Yes, it was very near JFK, but the plane was very late taking off.
If it was a time bomb, it's a shame it didn't go off a touch earlier while the plane was on the ground. It doesn't take that much damage to take a plane out of the air. The same ammount of damage on the ground could have allowed some people to escape.
Does NT4.0/2K/XP allow arbitrary length passwords? (Sorry, been Win-free for a few years now.)
I don't see why computers don't all come with a diceware program or a pronouncable password generator. Random, secure passwords are pretty easy to comy by, assuming/dev/urandom or equivalent is sufficiently random.
I could come up with a good 2,048 word list off the top of my head, which would mean 11 bits of entropy per word. Random capitilization of the first and last letters means 13 bits per word. That's five words for about the strength of 64-bit encryption. Anyone should be able to remember 5 words. Assuming account lockouts for 15 minutes or so after 3 failed logins, this should be sufficient. Of course, Windows networking sends salted hashed passwords in the clear, right? That would mean you probably want at least about 80-bit strong passwords.
I really need to just sit down and write that password generator I've been meaning to get arround to. The hardest part is the 2,048 word list.
see diceware for a simple way to generate secure passwords.
DESX was proposed by RSA Data Security Incorporated as standard to strengthen DES as a stop gap until AES was selected. It uses a 120 bit key. 56 of the bits are used as a des key and the other 64 bits are expanded into two 64-bit pads. The pads are used fro pre- and post- whitening of the DES block. I would assume that they use DESX in ECB or counter mode in oreder to allow random access.
I think they use RSA. Any of the discrete log schemes (such as EL Gamal) would use up twice as much space as RSA for the same modulus size. Shame on anyone who uses public key moduli smaller than 768 bits. Actually, I wouldn't be surprised if they used an eliptic curve system. Personally, I don't like eliptic curve systems. They are based on getting away with smaller RSA keys because the best known attacks on RSA need a notion of smothe that nobody has been able to define on eliptic curves. It seems to me kind of like using 64-bit-key-reduced-round-AES for efficiency and space reasons.
Microsoft claims that DESX is 128 bit encryption, but they forget (more likely chose to neglect) that 8 byte DES keys ignore 1 bit per byte.
In any case, trusting M$FT for you security is like trusting you 3 year old to wash your fine china.
Personally, nowadays I would be skeptical of anything that didn't use an AES finalist (or possibly 3DES or Blowfish) in CBC, CFB, counter, or OCB mode. There really aren't any excuses for using anything else. Even the die-hard "3DES has not been broken in X-years. 3DES is the only thing I trust" people should feel safe using Serpent. The Seprent people chose security over efficiency every step of the way. Sure speed played a big part in chosing Rijndael, but the NIST did a good job of picking the best of each of several design strategies as AES finalists. There should be an AES finalist for everyone.
This really isn't as big a deal as everyone thinks. NOBODY would be STUPID enough to give M$FT their REAL credit card info, would they?... Oh wait, almost 50% of the population is below average intelligence (the IQ curve is a little lop sided. People with an IQ of 140 live a lot longer than people with an IQ of 60, but supervised living helps. Even more so, people with an IQ of 120 tend to outlive people with an IQ of 80). Hmm... looks like passport is a tax on being naive just like the lottery is a tax on being bad at math.
How many individual people have hotmail accounts? Raise your hand if you personally have more than two hotmail accounts. That's what I thought. The numbers are quite misleading.
Oh, and my appologies to JohnSmith@hotmail.com, JohnDoe@hotmail.com, JohnJohnson@hotmail.com, and anyone else I've registered for the NYT online free registration, etc.
My understanding was that the translation error was by way of inferrance. "Hmm... they crossed a sea while leaving Egypt... ahh... this reed see they were crossing must have been the Red Sea, since it borders Egypt."
I've heard that some people have speculated that the sea of reeds was a 6 inch (15 cm) deep river in the area, (like the Everglades) I forget which one. We know of a large volcanic eruption near that river at about the time of the Exedous. The theory is the gigantic blast caused a huge wave to travel along the river, possibly sweeping away part of the Egyptian army. The observers assumed that the sea was returning to its properl level. After all, they were new to the area and didn't know what the water level was supposed to be and had probably never seen such a shallow, wide river.
Sounds like an stretch to me. On the other hand, I'm under the impression that the Bible fits archealogical evidence fairly closely from the Exedous onward. I've heard that they assumed that several Bible storries must have been written long after the fact because they mentioned a civilization that was not known to exist (the Chaldeans, perhapse?). Then they found some cuneaform tablets from teh same time period also mentioning the supposedly ficticious civilization. (Anybody know if they thought the Chaldeans were a myth arround the turn of the century?) I'm not a big fan of grasping for ways to match archalogy and breif millenia-old historical accounts.
However, if the Bible does match archealogical evidence as well as has been claimed, it seems legitimate to try and find corroberating storries.
