This is even worse than claiming that waterboarding isn't torture. WTF? I can't believe that I donated money to this douche in 2008.
When will people learn that all politicians are the same? They all promise whatever they think will get them elected. I guess we only have ourselves to blame for believing them.
Thankfully, Microsoft has failed in their attempt to control the web. Even if de facto standards are all that matters, they will have to be agreed on by at least Microsoft, Mozilla, Google, and Apple.
BTW wikipedia lists the DC as part of the PS2/Xbox/Gamecube generation. It was released four years after the PS1, one year ahead of PS2 and two years ahead of GC and Xbox.
If you're going to use the failed 'appeal to authority' approach in an argument, you should at least use an 'authority', not, you know, wikipedia.
You forgot Option 3, which is to choose an existing software package that's pretty close to your needs and hire people or pay consultants to customize and/or extend it so it fits better. That is often difficult or impossible if you choose a proprietary package, but quite practical if you choose a Free or Open Source one. If your developers participate in the project's community well, there's a pretty good chance others will help you maintain the changes rather than having to keep paying a team to do that indefinitely.
It's always a really dumb idea to download random apps from anywhere as anyone who has downloaded trojans from the Google Market knows. The other important lesson from this is that you should not sign code with a well-known private key. It was a pretty dumb thing for the CM team to do.
If I was going to pick only one language to work with, it would probably be LISP, but Haskell comes a very close second. I like code that does exactly what I want it to do with no side effects.
Google's comparison didn't include those languages, but The Computer Language Benchmarks Game does. SBCL and GHC are near the top in performance, so you wouldn't have to sacrifice much to use them.
Yes its true that C/C++ is generally faster than other languages, but when it comes to writing bug proof code, its not so good. Its very easy to write past the end of arrays and use bad pointers amongst other things.
From a career point of view, C/C++ is bad. I should know, my main expertise is in it and I am struggling to find a job. There seems to be way more jobs for Java and C# programmers.
There are always trade-offs between development time, execution efficiency, robustness, and other properties. Why didn't they include x86 assembly language in their comparisons, though it could certainly be used to write more efficient machine code than C++? There was a time when anything other than C or C++ was seen as luxury programmers couldn't afford. Now, higher level, easier to use languages are generally acceptable for the vast majority of tasks. C and C++ should be reserved for the few cases when optimizations are needed that can't be achieved in a higher level language.
Wow, they compared a whole four languages: C++, Java, Go and Scala, of which, C++ is the fastest. Is this seriously a surprise to anyone?
They didn't include several language implementations which perform better than Go according to The Computer Language Benchmarks Game, such as SBCL and GHC. They didn't even include C, which is far simpler than C++. Unless one restricts herself to the C subset of C++, she'll probably always have more overhead for things like method calls.
Puppy Linux has the non-google Chromium as its standard browser, and it works well for that compact distribution, but I do miss all the Firefox addons. Like Youtube downloaders, Flash video downloaders, NoScript, CW's video plugin to watch free shows, and so on.
I'd sooner that Ubuntu stick with Firefox.
What's installed by default mostly affects new users who don't have a strong preference for particular applications. I'll continue to use Firefox whether or not it's installed by default on Ubuntu, since it will still be in the repositories. That's what I've already been doing with Thunderbird (Ubuntu's default mail program Evolution sucks) and Pidgin (Empathy isn't flexible enough).
Since GPUs are rendering traditional passwords insecure and obsolete, why not go with a broader usage of smart cards? Also, build in mechanisms to deny IP addresses from machines that are attempting to use brute force. I do it with OpenBSD's PF. After so many failed attempts over a period of time, the IP gets blacklisted. After 24 hours, the blacklist gets purged.
Perhaps the article didn't explain it well enough, but brute forcing passwords with GPUs is only useful in offline attacks against the password hashes. CPUs are still plenty fast for online attacks, which are limited by network speeds. Because networks are so many times slower than CPUs or GPUs, true brute force attacks are never practical.
No authentication mechanism (not even the current version of NTLM) properly based on a cryptographic hash limits the length of the password. Any such system produces a fixed-length hash of the password regardless of the length of the password. If a system imposes a limit on the length of passwords, that's a sure sign it's storing the passwords themselves, either in plaintext or encrypted by some common key. This is well-known to be a bad idea, so anyone doing it is extremely ignorant or negligent.
Quadrupling the time it takes to crack a password is significant if yours is one of thousands and the attacker doesn't have the resources or will to crack them all. If your password is four times harder to crack than everyone else's, it may be skipped. Just like any security measure, passwords are never absolute protection.
