"Suburu" is the Japanese name for the Pleiades cluster. I've heard from various sources that the word means "Unite", "5 brothers" or is just a given name. (Anybody speak Japanese?) It's also the nickname of Fuji Heavy Industries, which was formed by the merger of a Japanese manufacturing cartel also known as the 5 brothers.. And FHI, of course, makes the car, which uses the Pleiades as its logo.
Although in Hawaii, the Suburu Telescope is owned by the Japanese National Observatory, hence the Japanese name.
Using modern encryption like SSH does guarantee that things *have to add up* since keeping what you start with a secret
When you first wrote this it went against what (little) I knew about encryption. I'm very weak on the math, but I know that some encryption algorithms use a rotor model, meaning that they're just a software implementation of the rotor encryption machines used during WW II (Enigma being the most famous.) So it just doesn't make sense that a transmission error would screw up the process.
I still can't say that no encryption algorithm will choke if there's a transmission error, but I now know for a fact that 3DES (the encryption SSH uses by default) won't. And yes, 3DES is a rotor algorithm.
I decided to get my hands dirty with the DES software on Linux. (3DES is just DES with bigger keys.) Took a text file, encrypted, changed a single bit, decrypted. That one-bit change turned 10 bytes into garbage! Rest of the file was fine.
SSH has an option to use Blowfish instead of 3DES. Don't understand that algorithm well enough to say how it would handle transmission errors, and don't have time to set up a test.
I'm pretty lazy, but I'm not that lazy. What I am is sloppy -- I didn't look at the ads.
As for "native open source" SSH on Windows, there obviously isn't great demand.
Come again? What's the #1 way to transfer files over the public internet? FTP. And that protocol sends passwords in the clear (it even precedes it with a handy little tag, so the sniffers won't miss it). So anybody who doesn't want to get hacked uses SFTP which is just FTP over SSH. That's how this thread started in the first place.
So when you say "sftp is an order of magnitude slower" you really mean ".... on openssh running on cygwin running on Windows". (I'm assuming that your workstations are not bottlenecks, since these systems typically have more CPU bandwidth than they know what to do with.)
I'm not an expert on this stuff, but I have to wonder if your sshd daemons are fully utilitizing your CPUs. Perhaps this is a stupid suggestion, but have you profiled core usage and verified that the cygwin and openssh in copssh are both compiled with multithreading support?
One obvious suggestion is that you try a native-to-Windows SSH server. But there don't seem to be any! Not open source, not commercial. Mind-boggling.
If there is a commercial Windows SSH server, you probably should give it a try. Your boss may hate spending money, but he'd hate being hacked even more.
And even if you guys are a Windows shop, you might consider serving your FTP off a system with a performance-oriented OS. Being a Sun employee, I'm required to tell you that Solaris is way cooler than Linux for high-performance apps. But even with Linux, the CPU bandwidth you need to do this properly is not thatexpensive.
Oops. Just had a thought. (Reads ssh man page.) Yep. The default encryption for sftp transfers is 3des — a rotor algorithm. So any error in transmission will silently create an error in the output. (Does mocking little dance.) There's an option to use blowfish, which is way too big and complicated for my little brain, so I couldn't tell you how it handles errors.
I've been building client/server apps that use crypto for 8 years, and I've never once referred to an MD5 hash as a checksum, though I recognize that some might.
Some? There are 2.7 million pages in Google that reference the phrase (not the words) "MD5 Checksum".
Of course, MD5 also falls into that category of "useless for assuring data integrity", so that's a moot point.
No it's not. I didn't cite "MD5 checksum" as a superior algorithm, I cited it as an example of people using the word "checksum" more loosely than you do.
Sorry, I'm not going to do your homework for you.
I did do my homework. Couldn't find anything to support what you say. If you've actually studied the algorithms, I'll take your word for it. But...
Yes, if data is encrypted, and that data is munged, the encryption breaks, and the decryption fails. That is the nature of encryption.
That's patently not true. Any rotor algorithm such as DES will not notice a munged bit. Just to convince myself that I had that right I actually encrypted a short file with the Linux des command, changed a single bit in the encrypted version, and decrypted it. About 10 bytes got scrambled.
Using my psychic powers, I now perceive that you're saying, "DES is a symmetric key algorithm. Nobody uses those! I'm talking about public key algorithms!" My math isn't good enough to verify that you're right, (nor do I have any PK software to play with) but I'll take your word for it. Just don't get all hot and bothered because I interpreted "encryption" more broadly than you; this time the dictionary is definitely on my side.
FTP is however, more than an order of magnitude faster than SFTP or SCP.
