This is a fundemental problem -- if an airline can't fit the thing into its hub-airport terminals, they're just not going to buy it, no matter what its other benefits.
The A380 from Airbus requires major modifications to London Heathrow, the world's busiest airport (indeed, the need for these changes was one of the arguments for a 5th terminal there), but the airlines still seem to be buying them...
A lack discontinuity of thought? I'm not normally one to criticise grammar or spelling, but when complaining about incoherence, you might at least take the effort to be coherent.
I imagine he's probably trusting the OpenSSH team who have finally admitted that this simple workaround works just fine.
The dire warnings suggesting upgrades to 3.3 were, as far as I can tell, just a strawman to get vendor assistance in actually getting 3.3 to work. Although priviledge separation isn't a bad idea in principle, I'd question its value when you're still left with 2500 of recently-written, can't-possibly-have-been-thoroughly-audited code in the priviledged half after the 'upgrade'.
Re:Will we be forced to reboot?
on
Kernel Summit Wrapup
·
· Score: 2, Informative
What about them? For a start, NVidia's decision to release their drivers only as binary certainly shouldn't affect the design of the kernel. But to carry on, how often do you actually update lm_sensors? I run it too, but since it reports the values for all sensors installed on my system, I can't really imagine a reason why I'd want to upgrade it.
Since as a general rule, you only get a new module when you get a new kernel (and you have to reboot anyway for a new kernel), this isn't that huge a problem.
Not too long ago, people were using 286s at 10MHz with 2Mb memory and 20Mb hard disks and thinking themselves lucky. How many Great Leaps Forward do you think it took to get from there to now, where my desktop runs at >1GHz, has 1.5Gb RAM and has a quarter-terabyte of storage?
These things might not always live up to exactly what's claimed for them, but we do have a huge number of big steps forward, leading to the astronomic rate of progress embodied in Moore's law.
That the marketing people forget Gelsinger's coefficient when telling us about the latest Moore's law advance is their natural way...
It might seem silly, but there is method to their madness. The basic idea is that you're going to have a home network. One part of this home network needs to maintain the link to the net, act as server for the rest of the net, etc. So it needs to be a device which is continually switched on - no use using the TV, for example. Obvious solution: use the fridge.
This implementation seems like they've gone overboard on the features, but the basic idea of integrating a computer into the fridge isn't as insane as it seems at first sight.
You're telling me. As someone who's watched one land and take off (from about 50m away), as well as seen it on static display, I'm pleased to confirm that it's big, black and (roughly) triangular:-)
So now that the matrix step has been made a whole 1.17 times faster (or even 3.01 times faster, if you want to believe Bernstein's numbers), you suddenly believe that factoring is within the reach of the common sysadmin?
The Slashdot quote also fails to mention that the device would cost $5000 only for "large quantities". The initial cost to get to the stage of being able to produce that circuit is over $1 million. Granted, they also say that the previous initial cost using off-the-shelf hardware was $62 million, but neither are exactly in your average sysadmin's price range. Bearing in mind that these prices *only* cover the matrix step, the authors are right to conclude that 1024-bit keys are just as safe as everyone thought they were.
If your enemies have a sufficiently large budget to build this kind of thing, they'd almost certainly find it easier just to bribe someone with access to the information to reveal it, to physically attack some unencrypted version of the information, or to retrieve the keys (by, for example, bugging your keyboard).
You should really explain this to Ruhr-Nachrichten, who call me about every 6 months (maybe more often, I'm rarely at home) despite the fact that
a) I've never bought a copy of their newspaper b) As an English person for whom reading German is a chore, not enjoyment, I've no desire to buy a copy of their newspaper c) I have no other prior business relationship with them.
Granted, they're the only people who've ever called, but it's at least one example of German telemarketing laws not working.
See a nearby reply - it's not that I have a problem with supporting Slashdot. My issue here is that Slashdot has the numbers, I want to see the numbers, but the apparently simple solution of Slashdot showing me the numbers hasn't been implemented.
As an aside, I *don't* want to pay 5 measly bucks. My credit card's from an English company, I live in Germany - so I prefer not to use it, because using it involves sending money internationally to my bank account in England in order to pay the credit card bill. PayPal suffers basically the same issue, since they don't have the ability to take money direct from German bank accounts. So if I'm going to go to the hassle of supporting Slashdot, I want to work out how much it would cost to subscribe for maybe a year and pay that - a one time hassle. Does this put a slightly different slant on things?
