Link level compression is great for compressing IP datagrams, because much of the TCP / UDP / IP header information is redundant for a series of packets.
Unfortunately, compressing data on the link level is not quite as effective as compressing the original data in advance.
The reason is simple: most compression algorithms in this field use some kind of dictionary of repeated patterns. Instead of storing all the data for repeated patterns, pointers to dictionary entries are inserted into the data stream. Because PPP packets are relatively small, chances of finding repeated patterns are slim. Of course, you could group several PPP packets together and compress then as a whole, but this would negatively affect latency times.
The best thing to do would be compressing data at its origin (on the web sever serving the files) and use PPP compression for the protocol overhead (TCP / UDP / IP headers).
Ok, I'm not going to discuss wheter or not the above comment is funny by any definition. The point is that people have been and still are dying. Marking a comment making fun of these facts as +5 funny is just *plain* stupid.
In fact, if you ask a human being for 3 random numbers, odds are very good that they will give you at least two sequential ones...such as 7 6 2...or 5 9 8...
Well, if every tripple of digits would be different from all the previous tripples, the entropy of the 1000th tripple would be pretty low, because it's got to be the remaining one, right?:)
How would you know? The form content may be submitted via HTTPS; but sending the form itself via unencrypted HTTP makes it easy for an attacker to replace the HTML-code and instead point the form action to the attacker's web server... DNS poisoning or TCP connection hijacking anyone?
Sending information through a form received over HTTP is dangerous, no matter where the form action is intended to point to. Browsers should warn their users about it.
Again, this shows how important it is to use separate key pairs for different jobs.
Imagine you use the same private key for both vulnerable SSL servers, and for offline protocols, such as PGP or S/MIME. Whoever successfully attacks your interactive SSL server would be capable of reading encrypted mail sent to you in the past.
Come on?! If ISS does not document a security issue in time, somebody else will... and therefore ISS' credibility will suffer over time. I'm not sure if I see the danger of corruption here.
Personally, I think 30 days is a good time span for letting software companies fix their code. On the other hand, why wait 30 days until mentioning the vulnerability? ISS could simply announce that there *is* a problem with a given product without going into the details ("buffer overflow in Bind, tracking number #25521, details will be published December 16th 2002"). So, if your business runs a vulnerable piece of software which is not critical to your operation, you can disable the service until a patch is available. If the software is critical, it's up to you to take the risk.
... and thanks for linking to the videos.
on
Fanwing Planes?
·
· Score: 2, Insightful
Come on, there's no need for a direct link from the articel to the videos hosted on fanwing.com. Perhaps I *too* could have a look at the pictures if the server wasn't slashdotted because everybody's trying to download the videos...
I'm wondering if those publications are freely available from the internet? I think paying a couple of bucks and in return having 7'100 publications ready for searching/reading would be a great thing. If only they published a list of which publications they are going to make available...
According to the site, Yahoo plans to charge consumers between $1 and $4 to retrieve files from a specialized database of some 25 million research documents culled from 7,100 publications (...)
The spacecraft will also carry your personal relic, memento, or treasure to the moon. TransOrbital will approve, on a case by case basis, the transportation of ANY INERT OBJECT to the moon.
Hey, what about sending a Windows XP box up there? The term inert seems like a perfect fit; and it's only $2500 per gram, so if every Slashdot reader donates some bucks... =)
New Zealand was the first country to release the system because of our position on the international date line.
Which means no Windows XP in Nukualofa? They are at GMT+13:00 while New Zealand is just GMT+12:00.
What an interesting post. Stuff that matters.
American cryptography, that is
on
Blaming Encryption
·
· Score: 2, Insightful
How did Americans actually get the idea that American cryptography is the only possibility for terrorists to communicate in a secure way?
Russians had (and still do have) their own cryptographic algorithms, as do Germans, Australians, Italians. I mean, what's the difference? Do export regulations really make that much of a difference?
The following happened about two years ago, when we had a total solar eclipse over here in Switzerland:
Some friends and me were discussing the event. The question "how do you know when a total solar eclipse is going to occur?" was raised. One of the girls, and she was not kidding, said "well, a total solar eclipse happens only if there is a full moon."
Compaq is believed to be worried that IBM will
come to own the Linux market and that it'll be
nosed out so it's planning on raising its Linux
profile.
After my visit to Linux World in New York, I was a little afraid of IBM's sudden interest in Linux and the amount of money they were about to invest into Linux solutions. But hey: if this means Compaq is going to raise their Linux profile, that's fine with me.
It will also participate in Oracle's Linux
Lab to optimize kernel development and
performance.
Ok, now given that a Solaris Threading Library
probably wasn't on many Linux user's wish list,
Compaq's plan to help in optimizing the Linux
Kernel for SMP systems sounds like christmas to
me.
