Slashdot Mirror


User: ivan256

ivan256's activity in the archive.

Stories
0
Comments
6,818
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,818

  1. Re:Banning MD5 is stupid and small minded on Practical Exploits of Broken MD5 Algorithm · · Score: 1

    Stupid windows clipboard. Obviously that first quote is from the wrong part of your comment... I meant to quote the part about not having gigabytes of storage in embedded devices... You'll figure it out, I'm sure.

  2. Re:Banning MD5 is stupid and small minded on Practical Exploits of Broken MD5 Algorithm · · Score: 1

    You keep saying "trivial this" and "trivial that". Think about computing these things millions and millions of times.

    It can make a HUGE difference in power utilization, network protocol overhead, etc...

    Your philosophy is similar to the ones that cause new software to be so bloated and unwieldy.

    The difference in electricity and heat output between MD5 and a newer hash is trivially small. Absolutely no-one will notice the difference. Just think about wasted CPU cycles to service the interrupts in comparison.

    Sure they do. Some of them have gigabytes built in, some of them connect to storage networks with petabytes of storage attached to them. Millions of them route networks and can cram tens or even hundreds of gigabits of data through per second using processors so wussy they would make your gameboy laugh. Want to take a guess as to why we can afford to have millions of these devices in service, hell, why we can afford to keep them powered up?

    it's a trivially small difference, unless you're on a 2400baud connection.

    Doubling or quadrupling overhead is still a 100% or 300% increase in network utilization whether your link is gigabit, or 300 baud. Even over the fastest of links there are people out there who's job it is to sqeeze out every last byte of overhead. The point where things are "fast enough" isn't even visible on the horizon yet.

    The difference in electricity and heat output between MD5 and a newer hash is trivially small. Absolutely no-one will notice the difference. Just think about wasted CPU cycles to service the interrupts in comparison.

    Buddy, you have no idea. This is abolutely the type of thing I think about every day for a living. It does matter. It does make a difference. People build special purpose processors into their machines to compute hashes and checksums faster and with less electricity for a reason. These types of special purpose processors are even starting to find their way into everyday home PCs. They're especially important in datacenters or big research environments though. In these places saving 0.1% in computations could mean the difference between needing another 128 nodes in their cluster, needing another ton of air conditioning, or paying thousands of dollars more a year in electricity costs.

    More is not always better. Quite frequently it's worse.

  3. Re:Banning MD5 is stupid and small minded on Practical Exploits of Broken MD5 Algorithm · · Score: 1
    Yes. I'll make a list for you:

    • Not all computation is done on grossly overpowered machines. (Most systems are embedded)
    • High end storage is faster than the bus speeds on most systems, and many problem sets fit into memory, so you frequently find yourself CPU bound. (Try doing 100,000 8k IOPS on any normal machine... Yet enterprise storage is this fast.)
    • Many operations are latency dependant. (Checksuming user input protocols, for example)
    • Wasting cycles uses extra electricity and generates extra heat. (This is a big deal in datacenters)
    • Hash functions that generate hight bit count output can waste network bandwidth. This is a big deal in cases where you are IO bound. (Think of how much this would suck for things like rsync or BitTorrent)
    • It's more difficult to compare long hash output by eye. (Never underestimate the downside of poor HCI design.)


    I could come up with more all day. Use the right tool for the right job. In general, you'll be glad you did in the long run.
  4. HAH!!! on Record Labels Release Software To Combat Piracy · · Score: 4, Funny

    Man, I haven't laughed this hard all day. Why can't the Slashdot April Fools posts have this level of quality?

  5. Re:guns as a tool on When More Information Isn't a Good Thing · · Score: 1

    Sure you did. You said that things are a lot different now than they were when it was written. What I was saying is that things aren't any different now as they were then when you boil it down to basics.

    Read the text again. It doesn't say that the militia is required to defend the country, it says that it's required to maintain security.