Maybe on your system. I use SSH-based file transfers routinely, and I'm not seeing an loss of speed at all.
When an encrypted connection is slow, it's more than likely that the server doesn't have enough CPU bandwidth to handle its end of the pipe. Now that I think of it, when my company first deployed VPN, it was horribly slugish. Then they upgraded the systems handling the encryption, and it's as fast as any other connection. I suspect that's standard with encypted data transfer; people always overlook the extra CPU capacity they'll need to support it properly.
You're reading way to much into the authors prose. Being worried about the future of a product is not the same as wanting all competing products to go away.
I have pretty much the same attitude. I basically prefer Firefox to all the alternatives and would hate to see it go away. But its performance and reliability problems are getting to be a bit much. TFA and I both think that if 3.5 doesn't address these problems, Firefox's days are numbered. (He says it does; I haven't had time to install it yet.) That has nothing to do with being anti-competition.
Poster isn't concerned about whether the data has errors. That's a problem for the data creators. He's worried about it getting screwed up in transmission, either accidentally or maliciously
Sigh. You're welcome to nitpick my prose, but would you mind doing so in a way that makes sense. Data that got screwed up in transmission can be said to have errors. And that's what I meant.
and encryption absolutely solves that issue.
How? Not all encryption algorithms break if you mung the data after it was encrypted. Do all the algorithms break if this happens? Show me where it says this, and I'll admit that encryption is sufficient.
BTW, checksum hasn't been considered a trustworthy means of ensuring data integrity for more than a decade.
Dude, you really need to start listening to how people actually talk. For more than a decade, the word "checksum" has been used to apply to algorithms that don't simply add up bits, such as MD5. Not strictly logical, but language rarely is.
I didn't say nobody was against competition, I said that nobody was arguing against competition. MS management may hate having competition, but they'd never admit it in public, not with the DOJ watching.
Since firefox is funded almost entirely by Google, it's a bit of misdirection to claim that it's "run by a nonprofit organization".
How does taking Google money make Mozilla Foundation not-nonprofit? Being nonprofit means you don't pay your owners profits. It doesn't mean you can't have income. In point of fact, many nonprofits have some kind of .
Am I the only one who doesn't see the multiplicity of real competition as a threat, but rather as the greatest success of the Mozilla Foundation?
Huh? Is there somebody out there yelling, "No! We need one browser! Competition is evil"? If so, I haven't run across them.
With browsers (as with any other software) there's always some obsessive fanboy who says that everybody should be using Firefox or Opera or even Lynx. But that just religious non-logic; it's not an argument against competition.
I don't know SSH (which SFTP uses) well enough to say that you're wrong, but I think you are. Encrypting software, in itself, does not guarantee that there are no errors. It's a simple case of garbage-in-garbage-out.
On the other hand, use of SFTP in place of FTP is mandatory in this day and age. FTP sends passwords in clear; anybody using it is wearing a big red sign that says HACK ME!!!!
As for data integrity, this is not exactly new, or rocket science. Here's the magic word: checksum.
You're confusing "good time" with parole. Federal prisoners used to be eligible for parole much like state prisoners, but they took that away in 1987. But they can still get up to 15% of their time off for good behavior.
Suppose a product you helped create were trashed by somebody. And suppose you thought that person's criticisms were really stupid and childish. Worst of all (from your point of view) your economic future depends in part on how well this product sells. So this person is taking money out of your pocket. Tell me you wouldn't react really strongly.
That's pretty much the situation faced by all the people who got bent out of shape. Presumably they have some economic tie to Coalinga: a house with a big mortgage, a business, a job, whatever. So anybody who says "Coalinga sucks" is taking money out of their pocket.
Which is not to justify the death threats, the boycotts, etc., etc. But we're in no position to talk. On Slashdot, you can generate death threats just by pointing out simple mistakes, never mind a rant about how sucky somebody's favorite product is.
That's a long post, and it doesn't respond to any of my arguments. If you're going to simply ignore other people's arguments, why should they care about yours?
OK, Boyle is a professor of law, but I think he's wrong in this instance.
You obviously didn't read past the first paragraph. There were two law professors in that interview, and the other one takes a very narrow view of what's fair use. They both agreed that documentary use is fair use. Boyle commented that a law student who didn't know that this ring tone thing was fair use would flunk any exam that asked about it, and the other guy didn't dispute that.
What's the basis for all this bullshit you're feeding us? Watching cable news? Listening to talk shows? Have you cracked a book, gone to a class, studied case law?