Any security measure from a closed door to a combination lock to an army can be overcome with enough resources and will. Sufficient security is something that requires more resources or will to overcome than the attacker possesses or just delays the attacker long enough that the attack can be rendered useless. In the case of password hashes being obtained by an attacker, the longer it takes for the password to be cracked, the greater the chance the victim can be made aware of the attack and change the password or take other measures that render the attack useless.
The universe is made of both matter and antimatter. It's just that there turned out to be more matter for some reason that still hasn't been discovered. Since we're made of matter, we don't see any antimatter nearby as it would annihilate us.
Unfortunately, the same is true for any peer to peer protocol. NAT breaks the Internet and there will never be a perfect workaround.
Never say never. NAT will mostly die out with IPv6 given that each person could have many directly routable IP addresses and there will still be lots left over. You switch over for free right now with a tunnel broker if you want.
The auxiliary security aspect of NAT will keep it around for a while I think. But there are better options and a simple firewall rule on the router can replicate the same thing if you only want outgoing connections.
What I mean is that there will never be a perfect workaround as long as NAT is used. Of course, I hope that once IPv6 becomes mainstream, NAT will die out, but I'm not sure that'll happen as some seem attached to it. I will be playing around with IPv6 soon and talking to my ISP about getting it from them.
One of the reasons I'm not certain that NAT will die out quickly even when IPv6 is mainstream is that so many people have the false impression that NAT itself has security benefits. The truth is that implementing NAT requires connection tracking which is also required for stateful firewalls and both NAT and stateful firewalls have grown up simultaneously. Today, it's just as easy to configure a stateful firewall without NAT as with it using Linux iptables for example. However, it'll probably be many years before proper use of stateful firewalls makes it into cheap routers. Many of these appliances currently don't even support IPv6.
Includes and abstracts key NAT and firewall traversal technology using STUN, ICE, TURN, RTP-over-TCP and support for proxies.
Does anyone know how well this works in practice? It seems that some external server will be needed for coordination, making this very much less P2P than it would otherwise be.
-molo
Unfortunately, the same is true for any peer to peer protocol. NAT breaks the Internet and there will never be a perfect workaround.
Adobe's RTMFP has had this ability for years now, and they've since developed it further to include peer-to-peer rebroadcasting.
Except... it requires Flash, which is a dirty word around these parts.
You're totally missing the point. There are many peer to peer protocols that have been used for voice and video chat. Most prominent is the RTP standard which is used by various systems, including with SIP and Google Talk's Jingle. The issue is not the lack of a protocol, but the fact that none is implemented in browsers. If RTMFP were a W3C standard and implemented in browsers, it might be a fine choice. You could probably make a replacement for Skype using Flash, but that would just be replacing one proprietary system with another.
Unless something has changed, Google Voice isn't VoIP, and doesn't charge to call landlines or cell phones because it uses your own phone minutes to call them.
This is describing changes to Google Voice. Presumably, VoIP features will be added to the service.
Oh. When we saw the story the other day that the US had declared that hacking and similar online attacks could be considered acts of war, I didn't understand the purpose of such a statement. Now I understand.
I think we might be seeing the start of America's next war on a general concept.
Any bets as to what the target will be stated as? Anonymity? The Internet in general?
Yeah, you thought the "War on Terror" was vague? How about a "War on Anonymous?" Anyone and everyone could be an "enemy combatant."
Prosecuting crimes and defending national infrastructures are definitely valid activities for a state to do, but would probably be characterized as "persecution" by Anonymous. To be more cynical, many brutal regimes throughout history have also shown that true persecution is often very effective in achieving their goals.
That's why we develop for XHTML 1.0 where I work. We don't need any of the fancy new features and we don't have to spend much time thinking about browser compatibility.
We're almost only skyping with each other. What would you recommend ?
The only chat client that makes sense is the client used by those you want to chat with. Skype works so well for so many, you simply can't expect them to switch.
That's like saying that if someone prefers to communicate only on Facebook, you can't expect them to use email or if they're on the Verizon network, you can't expect them to call you on AT&T. We can't accept that kind of network fragmentation if we ever want the situation to improve.
The unfortunate situation with voice and video is that there never has been one ubiquitous protocol, though there are a number of standard ones. Rather than just giving in to whichever walled garden is the most popular, we can choose to use open protocols and public networks.
I have been meaning to try Jitsi, as I've been disappointed by many implementations of SIP and Jingle in the past. It seems like it might be a potential Skype replacement since it supports so many protocols and is cross-platform. However, to be as easy to use as Skype, you'd still have to use a standard configuration which didn't require users to know anything about the protocol, codec, and other technical details.