In any case, I'm of two minds on the matter. Usually quite skeptical of anyone trying to match up archeaology and Biblical accounts. Every once in a while, though, I hear that they've found something neat. (Like Egyptian accounts of a slave uprising, or Egyptian mud and straw bricks showing a straw shortage at the same time mentioned in the Bible.)
But I'm sure something like that would be possible if the "open source" community would stop writing more goddamned window managers for once.
And by the same logic the Peace Corps should send fewer people to Fiji when there are people worse off in Afghanastan. Obviously anyone willing to volunteer in Fiji is willing and has the skillset to volunteer in Afghanastan. Why is so much effort being wasted in Fiji?
The problem with the above logic is that we're talking about volunteers. Most people willing to help in Fiji simply wouldn't apply to the Peace Corps if 90% of the Peace Corps workers went to Afghanastan. (Yeah, I know the Peace Corps has pulled out of several of the *stans. It's just a metaphore. All metaphores are like cars. They only go so far.)
That's the thing. Many people thinkk of the OSS community as being very similar to a country or a company. It's really an artificial abstraction that helps people think about a lot of different people donating time to projects they love. The OSS community does not have any semblance of central leadership, only famous speakersr and famous project leaders.
People say "make up you minds" and complain about conflicting views in the OSS community. These are allowed. There isn't a corporate dogma and the threat of unemployment to force the dogma on anyone. There are centainly dogmatic individuals out there, but there isn't an OSS dogma everyone adheres to. Not even all memvers of the OSS community agree that OSS is always the best route.
Likewise, people think OSS programmers are stuck in cubicles in the vast OSS code farm. People use the corporate thinking that if one project gets cancelled, the programmers would be moved to a different project and educated in the new skills necessary for the new project. IMHO, this is a big problem, at least for security. When an MS Access programmer gets moved to Passport because everything is switching to SQL Server, Passport's security gets screwed up in really bad ways.
The truth is that most OSS programmers (and documenters, you can help an OSS project even if you cant code well) don't code for their love of OSS. They code for the love of their project, and happen to like OSS. If 90% of the WM projects out there were canned, fewer than 10% of the coders would move to non-WM projects. They often lack the skillset and the desire to work on unrelated projects.
As long as your OS keeps a clear distinction between data files and executables, you would only need to replace the executables in $HOME, unless you're talking about the virus securely overwriting all the files. I don't know many people that keep many executables in $HOME.
I also have a user named "karl-archive" and all of my seldom-changing data files get moved to/home/karl-archive and "karl" is a member of the karl-archive group. The karl-archive group has read-only access to the files in/home/karl-archive and the files/directories are symlinked back into/home/karl. If something needs changing, the file perms are changed to allow group writing. This is a 6 a.m.-up-all-night protection more than a virus protection, but it would help against viruses.
(Have any of you ever accidently uninstalled Apache from the local machine at 6 a.m. because you mixed up the local xterm and the xterm tunneled over ssh? httpd stop; rpm -e apache; rm -rf/var/www; "Why is the server still up?" "Uh-oh... time to reinstall and re-customize Apache on one more machine than I planned.")
Precisely! Physical security and encryption WILL both be broken. With physical security, you can pretty much make the lower bound on the time required somewhere in the days to months range. With encryption you can pretty much make the lower bound on the time required somewhere in the decades to millenia range. Of course, both of these estimates rely on lots of assumptions.
It seems to me that you want to wrap your end-to-end encrypted tcp traffic (ipsec) with a synchronous link encryped protocol that sends garbage when it's not sending data. These sorts of link encryption devices exist (at least they used to). I imagine that modern versions exist that use AES, twofish, serpent, or RC6 instead of DES. (I've heard good arguments for each of these AES finalists. If you have the choice, you won't get blaimed for agreeing with NIST.)
In any case, you really need to use ipsec in addition to your link encryption layer. Adding physical security may be a good idea as well, but traffic analysis-resistant link encryption has been arround for decades.
If in the unforseable event that you can't find a supplier for link encryption, it sound like you may have the budget to develop your own link encryption. Authenticated key exchange is the easiest part to screw up, so go for manually entering the keys into the boxes. (If an attacker has physical acess to the link encryption device, assume you've already lost the traffic analysis game.) For link encryption, you probably want to use a self-syncing mode of a block cypher such as CFB Make sure your block cypher is suitable for CFB mode operation. Make sure to use gpg's crypto-strong random output function or something similar to generate your keys. You should rekey at least as often as you sheck the physical integrity of the line.
Yeah, relationship like a wedding in the dark ages. Virtual slavery for the less powerful "partner". No thank you Microsoft. I haven't been scerewed by you in over 3 years now. I don't want a relationship or your lov'n.
And with the ammount of time I spend breaking and fixing my computer, my girlfriend might start to get jealous if I started to have an online relationship with Bill Gates.
But by the same token, there are still litterally hundreds of semi-competant crackers sitting there just waiting for a good bug to come out. They can write the exploit themselves just as easily as the white hats can write their own test code. Many of these people have no problems circulating their home-brewed exploit code through the boards. In the case of closed-source software, excluding the exploit code means that several hundred black hats are working on exploit code at the same time that a few tens of developers (at most) are just trying to create a test case.
