Secure is a good idea. But even the government has different levels of security. My personal web server does not need triple DES public key kryptography with kerberos login via retinal scan, key fob and password. The computers that initiate missile deployment from our nuclear subs probably do.
But the core question is this: Why would yoo advocate spending taxpayer $$ to fix the problems caused by a greedy predetory monopoly because of their low (lack of) corporate morals? If Ford sold billions of cars that the economy relied on, and those cars where known to frequenly cause traffic jams that disrupted or crippled traffic flow, should we the taxpayer be forced to pay for repairs/upgrades to those cars?
Must be something wrong in your system. On my G3/375(416MB) on pause iTunes 3 uses.05% of CPU. While playing (128kbit vbr) it uses between 25% and 35% of CPU with the sound enhancer and EQ enabled. 67MB of vitual memory, 11M resident. Certainly no behemoth on my ancent system.
That's nice again. But I STILL don't have DirectTV. Hence such a device is useless to me and all the people on the cable systems involved with this release.
The benefit is that as the signal comes off the satellite it can be written directly to disk. The encoder/decoder is not required, and hence you get better video quality.
The reason I've not purchased a Tivo (other than the need for the stupid on-going service) is that I don't want to do MPEG->Analog->MPEG->Disk->Analog to watch my satelite feed. MPEG->Disk->Analog is a much shorter path with only a single decode involved.
This is the reason I'll be getting the DVR from DishTv. The new dual tuner model is pretty sweet.
I have no inferiority complex. I do not require or even suggest that people use all the initials after my name (CCIE, MCSE, CNE, and more) to show any respect for me. It's taken years to accumulate the experience and skills I have in my field of practice also. A doctor deserves no more or less respect than I do just becase their letters are MD.
In a doctor's office there are rarely emergencies, they tend to go to emergency rooms/clinics. When there is and emergency, I understand. 95% of the time, however, doctors simply over-book their calendar with patients. They know damned well they will run late every day. The fact that they set an appointment for me to be there, then break that appointment is the dis-respect. And yes, I understand that to some degree the need to keep up with costs necessitates the patient waiting on the doctor instead of the other way around. But in the end I see this as little different from purchasing an airplane ticket only to arrive on time and be told that I can't fly because they oversold the plane and I've been bumped.
1. Obscure/remote health issues. People who have spent even a week in a different part of the Unites States than where they live may contract illnesses that a doctor back in their local hometown may never have heard of, and hence can't diagnose. For example, here in the SouthWest (Arizona, So. Cal, Nevada) there is a soil/dust borne fungus that when inhaled can cause flu like symptoms. Unless you are from the area a doctor is very unlikely to diagnose Valley Fever properly. If left untreated the fungus can disperse to other tissues, the blood and bone. Death is not uncommon if left untreated. A computer system would be able to take travel history in to account and offer Valley Fever as a possible diagnosis. The doctor then steps in and orders the proper labs for a complete diagnosis. As a partner to the health professional such a database/expert system could 'save' many lives.
2. Doctor's power issues. I can't tell you how often a doctor grimmaces when I call them by their first name instead of "Dr. Important". They are people and I am people, I refuse to cower to their concentrated training in a particular field. I certainly don't expect them to call me Mr. Important when I meet them in a business meeting in my field of expertese. Not all doctors are like that I know. All of the docs I see on a rgular basis are well grounded and have no problems with a first-name basis relationship. In my personal experience they are also much more likey to make me an interactive part of the heath care process instead of treating me as an object or a mere disease to be cured. The catalyst for more doctors to give up that power-centric relationship is for the patients to not tolerate it. Either explain to your existing doctor what relationship you want to have, or find another doctor.
I've just about gone to court several times with doctors. I'd (for example) have a 2pm appointment. I'd show up at 1:50pm, sign in and wait. At 2:15pm if I was not being seen by the doctor I got up and left. Often the office attemtped to charge me for the appoitment, or a cancelled appointment fee. I told them I had a 2:00 appointment and that the doctor was the one who cancelled the appointment by not showing up on time. If they don't respect my time, they don't respect me and I don't do business with them.
Good point. But that could also be said about the initial 'problem'. If someone where going to do a MiM attack via DNS spoof, why would they target Apple and not Microsoft, or Adobe or Id(or whoever makes the latest game).
I think the problem with your statement though is that it qualifies as security by obscurity. Claiming relative safety because of a relatively small size is just bad voodoo.
As for the cracking issue, I'm be far less worried about someone cracking the cipher than I am someone emailing it out of the building, or someone hacking in and downloading it.