Skype outpaces all other alternatives by far, particularly with regards to satisfying the "very easy to configure and use, reliable, multiplatform and has good video/voice quality" requirements. There's a reason so many people use it, and there's a reason Linux users still installed Skype when they were thrown scraps in terms of support and updates.
Keep using Skype until such time that it NO LONGER WORKS (which I suspect will be for a very long time). Just because Microsoft owns it now doesn't mean it's dead. If it finally falls over in something like Linux, then you can move onto something such as Ekiga or whatever else has been developed, but there's simply nothing else in the consumer world that compares.
Heh... "Skype having just been borged". You could at least explain how Skype no longer works for you instead of letting emotions cloud logic.
It's rational to prefer Free Software to proprietary and open protocols to proprietary secret ones. Not only can we not fix Skype when it breaks but we have no idea when it may be leaking information we'd like to keep private. This discussion is about Free alternatives to Skype, so if you have nothing to say about that, you don't belong here.
I don't think Linux developers understand the problem. Once again. It's not about the technology underhood or that the protocol is open. The fact is these things need to be able to call to the "real world" and be able to receive calls from there. Basement geeks probably don't understand it, but that's what most normal people use Skype for. It will also need clients on tons of mobile phones AND it needs to be able to be used with Skype users. Now that Microsoft owns part of Facebook they will probably start using Skype too. You won't win this just because your application is "open".
There have been thousands of SIP gateways to allow calls to and from PSTN and cellular networks much longer than SkypeIn and SkypeOut existed. Skype did not succeed because of SkypeIn and SkypeOut, though that's how it's making money. By my observation, most still use Skype to connect to other Skype users. It succeeded because it made that easy. There are existing open protocols such as SIP and Jingle that can be used just as successfully as Skype, but there hasn't been a single cross-platform implementation that makes that easy and has the awareness of Skype, which has marketing behind it. I haven't tried implementations of the open protocols recently, so there may be a good Skype replacement we can all get behind.
Slashdot Mirror
This is even worse than claiming that waterboarding isn't torture. WTF? I can't believe that I donated money to this douche in 2008.
When will people learn that all politicians are the same? They all promise whatever they think will get them elected. I guess we only have ourselves to blame for believing them.
Thankfully, Microsoft has failed in their attempt to control the web. Even if de facto standards are all that matters, they will have to be agreed on by at least Microsoft, Mozilla, Google, and Apple.
BTW wikipedia lists the DC as part of the PS2/Xbox/Gamecube generation. It was released four years after the PS1, one year ahead of PS2 and two years ahead of GC and Xbox.
If you're going to use the failed 'appeal to authority' approach in an argument, you should at least use an 'authority', not, you know, wikipedia.
If you want to question the veracity of someone else's claim, do it with evidence. You don't have to rely on Wikipedia to find that in the US, Dreamcast was released in September 1999, the PlayStation 2 was released in October 2000, and Xbox and GameCube in November 2001.
You forgot Option 3, which is to choose an existing software package that's pretty close to your needs and hire people or pay consultants to customize and/or extend it so it fits better. That is often difficult or impossible if you choose a proprietary package, but quite practical if you choose a Free or Open Source one. If your developers participate in the project's community well, there's a pretty good chance others will help you maintain the changes rather than having to keep paying a team to do that indefinitely.
It's always a really dumb idea to download random apps from anywhere as anyone who has downloaded trojans from the Google Market knows. The other important lesson from this is that you should not sign code with a well-known private key. It was a pretty dumb thing for the CM team to do.
If I was going to pick only one language to work with, it would probably be LISP, but Haskell comes a very close second. I like code that does exactly what I want it to do with no side effects.
Google's comparison didn't include those languages, but The Computer Language Benchmarks Game does. SBCL and GHC are near the top in performance, so you wouldn't have to sacrifice much to use them.
Yes its true that C/C++ is generally faster than other languages, but when it comes to writing bug proof code, its not so good. Its very easy to write past the end of arrays and use bad pointers amongst other things.
From a career point of view, C/C++ is bad. I should know, my main expertise is in it and I am struggling to find a job. There seems to be way more jobs for Java and C# programmers.
There are always trade-offs between development time, execution efficiency, robustness, and other properties. Why didn't they include x86 assembly language in their comparisons, though it could certainly be used to write more efficient machine code than C++? There was a time when anything other than C or C++ was seen as luxury programmers couldn't afford. Now, higher level, easier to use languages are generally acceptable for the vast majority of tasks. C and C++ should be reserved for the few cases when optimizations are needed that can't be achieved in a higher level language.