My company has a proxy (which I'm partially responsible for). I'm kind-of hoping Slashdot aren't planning on charging me for every single page impression. It's not my fault that both the comment posting and messaging systems use far more page impressions than are actually necessary, so I don't propose paying for them - hence the desire for Slashdot to tell me.
Aside from that, Slashdot *has* this code - they must do, or the subscription system wouldn't work. So there's no harm in giving non-subscribers some figures from it, at least for a limited period. Way easier for all concerned than me trawling through our proxy logs with awk or so. I'm the customer here, and that's what I'm asking for before giving my custom.
If you go to McDonalds and they don't give you your fries, do you ask them for the fries, or accept the suggestion from the next guy in the queue that you should have brought your own potato?
I personally would pay - but not until I'm told how many pages I'm using. If they can track this for subscribers, they could surely track it for me - and if database load is the problem here, let people turn it on for one-week periods. Until I can tell exactly what I'd need to pay to get ad-free Slashdot and can then make a cost/benefit decision based on that, I've no intention of paying.
Ah, but if he stole it, it's not his, so he's not the owner. Then again, even if it were "his" Mensa card, aren't Mensa cards the same as every other organisation's cards - "This card remains the property of Mensa..." in the small print? This would leave the logical conclusion that since he's the owner of a Mensa card, he must be Mensa. The other possible logical conclusion is that it's dangerous to interpret people's sentences literally:-)
You *can* drive safely at 90. Try visiting Germany (I'm English, but I live in Germany) for a fine practical demonstration. Most of the Autobahnen have no speed limit. I regularly drive 100-110mph and I'm regularly overtaken (by people with better cars). The annual likelihood of an American driver being involved in a fatal accident are 1 in 4,503. For a German driver, they're 1 in 6,676.
People are that much more alert about changing lane, staying in the correct lane, etc., when there's a possibility there's a Mercedes in the lane they're changing to, travelling 50mph faster than they are.
Most road traffic accidents (and an even higher proportion of fatal accidents) don't occur on motorways. In the normal case, you have a crash on a motorway, there's going to be a 10 or 20mph (or in Germany, say, 50mph) speed difference between the two cars. Have a head-on crash on a road with a 30mph speed limit, you've got a 60mph speed difference. It's the small local roads that need the attention, not the motorways/highways/turnpikes/autobahnen/pick-your- word.
Obviously something based on decent crypto would be the best solution, but I'd settle for something based on no crypto at all. Anything would be better than having no idea whether the person purchasing is actually the cardholder.
I'm also a merchant, and wouldn't want the client to bear any more of the risk. The problem here is that whereas a bricks-and-mortar merchant gets a signature , there's no provision for anything like this for online transactions. Since the risk lies entirely with the merchant, there's no incentive for the CC companies to come up with even the most basic PIN-number systems to replace signatures for cardholder-not-present transactions. So they don't.
Just because I know the risks involved in accepting online transactions doesn't mean there's not a better way. As far as I can see, it'd be possible to reduce the risks for all concerned, but since this would cost the CC companies money, I don't see it happening until someone legislates it, or someone big enough (Amazon?) starts demanding they do it.
"We are here to send the message that those who steal our intellectual property will be prosecuted. This is theft, pure and simple." - Deputy Attorney General Eric Holder.
Seems like not everyone agrees with you. I don't want to show disdain for your clearly encyclopaedic knowledge of the law, but I hope you'll let me off if I trust the interpretation of a Deputy Attorney General over yours. No offence.
Our software doesn't have any nag screens, isn't feature limited, and we'll extend the demo beyond 30 days if someone mails us. Mostly, I think you can decide whether you're going to buy software inside 30 days. If it's some enterprise database installation, perhaps not, but how many enterprise databases get sold as shareware?
Slashdot Mirror
This is a fundemental problem -- if an airline can't fit the thing into its hub-airport terminals, they're just not going to buy it, no matter what its other benefits.
The A380 from Airbus requires major modifications to London Heathrow, the world's busiest airport (indeed, the need for these changes was one of the arguments for a 5th terminal there), but the airlines still seem to be buying them...
A lack discontinuity of thought? I'm not normally one to criticise grammar or spelling, but when complaining about incoherence, you might at least take the effort to be coherent.
