ight of crime elevation! We must now follow Saimt Rosen's lead and warn the public about the lesser known elevated crimes! Praise Arrah!
I appologize to anyone offended by the names of the pseudo-dieties ued to mock the stupid sheep that believe the inustry line. Religion is a beautiful thing, blind sheephood is not and I did not want anyone to get confused as to whom I was mocking.
You can use IPSec on your gateway to prevent random people from using your gateway. Real security also has all kinds of side benefits, such as actually having reasonable assurances of security.
Presumably, Apple isn't really "porting" to x86. OS X is based on FreeBSD which was developed for x86. I seriously doubt that they made many assembly level changes that required serious parellel development.
Much of the userland is NetBSD and FreeBSD-derived. This means stuff like the libraries, ls, top, ps, etc. If you're writing good, well-optimized C/C++ (maybe ObjC), then there should be very little assembly (ideally no assembly) code outside the kernel. (Maybe some AltiVec math/graphics libraries in userspace.)
In any case, I doubt there's much assembly at all in the FreeBSD-derived portions of OS X. Most of the userland is simply a cross-compile. The kernel actually probably required a fair ammount of effort to port (from the NeXT m68k kernel and/or from Darwin PPC).
The monoserver is not a userland port of the FreeBSD kernel. IIRC, the NeXT people had a userland implementation of a BSD 4.3 kernel, from which the Darwin monoserver descended. I just thought I'd point out that calling OS X a port of FreeBSD is like calling LinuxPPC a port of the GNU system. Sure it contains a port of the GNU system, but you neglect the Linux kernel port that came from a totally different group.
I think of OS X as a modernized PPC port of the NeXT system. Cocoa and Darwin are both born of NeXT.
Religions tend to hybrid so much that they just call the new hybrid a new religion. It's just how most people think about religion. The "new age" religion as far as I know, is a mixture of Wicca, Hinduism, and a few others, with little exclusive content. Not that there's anything wrong with that. It's just easier to say "I'm a new ager" than to say "I elieve in some Wicca, a little bitof hinduism, and dash of druidism and a pinch of Neo-Paganism". Everyone's religion is different. We comeup with new names to describe new mixes. People also assume excluivity of color. We say "purple" instead of "reand and blue". (Yes, I see the problems. Analogies are like cars. They only go so far.)
I could probably do better than that Nasa photograph with a few hours on GIMP.
Isn't that moon rock very very similar to rocks on earth?
The use ofelectricity inside the case of a computer is part of the hoax. It really does use magic.
The parent's point is that your evidence is still consistant with the hoax theory. Is it simpler to believe that someone used GIMP, or that someone actually built a huge rocket to
boost a very heavy camera at such a velocity that it will eventually leave Sol's gravitational influence, just to send back a few photos? Give me a few million dollars for some JPEGs of the solar system, and I know how I'm getting the JPEGs. I might also point out that you cannot prove that the Earth revolves about the Sun. For an earth-bound reference point, Sol orbits Earth and pretty much everything else orbits Sol. Earth has the unique distinction of being the only planet about which Sol orbits.
Now, as far as evidence for the claims of Christianity, you have more early manuscripts of most of the boks of the Bible than you do for any of Shakespear's works, and you have a pretty good geographic distribution of the manuscripts. You have a corroborating document by the non-Christian Roman historian Justinian. You have the question of why the Roman goverment didn't simple produce the body of Jesus when his cult they tried to squash started spreading rumors that he was up and roaming about.
Now, I'm not really asserting any of these claims. I'm just saying that the stuff you presented isn't very scientifically or historically convincing. Be careful about pointing your finger at the fool when you may be found even more foolish.
I agree that people are sheep. However, I tink you fail to realize how much of your "knowledge" you take on blind faith. Oh.. but.. but.. it's not blind faith, it's self-consistant. Most itelligent people in most faiths have come up with an interpretation that is self-consistant. I'm not saying I don't trust the scientific method, I'm saying don't think you're above taking things on "blind faith". I've had some coursework in special relativity. I understand and believe it. As far as anything more complicated in physics goes, I take it on blind faith. Some theories in the past have been shown wrong. Some of the things in physics I take on blind faith will later be shown to be in error. You may be less foolish than I, but I doubt you are much less foolish than I.
For those who modded the parent underrated without modding it funny, wake up.
Having all of Muhamed Atta's emails probably would not have prevented 9/11. Sadly, there will be another 9/11 eventually. Many terrorists are not stupid. Cells work independantly and may not have much communication at all. Terrorist agents may in many respects remain "sleepers" by staying out of contact while carying out acts of terror. Once the pilots were trained,
killing off all of Al Qaeda except for the 19 hijackers would probably not have prevented 9/11. Killing any one or two of the 19 except Atta probably would not have prevented 9/11. Terrorist networks have evolved into fault-tollerant distributed systems.
Trying to shut down a well-run terrorist network is more difficult than shutting down Freenet.
OpenSSH, at least, will warn you if the host key changes, so you're immune to MITM attacks if you listen to the warnings. (This assumes you've ssh'd into the machine before.)