Any network port/stack makes such routing decisions. It's how you'r software doesn't have to process every frame on the wire. The card initially ignores anything but broadcasts and frames directed at its MAC. The drivers filter by protocol as to which process the packet should go to. viola... every NIC is a packet filter; prior art.
That's the last (and first) time I repeat anything Leo Laporte says without verifying if first. He offered this as a "Mac tip" on the Screen Savers back in May. I've never had a reason to check it out other than seeing that the files where there, and I didn't have "calculate all file sizes" on in the folder. That guy is just a moronic windbag.
I know ciphers are hard to break. But they are not impossible to break, and certainly not difficult to steal. If (when?) the Apple encrypting key is compromised, potentially the entire Apple community would be affected. Apple could almost totally eliminate that risk with the multiple/unique signing keys method. If they want to fix the problem they should really fix it with something that addresses the 'worst case' scenareo.
The resume on failure is a problem You can find all the successfully downloaded updates in "/Library/Receipts". You can double-click the packages in there to install the update, copy the update to another machine and install it, burn it to CD for later use, etc.
On the down side, Apple doesn't seem to advertise they they store all the update packages there, so some people can't figure out where all the HD space is going.
The solution where there is one private key used to sign, and they give out the public key has a few issues: For someone to steal a single private key is rather trivial. Getting enough CPU together to brute force the private key is relatively simple, especially for a hacker that has compromised many systems and can easily install a distributed key generator on all of them. As was seen by several recent worms/viruses it would be possible to install such a client of literally tens of thousands of systems. Since you can have both encrypted and decrypted versions of the protected information, checking for a good key is easy.
If, in my method, a hacker was to get hold of a public key or two (or a hundred), only a few people or sites would be affected. All the other keys would not be compromised. The risk of wide-spread corruption is almost nil. A hacker would need to get the account information and the account's encrypting key before a successful redirection would work and install the modified code.
Apple already has the infrastructure of the iTools system for storing the private keys for each site/user/system and for the authentication for updates. The only thing that would remain is to be sure they have enough CPU power to to on-the-fly signing for each request.
This is the scenareo I see:
Create a public/private key pair using an Apple supplied utility (or GPG)
Log in to iTools and send them the public key (using SSL)
later:
SWU queries Apple for any new packages
If packages are available, SWU sends the iTools account info (using SSL)
Apple retrieves your public key and uses it to sign the appropriate packages
SWU retrieves the signed packages and verfies them against your local private key
If they pass muster the packages are installed.
Many people will say the single signer model is safe enough. That may be true, but don't for a moment think that it actually eliminates the risk of wide-spread distribution of fake updates. The multiple signers model does.
So now the packages are signed with some sort of checksum, like PGP or GPG or MD5. But the whole verification process is automated. So the installer now goes and gets the checksum from an Apple server.
A hacker now just has to do some more work. Instead of just the DNS misdirection, they now need to create a checksum for their bad/malicious code. The updater will query their fake update server for the now forged checksum and see it matches the fake update package that was retrieved from the same hacked up server.
Even if they automatically get the checkum from a specific IP or set of IPs, all one has to do is create a server with that IP and insert it in the network and get a few routers to change their IP routing tables.
If they use a third party to verify the downloaded checksum is authentic, that server itself is vulnerable to the DNS and IP routing 'man in the middle' attacks.
This just makes the haker's job a little more complex. But if they have privs to alter DNS on a server this is just two minutes extra work.
This whole thing is just silly. The initial problem was a non-problem. The solution doesn't provide any substantial obsticle to someone that wants to perpetrate such an attack. There in fact is no solution other than a 1-1 split key system. I generate a public key one time and send it to Apple. They then use that key to encrypt/sign all the updates sent to me. I use the private key to verify/decrypt the update and install it. I know that only Apple has my public key so I can be safe.
The problem here of course is that Apple needs to store potentially millions of public keys on their servers, and use a lot of CPU to do the unique signing/encrypting as people request the updates.
The split key eliminates the man in the middle, as they have no way to get ahold of each user's public key. They can't fake one, and no amount of DNS or IP redirection (other than the initial sending of the public key) will allow them to masquerade as the authentic site.
I did not claim to be an expert in anyting. I did not make any reference to "the poor", besides: the notion of poverty is a manifistation of guilt of those with more money/resources than they need. I f one is happy with what they have, they do not consider themselves poor. If one feels they may have too much, they label those with less as 'poor'. Try this sometime: go to a 'poor' area and poll the people with a simple question: "Do you consider yourself poor?" I think you'll be surprised at the number of people who respond 'no'. From the standpoint of those with an overabundance, there will be poor people; at least until the planet is a single socialist society or people get over the guilt of their wealth.