People often talk with authority about subjects they know nothing about, but it never ceases to amaze me how many people whose only legal training is TV crime dramas consider themselves legal experts. And in your case, it doesn't even extend to listening to a lawyer's full argument before saying he's wrong!
MHB apparently has made $8million+. If they didn't want to pay EMI then they can simply not use that music.
That is not even an argument. When you take away something that belongs to somebody else, there are many factors that decide whether or not it's legal. But the wealth of the takee is just not one of them. If you don't believe me, go steal Bill Gates's watch and see what happens.
And even if your argument were logical, it wouldn't apply. Because when the producer of MHB approached EMI, she didn't have an $8 million movie. She had a lot of uncut footage and a dwindling bank account that couldn't begin to cover all the coverage fees people were trying to extort from her. In order to get the movie made, she had to bargain, dub over, and even cut scenes because they showed kids dancing to music she couldn't get rights to, and it wasn't possible to dub over it.
One of the missing scenes featured Ray Charles's all time classic, "Hit the Road Jack." If that had been in the movie, I might have gone to see it just to watch kids dancing to it. But it had to be cut. And the issue wasn't even money! You can't get clearance for this song at any price, because the people who own its publishing rights consider it overexposed and are holding it off the market.
If the music clip is being used commercially it's not fair use -
Dude, don't repeat internet folklore as if it were a serious legal authority. This bit of folklore is popular amongst people who like to believe that re-using content is OK as long as they don't make money off it. Has no basis in fact.
Here's an interview with two lawyers (one of them extremely pro-industry) who both endorse the idea that documentary use is fair use. The even cite that ring tone as a classic example:
Well, right now you're driving around with maybe 60 pounds of gasoline, a substance with five times the energy density of TNT. Gasoline doesn't release its energy as quickly as TNT, but you can still get a respectable explosion, from it.
Not an expert, but I seem to recall that DC is not that good at producing big nasty sparks. Which is why Thomas Edison claimed that AC was too dangerous for consumer applications. Now we're surrounded by AC devices, each with more than enough juice to kill us.
And yet we get by. It's not the risks, it's how hard they are to manage.
Slashdot Mirror
Yes, and I believe everything I read in Wikipedia.
"Suburu" is the Japanese name for the Pleiades cluster. I've heard from various sources that the word means "Unite", "5 brothers" or is just a given name. (Anybody speak Japanese?) It's also the nickname of Fuji Heavy Industries, which was formed by the merger of a Japanese manufacturing cartel also known as the 5 brothers.. And FHI, of course, makes the car, which uses the Pleiades as its logo.
Although in Hawaii, the Suburu Telescope is owned by the Japanese National Observatory, hence the Japanese name.
Using modern encryption like SSH does guarantee that things *have to add up* since keeping what you start with a secret
When you first wrote this it went against what (little) I knew about encryption. I'm very weak on the math, but I know that some encryption algorithms use a rotor model, meaning that they're just a software implementation of the rotor encryption machines used during WW II (Enigma being the most famous.) So it just doesn't make sense that a transmission error would screw up the process.
I still can't say that no encryption algorithm will choke if there's a transmission error, but I now know for a fact that 3DES (the encryption SSH uses by default) won't. And yes, 3DES is a rotor algorithm.
I decided to get my hands dirty with the DES software on Linux. (3DES is just DES with bigger keys.) Took a text file, encrypted, changed a single bit, decrypted. That one-bit change turned 10 bytes into garbage! Rest of the file was fine.
SSH has an option to use Blowfish instead of 3DES. Don't understand that algorithm well enough to say how it would handle transmission errors, and don't have time to set up a test.
I'm pretty lazy, but I'm not that lazy. What I am is sloppy -- I didn't look at the ads.
As for "native open source" SSH on Windows, there obviously isn't great demand.
Come again? What's the #1 way to transfer files over the public internet? FTP. And that protocol sends passwords in the clear (it even precedes it with a handy little tag, so the sniffers won't miss it). So anybody who doesn't want to get hacked uses SFTP which is just FTP over SSH. That's how this thread started in the first place.
So when you say "sftp is an order of magnitude slower" you really mean ".... on openssh running on cygwin running on Windows". (I'm assuming that your workstations are not bottlenecks, since these systems typically have more CPU bandwidth than they know what to do with.)
I'm not an expert on this stuff, but I have to wonder if your sshd daemons are fully utilitizing your CPUs. Perhaps this is a stupid suggestion, but have you profiled core usage and verified that the cygwin and openssh in copssh are both compiled with multithreading support?
One obvious suggestion is that you try a native-to-Windows SSH server. But there don't seem to be any! Not open source, not commercial. Mind-boggling.