You touch on a very good point. The gaming software people used to get hit much harder than the music industry ever did. Then the figured out how to work with the net instead of against it. If you release a good online game, you can have your customers flocking to gladly take part in a subscription-based revenue model, on top of outright purchasing the software.
Great ideas. The first topic in the HOWTO should be keeping the software up to date, though. For a public Kiosk, I'd suggest Debian with "apt-get update; apt-get dist-upgrade -y" as a daily cron job.
IMHO, the best way to prevent problems is run all of the machines diskless and network boot them. A friend of mine found a motherboard that supports dual CPUs and 4 IDE channels with hrdware raid. This means you can pull all of the hard drives out of the machines and put 8 hard drives on the one motherboard for some serious file storage. YOu probably want one standby fileserver. Why keep N coppies of the OS arround when you can keep one copy and send it to the N machines over the network? I'd prefer Kerberized OpenAFS over NFS for home directories (encryption is your friend). In any case, it's a good idea to allow home accounts. If you make all of the machines diskless, you're going to have a fair ammount of storage for the fileserver from collecting the hard drives.
With a headless setup, if you disconnect the floppy drives' and CD drives' cables from the motherboards, you're reasonably assured that they can't boot the machine into a Trojaned OS. You probably want a couple of machines with functional floppy and CD drives, but put them close to the supervisor's desk.
Diskless clients are so much easier to maintain. All you need is a reboot to sync a computer's software with the rest of the machines. The hard drive is one less thing to fail. If you're running RAID 5 on the fileserver, one of your hard disks can fail without any loss of data.
Please please please educate users on using strong passwords.
Diffie-Hellman is great. SSH2 uses Diffie-Hellman with digital signatures to prevent a "man-in-the-middle" attack. That being said, this article made some goofs. I understand that they were just trying to show off bc's MP arithmatic. However, it just gets a little old to see poorly implemented crypto as the standard way to show off MP arthmatic. Don't get me wrong, I have Applied Crypto on my night stand and all, but it would be nice to see an arbitrary binomial expansion program or a program to search for Merseme primes. Maybe just a nice Miller-Rabin primality tester or a Blum-Blum-Shub pseudorandom number generator.
The public number "n" they refer to should be a generator mod q.
Primality does not guarantee that n is a generator mod q.
They mention needing to use larger numbers, but they don't scale it up enough.
q should be at least 1024 bits, which is a little more than 16e306, which looks like
a couple of lines of digits.
The secret parameters xa and xb should be at least 64 bits, more safely 128 or 256 bits. Luckily, as long as xa and xb are large enough, the generator (n) can be pretty small. 2 often works as a generator. (I think the eassiest test for n bein a generator is for each prime factor p of (q-1), n ^((q-1)/p) % q != 1.) One of the main reasons you want (q-1)/2 to be prime is that it makes testing candidate generators easy.
Also, Diffie-Hellman is not an encryption algorithm. It is a key agreement algorithm. Those numers they "sneaked past" Mallory (ka and kb) connot be predicted or controlled without actually calculating them. The whole point is that it's computationally infeasable to calculate discrete logarithms in a large finite field generated by modular arithmatic. If Bob gets ya and can feasably compute xb such that ka= kb = m for some chosen value m, then the whole crypto system is broken. Diffie-Hellman is great for generating shared secrets (usually used as crypto keys for encryption algorithms), but cannot be used directly for encryption itself. The simplest way to use Diffie-Hellman as part of an encryption algorithm is to generate a shared one-time-pad that is xor'd with the plaintext. The ElGamal encryption algorithm does basically this, the only differece is that it uses modular multiplication instead of xor'ing to do the encryption once it has the shared one-time-pad.
They can swap in another memory controller when DDR gets old, or they can add an interface for an external memory controller. The benefits of an integrated memory controller are just huge.
CPU designs are pretty modular. It shouldn't be hard at all to swap in a new controller when the time comes. If the internal hardware interfaces weren't very clean, design would take a lot longer.
Almost a year ago, I took Prof. Rivest's introductory computer security class (MIT 6.857). For thier final project, a few of the students researched systems very similar to this. The easiest way to securely do the key echange is to have the laptop and the tamper-resistant token (e.g. a JavaButton or a tamper-resistant buetooth wristwatch) share a block cipher key. The laptop sends a random number (tesame nubmer of bits as the cipher key) and the encrypted key (or block offset, depending on the scheme) for the block it's reading or writing. The token calculates the decyption key for the disk block. The nonce (random number) is then ecrypted with the shared key to generate a "session key". The session key is used to encrypt the disk block decryption key. The session-key encrypted disk block key is then transmitted back to the laptop, where it is decrypted (the laptop can calculate the seesion key, since it knows the nonce and the shared key) and used to decrypt the disk block. The simplest safe method for generating the shared key is to use public key crypto. The laptop generates a new random shared key every time is starts up and encrypts it with the token's public key. Then it signs the key with it's private key. The signed encrypted shared key is transmitted to the token. The signature is verified and the secret is decrypted.