Saying that the people in the third world are poor simply because they don't have monetary resources equal to that of your average American is just plain ignorant. It is completely feasable to order a society around an economic system other than the US dollar or currency in general. In fact most of the third world countries have been doing it for millenia, it's called bartering and community property. Common currency allows for easier trade across a larger area, once a common value of a product has been settled upon.
I never suggested hand outs, substinance rationing or anything of the like. I merely suggested that in a third world society there are probably things more impotant than an electronic device for which there is likely no infrastructure and for which there is a high risk of loss of the device due to damage without any means of local/self repair.
The cow, grain, and plow I suggested are all self sustaining, profitable items both to the individual and the community in both monetary and sociological ways. A cow provides calfs, milk, blood, and at some point meat (well, except in India). Grain can be planted to grow more grain and then harvested for building materials, food, fuel and more grain seed. The crop waste can be tilled back in to the soil with the plow to naturally fertilize the fields for the next crop.
You see... my suggestion was that there are more practical things that these people could spend money on that would have a more direct and longer lasting effect on the person and the community. My suggestions require no futher costly infrastructure to achieve benefit. A very poor community could indeed purchase such a hand-held computer. Then they need to purchase batteries, smart cards, and the information (or bandwidth to access it) to make the device useful, never mind the inevitable repair and replacement cost of the device itself. If education is the goal, a lower technology format of books would probably be a better choice. Giving a computer to a community that doesn't have access to a library seems to be akin to giving a 6 year old a Ferrari. Sure the high Ferarri is the 'best' form of personal transortation, but the kid can't ride a bike yet. Think about how many used encycolpedias, literary works, fictional novels and other used books could be sent to or purchased by these communities for the price of one of these gadgets. My local university surplus outlet, and my local thrift stores (good will, salvation army, etc) all sell used books for anywhere from $.05 to $1.00. Even in my reguar used book store I just picked up a copy of "McGraw-Hill's Concise Encyclopedia of Science & Technology" for $20 (A $400+book). So on average a comminty could purchase 300+ books for $200. Up to 300 people could access that material at any time. With the computer, $200 gets one useless device (smart cards and content are extra $$) that only one person can access at a time.
Which do you choose: the hard or soft option?(wasn't that the Pet Shop boys)
Here's a site that goes in to the math, theory and formulas of a gauss gun. At the bottom of the page there are some links to completed projects. There's an image of a completed gun on the top of the front page.
using a virus that can't replicate on its own. It just doesn't have the machinery to do so
Uh huh. And just how many times has something that "can't happen" happend in research?
You are putting a virus with no capability to reproduce in to a cancer cell with an over-ability to reproduce. Are you telling me there is abosoutly no way that a cancer cell will mutate, accept the introdouced virus and create a new hybrid cell/virus that carries the deadly portion and the reproduction capability? I don't ask if it's unlikely, but guaranteed impossible.
I'd think this is especially bothersom with a virus that is as higly mutative as HIV is.
But I've also had people ask "Can I put the hard drive under the desk?", again meaning the entire system unit, not just the hard drive. Another common one is "I want the hard drive off the floor so it doesn't get kicked".
Yes, the spec documents cost a pretty penny from what I can see. The minimum price to join the body is $2,500, and then you can access the specs. But think of all the work that has gone in to this spec by people who understand both programming and human interface. Has anyone even approached OpenGroup to see what they would charge the FSF/GNU or someone like it to access the spec and generate a free, open-source CDE? Even if it is 'full price', what's the price of going down the current GUI road: competition with Microsoft, Apple, CDE (Sun, HP, IBM, etc) versions of a GUI by a fragmented (KDE and GNOME at least). open source community. Seems better to join the one party that it's feasable to join (CDE) and spend the development cycles elsewhere, like developing better user-centric applications.
Even if no-one can/will create a group to join and access the spec, there's still the fact that almost every other platform in the computing world ships with one standard GUI look & feel, and accompanying APIs and libaries. Gnu/Linux is the only OS that seems to suffer this multiple personality disorder.
There are apparently at least a few groups of people in the open source commuity that are capable of designing the operating stuff of a GUI. What needs to happen is that a group needs to combine all those resouces and some people with good computer/human interface skills to design one community agreed on standard API and look & feel. I merely suggest CDE since it exists, it's proven and there's a lot of software already in the world that's written to use it.