I've been one of the pioneers to use DSL lines for private use here in Switzerland. I leased the lines directly from our swiss phone company and the fun thing is: They offer two different services: voice and data. Even though the data services are about twice as pricey, both use the same medium (cables, etc). Voice works fine for data, just don't tell them you are using them for digital data transfer.
How expensive is it to get your line hooked up in the US? In Switzerland, it's about $700 per endpoint (which is really expensive in my humble opinion), whereas the monthly fee for a 4 kilometer line comeas at a little more than $100 (which on the other hand is a good price for 2mb full duplex).
What kind of modems do you use? Right know I'm using pairs of Ascom Colt SOHOs for bridging ethernet networks at 2mb.
What examples of fair uses absolutely require
access to the work in its most modern, digital,
uncorrupted, un-macrovisioned form? The only
one that jumped out at me is making a backup
copy in case the original is destroyed. But
perhaps there are others.
Erms, what about actually watching the movie? To display it, you need the image data in unencrypted form. Even if your video card can help you dealing with the Macrovision crap, sooner or later you need to decrypt the data to play it.
Another point: the DeCSS code allows people to watch movies they bought, without buying a player from a company which licensed the required keys. If feel there's nothing wrong about buying a movie and being allowed to watch it, no matter what player from what company the consumer prefers to use.
Other sources say that a virtual call take about
as long as four assignment ops. Almost anything
that you might want to call through a virtual
function will take at least an order of magnitude
more time than that. Thus, the time taken by the
virtual call itself is irrelevant.
You are missing the point here: if the method is not virtual, the compiler may choose to inline small methods (get()- and set()-methods), in which case the method invocation is basically free.
If the method is virtual and you call it through a pointer (like this, even if used implicitly), the compiler has no choice but to generate code which considers the vtable which is an indirection and therefore takes more time.
Simulating the same behaviour in plain C would probably use the same amount of execution speed, even though making your code more complicated and harder to maintain.
> Which is scarier? MS is not being
> truthful about this situation or MS
> doesn't bother to check it's ToS
> agreements before it debut's new
> services?
Mmh, didn't you ever wonder why the ToS is written the way it is? I don't believe Microsoft wants to use your email in their marketing campaigns. I think it's an elegant way to say "our services are pretty easy to crack; so, if somebody breaks in and takes your data, there are no legal consequences for us."
You should take a look at Sun's Java Classes available on their Java website. These classes are designed pretty well, and the standard of the code is very high.
Even though this code is pretty high-level, it shows some interesting programming aspects (hashed lists, interfaces, object oriented design, just to name a few).
Well, at least in Europe we hide easter eggs for childern to search and find them. So I'd define an easter egg as anything hidden inside a piece of software, be it a visual effect, joke, sound, or whatsoever.
Slashdot Mirror
Oh well ... but they *do* have funny wallpapers ... and notice the clever placement of the windows, guess MDI has its advantages after all :)
Gates: Understand those are cases where you are downloading third-party software.
...
Well, sure, if you call the payload in a buffer overflow attack "third party software"
http://www.beosjournal.org/index.php?ct=r&ru=2003- 06-03-zetab5
Link level compression is great for compressing IP datagrams, because much of the TCP / UDP / IP header information is redundant for a series of packets.
Unfortunately, compressing data on the link level is not quite as effective as compressing the original data in advance.
The reason is simple: most compression algorithms in this field use some kind of dictionary of repeated patterns. Instead of storing all the data for repeated patterns, pointers to dictionary entries are inserted into the data stream. Because PPP packets are relatively small, chances of finding repeated patterns are slim. Of course, you could group several PPP packets together and compress then as a whole, but this would negatively affect latency times.
The best thing to do would be compressing data at its origin (on the web sever serving the files) and use PPP compression for the protocol overhead (TCP / UDP / IP headers).
Ok, I'm not going to discuss wheter or not the above comment is funny by any definition. The point is that people have been and still are dying. Marking a comment making fun of these facts as +5 funny is just *plain* stupid.
In fact, if you ask a human being for 3 random numbers, odds are very good that they will give you at least two sequential ones...such as 7 6 2...or 5 9 8...
:)
Well, if every tripple of digits would be different from all the previous tripples, the entropy of the 1000th tripple would be pretty low, because it's got to be the remaining one, right?
How would you know? The form content may be submitted via HTTPS; but sending the form itself via unencrypted HTTP makes it easy for an attacker to replace the HTML-code and instead point the form action to the attacker's web server ... DNS poisoning or TCP connection hijacking anyone?
Sending information through a form received over HTTP is dangerous, no matter where the form action is intended to point to. Browsers should warn their users about it.