If the laptop gets stolen, the thieves can change the public key on the HD, but that simply allows them to use a different token. The token they substitute doesn't have the key to decrypt the encryped disk block keys.
If all of the transissions get recorded, they can't be played back to the laptop, becuase the laptop will never (statistically speaking) send the same nonce twice before the Sun gets old and bakes the Earth to a crisp.
If you record all of the transmissions and steal the token, you can play them back to the token and get the disk keys, but that doesn't help, since all of the data stays on the laptop. If you're really worried about this, use an interactive signature algorythm on the shard secret so that it can't be replayed to the token.
If you steal the laptop, guess the password used to encrypt thesig nature key, then get a transmitter near the token (wristwatch), you can trick the token into accepting a shared key o your choice and then sucessfully querry the token for the encryption keys. You could also steal the laptop and use hardware to boost the transimmsion range so the token and laptopstill think they're close together. Having a panic button on the token (wristwatch) to turn off the crypto functions will eliminate both of these attacks as long as the owner realizes the laptop has been stolen and quickly hits the stop button on the token. The second attack can be prevented by having the latop place strong limits on the querry latencies.
Of course, if both the token and the laptop are stolen and the password to decrypt the signature key is gussed, it's game over. Kindapping and torturng the owner of the laptop (with the laptop and the token) also results in a game-over scenario. (Unless you use the rubber-hose filesystem.) There are ways to minimize even these attacks. For instace , if the owner's pulse gets too low (chloroform or arm cut off) or too high (torture) then the token writes over the area of memory used to store the secret used to calculate the disk block keys. However, the false alarm rate would be too high for systems like this and the HD would neeed to be reformatted too often.
There is no perfect way to get security, other than melting down the laptop as soon as you put sensitive information on it. However, using the public key encryption, interactive signatures, and shared key system, you can get reasonable throughput and very good security.
And that trust can be gotten on the small with simple approaches such as MAC address lockdowns on your switches.
Most ethernet chipsets will accept new MAC addresses from the ISA/PCI bus. MAC addresses and IP addresses are both trivial to fake. A single box dropped between the switch for the R&D dept and the next highest-up switch will net you all of the phone calls to and from R&D. Cryptographic methods are the only robust ways to get confidentiality and/or authentication. Public key systems (like SSL) are usually easier to set up than symetric key systems (like Kerberos).
I agree with many people that it's retarded to come up with a new protocol and say "run this on top of a secure layer if you want". The truth is that 99% of the population won't.
It's like saying "yeah, there is this exploding gas tank problem, so weld a tank full of fire fighting foam to the back of your Pinto if you want." It's trivial to say in the standard "this must be run on top of SSL/TLS". In this case, SSL setup times are most likely faster than POTS circuit setup times, so the user going from an analog phone to an SSL/TLS IP phone won't notice any dfference.
This is not unfair at all. The information the card counter uses is availableto the house and to all of the other players. If they were marking the cards or had cards up thier sleeves, it would be unfair. This is why card counting isn't illegal. It's infomation that the house is giving away and expecting you not to remember. It's rather silly to expect you not to use the information in your betting. The casinos could stop card coutning all together by using better shuffling machines and shuffling after every hand. They don't 'cause their proffits are maximized by shuffling less.
All of the ciphers (except single DES and IDEA) used in PGP are believed to be strong against known-plaintext and chosen-plaintext linear and differential cryptanalysis, related key attacks, etc. If you're looking for known plaintext, you've got it in the compression headers. (PGP uses zip compression by default.) Since PGP uses CFB mode, you can simply rearrange the code blocks and trick the user into decrypting the message (adding an extra random ciphertext block at the end or keeping the last block in the same position) and then have the user send you the decrypted garbage and piece back together the message. This attack would also work if you could trick the user into encrypting a chosen message with the same key and IV as the message you wish to crack. (Not feasable with the PGP user interface.) This break has nothing to do with cribs.
Also note if you keeep everything the same but the last byte and trick the user into quoting the entire decrypted message, including the garbled last byte, in his/her reply, you can break PGP that way.
Note that PGP and GnuPG both use zip compression by default and so this attack only has a probability of 1 in 4 billion of suceeding and requires user interaction for each attempt. If you turn off compression AND are dumb enough to quote all of the garbage back to the attacker, this attack can be used agaisnt you. This attack is somewhat feasable, but requires some social engineering or some users that are dumb in just the right ways.
Note that if OCB mode were used instead of CFB mode, this attack would not work. Unfortunately, OCB mode is patent encumbered.
Isn't there also a 105 mm howitzer on one side of an AC-130, or was that just an experiment? In any case, an AC-130 can transref a fair ammount of mass fairly quickly.
They've used them a lot in Afghanistan. At least back when they were developing the thing in 'nam the pilot had a hud-like sight in his side window. He'd fly in a nice arc centered on the enemy forces while holding the trigger down. That's one heck of a lesson
on the effects of momentum transfer and dissipation of kinetic energy (through elastic collisions). One terrifying way to get schooled.
