1. Imagine this from Blizzard's point of view. Someone calls up with your story. What do you think their position will be? Software companies must defend their best interests, and willfully going along with any request and any likely story could open them up to all kinds of abuses.
how is this defending blizzard's best interests? this guy is offering to pay them a monthly subscription fee. sure if they ignore him, and don't piss him off to much in the process, he might buy a new version in the store. (once it's available in stores again- who knows when that will be...) what's blizzard's cut on a retial box sale after the store and the distributor take their cut? a month's subscription? two? sounds to me like blizzard's 'best interest' here is to get this guy paying a monthly subscription fee as soon as possible, since the person who bought the box is no longer doing so...
2. I may be wrong, but I don't think the lack of mention of something in a EULA implies that the buyer has such a usage right.
if i understand the right in question correctly, the doctrine of first sale legally establishes such a right. if it's not mentioned in the eula, he has that right by default. (whether that right can be restricted in a eula is still hotly debated by both sides, but that is not the issue here.)
so are they putting any work into how these applications will work in the X Client/Server model, or are they just sweeping that under the rug (a la the dri and shm extensions). i'd be thrilled if they were looking at how they can add these as extensions that reduce the amount of X calls that need to be sent accross the wire, so you could use meaningful gui applications over slow to moderate speed network connections. of course it doesn't sound like it from any of the things that he mentioned, and it seems that X development lately has taken a 'the thin client is dead, so who needs network transparency' route.
Re:Info on what exactly SHA-1 is ...
on
SHA-1 Broken
·
· Score: 1
the issue is not the increase of computing power. this attack would be just as valid if all the improvements of the last ten years had never happened.
if you have an algorithm where the only known attack is a brute force attack, with 2^160 possible permutations, then it doesn't matter if you have a 100mhz computer or a 10ghz computer, the chances of finding a collision within a human lifetime are all but zero.
however, if you can reduce the number of permutations that you have to search through to 2^80, or 2^69, or less, you have dramatically increased your chances of finding a collision, regardless of what hardware you have to use.
all the advances in computer technology over the last 9 years only reduce the amount of time required to do an exhaustive search by a factor of 15. this discovery, if it's for real, reduces the amount of time by many, many orders of magnitude.
all that said, i still think the parent poster is being a little bit ridiculous. Regardless, increases in computing power have almost nothing to do with cryptographic attacks.
he didn't expect it too. in the first entry he said that although the blog was meant to be for internal reading, he knew that this is the web he was dealing with, and it wouldn't stay internal forever.
of course, he may have expected it to stay internal a little longer, but who knows...
so, not one of those links even mentioned improved standards support. that doesn't sound good. if they aren't going to be improving their xhtml and css handling, i really don't see anything to get excited about....
unfortunately i don't see much hope. in ie6, they could break backwards compatibility by adding the strict mode / quirks mode doctype switch. that trick isn't going to work again. so while they may add css selectors and javascript methods that are missing from the current implementation (e.g. the child selector, hover state on objects other than anchors, document.addEventListener())), i don't think they'll do anything that would break existing sites (e.g. hasLayout, the broken float model, boxes espanding to fit their contents)
ok, then how about any character that is not in the same unicode range as the first character of the url be rendered in a different color. for urls that are all latin, al cyrillic, all chinese, etc, things will work perfectly normal. for any url that mixes the characters, there will be a visual cue that something is not right.
of course, covereing every roof in america with a black surface will really mess with weather patterns. if the typical solar panel is 30% effective (and that's actually a pretty high number based on what i've read) where do you think the other 70% goes? already some large cities are starting to pass ordinances regarding the roofs of commercial buildings to try and reduce the heat island effect.
not to mention that at current electricity prices, the current generation of solar cells cost almost as much to manufacture as all of the electricity they will produce in their lifetime....
i think the real problem with nuclea power in this country is that fr the first ~20 years or so, there was one organization that was responsible for both regulating and promoting nuclear power. talk about a conflict of interest....