I imagine he's probably trusting the OpenSSH team who have finally admitted that this simple workaround works just fine.
The dire warnings suggesting upgrades to 3.3 were, as far as I can tell, just a strawman to get vendor assistance in actually getting 3.3 to work. Although priviledge separation isn't a bad idea in principle, I'd question its value when you're still left with 2500 of recently-written, can't-possibly-have-been-thoroughly-audited code in the priviledged half after the 'upgrade'.
What about them? For a start, NVidia's decision to release their drivers only as binary certainly shouldn't affect the design of the kernel. But to carry on, how often do you actually update lm_sensors? I run it too, but since it reports the values for all sensors installed on my system, I can't really imagine a reason why I'd want to upgrade it.
Since as a general rule, you only get a new module when you get a new kernel (and you have to reboot anyway for a new kernel), this isn't that huge a problem.
Not too long ago, people were using 286s at 10MHz with 2Mb memory and 20Mb hard disks and thinking themselves lucky. How many Great Leaps Forward do you think it took to get from there to now, where my desktop runs at >1GHz, has 1.5Gb RAM and has a quarter-terabyte of storage?
These things might not always live up to exactly what's claimed for them, but we do have a huge number of big steps forward, leading to the astronomic rate of progress embodied in Moore's law.
That the marketing people forget Gelsinger's coefficient when telling us about the latest Moore's law advance is their natural way...
It might seem silly, but there is method to their madness. The basic idea is that you're going to have a home network. One part of this home network needs to maintain the link to the net, act as server for the rest of the net, etc. So it needs to be a device which is continually switched on - no use using the TV, for example. Obvious solution: use the fridge.
This implementation seems like they've gone overboard on the features, but the basic idea of integrating a computer into the fridge isn't as insane as it seems at first sight.
SCP runs over the standard SSH protocol (either SSH1 or SSH2). All SSH security features therefore apply to SCP.
128-bit AES/Rijndael is one of the "recommended" ciphers for SSH2, but is not supported by SSH1. 192 and 256 bit AES/Rijndael are "optional" for SSH2.
Even the B-2 isn't invisible;
:-)
You're telling me. As someone who's watched one land and take off (from about 50m away), as well as seen it on static display, I'm pleased to confirm that it's big, black and (roughly) triangular
So now that the matrix step has been made a whole 1.17 times faster (or even 3.01 times faster, if you want to believe Bernstein's numbers), you suddenly believe that factoring is within the reach of the common sysadmin?
The Slashdot quote also fails to mention that the device would cost $5000 only for "large quantities". The initial cost to get to the stage of being able to produce that circuit is over $1 million. Granted, they also say that the previous initial cost using off-the-shelf hardware was $62 million, but neither are exactly in your average sysadmin's price range. Bearing in mind that these prices *only* cover the matrix step, the authors are right to conclude that 1024-bit keys are just as safe as everyone thought they were.
If your enemies have a sufficiently large budget to build this kind of thing, they'd almost certainly find it easier just to bribe someone with access to the information to reveal it, to physically attack some unencrypted version of the information, or to retrieve the keys (by, for example, bugging your keyboard).
You should really explain this to Ruhr-Nachrichten, who call me about every 6 months (maybe more often, I'm rarely at home) despite the fact that
a) I've never bought a copy of their newspaper
b) As an English person for whom reading German is a chore, not enjoyment, I've no desire to buy a copy of their newspaper
c) I have no other prior business relationship with them.
Granted, they're the only people who've ever called, but it's at least one example of German telemarketing laws not working.
See a nearby reply - it's not that I have a problem with supporting Slashdot. My issue here is that Slashdot has the numbers, I want to see the numbers, but the apparently simple solution of Slashdot showing me the numbers hasn't been implemented.
As an aside, I *don't* want to pay 5 measly bucks. My credit card's from an English company, I live in Germany - so I prefer not to use it, because using it involves sending money internationally to my bank account in England in order to pay the credit card bill. PayPal suffers basically the same issue, since they don't have the ability to take money direct from German bank accounts. So if I'm going to go to the hassle of supporting Slashdot, I want to work out how much it would cost to subscribe for maybe a year and pay that - a one time hassle. Does this put a slightly different slant on things?