  6. Re:guns as a tool on When More Information Isn't a Good Thing · · Score: 1

    A well regulated militia, being necessary to the security of a free state, the right of the people to keep and bear arms, shall not be infringed.

    Every word still insightful and applicable. You're just naive and narrowminded. For a state to be both free and secure, not only do it's citizens need protection from outside aggression, but they need protection from hostile people within their communities (civillian policing isn't a task of the federal armed forces. Local police forces are civillians who are allowed to bear arms under the second amendment.) as well as from forces in their own government who would wish to move towards a less free state. Admittedly the latter of those reasons is impractical and unlikely, however, you are not secure and free if you are unable to protect yourself from the inevitable evils of humanity that would wish you harm in one form or another.

    Since it's a right, a right, I might add that is granted by our possesion of free will, and not by the document; it's only written in the constitution as a validation. Since it's a right, you can choose not to exercise it if you don't like it. Since it's a right you cannot take it away from others. If you try, not only will you fail, but you will fail in the worst way, since people who wish you harm are unlikely to abide by your laws, and the virtuous who would protect you probably won't have the tools they need to get the job done.

  7. Re:Examples: on Playing CDs a Privilege Not A Right · · Score: 4, Insightful

    Those are all lovely examples. Except for the one that's wrong.

    People don't enter into the contracts you describe when they purchase CDs, books, movies, or most any other creative media, because if they did you'd have a point. The power content providers wield over consumers comes from something other than contract law...

    The problem here is that congress passed a law that made it illegal to circumvent DRM, and in the process gave away their power to determine what rights content owners have. As soon as congress figures out that they gave away some of their power things will get fixed. How many decades will it take?

  8. Re:Banning MD5 is stupid and small minded on Practical Exploits of Broken MD5 Algorithm · · Score: 1

    Exactly. There are even more simple examples than that too. Like finding dupilcates in a large set of data. Since you're probably going to do a byte for byte comparison anyway when you get a hit, It may even make sense to use something weaker than MD5.

  9. Banning MD5 is stupid and small minded on Practical Exploits of Broken MD5 Algorithm · · Score: 3, Insightful

    It's dumb to ban MD5. It is still, and will continue to be a useful tool in situations where a cursory comparison is needed for reasons other than security. It would be silly, stupid even, to use a larger hash that requires more (slower) computation in these situations. Banning MD5 can mean one of two things: Either it's a stupid publicity stunt that will result in slower code overall, or that Microsoft doesn't trust it's developers to be smart enough to know when a particular hash is appropriate.

  10. Re:Not all jumping ship... on Current-Gen Price Drop and 360 Shortage · · Score: 4, Informative

    For a while into the PS2 life, PS1 games still came out

    If by "for a while," you mean "to this day," then you're correct. (Actually, I don't know if that's fair, since I think it's been six months since the last release, but it's still recent.)

    It was a great way to break into the market for small developers

    No, it was a cash cow for existing developers with mature PlayStation engines (EA Sports, for example), and developed demand for the PSone, which didn't come out until well after the PS2 was released.

    Similarly, expect Sony to continue to manufacture and sell slim PS2s for years after the PS3 release. Don't be surprised when they sell like hotcakes at $79 either.

  11. Coming soon? Try "already" on GoogleTV Coming Soon? · · Score: 2, Insightful

    Google appears to have added their name to a frequent (seems coutinuous to me) segment on Al Gore's new "Current" network. It's been running for at least a week now.

  12. Re:Daikatana - what was all that about? on John Romero Back In The Game · · Score: 2, Interesting

    There were three things wring with Daikatana that earned it the reputation it has today.

    First off, you know how they poke fun at Duke Nukem Forever? Well before Duke, there was Daikatana.

    Next, the game was incredibly hyped. Everybody had high hopes for all the whiz-bang new features that it was going to have, and how great it was going to look. It only underdelivered slightly, but there was much too much hype for it to ever live up to, which was compounded by the last point:

    It was so late that it was behind the times both technologically and game concept wise by the time it finally hit the shelves. It looked and played like Hexen, except it came out two years after that in the middle of the first GPU boom.