Perhaps you should look at ".mac" as a neat thing. Perhaps Apple is starting their own TLD of.mac. Then you would have an address of something like: me@mac
You could also visit the sites: g4.mac and i.mac.
Only registered Macintosh owners could register names and email addresses in this domain. And unlike Microsoft who took an existing TLD and made it a product name (.net) Mac would take a product and make it a TLD. Certainly a first.
I mean, as long as we're starting rumours here, this seems like a neat one.
The clock-speed gain for x86 is 150%. The current speed is 250% of the original, but an increase of 1.5Ghz is only a 150% increase from 1Ghz.
Oddly, you correctly calculated the G4's speed increase as 30% (30.5% actually)
It's not hard if you have knowledge about the underlying system.
Let's say your a typical PC user that doesn't know the difference between a hard drive and a computer case (I can't count how many of my customers tell me the hard drive is making a noise when they mean the case).
You manage to find some neato piece of software and download it via Mozilla to your user folder. Now you've got a file foo.tar.gz. What next? What manual do you read to figure out what to do with it?? You double-click the file for some help, and after a few seconds you get a screen full of seemingly random characters. You then email or call a friend, or post in an on-line support forum to learn that you need to open a shell and type "gunzip -c foo.tar.gz | tar -xvf -". You think "That makes no sense, but okay." and you do it.
Now you get a command prompt back. Nothing that says the task completed successfully. Nothing that tells you what happened. You poke around in your GUI file browser and notice there is a new directory called "foo", so you double click it. You now see a bunch of files, one looks suspisiously useful "README". So you double click it.
The file tells you to type "./configure". Again you don't have a clue what it means so you type it in and the editor obligingly inserts the text at the top of the README document your are viewing. Nothing tells you there is an error, that a task completed, or that you just typed the command in the wrong place.
Another trip to email or posting to the support forum and you find you need to type that command (and all others) in to the shell prompt window. You get done with the "make install" command and again, nothing tells you that it all went well, what went where, or what to do next. Nothing in your home directory looks different so there's nothing new to double-click on.
For kicks you switch back to the shell and type the command "foo" (the name of the program you downloaded), and get back a "command not found" error message. Back to the email/support forum and you learn you must type "rehash" in the shell window, then you can type "startfoo" to actually get the program going.
There is nothing inherent about the filename "INSTALL" that tells a novice user that the installation directions are in that file. Even if the README exists and directs the user to INSTALL, there's still many points where there is no intuitiveness to the installation. A file named "HELP" would probably be the best choice for the "average" user.
Now compare that install to a Mac OS X software install:
Download
double-click the new icon, stuffit expander launches and expands the archive. (depending on browser config, this step may be optional)
A new icon appears
Double-click it
A window opens with a big icon and text that says "drag to hard disk to install", or an icon named "Foo installer".
You either drag or double-click. In either case, a window appears showing you the progress of what is going on. Usually during an actually installer program you get information about what will happen, where files are going, and what to do next.
Almost anyone with any level of computer experience can figure this Mac OS X install with no help. Throughout the installation there are new icons and windows appearing as a direct result of user action. During operations they are informed of the status of the operation and the result of it. Until a GNU/Linux desktop can achieve this type of intuative ineraction it will never achieve any significant install base in the home user desktop environment.
Well, then what's say that the Gnu/Linux community adopt CDE (Common Desktop Environment). This interface was developed by at least HP, IBM, SCO and Sun as a method to make the adoption of Unix on the desktop easier (ie: to compete more effectively with Microsoft). The user gets a standard X based GUI where all the icons and tools are in the same place, do the same things and clicking the mouse works the same way. There's already a port available for Gnu/Linux.
All it would take is for a few of the larger distros to start making CDE the default X desktop. RedHat, Mandrake, SuSe, Debian. Users would of course be able to customise the CDE in the standard way, or simply change to another windows manager.
I don't think this will ever happen, as CDE would most certainly ruin the "geek" quiotient of GNU/Linux. The fact that it would raise useability and interoperability, and ease the learning curve will not factor in to the decision.