Wow, they compared a whole four languages: C++, Java, Go and Scala, of which, C++ is the fastest. Is this seriously a surprise to anyone?
They didn't include several language implementations which perform better than Go according to The Computer Language Benchmarks Game, such as SBCL and GHC. They didn't even include C, which is far simpler than C++. Unless one restricts herself to the C subset of C++, she'll probably always have more overhead for things like method calls.
Puppy Linux has the non-google Chromium as its standard browser, and it works well for that compact distribution, but I do miss all the Firefox addons. Like Youtube downloaders, Flash video downloaders, NoScript, CW's video plugin to watch free shows, and so on.
I'd sooner that Ubuntu stick with Firefox.
What's installed by default mostly affects new users who don't have a strong preference for particular applications. I'll continue to use Firefox whether or not it's installed by default on Ubuntu, since it will still be in the repositories. That's what I've already been doing with Thunderbird (Ubuntu's default mail program Evolution sucks) and Pidgin (Empathy isn't flexible enough).
No sillier than all the recent gesture / software patent applications :)
That's why this is potentially useful. If the USPTO treats this seriously, it can be used as an example of how far things have gotten out of hand.
Since GPUs are rendering traditional passwords insecure and obsolete, why not go with a broader usage of smart cards? Also, build in mechanisms to deny IP addresses from machines that are attempting to use brute force. I do it with OpenBSD's PF. After so many failed attempts over a period of time, the IP gets blacklisted. After 24 hours, the blacklist gets purged.
Perhaps the article didn't explain it well enough, but brute forcing passwords with GPUs is only useful in offline attacks against the password hashes. CPUs are still plenty fast for online attacks, which are limited by network speeds. Because networks are so many times slower than CPUs or GPUs, true brute force attacks are never practical.
No authentication mechanism (not even the current version of NTLM) properly based on a cryptographic hash limits the length of the password. Any such system produces a fixed-length hash of the password regardless of the length of the password. If a system imposes a limit on the length of passwords, that's a sure sign it's storing the passwords themselves, either in plaintext or encrypted by some common key. This is well-known to be a bad idea, so anyone doing it is extremely ignorant or negligent.
Quadrupling the time it takes to crack a password is significant if yours is one of thousands and the attacker doesn't have the resources or will to crack them all. If your password is four times harder to crack than everyone else's, it may be skipped. Just like any security measure, passwords are never absolute protection.
Any security measure from a closed door to a combination lock to an army can be overcome with enough resources and will. Sufficient security is something that requires more resources or will to overcome than the attacker possesses or just delays the attacker long enough that the attack can be rendered useless. In the case of password hashes being obtained by an attacker, the longer it takes for the password to be cracked, the greater the chance the victim can be made aware of the attack and change the password or take other measures that render the attack useless.
The universe is made of both matter and antimatter. It's just that there turned out to be more matter for some reason that still hasn't been discovered. Since we're made of matter, we don't see any antimatter nearby as it would annihilate us.
Unfortunately, the same is true for any peer to peer protocol. NAT breaks the Internet and there will never be a perfect workaround.
Never say never. NAT will mostly die out with IPv6 given that each person could have many directly routable IP addresses and there will still be lots left over. You switch over for free right now with a tunnel broker if you want.
The auxiliary security aspect of NAT will keep it around for a while I think. But there are better options and a simple firewall rule on the router can replicate the same thing if you only want outgoing connections.
What I mean is that there will never be a perfect workaround as long as NAT is used. Of course, I hope that once IPv6 becomes mainstream, NAT will die out, but I'm not sure that'll happen as some seem attached to it. I will be playing around with IPv6 soon and talking to my ISP about getting it from them.
One of the reasons I'm not certain that NAT will die out quickly even when IPv6 is mainstream is that so many people have the false impression that NAT itself has security benefits. The truth is that implementing NAT requires connection tracking which is also required for stateful firewalls and both NAT and stateful firewalls have grown up simultaneously. Today, it's just as easy to configure a stateful firewall without NAT as with it using Linux iptables for example. However, it'll probably be many years before proper use of stateful firewalls makes it into cheap routers. Many of these appliances currently don't even support IPv6.
from the WebRTC FAQ:
Includes and abstracts key NAT and firewall traversal technology using STUN, ICE, TURN, RTP-over-TCP and support for proxies.
Does anyone know how well this works in practice? It seems that some external server will be needed for coordination, making this very much less P2P than it would otherwise be.