Even for proprietary software, you want to make the bug fix use the faster open-source development model for as long as possible, becuase most black hats have no qualms about open-sourcing their exploits. Hiding the explot code actually hurts the developers more, especially if their manager only puts one or two programmers on the bug fix because s/he thinks there's no exploit in the wild.
Nope, bad idea. You need some sort of web of trust, otherwise they set up servers that claim to pass along blacklists for every computer on the net. Everyone gets blacklisted and nobody can download. They could re-blacklist everyone every five minutes to prevent timeouts.
You'll need a few trusted authorities to sign blacklists, and have the lists timeout. Or, you'll need to establish a large web of trust for signing blacklists.
There is the possibility of software loops running faster than native code in certain circumstances, in theory.
HP actually found that some code actually ran faster in their PA-RISC emulator for PA-RISC than on the bare hardware! Perhapse HP was using the equivalent of gcc -O instead of gcc -O2 in their trials, thus giving more room for dynamic optimizations, but they got good results for an early project. Dynamic code optimization still looks promising. HP is working on a product utilizing quick-and-dirty PA-RISC to IA-64 translation and dynamic code optimization to ease the transition from PA-RISC to IA-64.
The HP Dynamo project has some good arguments about why dynamic optimizations might be becomming increasingly usefull. Basically, HP was researching emmulation, so they wrote a PA-RISC emulator to run on PA-RISC and put in some dynamic code optimization to increase performance of commonly run code. There's the old rule of thumb that 80% of your CPU time is spent on 20% of the code, so they concentrate expensive optimizations on the commonly run code, after on-the fly profiling indicates which areas should be optimized. It's like having a -O4 option for gcc and only using it on the code that gets run alot, in order to avoid all the bloat associated with gcc -O3.
Personally, I'd love to see AMD or Intell throw away hardware emulation of the ancient x86 instruction set. The greatly restricted number of registers causes the compilers to really hide the inherent parallelism in the source code. A lot of chip realestate is wasted in extracting the parallelism back out of the binaries. It's not as bad as the stack-based JVM, but the x86 instruction set is pretty bad about expressing parallelism in the source code. I think software emulation of legacy apps is where it's at. If Intel or AMD released an x86 emulator for thier new chipsets and got Microsoft to go along with the idea of software emulation of x86, then we'd see native apps running much more efficiently. It's my understanding that IA-64 kind-of does this with an x86 emulation mode. However, I think that chip realestate would be better spent on thins to speed up native code.
If I'm not mistaken, Win95 even had partial virtual DOS machines for each DOS executable. It's not too much more of a leap to emulate the ancient instruction set after you're emulating the ancient OS. Transmetta wants the flexability to completely redesign the native instruction set for each release, and that's understandable. However, it would be nice to move on to compiling into something that better expresses inherent parallelism in the source code.
There's plenty of talk about thinking things through. They've discovered that the HURD is much more Mach-specific than many had claimed. Mach exposes over one hundered system calls. Mach is big and slow. There are efforts to fix mach and efforts to move HURD to a different microkernel.
The l4-hurd mailing list has been talking about porting the HURD to a "virtual kernel" and creating a virtual kernel layer for the L4 microkernel, to minimize all of the retooling that has to been done in the future when things move past current microkernel thinking.
I've been using Linux nearly exclusively since 1997 and when I upgraded my HD, I put my swap partition at the beginning of my extended partition (8 GB into the disk) followed by my/home directory./root and partitions for backups and rarely used data go before the swap partition.
I've got two 3Gb partitions and on 2 GB partition before my swap space. When I decided to switch to debian, I merely installed Debian on one of the backup partitions, and the two distros shared the same/home partition. (Caution: file ownership etc. is stored by UID, so you have to match up the UIDs between distros.) For a few months I kept Redhat as a safety blanket, just in case I couldn't get something working under Debian. I ended up reformatting the RH 6.2/root partition for extra backup space.
I agree whole-heartedly about apt-get. I started with RH 4.3 and followed RH to 6.2, then switched to Debian 2.2_rev2 for apt-get/dpkg (and Debian's rock-solid reputation). I absolutely love apt-get. Installation of packages is a snap, and no removal headaches like I've experienced w/ rpms. Microsoft is supposedly great at making things easy to use, but the don't ahve any tools that you can just tell "get me winamp" or "get me AIM" and have it install those programs. Usually I don't even need to bother with installation menus. Image WIndows software installation without those stupid wizards! Granted, you may have to go back and tweak things, but most Windoze users just blindly click on the installation defaults anyway!
On a side note, I have recently discovered how amazing LaTeX is. My old MS Word Documents looked like crayon scribbles in comparrison. It's like using B&W film to give ordinary photographs that little touch. Ever notice how almost everything looks better in B&W? Same thing for LaTeX. It Just gives everything that little something special.