If there is a commercial Windows SSH server, you probably should give it a try. Your boss may hate spending money, but he'd hate being hacked even more.
And even if you guys are a Windows shop, you might consider serving your FTP off a system with a performance-oriented OS. Being a Sun employee, I'm required to tell you that Solaris is way cooler than Linux for high-performance apps. But even with Linux, the CPU bandwidth you need to do this properly is not that expensive.
</shameless plug>
Oops. Just had a thought. (Reads ssh man page.) Yep. The default encryption for sftp transfers is 3des — a rotor algorithm. So any error in transmission will silently create an error in the output. (Does mocking little dance.) There's an option to use blowfish, which is way too big and complicated for my little brain, so I couldn't tell you how it handles errors.
I've been building client/server apps that use crypto for 8 years, and I've never once referred to an MD5 hash as a checksum, though I recognize that some might.
Some? There are 2.7 million pages in Google that reference the phrase (not the words) "MD5 Checksum".
Of course, MD5 also falls into that category of "useless for assuring data integrity", so that's a moot point.
No it's not. I didn't cite "MD5 checksum" as a superior algorithm, I cited it as an example of people using the word "checksum" more loosely than you do.
Sorry, I'm not going to do your homework for you.
I did do my homework. Couldn't find anything to support what you say. If you've actually studied the algorithms, I'll take your word for it. But...
Yes, if data is encrypted, and that data is munged, the encryption breaks, and the decryption fails. That is the nature of encryption.
That's patently not true. Any rotor algorithm such as DES will not notice a munged bit. Just to convince myself that I had that right I actually encrypted a short file with the Linux des command, changed a single bit in the encrypted version, and decrypted it. About 10 bytes got scrambled.
Using my psychic powers, I now perceive that you're saying, "DES is a symmetric key algorithm. Nobody uses those! I'm talking about public key algorithms!" My math isn't good enough to verify that you're right, (nor do I have any PK software to play with) but I'll take your word for it. Just don't get all hot and bothered because I interpreted "encryption" more broadly than you; this time the dictionary is definitely on my side.
FTP is however, more than an order of magnitude faster than SFTP or SCP.
Maybe on your system. I use SSH-based file transfers routinely, and I'm not seeing an loss of speed at all.
When an encrypted connection is slow, it's more than likely that the server doesn't have enough CPU bandwidth to handle its end of the pipe. Now that I think of it, when my company first deployed VPN, it was horribly slugish. Then they upgraded the systems handling the encryption, and it's as fast as any other connection. I suspect that's standard with encypted data transfer; people always overlook the extra CPU capacity they'll need to support it properly.
You're full of shit:
http://www.faqs.org/rfcs/rfc959.html
And yet rumors and blogosphere cruft make up half its content.
You're reading way to much into the authors prose. Being worried about the future of a product is not the same as wanting all competing products to go away.
I have pretty much the same attitude. I basically prefer Firefox to all the alternatives and would hate to see it go away. But its performance and reliability problems are getting to be a bit much. TFA and I both think that if 3.5 doesn't address these problems, Firefox's days are numbered. (He says it does; I haven't had time to install it yet.) That has nothing to do with being anti-competition.
In the above post, where I say, "all the algorithms" I meant to say "all the algorithms used with SSH".
Poster isn't concerned about whether the data has errors. That's a problem for the data creators. He's worried about it getting screwed up in transmission, either accidentally or maliciously
Sigh. You're welcome to nitpick my prose, but would you mind doing so in a way that makes sense. Data that got screwed up in transmission can be said to have errors. And that's what I meant.
and encryption absolutely solves that issue.
How? Not all encryption algorithms break if you mung the data after it was encrypted. Do all the algorithms break if this happens? Show me where it says this, and I'll admit that encryption is sufficient.
BTW, checksum hasn't been considered a trustworthy means of ensuring data integrity for more than a decade.
Dude, you really need to start listening to how people actually talk. For more than a decade, the word "checksum" has been used to apply to algorithms that don't simply add up bits, such as MD5. Not strictly logical, but language rarely is.
I didn't say nobody was against competition, I said that nobody was arguing against competition. MS management may hate having competition, but they'd never admit it in public, not with the DOJ watching.
Since firefox is funded almost entirely by Google, it's a bit of misdirection to claim that it's "run by a nonprofit organization".
How does taking Google money make Mozilla Foundation not-nonprofit? Being nonprofit means you don't pay your owners profits. It doesn't mean you can't have income. In point of fact, many nonprofits have some kind of .
Am I the only one who doesn't see the multiplicity of real competition as a threat, but rather as the greatest success of the Mozilla Foundation?