-molo
Unfortunately, the same is true for any peer to peer protocol. NAT breaks the Internet and there will never be a perfect workaround.
Adobe's RTMFP has had this ability for years now, and they've since developed it further to include peer-to-peer rebroadcasting.
Except... it requires Flash, which is a dirty word around these parts.
You're totally missing the point. There are many peer to peer protocols that have been used for voice and video chat. Most prominent is the RTP standard which is used by various systems, including with SIP and Google Talk's Jingle. The issue is not the lack of a protocol, but the fact that none is implemented in browsers. If RTMFP were a W3C standard and implemented in browsers, it might be a fine choice. You could probably make a replacement for Skype using Flash, but that would just be replacing one proprietary system with another.
Unless something has changed, Google Voice isn't VoIP, and doesn't charge to call landlines or cell phones because it uses your own phone minutes to call them.
This is describing changes to Google Voice. Presumably, VoIP features will be added to the service.
Oh. When we saw the story the other day that the US had declared that hacking and similar online attacks could be considered acts of war, I didn't understand the purpose of such a statement. Now I understand.
I think we might be seeing the start of America's next war on a general concept.
Any bets as to what the target will be stated as? Anonymity? The Internet in general?
Yeah, you thought the "War on Terror" was vague? How about a "War on Anonymous?" Anyone and everyone could be an "enemy combatant."
Let us know how that works out for you!
Prosecuting crimes and defending national infrastructures are definitely valid activities for a state to do, but would probably be characterized as "persecution" by Anonymous. To be more cynical, many brutal regimes throughout history have also shown that true persecution is often very effective in achieving their goals.
That's why we develop for XHTML 1.0 where I work. We don't need any of the fancy new features and we don't have to spend much time thinking about browser compatibility.
We're almost only skyping with each other. What would you recommend ?
The only chat client that makes sense is the client used by those you want to chat with. Skype works so well for so many, you simply can't expect them to switch.
That's like saying that if someone prefers to communicate only on Facebook, you can't expect them to use email or if they're on the Verizon network, you can't expect them to call you on AT&T. We can't accept that kind of network fragmentation if we ever want the situation to improve.
The unfortunate situation with voice and video is that there never has been one ubiquitous protocol, though there are a number of standard ones. Rather than just giving in to whichever walled garden is the most popular, we can choose to use open protocols and public networks.
I have been meaning to try Jitsi, as I've been disappointed by many implementations of SIP and Jingle in the past. It seems like it might be a potential Skype replacement since it supports so many protocols and is cross-platform. However, to be as easy to use as Skype, you'd still have to use a standard configuration which didn't require users to know anything about the protocol, codec, and other technical details.
Skype outpaces all other alternatives by far, particularly with regards to satisfying the "very easy to configure and use, reliable, multiplatform and has good video/voice quality" requirements. There's a reason so many people use it, and there's a reason Linux users still installed Skype when they were thrown scraps in terms of support and updates.
Keep using Skype until such time that it NO LONGER WORKS (which I suspect will be for a very long time). Just because Microsoft owns it now doesn't mean it's dead. If it finally falls over in something like Linux, then you can move onto something such as Ekiga or whatever else has been developed, but there's simply nothing else in the consumer world that compares.
Heh... "Skype having just been borged". You could at least explain how Skype no longer works for you instead of letting emotions cloud logic.
It's rational to prefer Free Software to proprietary and open protocols to proprietary secret ones. Not only can we not fix Skype when it breaks but we have no idea when it may be leaking information we'd like to keep private. This discussion is about Free alternatives to Skype, so if you have nothing to say about that, you don't belong here.
I don't think Linux developers understand the problem. Once again. It's not about the technology underhood or that the protocol is open. The fact is these things need to be able to call to the "real world" and be able to receive calls from there. Basement geeks probably don't understand it, but that's what most normal people use Skype for. It will also need clients on tons of mobile phones AND it needs to be able to be used with Skype users. Now that Microsoft owns part of Facebook they will probably start using Skype too. You won't win this just because your application is "open".
There have been thousands of SIP gateways to allow calls to and from PSTN and cellular networks much longer than SkypeIn and SkypeOut existed. Skype did not succeed because of SkypeIn and SkypeOut, though that's how it's making money. By my observation, most still use Skype to connect to other Skype users. It succeeded because it made that easy. There are existing open protocols such as SIP and Jingle that can be used just as successfully as Skype, but there hasn't been a single cross-platform implementation that makes that easy and has the awareness of Skype, which has marketing behind it. I haven't tried implementations of the open protocols recently, so there may be a good Skype replacement we can all get behind.
Also,