Too bad they didn't then go on to ask each respondant what Kabul is. My guess is that 70% of the people polled believed that Kabul was a more legitimate target, and that CNN wouldn't even bother to ask if we should bomb a civilian target.
My guess is that most of the people thought Kabul was the name of a bin Laden hideout or a terrorist camp.
Ever see the show "Street Smarts"? Thare are lots of really stupid people out there. 78% of the American public probably couldn't name the Vice President. (Okay, I'm exagerating.) (Oh... it just took my GF a little longer than I expected to name him, and she's a grad student at MIT. Maybe 90% of the US population couldn't name the US VP in under one minute.)
Or, if you're really paranoid and your entire business model might go down the drain if someone cracked your encryption, you should probably use base-64 encoding and xor with some key byte, say "C".
Anyone know the email adress of the AOL-Time-Warner public relations department? It wasn't on timewarner.com, so I asked the webmaster for the email address.
While I'm waiting for the right email address, I thought I'd let the/. community tear apppart/improve my draft email to AOL-Time-Warner. I think it's important to come across as a reasonable person who (READER ALERT!: put down the hot coffee/soda now) generally likes AOL-Time-Warner, but is concerned about recent actions.
----
Draft of message to be subitted via AOL feedback and later sent to AOL-Time-Warner's public relations department:
----
While I generally have a good opinion of America Online, I would like to express some concerns regarding AOL's instant messaging system.
Market pressures appear to have created a need for an alternative to the current AIM interface to the AIM service. To many people, the AOL AIM client leaves much to be desired. The Linux AOL AIM client, in particular, is widely regarded as innadequate when compared to the alternatives (most noably the GAIM client).
To many people, myself included, it appears that AOL has not attepted to repond to the market demands represented by independent instant messanging clients. It appears that instead, AOL has chosen to use its massive legal resources to intimidate the volunteers producing the alternative clients.
Many users of alternative instant messanging clients do not wish to harm AOL's AIM advertising revenue stream. However, they have a percieved need for features not found on the AOL AIM client.
Many people, particularly in the rapidly growing open source / Linux community, would like to see AOL respond to the market pressures that cause people to use alternative AIM clients. Of particular appeal to GAIM users is an open framework that encourages free extension of the client. The GAIM distribution includes well defined APIs and support files to write "plug ins" in both the Perl and C programming languages. The AOL AIM client does not appear to provide any framework for free extension.
In addition, many people in the open source community would like to see AOL publish the source code ot the AIM client under a free liscence (as defined by the Free Software Foundation). Perhapse AOL feels that it needs to hide the source code for its AIM client in order to preserve the AIM advertising revenue stream. However, the present situation has demonstrated that the source code for a superior instant messanging client is available for others to build on. I personally believe that AOL would see a rapid increase in the functionality of the AIM client on all platforms if the source code for the AIM client was published under a free liscence.
Karl
I'm a slacker? You're the one who waited until now to just sit arround.
Zhe small fishing boat vill sink when hit by Amerikan submarine, but must use Russian space station vhen you want to sink a whaling wessel.
My guess it that it will come down in March.
If engineers are deciding, then it's definately comming down at a time related to e. I'm too lazy to convert 18:28:18 Mosco time to EST. 2001-3-27 18:28:18
Why is everyone so obsessed with pi?
e is a much more usefull irrational number.
Karl
I'm a slacker? You're the one who waited until now to just sit arround.
All they need now are clear lithium ion batteries.
If this stuff is a good enough thermal conductor, they could build fast CPUs right into the display and the display face would make a nice large heat sink. Then, your palm pilot could be completely clear... and nearly impossible to find when you misplace it. On second thought, maybe they should keep the batteries opaque.;-)
If you got the photosensors right, you might be able to make a sheet of glass that could scan, and later display, any image it was set on top of. How cool would that be?
On a lighter note, they really should have picked a better English translation for Tokyo Institute of Technology. The three letter acronym is just a bit obscene for a t-shirt. My freind has a t-shirt from a robotics competition held there. I still chuckle and shake my head when he wears that shirt.
Karl
I'm a slacker? You're the one who waited until now to just sit arround.
The drag caused by these is greater than the energy they put out (see the 2nd law of thermodynamics). Thus, they aren't useful if you're actively moving the object to which they're attached.
If you want these to be practical on a spy craft, you need to use a "free" source of propulsive power. That way, the efficiency losses don't matter. Of course, your craft goes slower, but you don't waste your power source.
There are some "free" sources of propulsive power in the ocean. For instance, somebody worked on a craft that used the thermal expansion of contration of a glycol solution to cause the craft to rise and fall through thermal gradients. Put wings on such a craft and you can use this vertical motion to create horizontil motion. The thermal gradients provide the energy.
Karl
I'm a slacker? You're the one who waited until now to just sit arround.
Male Tetrachromats
It's not actually true that males can't be tetrachromats. If a normal X chromosome carries the information for 3 types of cones, and a woman has a mutation in one of the cone genes on one of her X chromosomes, she'll get 4 types of cones.