I thought you could get FPGAs with MTBFs as good as those for any of the other components. Maybe I'm wrong. The whole thing is in a Farraday cage, so unless you're talking about enough power to cook ther person's internal organs before EM would be a problem.
There is some things about Michigan residents getting priority and they don't look at the whole applicant pool due to "rolling admissions", so if you send in your application on the deadline (like I did), there may have already been too many people that met teh automatic admit criteria.
I don't mean to sound arrogant, but I started taking mathematics at the Univeristy of Minnesota in 8th grade. My sr. year of high school, I was a full time student at the University of MN. I had 3 years of honors mathematics at the U, and streight A's save a B or B+ in World Polotics. I got perfect scores on several sections of the SAT I and SAT II, and scored above the 95th percentile on my worst sections. That doesn't make me a better person or a good person or anything. The U of MI Ann Arbor is one of the best engineering schools. I definately don't mean to disrespect it. I'm just saying it seems strange that there were many people that were 4.0+ (my U of MN GPA was above 4.0 from the honors math) college students instead of going to thier Sr. year of H.S. Maybe they got wierded out that I wasn't applying as a transfer student, but that's the way one of their people told me to apply.
Anyway, I know several people that got waitlisted at the U of MI Ann Arbor and got into MIT without having to wait on any list. On the other hand, the U of MI didn't require an interview, if I remember correctly. Interviews change things so much. Someone who is "fast on their feet" can get a lot of help from an interview, so that skews things. I'm pretty sure MIT puts a fair ammount of weight in the interview as long as everything else is high enough. Talking with some kid that wants to go to MIT for a few minutes can tell ou a lot. If s/he thinks s/he is going to be hot shit at MIT just 'caus they're the hottest shit thier H.S. has ever seen, you can tell if they're going to be hot shit at MIT or if they're going to get thier world shattered. You can also tell if having their world shattered would do them good or if they would be better off somewhere else. I'm suprised UM Ann Arbor doesn't have a live interview.
Supposedly MIT and Harvard talk about who got admitted where. If you would have been admitted both places for engineering, they'll often only admit you at MIT and the other way arround for humanities and some of the pure sciences. And of course, if it seems you cn't live without "highest honors", they flag you for Brown. (Boo, hiss, yeah, I know. I really wanted to poke at Harvard, but Brown is so much worse in that respect.)
There was some fuss a few years ago about all of the Ivy League schools talking about what they were going to offer for financial aid, and then offering identical packages to the same student. They claimed it was so that only the studen't opninion of the school made the difference, some students felt it was illegal anticompetitive behavior.
In any case, schools always have gambles with who to let in. Admitting a student means you have to find space for her/him. Empty beds cost you money. The University of Michigan Anne Arbor is notorious for wait-listing students they think will go elsewhere. They wait-listed me and I got into MIT with no wait. The same thing happened to several of my friends at MIT.
High acceptance percentages also help pestige, which give you better students and more proud alums. More proud alums are better donators and better students make for more rich alums.
Some minor disruptive (and posibly slightly destructive) action (taking of the property from the holder) is allowed in order to perform a constuctive action (make it available to others such as the original seller or other potential buyers). This is not the case with a DoS or cracking attempt. Their end goal is disruption. This should not be allowed in an orderly society. It's like allowing me to brawl with some guy 'cause he insulted my GF. Sure it discourages some minor disruptive act, but it produces more disruption.
Let me also point out that copyright infringement is not theft or defaulting on payments for physical goods with non-negligible per-unit production costs. Cracking and DoSing do not directly benefit the copyright holders. The U.S. does allow for punative disruption, but as part of a government-assigned sanction. Allowing the RIAA to crack or DoS your machine if they think you are trading Britney Spears songs is like letting the bank send hooligans to dynamite your driveway to keep you from using the '72 Pinto in your garage that you haven't made payments on since Regan. If you allow society to disrupt itself, you are shooting yourself in the foot.
Copyright infringement is copright infringement, not swiping a purse or forcably taking over a seagoing vessel. Calling copyright infrngement theft or piracy just confuses the issue.
If we look at laws from a purely utilitarian perspective, we want to maximize pubic good, so we artifiacially limit production (by intelctual property laws) in an optimal way to maximize creative output. Too limiting and production of the content we have goes to zero, too unrestraned and nobody creates anything because the markets are already flooded with copiesof everything else.
I like to liken the RIAA and MPAA to the cottage industries durring the industrial revolution. The luddites smashed factories in order to preserve their industry. However, society was bestserved by them being employed elsewhere and the factories doing their old jobs much more efficiently. The MPAA and RIAA would not like to find other means of making a living, but would rather smash the ultra-efficient internet information factory in favor of their DVD/CD presses and tractor-trailer rigs full of media. Society is much better served by the MPAA and RIAA moving on to more modern livelyhoods such as a service or value-added model. Unfortunately, this time arround, the authorities are arresting the efficientfactory owners instead of the luddites.