My company has a proxy (which I'm partially responsible for). I'm kind-of hoping Slashdot aren't planning on charging me for every single page impression. It's not my fault that both the comment posting and messaging systems use far more page impressions than are actually necessary, so I don't propose paying for them - hence the desire for Slashdot to tell me.
Aside from that, Slashdot *has* this code - they must do, or the subscription system wouldn't work. So there's no harm in giving non-subscribers some figures from it, at least for a limited period. Way easier for all concerned than me trawling through our proxy logs with awk or so. I'm the customer here, and that's what I'm asking for before giving my custom.
If you go to McDonalds and they don't give you your fries, do you ask them for the fries, or accept the suggestion from the next guy in the queue that you should have brought your own potato?
Sure, I could do that, but as I click the catch on my Delta Shockproof Lighter, I look down at my You are dumb v2 t-shirt, briefly ponder whether I should have worn one of the other 6 ThinkGeek shirts today and come to the conclusion that supporting Slashdot the old way, you saw what you were getting beforehand :-)
I don't really think it's asking a lot to know how much Slashdot wants from me...
I personally would pay - but not until I'm told how many pages I'm using. If they can track this for subscribers, they could surely track it for me - and if database load is the problem here, let people turn it on for one-week periods. Until I can tell exactly what I'd need to pay to get ad-free Slashdot and can then make a cost/benefit decision based on that, I've no intention of paying.
I have a friend who drives his Porsche on the Autobahn at 330km/h. Occasionally :-)
Ah, but if he stole it, it's not his, so he's not the owner. Then again, even if it were "his" Mensa card, aren't Mensa cards the same as every other organisation's cards - "This card remains the property of Mensa..." in the small print? This would leave the logical conclusion that since he's the owner of a Mensa card, he must be Mensa. The other possible logical conclusion is that it's dangerous to interpret people's sentences literally :-)
s/likelihood/odds (before someone picks me up on it)
You *can* drive safely at 90. Try visiting Germany (I'm English, but I live in Germany) for a fine practical demonstration. Most of the Autobahnen have no speed limit. I regularly drive 100-110mph and I'm regularly overtaken (by people with better cars). The annual likelihood of an American driver being involved in a fatal accident are 1 in 4,503. For a German driver, they're 1 in 6,676.
- word.
People are that much more alert about changing lane, staying in the correct lane, etc., when there's a possibility there's a Mercedes in the lane they're changing to, travelling 50mph faster than they are.
Most road traffic accidents (and an even higher proportion of fatal accidents) don't occur on motorways. In the normal case, you have a crash on a motorway, there's going to be a 10 or 20mph (or in Germany, say, 50mph) speed difference between the two cars. Have a head-on crash on a road with a 30mph speed limit, you've got a 60mph speed difference. It's the small local roads that need the attention, not the motorways/highways/turnpikes/autobahnen/pick-your
Obviously something based on decent crypto would be the best solution, but I'd settle for something based on no crypto at all. Anything would be better than having no idea whether the person purchasing is actually the cardholder.
I'm also a merchant, and wouldn't want the client to bear any more of the risk. The problem here is that whereas a bricks-and-mortar merchant gets a signature , there's no provision for anything like this for online transactions. Since the risk lies entirely with the merchant, there's no incentive for the CC companies to come up with even the most basic PIN-number systems to replace signatures for cardholder-not-present transactions. So they don't.
Just because I know the risks involved in accepting online transactions doesn't mean there's not a better way. As far as I can see, it'd be possible to reduce the risks for all concerned, but since this would cost the CC companies money, I don't see it happening until someone legislates it, or someone big enough (Amazon?) starts demanding they do it.
...and thereby anger my genuine customers by forcing them to scrabble round for a serial number when they want support? Nice plan.
"We are here to send the message that those who steal our intellectual property will be prosecuted. This is theft, pure and simple." - Deputy Attorney General Eric Holder.
Seems like not everyone agrees with you. I don't want to show disdain for your clearly encyclopaedic knowledge of the law, but I hope you'll let me off if I trust the interpretation of a Deputy Attorney General over yours. No offence.
No, but you've (to my mind) stolen from the author of the book.
Our software doesn't have any nag screens, isn't feature limited, and we'll extend the demo beyond 30 days if someone mails us. Mostly, I think you can decide whether you're going to buy software inside 30 days. If it's some enterprise database installation, perhaps not, but how many enterprise databases get sold as shareware?