Lind never relinquished, or had his US citizenship taken from him. He joined a government fighting to protect itself from being overthrown. The Taliban to my knowledge never posed any threat to the United States. Al Qaida is the terrorist orginization that poses the threat. The fact that the United States refused to recognize that forign government does not minimize its legitimacy The Taliban did in fact have their own country: Afganastan. Until the United States, without provocation bombed and invaded their soverign nation and installed a government to their liking. The 9/11 attack does not warrant an invasion of Afganastan. The plot was concieved, planned, funded and carried out by Saudi Arabian people and money. Saudi Arabia should be the target of US retaliation. The Taliban did not adhere to any Geneva Convention rules because they did not declare or enact war on any forign nation which would require the Geneva Convention to be enacted. If the United States is going to violate its own laws to illegally kidnap peopl and hold them hostage, then those 'prisoners' should have full rights under the laws they are supposedly being held under/because of. If the Taliban fighters broke a US law, and can be procecuted for it, then Why don't we start sending reckless driving tickets to every driver of every nation that drives on the left side of the road.
We've alreadt sent plenty of probes to the planet. Surely we've already contaminated it. I don't see how humans in hermetically sealed space suits would cause any more contamination than the eqipment we've already dumped on Mars.
It's like saying you won't shake someone's hand because they're sick, but you'll take the dollar bill they hand you to get them a cup of coffee. Same germs either way.
Slashdot Mirror
Secure is a good idea. But even the government has different levels of security.
My personal web server does not need triple DES public key kryptography with kerberos login via retinal scan, key fob and password. The computers that initiate missile deployment from our nuclear subs probably do.
But the core question is this: Why would yoo advocate spending taxpayer $$ to fix the problems caused by a greedy predetory monopoly because of their low (lack of) corporate morals?
If Ford sold billions of cars that the economy relied on, and those cars where known to frequenly cause traffic jams that disrupted or crippled traffic flow, should we the taxpayer be forced to pay for repairs/upgrades to those cars?
Must be something wrong in your system. On my G3/375(416MB) on pause iTunes 3 uses .05% of CPU. While playing (128kbit vbr) it uses between 25% and 35% of CPU with the sound enhancer and EQ enabled. 67MB of vitual memory, 11M resident.
Certainly no behemoth on my ancent system.
That's nice again. But I STILL don't have DirectTV. Hence such a device is useless to me and all the people on the cable systems involved with this release.
I don't have Direct TV, so that doesn't help me.
The benefit is that as the signal comes off the satellite it can be written directly to disk. The encoder/decoder is not required, and hence you get better video quality.
The reason I've not purchased a Tivo (other than the need for the stupid on-going service) is that I don't want to do MPEG->Analog->MPEG->Disk->Analog to watch my satelite feed. MPEG->Disk->Analog is a much shorter path with only a single decode involved.
This is the reason I'll be getting the DVR from DishTv. The new dual tuner model is pretty sweet.
I have no inferiority complex. I do not require or even suggest that people use all the initials after my name (CCIE, MCSE, CNE, and more) to show any respect for me. It's taken years to accumulate the experience and skills I have in my field of practice also. A doctor deserves no more or less respect than I do just becase their letters are MD.
In a doctor's office there are rarely emergencies, they tend to go to emergency rooms/clinics. When there is and emergency, I understand. 95% of the time, however, doctors simply over-book their calendar with patients. They know damned well they will run late every day. The fact that they set an appointment for me to be there, then break that appointment is the dis-respect. And yes, I understand that to some degree the need to keep up with costs necessitates the patient waiting on the doctor instead of the other way around. But in the end I see this as little different from purchasing an airplane ticket only to arrive on time and be told that I can't fly because they oversold the plane and I've been bumped.
You hit on two very important things (IMO):
1. Obscure/remote health issues. People who have spent even a week in a different part of the Unites States than where they live may contract illnesses that a doctor back in their local hometown may never have heard of, and hence can't diagnose.
For example, here in the SouthWest (Arizona, So. Cal, Nevada) there is a soil/dust borne fungus that when inhaled can cause flu like symptoms. Unless you are from the area a doctor is very unlikely to diagnose Valley Fever properly. If left untreated the fungus can disperse to other tissues, the blood and bone. Death is not uncommon if left untreated. A computer system would be able to take travel history in to account and offer Valley Fever as a possible diagnosis. The doctor then steps in and orders the proper labs for a complete diagnosis. As a partner to the health professional such a database/expert system could 'save' many lives.
2. Doctor's power issues. I can't tell you how often a doctor grimmaces when I call them by their first name instead of "Dr. Important". They are people and I am people, I refuse to cower to their concentrated training in a particular field. I certainly don't expect them to call me Mr. Important when I meet them in a business meeting in my field of expertese.