Huh? Is there somebody out there yelling, "No! We need one browser! Competition is evil"? If so, I haven't run across them.
With browsers (as with any other software) there's always some obsessive fanboy who says that everybody should be using Firefox or Opera or even Lynx. But that just religious non-logic; it's not an argument against competition.
I don't know SSH (which SFTP uses) well enough to say that you're wrong, but I think you are. Encrypting software, in itself, does not guarantee that there are no errors. It's a simple case of garbage-in-garbage-out.
On the other hand, use of SFTP in place of FTP is mandatory in this day and age. FTP sends passwords in clear; anybody using it is wearing a big red sign that says HACK ME!!!!
As for data integrity, this is not exactly new, or rocket science. Here's the magic word: checksum.
You're confusing "good time" with parole. Federal prisoners used to be eligible for parole much like state prisoners, but they took that away in 1987. But they can still get up to 15% of their time off for good behavior.
http://criminal.lawyers.com/drug-crimes/Federal-Crimes-FAQ.html#seven
Well, they were appointed by Get-The-Government-Off-Our-Backs politicos. BTW, who did your vote for in 2000?
Suppose a product you helped create were trashed by somebody. And suppose you thought that person's criticisms were really stupid and childish. Worst of all (from your point of view) your economic future depends in part on how well this product sells. So this person is taking money out of your pocket. Tell me you wouldn't react really strongly.
That's pretty much the situation faced by all the people who got bent out of shape. Presumably they have some economic tie to Coalinga: a house with a big mortgage, a business, a job, whatever. So anybody who says "Coalinga sucks" is taking money out of their pocket.
Which is not to justify the death threats, the boycotts, etc., etc. But we're in no position to talk. On Slashdot, you can generate death threats just by pointing out simple mistakes, never mind a rant about how sucky somebody's favorite product is.
That's a long post, and it doesn't respond to any of my arguments. If you're going to simply ignore other people's arguments, why should they care about yours?
No shit!
You obviously didn't read past the first paragraph. There were two law professors in that interview, and the other one takes a very narrow view of what's fair use. They both agreed that documentary use is fair use. Boyle commented that a law student who didn't know that this ring tone thing was fair use would flunk any exam that asked about it, and the other guy didn't dispute that.
What's the basis for all this bullshit you're feeding us? Watching cable news? Listening to talk shows? Have you cracked a book, gone to a class, studied case law?
People often talk with authority about subjects they know nothing about, but it never ceases to amaze me how many people whose only legal training is TV crime dramas consider themselves legal experts. And in your case, it doesn't even extend to listening to a lawyer's full argument before saying he's wrong!
MHB apparently has made $8million+. If they didn't want to pay EMI then they can simply not use that music.
That is not even an argument. When you take away something that belongs to somebody else, there are many factors that decide whether or not it's legal. But the wealth of the takee is just not one of them. If you don't believe me, go steal Bill Gates's watch and see what happens.
And even if your argument were logical, it wouldn't apply. Because when the producer of MHB approached EMI, she didn't have an $8 million movie. She had a lot of uncut footage and a dwindling bank account that couldn't begin to cover all the coverage fees people were trying to extort from her. In order to get the movie made, she had to bargain, dub over, and even cut scenes because they showed kids dancing to music she couldn't get rights to, and it wasn't possible to dub over it.
One of the missing scenes featured Ray Charles's all time classic, "Hit the Road Jack." If that had been in the movie, I might have gone to see it just to watch kids dancing to it. But it had to be cut. And the issue wasn't even money! You can't get clearance for this song at any price, because the people who own its publishing rights consider it overexposed and are holding it off the market.
If the music clip is being used commercially it's not fair use -
Dude, don't repeat internet folklore as if it were a serious legal authority. This bit of folklore is popular amongst people who like to believe that re-using content is OK as long as they don't make money off it. Has no basis in fact.
Here's an interview with two lawyers (one of them extremely pro-industry) who both endorse the idea that documentary use is fair use. The even cite that ring tone as a classic example:
http://www.onthemedia.org/transcripts/2006/05/19/07
Well, right now you're driving around with maybe 60 pounds of gasoline, a substance with five times the energy density of TNT. Gasoline doesn't release its energy as quickly as TNT, but you can still get a respectable explosion, from it.
Not an expert, but I seem to recall that DC is not that good at producing big nasty sparks. Which is why Thomas Edison claimed that AC was too dangerous for consumer applications. Now we're surrounded by AC devices, each with more than enough juice to kill us.
And yet we get by. It's not the risks, it's how hard they are to manage.