Again, this shows how important it is to use separate key pairs for different jobs.
Imagine you use the same private key for both vulnerable SSL servers, and for offline protocols, such as PGP or S/MIME. Whoever successfully attacks your interactive SSL server would be capable of reading encrypted mail sent to you in the past.
Come on?! If ISS does not document a security issue in time, somebody else will ... and therefore ISS' credibility will suffer over time. I'm not sure if I see the danger of corruption here.
Personally, I think 30 days is a good time span for letting software companies fix their code. On the other hand, why wait 30 days until mentioning the vulnerability? ISS could simply announce that there *is* a problem with a given product without going into the details ("buffer overflow in Bind, tracking number #25521, details will be published December 16th 2002"). So, if your business runs a vulnerable piece of software which is not critical to your operation, you can disable the service until a patch is available. If the software is critical, it's up to you to take the risk.
Come on, there's no need for a direct link from the articel to the videos hosted on fanwing.com. Perhaps I *too* could have a look at the pictures if the server wasn't slashdotted because everybody's trying to download the videos ...
I'm wondering if those publications are freely available from the internet? I think paying a couple of bucks and in return having 7'100 publications ready for searching/reading would be a great thing. If only they published a list of which publications they are going to make available ...
According to the site, Yahoo plans to charge consumers between $1 and $4 to retrieve files from a specialized database of some 25 million research documents culled from 7,100 publications (...)
Hey, what about sending a Windows XP box up there? The term inert seems like a perfect fit; and it's only $2500 per gram, so if every Slashdot reader donates some bucks ... =)
Which means no Windows XP in Nukualofa? They are at GMT+13:00 while New Zealand is just GMT+12:00.
What an interesting post. Stuff that matters.
How did Americans actually get the idea that American cryptography is the only possibility for terrorists to communicate in a secure way?
Russians had (and still do have) their own cryptographic algorithms, as do Germans, Australians, Italians. I mean, what's the difference? Do export regulations really make that much of a difference?
Some friends and me were discussing the event. The question "how do you know when a total solar eclipse is going to occur?" was raised. One of the girls, and she was not kidding, said "well, a total solar eclipse happens only if there is a full moon."
After my visit to Linux World in New York, I was a little afraid of IBM's sudden interest in Linux and the amount of money they were about to invest into Linux solutions. But hey: if this means Compaq is going to raise their Linux profile, that's fine with me.
It will also participate in Oracle's Linux Lab to optimize kernel development and performance.
Ok, now given that a Solaris Threading Library probably wasn't on many Linux user's wish list, Compaq's plan to help in optimizing the Linux Kernel for SMP systems sounds like christmas to me.
How expensive is it to get your line hooked up in the US? In Switzerland, it's about $700 per endpoint (which is really expensive in my humble opinion), whereas the monthly fee for a 4 kilometer line comeas at a little more than $100 (which on the other hand is a good price for 2mb full duplex).
What kind of modems do you use? Right know I'm using pairs of Ascom Colt SOHOs for bridging ethernet networks at 2mb.
Remo
Erms, what about actually watching the movie? To display it, you need the image data in unencrypted form. Even if your video card can help you dealing with the Macrovision crap, sooner or later you need to decrypt the data to play it.
Another point: the DeCSS code allows people to watch movies they bought, without buying a player from a company which licensed the required keys. If feel there's nothing wrong about buying a movie and being allowed to watch it, no matter what player from what company the consumer prefers to use.
Damn. :)
You are missing the point here: if the method is not virtual, the compiler may choose to inline small methods (get()- and set()-methods), in which case the method invocation is basically free.
If the method is virtual and you call it through a pointer (like this, even if used implicitly), the compiler has no choice but to generate code which considers the vtable which is an indirection and therefore takes more time.
Simulating the same behaviour in plain C would probably use the same amount of execution speed, even though making your code more complicated and harder to maintain.
Remo
> Which is scarier? MS is not being
> truthful about this situation or MS
> doesn't bother to check it's ToS
> agreements before it debut's new
> services? Mmh, didn't you ever wonder why the ToS is written the way it is? I don't believe Microsoft wants to use your email in their marketing campaigns. I think it's an elegant way to say "our services are pretty easy to crack; so, if somebody breaks in and takes your data, there are no legal consequences for us."
You should take a look at Sun's Java Classes available on their Java website. These classes are designed pretty well, and the standard of the code is very high. Even though this code is pretty high-level, it shows some interesting programming aspects (hashed lists, interfaces, object oriented design, just to name a few).
Well, at least in Europe we hide easter eggs for childern to search and find them. So I'd define an easter egg as anything hidden inside a piece of software, be it a visual effect, joke, sound, or whatsoever.