Not all doctors are like that I know. All of the docs I see on a rgular basis are well grounded and have no problems with a first-name basis relationship. In my personal experience they are also much more likey to make me an interactive part of the heath care process instead of treating me as an object or a mere disease to be cured. The catalyst for more doctors to give up that power-centric relationship is for the patients to not tolerate it. Either explain to your existing doctor what relationship you want to have, or find another doctor.
I've just about gone to court several times with doctors. I'd (for example) have a 2pm appointment. I'd show up at 1:50pm, sign in and wait. At 2:15pm if I was not being seen by the doctor I got up and left. Often the office attemtped to charge me for the appoitment, or a cancelled appointment fee. I told them I had a 2:00 appointment and that the doctor was the one who cancelled the appointment by not showing up on time. If they don't respect my time, they don't respect me and I don't do business with them.
Good point. But that could also be said about the initial 'problem'. If someone where going to do a MiM attack via DNS spoof, why would they target Apple and not Microsoft, or Adobe or Id(or whoever makes the latest game).
I think the problem with your statement though is that it qualifies as security by obscurity. Claiming relative safety because of a relatively small size is just bad voodoo.
As for the cracking issue, I'm be far less worried about someone cracking the cipher than I am someone emailing it out of the building, or someone hacking in and downloading it.
Any network port/stack makes such routing decisions. It's how you'r software doesn't have to process every frame on the wire. The card initially ignores anything but broadcasts and frames directed at its MAC. The drivers filter by protocol as to which process the packet should go to. viola... every NIC is a packet filter; prior art.
You can find all the successfully downloaded updates in "/Library/Receipts". You can double-click the packages in there to install the update, copy the update to another machine and install it, burn it to CD for later use, etc.
On the down side, Apple doesn't seem to advertise they they store all the update packages there, so some people can't figure out where all the HD space is going.
For someone to steal a single private key is rather trivial. Getting enough CPU together to brute force the private key is relatively simple, especially for a hacker that has compromised many systems and can easily install a distributed key generator on all of them. As was seen by several recent worms/viruses it would be possible to install such a client of literally tens of thousands of systems. Since you can have both encrypted and decrypted versions of the protected information, checking for a good key is easy.
If, in my method, a hacker was to get hold of a public key or two (or a hundred), only a few people or sites would be affected. All the other keys would not be compromised. The risk of wide-spread corruption is almost nil. A hacker would need to get the account information and the account's encrypting key before a successful redirection would work and install the modified code.
Apple already has the infrastructure of the iTools system for storing the private keys for each site/user/system and for the authentication for updates. The only thing that would remain is to be sure they have enough CPU power to to on-the-fly signing for each request. This is the scenareo I see: Create a public/private key pair using an Apple supplied utility (or GPG) Log in to iTools and send them the public key (using SSL) later: SWU queries Apple for any new packages If packages are available, SWU sends the iTools account info (using SSL) Apple retrieves your public key and uses it to sign the appropriate packages SWU retrieves the signed packages and verfies them against your local private key If they pass muster the packages are installed. Many people will say the single signer model is safe enough. That may be true, but don't for a moment think that it actually eliminates the risk of wide-spread distribution of fake updates. The multiple signers model does.
A hacker now just has to do some more work. Instead of just the DNS misdirection, they now need to create a checksum for their bad/malicious code. The updater will query their fake update server for the now forged checksum and see it matches the fake update package that was retrieved from the same hacked up server.
Even if they automatically get the checkum from a specific IP or set of IPs, all one has to do is create a server with that IP and insert it in the network and get a few routers to change their IP routing tables.
If they use a third party to verify the downloaded checksum is authentic, that server itself is vulnerable to the DNS and IP routing 'man in the middle' attacks.
This just makes the haker's job a little more complex. But if they have privs to alter DNS on a server this is just two minutes extra work. This whole thing is just silly. The initial problem was a non-problem. The solution doesn't provide any substantial obsticle to someone that wants to perpetrate such an attack. There in fact is no solution other than a 1-1 split key system. I generate a public key one time and send it to Apple. They then use that key to encrypt/sign all the updates sent to me. I use the private key to verify/decrypt the update and install it. I know that only Apple has my public key so I can be safe.
The problem here of course is that Apple needs to store potentially millions of public keys on their servers, and use a lot of CPU to do the unique signing/encrypting as people request the updates.
The split key eliminates the man in the middle, as they have no way to get ahold of each user's public key. They can't fake one, and no amount of DNS or IP redirection (other than the initial sending of the public key) will allow them to masquerade as the authentic site.