However, it is also possible for a gene to get duplicated on a chromosome durring miosis. Thus, a male could cary informormation for 4 cones, two of which would be identical. If however, there was then a mutation in one of those, he could be a tetrachromat. This is, however, much less likely than a female tetrachromat.
Infrared Cones
Many posters have brought up the coolness of infrared cones. However, I think they're dreaming of bodyheat-sensitive cones. This would be like trying to look through a glow stick! Your vitreous humor and aqueous humor are at body temperature! Granted their black-body emissivity is probably pretty low, but the inide walls of your eyes probably have fairly high emissivities. (Look up black-body radiation). The isides of your eyes would be very bright.
Karl
I'm a slacker? You're the one who waited until now to just sit arround.
The logical next step is to take an animal that has limited motor function at birth (are there such animals, besides humans?) and also put electrodes into an appropriate sensory area of the brain, preferably tactile. Then the animal can get force-feedback signals from the robot. If the arm is within sight of the animal, it should learn to use the robot just like another limb. A monkey with a bionic third arm, how cool is that?
< humor style=bad>
And if we gave the robot a human-like hand, and taught the monkey to type... (Insert favorite reference to 10,000 monkeys typing randomly for 10,000 years.)(Absolutely do not use the B word).
</humor>
Karl
I'm a slacker? You're the one who waited until now to just sit arround.
Assuming you had suggested something more plausable, like trying to ram MIR or the ISS, it would still be very difficult to accomplish without some sort of side-looking sensors. A camera satelite probably can't focus in close enough to use it's camera as a terminal guidance system. Without terminal guidance, it's very dificult to track two objects moving rapidly through space well enough to get them to collide. Something passing within a couple of miles is considered a near miss, in most circumstances.
On the other hand, someone could try and create an orbit that intersects the orbits of several other satelites, then disable the watchdog timer and jam the system so nobody has control fo the satelite. The main effect of this, though, would probably just be to cause the other satelites to lose some observation time and fuel while moving to a safer orbit. Like I said, it's tough without terminal guidance.
Very little, if anything, would make it to the ground if someone tried crashing one of these into a city.
Your biggest danger is some script kiddie trying to impress some girl by writing her initials with "shooting stars" and de-orbiting several satelites. Never underestimate the determination of a sex-starved 14 year boy. (Or those whose crotches still think they're 14.)
Karl
I'm a slacker? You're the one who waited until now to just sit arround.
Slashdot Mirror
If it was a time bomb, it's a shame it didn't go off a touch earlier while the plane was on the ground. It doesn't take that much damage to take a plane out of the air. The same ammount of damage on the ground could have allowed some people to escape.
I don't see why computers don't all come with a diceware program or a pronouncable password generator. Random, secure passwords are pretty easy to comy by, assuming
I could come up with a good 2,048 word list off the top of my head, which would mean 11 bits of entropy per word. Random capitilization of the first and last letters means 13 bits per word. That's five words for about the strength of 64-bit encryption. Anyone should be able to remember 5 words. Assuming account lockouts for 15 minutes or so after 3 failed logins, this should be sufficient. Of course, Windows networking sends salted hashed passwords in the clear, right? That would mean you probably want at least about 80-bit strong passwords.
I really need to just sit down and write that password generator I've been meaning to get arround to. The hardest part is the 2,048 word list.
see diceware for a simple way to generate secure passwords.
I think they use RSA. Any of the discrete log schemes (such as EL Gamal) would use up twice as much space as RSA for the same modulus size. Shame on anyone who uses public key moduli smaller than 768 bits. Actually, I wouldn't be surprised if they used an eliptic curve system. Personally, I don't like eliptic curve systems. They are based on getting away with smaller RSA keys because the best known attacks on RSA need a notion of smothe that nobody has been able to define on eliptic curves. It seems to me kind of like using 64-bit-key-reduced-round-AES for efficiency and space reasons.
Microsoft claims that DESX is 128 bit encryption, but they forget (more likely chose to neglect) that 8 byte DES keys ignore 1 bit per byte.
In any case, trusting M$FT for you security is like trusting you 3 year old to wash your fine china.
Personally, nowadays I would be skeptical of anything that didn't use an AES finalist (or possibly 3DES or Blowfish) in CBC, CFB, counter, or OCB mode. There really aren't any excuses for using anything else. Even the die-hard "3DES has not been broken in X-years. 3DES is the only thing I trust" people should feel safe using Serpent. The Seprent people chose security over efficiency every step of the way. Sure speed played a big part in chosing Rijndael, but the NIST did a good job of picking the best of each of several design strategies as AES finalists. There should be an AES finalist for everyone.
Hmm... I'm going to have to go cry now. :-(
How many individual people have hotmail accounts? Raise your hand if you personally have more than two hotmail accounts. That's what I thought. The numbers are quite misleading.
Oh, and my appologies to JohnSmith@hotmail.com, JohnDoe@hotmail.com, JohnJohnson@hotmail.com, and anyone else I've registered for the NYT online free registration, etc.