  13. Re:Too many emotionally retarded gamers. on Games Can Make Us Cry · · Score: 1

    Yup, I knew it. That's part of why I picked it as an example.

    The development focus on Oblivion seems to be on making combat and stealth more complex, while the size of the world and the number of plot related missions has been drastically reduced.

  14. Re:Too many emotionally retarded gamers. on Games Can Make Us Cry · · Score: 2, Insightful

    Because so far, a story in a game has not incited a revolution of philosophy or thought

    It's incredibly rare that a book will do this either. Becoming more rare every day, in fact, because publishing is profit driven.

    Everyone can disagree with me, but as far as I'm concerned, the gaming world has yet to produce a truly classic story with really memorable, deep characters. They are excellent, on the other hand, at creating pop culture icons that give us catch phrases.

    I disagree with you on the most fundamental level. Unless, of course, you also think that modern literature has yet to produce a story that isn't a rehash of an ages old plot. The problem isn't that games can't be an intellectual work, it's that the signal to noise ratio is roughly the same when it comes to games as it is with every other form of expression, and there are more books published every week than there are games published all year.

  15. Re:I've always wondered how the holodeck worked. on VirtuSphere Immersive Virtual Reality · · Score: 1

    Supposedly some of the holodeck effects were created with use of the replicator. It could be real water...

    Holy crap I feel dorky for responding to this.

  16. Re:So let me get this straight... on Korean Mozilla Binaries Infected · · Score: 1

    That's nice and all but not realistic. Custom builds can be used for lots of purposes and in many cases users may need such customizations but not have the time or skill to compile the software themselves.

    It is absolutely realistic, because for the vast majority of people, one of the default official builds is sufficient. If something outside the scope of the vast majority of users can't come up with a way to get a trustworthy source of builds, it's almost not worth the effort to help them, and it's certainly hardly newsworthy if a tiny population of users gets infected.

    Certainly a variety of linux distributions have figured out independant frameworks through wich to deliver trustworthy custom builds. Anybody else is perfectly capable.

  17. Re:Too many emotionally retarded gamers. on Games Can Make Us Cry · · Score: 4, Interesting

    The game industry has all but abandoned the adventure genre where we were just beginning to grow up and see some good storytelling.

    Adventure occationally makes a comeback in RPGs. Elder Scrolls: Morrowind is a great example. There's plenty of plot and tons of exploration. The trouble is that the sequels to such games miss the point and fairly universally evolve towards a combat mechanics focus in an effort to gain universal appeal. As long as the reviewers continue to punish developers for neglecting combat and multi-player capabilities, and developers continue to do everything poorly rather than focus on doing one thing well, games will continue to have crappy plots and literary qualities.

    Another perfect example: Xenogears. The game was almost all plot, and the reviewers trashed it for that. Now there are pseudo-sequels and they added so much combat and level grind that you have to buy a 100 hour "episode" to get 20 minutes of plot out of a game.

    learn to appreciate themes outside of their adolescent power and sex fantasies

    Those things describe at least half (but probably more like 90% when you consider how much pulp is published every year) of the literature that mankind has ever produced. If you're willing to seek out the diamond in the literary rough, why can't you accept that there are the same things in the gaming world?

  18. Re:So let me get this straight... on Korean Mozilla Binaries Infected · · Score: 1

    I guess Mozilla needs to find some way to sign installers released by third parties.

    No they don't. All they have to do is sign the first party packages and let the people who are foolish enough to trust an unsigned third party installer deal with the consequences.

    Mozilla.org already ceritifes third party localizations and distributes them from their website, so there is no reason to run an unofficial build that you didn't compile yourself.

  19. Re:So let me get this straight... on Korean Mozilla Binaries Infected · · Score: 3, Informative

    Debian apt runs as root, so you'd better be trusting those apt repositories, and all of the contributers.