Slashdot Mirror
As others have pointed out, the POWER4 1.1 GHz and 1.3 GHz beat 2.8 GHz P4s in floating point. You may not know that in some integer tests, G4s spank Athlons. For instance, from the distibuted.net rc5-64 finishing announcement:
If those numbers are accurate, a mobile G4 at 800 MHz is 1.42 times as fast as a 2 GHz Athlon XP at rc5-56 encryption. Clock-for-clock the mobile G4 would then be 3.54 times as fast as an Athlon XP when doing rc5-56 encryption. The workin set is very small, so caches didn't come into play. However, you can get a G4 box with 2 MB L3 cache per CPU.
Don't get me wrong, I'm glad I have my trusty Intell box. However, give credit where credit is due. IBM/Apple/Motorolla designed one heck of a CPU family. The POWER4 chip performs almost as well as the Alpha, but doesn't double as a space heater and is very easily virtualizable (which is important for os390).
However, it had some pretty bad nasties:
Okay, the Iraq thing went too far, but it was begging to be said.
Check inflation. I think automobile costs as a percentage of the cost of living index and/or the average houehold income, have remained fairly stable for a few decades. I could be wrong, but the magic of compund interest does alot over 26 years. A geometric average of 3% anual inflation will double costs after 24 years. (e^0.72 =~ 2) The cunsumer price index is currently showing aobut 2.3 % seasonally-adjusted anual growth, but inflation is pretty well in check. We've had a few bouts of bad inflation since 76. I think 1.8x -2.2x inflation since 1976 isn't unreasonable. The market sets the prices of cars and technology allows more features for the price over time.
The nature of technological advances is to do things more efficiently. Over time in many areas, we can do the same thing for much less money (after adjusting for inflation). Someone has to pay the costs, but they are one-time costs of technological advancement that get distributed over many years of product sales. In this case, you do practically get something for nothing. If you think security has gotten worse, you were wither running MULTICS, or you're currently running the wrong OS/software packages on your commodity hardware. (Debian and SELinux are good choices on the Llinux side. OpenBSD 3.2 is comming out soon, wink, wink, nudge, nudge, say no more.) Oh, and if you need reliability, use RAID and have a backup server. Your cost for a given level of performance/security/relaibility has absolutely plumetted, especialy in the performance realm.
Second, you hit the nail on the head about patches... 5 9's means you have a max of what, 3 patches/config changes per year that require a reboot? Acrobat 4, at least, requiresa reoot upon install or upgrade, as do several other packages.
<rant> My biggest pet pieve is developers forcing users into poor security practices. I think mentality in development is very different between the *nix and Win32 worlds. NT 4.0 will forever bluescreen from a printf("\t\b\b"). That strikes me as rediculous. XP merely reboots from the smae printf. The same mentality seems to trickle down to the applications developers. I explaned to my GF why she must always use an unprivledged account for her day-to-day work then installed Marcomedia Fireworks (I cen't rememberthe version) on her Win2K box. It refused to run in an unprivledged account! Besides servers/daemons requiring port numbers below 1024, I can't think of any software that must be run as a privledged user under *nix. (Fireworks is desktop software for goodness sakes!) Most *nix network apps can now tunnel over ssh and/or TLS/SSL. Until MS takes action to back up its claims of caring more about security, it's silly for users to demand more out of their apps than out of thier OS. Oh well, I guess most of us security freaks get our start cracking windows boxes, so worse Windows security now may mean better OS security in general 10 years down the line.</rant>
And if you cross the street ouside of the crosswalk, you are SETTING FIRE TO CARS. However, few people know that if you drive with an open alcohol container in your vehicle, you are SELLING CRACK TO KIDS! If you smoke marajuana, you are enacting THEERMONUCLEAR TERRORISM! Perople must be warned! Yes, we all know that one kind of illegal act is often identically equal to a more severe and destructive illegal act. We must get the word out on the lesser known examples.
Thank Jebus for Hillary Rosen and her public service announcements that copyright infringement == theft! Praise Gud that the public is now understanding the moral ight of crime elevation! We must now follow Saimt Rosen's lead and warn the public about the lesser known elevated crimes! Praise Arrah!
I appologize to anyone offended by the names of the pseudo-dieties ued to mock the stupid sheep that believe the inustry line. Religion is a beautiful thing, blind sheephood is not and I did not want anyone to get confused as to whom I was mocking.
You can use IPSec on your gateway to prevent random people from using your gateway. Real security also has all kinds of side benefits, such as actually having reasonable assurances of security.
Much of the userland is NetBSD and FreeBSD-derived. This means stuff like the libraries, ls, top, ps, etc. If you're writing good, well-optimized C/C++ (maybe ObjC), then there should be very little assembly (ideally no assembly) code outside the kernel. (Maybe some AltiVec math/graphics libraries in userspace.)
In any case, I doubt there's much assembly at all in the FreeBSD-derived portions of OS X. Most of the userland is simply a cross-compile. The kernel actually probably required a fair ammount of effort to port (from the NeXT m68k kernel and/or from Darwin PPC).