I've heard that some people have speculated that the sea of reeds was a 6 inch (15 cm) deep river in the area, (like the Everglades) I forget which one. We know of a large volcanic eruption near that river at about the time of the Exedous. The theory is the gigantic blast caused a huge wave to travel along the river, possibly sweeping away part of the Egyptian army. The observers assumed that the sea was returning to its properl level. After all, they were new to the area and didn't know what the water level was supposed to be and had probably never seen such a shallow, wide river.
Sounds like an stretch to me. On the other hand, I'm under the impression that the Bible fits archealogical evidence fairly closely from the Exedous onward. I've heard that they assumed that several Bible storries must have been written long after the fact because they mentioned a civilization that was not known to exist (the Chaldeans, perhapse?). Then they found some cuneaform tablets from teh same time period also mentioning the supposedly ficticious civilization. (Anybody know if they thought the Chaldeans were a myth arround the turn of the century?) I'm not a big fan of grasping for ways to match archalogy and breif millenia-old historical accounts.
However, if the Bible does match archealogical evidence as well as has been claimed, it seems legitimate to try and find corroberating storries.
In any case, I'm of two minds on the matter. Usually quite skeptical of anyone trying to match up archeaology and Biblical accounts. Every once in a while, though, I hear that they've found something neat. (Like Egyptian accounts of a slave uprising, or Egyptian mud and straw bricks showing a straw shortage at the same time mentioned in the Bible.)
And by the same logic the Peace Corps should send fewer people to Fiji when there are people worse off in Afghanastan. Obviously anyone willing to volunteer in Fiji is willing and has the skillset to volunteer in Afghanastan. Why is so much effort being wasted in Fiji?
The problem with the above logic is that we're talking about volunteers. Most people willing to help in Fiji simply wouldn't apply to the Peace Corps if 90% of the Peace Corps workers went to Afghanastan. (Yeah, I know the Peace Corps has pulled out of several of the *stans. It's just a metaphore. All metaphores are like cars. They only go so far.)
That's the thing. Many people thinkk of the OSS community as being very similar to a country or a company. It's really an artificial abstraction that helps people think about a lot of different people donating time to projects they love. The OSS community does not have any semblance of central leadership, only famous speakersr and famous project leaders.
People say "make up you minds" and complain about conflicting views in the OSS community. These are allowed. There isn't a corporate dogma and the threat of unemployment to force the dogma on anyone. There are centainly dogmatic individuals out there, but there isn't an OSS dogma everyone adheres to. Not even all memvers of the OSS community agree that OSS is always the best route.
Likewise, people think OSS programmers are stuck in cubicles in the vast OSS code farm. People use the corporate thinking that if one project gets cancelled, the programmers would be moved to a different project and educated in the new skills necessary for the new project. IMHO, this is a big problem, at least for security. When an MS Access programmer gets moved to Passport because everything is switching to SQL Server, Passport's security gets screwed up in really bad ways.
The truth is that most OSS programmers (and documenters, you can help an OSS project even if you cant code well) don't code for their love of OSS. They code for the love of their project, and happen to like OSS. If 90% of the WM projects out there were canned, fewer than 10% of the coders would move to non-WM projects. They often lack the skillset and the desire to work on unrelated projects.
I also have a user named "karl-archive" and all of my seldom-changing data files get moved to
(Have any of you ever accidently uninstalled Apache from the local machine at 6 a.m. because you mixed up the local xterm and the xterm tunneled over ssh? httpd stop; rpm -e apache; rm -rf /var/www; "Why is the server still up?" "Uh-oh... time to reinstall and re-customize Apache on one more machine than I planned.")
It seems to me that you want to wrap your end-to-end encrypted tcp traffic (ipsec) with a synchronous link encryped protocol that sends garbage when it's not sending data. These sorts of link encryption devices exist (at least they used to). I imagine that modern versions exist that use AES, twofish, serpent, or RC6 instead of DES. (I've heard good arguments for each of these AES finalists. If you have the choice, you won't get blaimed for agreeing with NIST.)
In any case, you really need to use ipsec in addition to your link encryption layer. Adding physical security may be a good idea as well, but traffic analysis-resistant link encryption has been arround for decades.
If in the unforseable event that you can't find a supplier for link encryption, it sound like you may have the budget to develop your own link encryption. Authenticated key exchange is the easiest part to screw up, so go for manually entering the keys into the boxes. (If an attacker has physical acess to the link encryption device, assume you've already lost the traffic analysis game.) For link encryption, you probably want to use a self-syncing mode of a block cypher such as CFB Make sure your block cypher is suitable for CFB mode operation. Make sure to use gpg's crypto-strong random output function or something similar to generate your keys. You should rekey at least as often as you sheck the physical integrity of the line.
And with the ammount of time I spend breaking and fixing my computer, my girlfriend might start to get jealous if I started to have an online relationship with Bill Gates.
Even for proprietary software, you want to make the bug fix use the faster open-source development model for as long as possible, becuase most black hats have no qualms about open-sourcing their exploits. Hiding the explot code actually hurts the developers more, especially if their manager only puts one or two programmers on the bug fix because s/he thinks there's no exploit in the wild.