    Since official debian packages are signed, it's easy to trust the repository and the contributers due to the magic of the PGP web of trust and the Debian developer vetting process. It's not like you're installing software from some random people you don't know, and it's certainly not like the mirror you use could be compromised as long as the signature is valid.

    You install mozilla as root, right?

    Is somebody forcing you? I never install as root if the package didn't come from a trusted location. If I want to test a nightly, even the binary tarballs from mozilla.org go in my user directory, and aren't installed system wide.

    It's the dumb user that's vulnerable, not the OS. That's equally as true for Windows as it is for Linux.

  20. Re:Phone lines are cash cows? on FCC May Push Bells to Unbundle DSL · · Score: 1

    It's all I need at home. Vontage would be nice, but I can't get a local number with them.

    With number portability, you should be able to keep your current number even if they're unable to supply you with a new one from your area.

  21. Re:Phone lines are cash cows? on FCC May Push Bells to Unbundle DSL · · Score: 1

    I have a Verizon bill right in front of me (though I just canceled the service). $12.70 for the service and $6.38 in taxes. Total: $19.08. That's with $0.02 per call and $0.002/minute charges for outgoing.

    Of course, they can take their crappy ass phone service and stick it. I'm done giving Verizon money. I'm completely fed up with their "what are you going to do about it" policy. But, that's another story.

  22. Re:"Don't be evil" and other corporate nonsense on Is Yahoo Actively Supporting Adware? · · Score: 1

    Dow's motto is "We Bring Good Things to Life"

    Actually, that's GE's old motto, not Dow.

    except they purchased Union Carbide after Union Carbide killed tens of thousands of Indian people when a chemical plant in Bhopal released methyl isocyanate

    What would you have prefered to happen? Somebody has to end up owning that mess. Or are you suggesting that Union Carbide be left to rot until the value was zero as punishment? Either way, this is an amazing red herring.

  23. Re:Range? on MasterCard To Distribute RFID Credit Cards · · Score: 1

    The oscilating magnetic field that generates current in the coil that powers these transmitters has a much, much lower effective range than that.

    Sure, once it's powered up you can snoop the encrypted communications. Have fun with that. The chances of you initiating communications with an idle card without being a few inches away or less is essentially nil.

  24. More fraud, Less Fraud, who cares? on MasterCard To Distribute RFID Credit Cards · · Score: 1

    In the US you're not liable for fraud against your card (unless you committed said fraud) past the first $50. You card issuer has to foot the bill. Do you really think they didn't research this to make sure it wasn't going to cost them a fortune in fraudlulent transactions? And if they didn't, who cares? You don't have to pay for their mistake.

  25. Re:Ubuntu on Debian Core Consortium Releases First Code · · Score: 1

    And my favorite; set unstable and pull KDE. You will get KDE, but no KDM. Although you'll get every kgame ever written. It won't check to see if X is installed. Then you can install xserver-xorg, and when you start it you find that you have no fonts. Where are those dependencies?

    Because of the client/server nature, those things aren't dependencies. If you want a working KDE/X desktop, there's a meta package that depends on the parts you need to do that. If you want to run KDE, all you need are the x libraries and Qt. The X server and the font server may be on another machine. The display manager isn't part of the desktop...

    There's nothing broken, or even inconvienient here.

    I don't know, it just seems like there should be packages for common names; apache, samba, php, mysql, etc that would get you the version for the environment you use. But you should be able to simply 'apt-get install kde34' from stable and expect a package.

    There's no reason for that since there's a good search utility in apt-cache. I'd rather be able to specify exactly what I want than have generically named wrappers.

    And everything in the descriptions of testing and unstable lead people to stay away from them if they aren't well versed in Debian speak.

    I completely agree with this. The names are terrible. They should be called 'consistent,' and 'bleeding edge' or something. Unless you're testing, there's no reason to run testing. (Unless you like your system being broken for weeks at a time).