The monoserver is not a userland port of the FreeBSD kernel. IIRC, the NeXT people had a userland implementation of a BSD 4.3 kernel, from which the Darwin monoserver descended. I just thought I'd point out that calling OS X a port of FreeBSD is like calling LinuxPPC a port of the GNU system. Sure it contains a port of the GNU system, but you neglect the Linux kernel port that came from a totally different group.
I think of OS X as a modernized PPC port of the NeXT system. Cocoa and Darwin are both born of NeXT.
Religions tend to hybrid so much that they just call the new hybrid a new religion. It's just how most people think about religion. The "new age" religion as far as I know, is a mixture of Wicca, Hinduism, and a few others, with little exclusive content. Not that there's anything wrong with that. It's just easier to say "I'm a new ager" than to say "I elieve in some Wicca, a little bitof hinduism, and dash of druidism and a pinch of Neo-Paganism". Everyone's religion is different. We comeup with new names to describe new mixes. People also assume excluivity of color. We say "purple" instead of "reand and blue". (Yes, I see the problems. Analogies are like cars. They only go so far.)
Isn't that moon rock very very similar to rocks on earth?
The use ofelectricity inside the case of a computer is part of the hoax. It really does use magic.
The parent's point is that your evidence is still consistant with the hoax theory. Is it simpler to believe that someone used GIMP, or that someone actually built a huge rocket to boost a very heavy camera at such a velocity that it will eventually leave Sol's gravitational influence, just to send back a few photos? Give me a few million dollars for some JPEGs of the solar system, and I know how I'm getting the JPEGs. I might also point out that you cannot prove that the Earth revolves about the Sun. For an earth-bound reference point, Sol orbits Earth and pretty much everything else orbits Sol. Earth has the unique distinction of being the only planet about which Sol orbits.
Now, as far as evidence for the claims of Christianity, you have more early manuscripts of most of the boks of the Bible than you do for any of Shakespear's works, and you have a pretty good geographic distribution of the manuscripts. You have a corroborating document by the non-Christian Roman historian Justinian. You have the question of why the Roman goverment didn't simple produce the body of Jesus when his cult they tried to squash started spreading rumors that he was up and roaming about.
Now, I'm not really asserting any of these claims. I'm just saying that the stuff you presented isn't very scientifically or historically convincing. Be careful about pointing your finger at the fool when you may be found even more foolish.
I agree that people are sheep. However, I tink you fail to realize how much of your "knowledge" you take on blind faith. Oh.. but.. but.. it's not blind faith, it's self-consistant. Most itelligent people in most faiths have come up with an interpretation that is self-consistant. I'm not saying I don't trust the scientific method, I'm saying don't think you're above taking things on "blind faith". I've had some coursework in special relativity. I understand and believe it. As far as anything more complicated in physics goes, I take it on blind faith. Some theories in the past have been shown wrong. Some of the things in physics I take on blind faith will later be shown to be in error. You may be less foolish than I, but I doubt you are much less foolish than I.
For those who modded the parent underrated without modding it funny, wake up.
Having all of Muhamed Atta's emails probably would not have prevented 9/11. Sadly, there will be another 9/11 eventually. Many terrorists are not stupid. Cells work independantly and may not have much communication at all. Terrorist agents may in many respects remain "sleepers" by staying out of contact while carying out acts of terror. Once the pilots were trained, killing off all of Al Qaeda except for the 19 hijackers would probably not have prevented 9/11. Killing any one or two of the 19 except Atta probably would not have prevented 9/11. Terrorist networks have evolved into fault-tollerant distributed systems.
Trying to shut down a well-run terrorist network is more difficult than shutting down Freenet.
OpenSSH, at least, will warn you if the host key changes, so you're immune to MITM attacks if you listen to the warnings. (This assumes you've ssh'd into the machine before.)
You touch on a very good point. The gaming software people used to get hit much harder than the music industry ever did. Then the figured out how to work with the net instead of against it. If you release a good online game, you can have your customers flocking to gladly take part in a subscription-based revenue model, on top of outright purchasing the software.
IMHO, the best way to prevent problems is run all of the machines diskless and network boot them. A friend of mine found a motherboard that supports dual CPUs and 4 IDE channels with hrdware raid. This means you can pull all of the hard drives out of the machines and put 8 hard drives on the one motherboard for some serious file storage. YOu probably want one standby fileserver. Why keep N coppies of the OS arround when you can keep one copy and send it to the N machines over the network? I'd prefer Kerberized OpenAFS over NFS for home directories (encryption is your friend). In any case, it's a good idea to allow home accounts. If you make all of the machines diskless, you're going to have a fair ammount of storage for the fileserver from collecting the hard drives.
With a headless setup, if you disconnect the floppy drives' and CD drives' cables from the motherboards, you're reasonably assured that they can't boot the machine into a Trojaned OS. You probably want a couple of machines with functional floppy and CD drives, but put them close to the supervisor's desk.