Saying that the people in the third world are poor simply because they don't have monetary resources equal to that of your average American is just plain ignorant. It is completely feasable to order a society around an economic system other than the US dollar or currency in general. In fact most of the third world countries have been doing it for millenia, it's called bartering and community property. Common currency allows for easier trade across a larger area, once a common value of a product has been settled upon.
I never suggested hand outs, substinance rationing or anything of the like. I merely suggested that in a third world society there are probably things more impotant than an electronic device for which there is likely no infrastructure and for which there is a high risk of loss of the device due to damage without any means of local/self repair.
The cow, grain, and plow I suggested are all self sustaining, profitable items both to the individual and the community in both monetary and sociological ways. A cow provides calfs, milk, blood, and at some point meat (well, except in India). Grain can be planted to grow more grain and then harvested for building materials, food, fuel and more grain seed. The crop waste can be tilled back in to the soil with the plow to naturally fertilize the fields for the next crop.
You see... my suggestion was that there are more practical things that these people could spend money on that would have a more direct and longer lasting effect on the person and the community. My suggestions require no futher costly infrastructure to achieve benefit. A very poor community could indeed purchase such a hand-held computer. Then they need to purchase batteries, smart cards, and the information (or bandwidth to access it) to make the device useful, never mind the inevitable repair and replacement cost of the device itself. If education is the goal, a lower technology format of books would probably be a better choice. Giving a computer to a community that doesn't have access to a library seems to be akin to giving a 6 year old a Ferrari. Sure the high Ferarri is the 'best' form of personal transortation, but the kid can't ride a bike yet. Think about how many used encycolpedias, literary works, fictional novels and other used books could be sent to or purchased by these communities for the price of one of these gadgets. My local university surplus outlet, and my local thrift stores (good will, salvation army, etc) all sell used books for anywhere from $.05 to $1.00. Even in my reguar used book store I just picked up a copy of "McGraw-Hill's Concise Encyclopedia of Science & Technology" for $20 (A $400+book). So on average a comminty could purchase 300+ books for $200. Up to 300 people could access that material at any time. With the computer, $200 gets one useless device (smart cards and content are extra $$) that only one person can access at a time.
Which do you choose: the hard or soft option?(wasn't that the Pet Shop boys)
You are putting a virus with no capability to reproduce in to a cancer cell with an over-ability to reproduce. Are you telling me there is abosoutly no way that a cancer cell will mutate, accept the introdouced virus and create a new hybrid cell/virus that carries the deadly portion and the reproduction capability? I don't ask if it's unlikely, but guaranteed impossible.
I'd think this is especially bothersom with a virus that is as higly mutative as HIV is.
But I've also had people ask "Can I put the hard drive under the desk?", again meaning the entire system unit, not just the hard drive. Another common one is "I want the hard drive off the floor so it doesn't get kicked".
Yes, the spec documents cost a pretty penny from what I can see. The minimum price to join the body is $2,500, and then you can access the specs. But think of all the work that has gone in to this spec by people who understand both programming and human interface. Has anyone even approached OpenGroup to see what they would charge the FSF/GNU or someone like it to access the spec and generate a free, open-source CDE? Even if it is 'full price', what's the price of going down the current GUI road: competition with Microsoft, Apple, CDE (Sun, HP, IBM, etc) versions of a GUI by a fragmented (KDE and GNOME at least). open source community. Seems better to join the one party that it's feasable to join (CDE) and spend the development cycles elsewhere, like developing better user-centric applications.
Even if no-one can/will create a group to join and access the spec, there's still the fact that almost every other platform in the computing world ships with one standard GUI look & feel, and accompanying APIs and libaries. Gnu/Linux is the only OS that seems to suffer this multiple personality disorder.
There are apparently at least a few groups of people in the open source commuity that are capable of designing the operating stuff of a GUI. What needs to happen is that a group needs to combine all those resouces and some people with good computer/human interface skills to design one community agreed on standard API and look & feel. I merely suggest CDE since it exists, it's proven and there's a lot of software already in the world that's written to use it.
You could also visit the sites: g4.mac and i.mac.
Only registered Macintosh owners could register names and email addresses in this domain. And unlike Microsoft who took an existing TLD and made it a product name (.net) Mac would take a product and make it a TLD. Certainly a first.
I mean, as long as we're starting rumours here, this seems like a neat one.
The clock-speed gain for x86 is 150%. The current speed is 250% of the original, but an increase of 1.5Ghz is only a 150% increase from 1Ghz. Oddly, you correctly calculated the G4's speed increase as 30% (30.5% actually)
Let's say your a typical PC user that doesn't know the difference between a hard drive and a computer case (I can't count how many of my customers tell me the hard drive is making a noise when they mean the case).