Nope, bad idea. You need some sort of web of trust, otherwise they set up servers that claim to pass along blacklists for every computer on the net. Everyone gets blacklisted and nobody can download. They could re-blacklist everyone every five minutes to prevent timeouts.
You'll need a few trusted authorities to sign blacklists, and have the lists timeout. Or, you'll need to establish a large web of trust for signing blacklists.
HP actually found that some code actually ran faster in their PA-RISC emulator for PA-RISC than on the bare hardware! Perhapse HP was using the equivalent of gcc -O instead of gcc -O2 in their trials, thus giving more room for dynamic optimizations, but they got good results for an early project. Dynamic code optimization still looks promising. HP is working on a product utilizing quick-and-dirty PA-RISC to IA-64 translation and dynamic code optimization to ease the transition from PA-RISC to IA-64.
The HP Dynamo project has some good arguments about why dynamic optimizations might be becomming increasingly usefull. Basically, HP was researching emmulation, so they wrote a PA-RISC emulator to run on PA-RISC and put in some dynamic code optimization to increase performance of commonly run code. There's the old rule of thumb that 80% of your CPU time is spent on 20% of the code, so they concentrate expensive optimizations on the commonly run code, after on-the fly profiling indicates which areas should be optimized. It's like having a -O4 option for gcc and only using it on the code that gets run alot, in order to avoid all the bloat associated with gcc -O3.
Personally, I'd love to see AMD or Intell throw away hardware emulation of the ancient x86 instruction set. The greatly restricted number of registers causes the compilers to really hide the inherent parallelism in the source code. A lot of chip realestate is wasted in extracting the parallelism back out of the binaries. It's not as bad as the stack-based JVM, but the x86 instruction set is pretty bad about expressing parallelism in the source code. I think software emulation of legacy apps is where it's at. If Intel or AMD released an x86 emulator for thier new chipsets and got Microsoft to go along with the idea of software emulation of x86, then we'd see native apps running much more efficiently. It's my understanding that IA-64 kind-of does this with an x86 emulation mode. However, I think that chip realestate would be better spent on thins to speed up native code.
If I'm not mistaken, Win95 even had partial virtual DOS machines for each DOS executable. It's not too much more of a leap to emulate the ancient instruction set after you're emulating the ancient OS. Transmetta wants the flexability to completely redesign the native instruction set for each release, and that's understandable. However, it would be nice to move on to compiling into something that better expresses inherent parallelism in the source code.
The l4-hurd mailing list has been talking about porting the HURD to a "virtual kernel" and creating a virtual kernel layer for the L4 microkernel, to minimize all of the retooling that has to been done in the future when things move past current microkernel thinking.
I've got two 3Gb partitions and on 2 GB partition before my swap space. When I decided to switch to debian, I merely installed Debian on one of the backup partitions, and the two distros shared the same
I agree whole-heartedly about apt-get. I started with RH 4.3 and followed RH to 6.2, then switched to Debian 2.2_rev2 for apt-get/dpkg (and Debian's rock-solid reputation). I absolutely love apt-get. Installation of packages is a snap, and no removal headaches like I've experienced w/ rpms. Microsoft is supposedly great at making things easy to use, but the don't ahve any tools that you can just tell "get me winamp" or "get me AIM" and have it install those programs. Usually I don't even need to bother with installation menus. Image WIndows software installation without those stupid wizards! Granted, you may have to go back and tweak things, but most Windoze users just blindly click on the installation defaults anyway!
On a side note, I have recently discovered how amazing LaTeX is. My old MS Word Documents looked like crayon scribbles in comparrison. It's like using B&W film to give ordinary photographs that little touch. Ever notice how almost everything looks better in B&W? Same thing for LaTeX. It Just gives everything that little something special.
My guess is that most of the people thought Kabul was the name of a bin Laden hideout or a terrorist camp.
Ever see the show "Street Smarts"? Thare are lots of really stupid people out there. 78% of the American public probably couldn't name the Vice President. (Okay, I'm exagerating.) (Oh... it just took my GF a little longer than I expected to name him, and she's a grad student at MIT. Maybe 90% of the US population couldn't name the US VP in under one minute.)
Oh wait, DC filed for bankrupcy, my bad.
As of 16:25 EST, the incidents.org website is showing 48,489 infected hosts (as of 14:00 EST).
P.S. I wonder how many requests for interviews Prof. Morris is getting about his infamous worm and the Code Red worm.
While I'm waiting for the right email address, I thought I'd let the /. community tear apppart/improve my draft email to AOL-Time-Warner. I think it's important to come across as a reasonable person who (READER ALERT!: put down the hot coffee/soda now) generally likes AOL-Time-Warner, but is concerned about recent actions.
----
Draft of message to be subitted via AOL feedback and later sent to AOL-Time-Warner's public relations department:
----
While I generally have a good opinion of America Online, I would like to express some concerns regarding AOL's instant messaging system.