Diskless clients are so much easier to maintain. All you need is a reboot to sync a computer's software with the rest of the machines. The hard drive is one less thing to fail. If you're running RAID 5 on the fileserver, one of your hard disks can fail without any loss of data.
Please please please educate users on using strong passwords.
The public number "n" they refer to should be a generator mod q. Primality does not guarantee that n is a generator mod q.
They mention needing to use larger numbers, but they don't scale it up enough. q should be at least 1024 bits, which is a little more than 16e306, which looks like a couple of lines of digits. The secret parameters xa and xb should be at least 64 bits, more safely 128 or 256 bits. Luckily, as long as xa and xb are large enough, the generator (n) can be pretty small. 2 often works as a generator. (I think the eassiest test for n bein a generator is for each prime factor p of (q-1), n ^((q-1)/p) % q != 1.) One of the main reasons you want (q-1)/2 to be prime is that it makes testing candidate generators easy.
Also, Diffie-Hellman is not an encryption algorithm. It is a key agreement algorithm. Those numers they "sneaked past" Mallory (ka and kb) connot be predicted or controlled without actually calculating them. The whole point is that it's computationally infeasable to calculate discrete logarithms in a large finite field generated by modular arithmatic. If Bob gets ya and can feasably compute xb such that ka= kb = m for some chosen value m, then the whole crypto system is broken. Diffie-Hellman is great for generating shared secrets (usually used as crypto keys for encryption algorithms), but cannot be used directly for encryption itself. The simplest way to use Diffie-Hellman as part of an encryption algorithm is to generate a shared one-time-pad that is xor'd with the plaintext. The ElGamal encryption algorithm does basically this, the only differece is that it uses modular multiplication instead of xor'ing to do the encryption once it has the shared one-time-pad.
CPU designs are pretty modular. It shouldn't be hard at all to swap in a new controller when the time comes. If the internal hardware interfaces weren't very clean, design would take a lot longer.
If the laptop gets stolen, the thieves can change the public key on the HD, but that simply allows them to use a different token. The token they substitute doesn't have the key to decrypt the encryped disk block keys.
If all of the transissions get recorded, they can't be played back to the laptop, becuase the laptop will never (statistically speaking) send the same nonce twice before the Sun gets old and bakes the Earth to a crisp.
If you record all of the transmissions and steal the token, you can play them back to the token and get the disk keys, but that doesn't help, since all of the data stays on the laptop. If you're really worried about this, use an interactive signature algorythm on the shard secret so that it can't be replayed to the token.
If you steal the laptop, guess the password used to encrypt thesig nature key, then get a transmitter near the token (wristwatch), you can trick the token into accepting a shared key o your choice and then sucessfully querry the token for the encryption keys. You could also steal the laptop and use hardware to boost the transimmsion range so the token and laptopstill think they're close together. Having a panic button on the token (wristwatch) to turn off the crypto functions will eliminate both of these attacks as long as the owner realizes the laptop has been stolen and quickly hits the stop button on the token. The second attack can be prevented by having the latop place strong limits on the querry latencies.
Of course, if both the token and the laptop are stolen and the password to decrypt the signature key is gussed, it's game over. Kindapping and torturng the owner of the laptop (with the laptop and the token) also results in a game-over scenario. (Unless you use the rubber-hose filesystem.) There are ways to minimize even these attacks. For instace , if the owner's pulse gets too low (chloroform or arm cut off) or too high (torture) then the token writes over the area of memory used to store the secret used to calculate the disk block keys. However, the false alarm rate would be too high for systems like this and the HD would neeed to be reformatted too often.
There is no perfect way to get security, other than melting down the laptop as soon as you put sensitive information on it. However, using the public key encryption, interactive signatures, and shared key system, you can get reasonable throughput and very good security.
Most ethernet chipsets will accept new MAC addresses from the ISA/PCI bus. MAC addresses and IP addresses are both trivial to fake. A single box dropped between the switch for the R&D dept and the next highest-up switch will net you all of the phone calls to and from R&D. Cryptographic methods are the only robust ways to get confidentiality and/or authentication. Public key systems (like SSL) are usually easier to set up than symetric key systems (like Kerberos).
I agree with many people that it's retarded to come up with a new protocol and say "run this on top of a secure layer if you want". The truth is that 99% of the population won't. It's like saying "yeah, there is this exploding gas tank problem, so weld a tank full of fire fighting foam to the back of your Pinto if you want." It's trivial to say in the standard "this must be run on top of SSL/TLS". In this case, SSL setup times are most likely faster than POTS circuit setup times, so the user going from an analog phone to an SSL/TLS IP phone won't notice any dfference.
This is not unfair at all. The information the card counter uses is availableto the house and to all of the other players. If they were marking the cards or had cards up thier sleeves, it would be unfair. This is why card counting isn't illegal. It's infomation that the house is giving away and expecting you not to remember. It's rather silly to expect you not to use the information in your betting. The casinos could stop card coutning all together by using better shuffling machines and shuffling after every hand. They don't 'cause their proffits are maximized by shuffling less.