You manage to find some neato piece of software and download it via Mozilla to your user folder. Now you've got a file foo.tar.gz. What next? What manual do you read to figure out what to do with it?? You double-click the file for some help, and after a few seconds you get a screen full of seemingly random characters. You then email or call a friend, or post in an on-line support forum to learn that you need to open a shell and type "gunzip -c foo.tar.gz | tar -xvf -". You think "That makes no sense, but okay." and you do it.
Now you get a command prompt back. Nothing that says the task completed successfully. Nothing that tells you what happened. You poke around in your GUI file browser and notice there is a new directory called "foo", so you double click it. You now see a bunch of files, one looks suspisiously useful "README". So you double click it.
The file tells you to type "./configure". Again you don't have a clue what it means so you type it in and the editor obligingly inserts the text at the top of the README document your are viewing. Nothing tells you there is an error, that a task completed, or that you just typed the command in the wrong place.
Another trip to email or posting to the support forum and you find you need to type that command (and all others) in to the shell prompt window. You get done with the "make install" command and again, nothing tells you that it all went well, what went where, or what to do next. Nothing in your home directory looks different so there's nothing new to double-click on.
For kicks you switch back to the shell and type the command "foo" (the name of the program you downloaded), and get back a "command not found" error message. Back to the email/support forum and you learn you must type "rehash" in the shell window, then you can type "startfoo" to actually get the program going.
There is nothing inherent about the filename "INSTALL" that tells a novice user that the installation directions are in that file. Even if the README exists and directs the user to INSTALL, there's still many points where there is no intuitiveness to the installation. A file named "HELP" would probably be the best choice for the "average" user.
Now compare that install to a Mac OS X software install: Download double-click the new icon, stuffit expander launches and expands the archive. (depending on browser config, this step may be optional) A new icon appears Double-click it A window opens with a big icon and text that says "drag to hard disk to install", or an icon named "Foo installer". You either drag or double-click. In either case, a window appears showing you the progress of what is going on. Usually during an actually installer program you get information about what will happen, where files are going, and what to do next. Almost anyone with any level of computer experience can figure this Mac OS X install with no help. Throughout the installation there are new icons and windows appearing as a direct result of user action. During operations they are informed of the status of the operation and the result of it. Until a GNU/Linux desktop can achieve this type of intuative ineraction it will never achieve any significant install base in the home user desktop environment.
Well, then what's say that the Gnu/Linux community adopt CDE (Common Desktop Environment). This interface was developed by at least HP, IBM, SCO and Sun as a method to make the adoption of Unix on the desktop easier (ie: to compete more effectively with Microsoft). The user gets a standard X based GUI where all the icons and tools are in the same place, do the same things and clicking the mouse works the same way. There's already a port available for Gnu/Linux.
All it would take is for a few of the larger distros to start making CDE the default X desktop. RedHat, Mandrake, SuSe, Debian. Users would of course be able to customise the CDE in the standard way, or simply change to another windows manager.
I don't think this will ever happen, as CDE would most certainly ruin the "geek" quiotient of GNU/Linux. The fact that it would raise useability and interoperability, and ease the learning curve will not factor in to the decision.
Lind never relinquished, or had his US citizenship taken from him.
He joined a government fighting to protect itself from being overthrown. The Taliban to my knowledge never posed any threat to the United States. Al Qaida is the terrorist orginization that poses the threat.
The fact that the United States refused to recognize that forign government does not minimize its legitimacy
The Taliban did in fact have their own country: Afganastan. Until the United States, without provocation bombed and invaded their soverign nation and installed a government to their liking.
The 9/11 attack does not warrant an invasion of Afganastan. The plot was concieved, planned, funded and carried out by Saudi Arabian people and money. Saudi Arabia should be the target of US retaliation.
The Taliban did not adhere to any Geneva Convention rules because they did not declare or enact war on any forign nation which would require the Geneva Convention to be enacted.
If the United States is going to violate its own laws to illegally kidnap peopl and hold them hostage, then those 'prisoners' should have full rights under the laws they are supposedly being held under/because of.
If the Taliban fighters broke a US law, and can be procecuted for it, then Why don't we start sending reckless driving tickets to every driver of every nation that drives on the left side of the road.
It's like saying you won't shake someone's hand because they're sick, but you'll take the dollar bill they hand you to get them a cup of coffee. Same germs either way.