Market pressures appear to have created a need for an alternative to the current AIM interface to the AIM service. To many people, the AOL AIM client leaves much to be desired. The Linux AOL AIM client, in particular, is widely regarded as innadequate when compared to the alternatives (most noably the GAIM client).
To many people, myself included, it appears that AOL has not attepted to repond to the market demands represented by independent instant messanging clients. It appears that instead, AOL has chosen to use its massive legal resources to intimidate the volunteers producing the alternative clients.
Many users of alternative instant messanging clients do not wish to harm AOL's AIM advertising revenue stream. However, they have a percieved need for features not found on the AOL AIM client.
Many people, particularly in the rapidly growing open source / Linux community, would like to see AOL respond to the market pressures that cause people to use alternative AIM clients. Of particular appeal to GAIM users is an open framework that encourages free extension of the client. The GAIM distribution includes well defined APIs and support files to write "plug ins" in both the Perl and C programming languages. The AOL AIM client does not appear to provide any framework for free extension.
In addition, many people in the open source community would like to see AOL publish the source code ot the AIM client under a free liscence (as defined by the Free Software Foundation). Perhapse AOL feels that it needs to hide the source code for its AIM client in order to preserve the AIM advertising revenue stream. However, the present situation has demonstrated that the source code for a superior instant messanging client is available for others to build on. I personally believe that AOL would see a rapid increase in the functionality of the AIM client on all platforms if the source code for the AIM client was published under a free liscence.
Karl
I'm a slacker? You're the one who waited until now to just sit arround.
My guess it that it will come down in March. If engineers are deciding, then it's definately comming down at a time related to e. I'm too lazy to convert 18:28:18 Mosco time to EST.
2001-3-27 18:28:18
Why is everyone so obsessed with pi?
e is a much more usefull irrational number.
Karl
I'm a slacker? You're the one who waited until now to just sit arround.
If this stuff is a good enough thermal conductor, they could build fast CPUs right into the display and the display face would make a nice large heat sink. Then, your palm pilot could be completely clear ... and nearly impossible to find when you misplace it. On second thought, maybe they should keep the batteries opaque. ;-)
If you got the photosensors right, you might be able to make a sheet of glass that could scan, and later display, any image it was set on top of. How cool would that be?
On a lighter note, they really should have picked a better English translation for Tokyo Institute of Technology. The three letter acronym is just a bit obscene for a t-shirt. My freind has a t-shirt from a robotics competition held there. I still chuckle and shake my head when he wears that shirt.
Karl
I'm a slacker? You're the one who waited until now to just sit arround.
If you want these to be practical on a spy craft, you need to use a "free" source of propulsive power. That way, the efficiency losses don't matter. Of course, your craft goes slower, but you don't waste your power source.
There are some "free" sources of propulsive power in the ocean. For instance, somebody worked on a craft that used the thermal expansion of contration of a glycol solution to cause the craft to rise and fall through thermal gradients. Put wings on such a craft and you can use this vertical motion to create horizontil motion. The thermal gradients provide the energy.
Karl
I'm a slacker? You're the one who waited until now to just sit arround.
It's not actually true that males can't be tetrachromats. If a normal X chromosome carries the information for 3 types of cones, and a woman has a mutation in one of the cone genes on one of her X chromosomes, she'll get 4 types of cones.
However, it is also possible for a gene to get duplicated on a chromosome durring miosis. Thus, a male could cary informormation for 4 cones, two of which would be identical. If however, there was then a mutation in one of those, he could be a tetrachromat. This is, however, much less likely than a female tetrachromat.
Infrared Cones
Many posters have brought up the coolness of infrared cones. However, I think they're dreaming of bodyheat-sensitive cones. This would be like trying to look through a glow stick! Your vitreous humor and aqueous humor are at body temperature! Granted their black-body emissivity is probably pretty low, but the inide walls of your eyes probably have fairly high emissivities. (Look up black-body radiation). The isides of your eyes would be very bright.
Karl
I'm a slacker? You're the one who waited until now to just sit arround.
< humor style=bad>
And if we gave the robot a human-like hand, and taught the monkey to type... (Insert favorite reference to 10,000 monkeys typing randomly for 10,000 years.)(Absolutely do not use the B word).
</humor>
Karl
I'm a slacker? You're the one who waited until now to just sit arround.
On the other hand, someone could try and create an orbit that intersects the orbits of several other satelites, then disable the watchdog timer and jam the system so nobody has control fo the satelite. The main effect of this, though, would probably just be to cause the other satelites to lose some observation time and fuel while moving to a safer orbit. Like I said, it's tough without terminal guidance.
Very little, if anything, would make it to the ground if someone tried crashing one of these into a city.
Your biggest danger is some script kiddie trying to impress some girl by writing her initials with "shooting stars" and de-orbiting several satelites. Never underestimate the determination of a sex-starved 14 year boy. (Or those whose crotches still think they're 14.)
Karl
I'm a slacker? You're the one who waited until now to just sit arround.