Also note if you keeep everything the same but the last byte and trick the user into quoting the entire decrypted message, including the garbled last byte, in his/her reply, you can break PGP that way.
Note that PGP and GnuPG both use zip compression by default and so this attack only has a probability of 1 in 4 billion of suceeding and requires user interaction for each attempt. If you turn off compression AND are dumb enough to quote all of the garbage back to the attacker, this attack can be used agaisnt you. This attack is somewhat feasable, but requires some social engineering or some users that are dumb in just the right ways.
Note that if OCB mode were used instead of CFB mode, this attack would not work. Unfortunately, OCB mode is patent encumbered.
Isn't there also a 105 mm howitzer on one side of an AC-130, or was that just an experiment? In any case, an AC-130 can transref a fair ammount of mass fairly quickly. They've used them a lot in Afghanistan. At least back when they were developing the thing in 'nam the pilot had a hud-like sight in his side window. He'd fly in a nice arc centered on the enemy forces while holding the trigger down. That's one heck of a lesson on the effects of momentum transfer and dissipation of kinetic energy (through elastic collisions). One terrifying way to get schooled.
Then again, I'm not an EE or CS person.
I don't mean to sound arrogant, but I started taking mathematics at the Univeristy of Minnesota in 8th grade. My sr. year of high school, I was a full time student at the University of MN. I had 3 years of honors mathematics at the U, and streight A's save a B or B+ in World Polotics. I got perfect scores on several sections of the SAT I and SAT II, and scored above the 95th percentile on my worst sections. That doesn't make me a better person or a good person or anything. The U of MI Ann Arbor is one of the best engineering schools. I definately don't mean to disrespect it. I'm just saying it seems strange that there were many people that were 4.0+ (my U of MN GPA was above 4.0 from the honors math) college students instead of going to thier Sr. year of H.S. Maybe they got wierded out that I wasn't applying as a transfer student, but that's the way one of their people told me to apply.
Anyway, I know several people that got waitlisted at the U of MI Ann Arbor and got into MIT without having to wait on any list. On the other hand, the U of MI didn't require an interview, if I remember correctly. Interviews change things so much. Someone who is "fast on their feet" can get a lot of help from an interview, so that skews things. I'm pretty sure MIT puts a fair ammount of weight in the interview as long as everything else is high enough. Talking with some kid that wants to go to MIT for a few minutes can tell ou a lot. If s/he thinks s/he is going to be hot shit at MIT just 'caus they're the hottest shit thier H.S. has ever seen, you can tell if they're going to be hot shit at MIT or if they're going to get thier world shattered. You can also tell if having their world shattered would do them good or if they would be better off somewhere else. I'm suprised UM Ann Arbor doesn't have a live interview.
There was some fuss a few years ago about all of the Ivy League schools talking about what they were going to offer for financial aid, and then offering identical packages to the same student. They claimed it was so that only the studen't opninion of the school made the difference, some students felt it was illegal anticompetitive behavior.
In any case, schools always have gambles with who to let in. Admitting a student means you have to find space for her/him. Empty beds cost you money. The University of Michigan Anne Arbor is notorious for wait-listing students they think will go elsewhere. They wait-listed me and I got into MIT with no wait. The same thing happened to several of my friends at MIT.
High acceptance percentages also help pestige, which give you better students and more proud alums. More proud alums are better donators and better students make for more rich alums.
Let me also point out that copyright infringement is not theft or defaulting on payments for physical goods with non-negligible per-unit production costs. Cracking and DoSing do not directly benefit the copyright holders. The U.S. does allow for punative disruption, but as part of a government-assigned sanction. Allowing the RIAA to crack or DoS your machine if they think you are trading Britney Spears songs is like letting the bank send hooligans to dynamite your driveway to keep you from using the '72 Pinto in your garage that you haven't made payments on since Regan. If you allow society to disrupt itself, you are shooting yourself in the foot.
Copyright infringement is copright infringement, not swiping a purse or forcably taking over a seagoing vessel. Calling copyright infrngement theft or piracy just confuses the issue.
If we look at laws from a purely utilitarian perspective, we want to maximize pubic good, so we artifiacially limit production (by intelctual property laws) in an optimal way to maximize creative output. Too limiting and production of the content we have goes to zero, too unrestraned and nobody creates anything because the markets are already flooded with copiesof everything else.
I like to liken the RIAA and MPAA to the cottage industries durring the industrial revolution. The luddites smashed factories in order to preserve their industry. However, society was bestserved by them being employed elsewhere and the factories doing their old jobs much more efficiently. The MPAA and RIAA would not like to find other means of making a living, but would rather smash the ultra-efficient internet information factory in favor of their DVD/CD presses and tractor-trailer rigs full of media. Society is much better served by the MPAA and RIAA moving on to more modern livelyhoods such as a service or value-added model. Unfortunately, this time arround, the authorities are arresting the efficientfactory owners instead of the luddites.