if researchers had been focused on dealing with the byproducts of nuclear power from the beginning instead of letting plants seal it all in drums and hope it goes away, nuclear power probably wouldn't have the bad reputation it does today. and if the regulators had been doing their job from the start, three mile island might never have happened either.
agreed. anything that (purposefully, unlike your new p4) uses electricity to generate heat is going to use far more power than any consumer electronic device.
go look at your circuit breaker/fuse box sometime if you want extra confirmation of this. there's a good chance that all of the outlets that power your computers, tv, stereo, consoles, etc. are on one or two 15-20 amp circuits. if you have an electric stove/oven, it probably gets its own 50-60 amp circuit. other major culprits not mentioned by the parent are microwave ovens and air conditioners.
I've said it over and over that Miguel and crew have done a remarkable job. Really. But the biggest flaw in their tower is the fact that it's a spawn of Microsoft. I can completely understand their target of a langauage/platform that they know will succeed.
yeah, and unix, c, and c++ were the spawn of at&t. that didn't stop the gnu project, even though at&t at the time was every bit the monster we see today in microsoft.
actually, you just made the parent's point for him.
you and i and most slashdot readers know that if a page works in ie and doesn't work in firefox/opera/etc that, most likely, the page is not written preoperly. just like you and i and everyone else on slashdot knows that the ipod will only work with itms drm, and vice versa.
but try installing firefox on your father's brother's nephew's cousin's former roomate's computer, and then when he goes to his online banking site and it doesn't work (but always worked just fine with internet explorer), just try explaining to him that it's the site, and not the browser you just installed, that is broken....
i used to work for a major online advertising company back in 2000. my impression was that already back then cpm was on the way out and cpc (and when possible, cpa) were taking over the market. i haven't followed the ad industry much since then, but i really can't see why anyone would pay cpm for ads anymore- it's been pretty much shown that most people don't even see them unless you use popup ads, and popup blockers are now mainstream.
well, the supposed reason for sco revoking their license was initially one of the claims of their suit (in fact, the primary claim) which they have since dropped, i don't think their outlook is very good on that one. if their reason for revoking the license wasn't even good enough to stand up in civil court, i would guess that doesn't count as sufficient grounds, even if they ever did have the authority to do it (which ibm is also disputing).
i wish i could find the post now, but long, long ago (over a year ago), somebody posted on/. that this case was beginning to resemble a little clown car loaded with clowns on a full speed collision course with a tank, and even though we all knew the inevitable outcome, we couldn't help but watch. "won't somebody think of the clowns?"
- if you compare RedHat/SuSE then you have to compare it to Windows Server + complete BackOffice + complete Visual Studio + complete MS Office and you still are not close enough...
+ windows media player (is this in windows server 2003 by default? not sure.) + photoshop + illustrator + acrobat + quicken + instant messenging + putty +...
and then to top it all off, through in two competing versions of all the above. that should get you close.
regardless of how many programs you install on your server, comparing the number of patches realeased by redhat/suse in a given time frame, which covers all applications in the entire distribution regardless of whether you have them installed, to the number of patches released for windows server 2003, which pretty much only covers the os, web browser, and web server, is beyond ridiculous.
not to mention microsofts tendency to roll up multiple patches into one, something redhat/suse can't do because they don't know which packages you have installed, so bugs that affect different packages can't be compbined.
since most ads these days are payed for on a cpc basis (cost per click) linking to his site doesn't really affect anything unless the slashbots start clicking on the ads like crazy.
anyone who still pays for their ads on a cpm basis deserves what they get.
Apart from the latency, I think the process priority of X and its child processes should also be rethought, under heavy load X and its WM becomes very unresponsive.
this is easy enough to do on most unices without making any changes either to X or the under lying os. learn about 'nice'- the semantics vary a bit depending on which unix you are using, but you can start the X server with a higher priority if you choose. you can also start your X session with a higher priority, and any apps you run from that session should inherit that. this is not always desirable, but if you think it would improve things, you are welcome to try it out- it's not too tough.
compiling a window manager into X would provide little or no advantage to the current method, and would probably cause riots in most of the open source community.
as for client server, the client server model is fine in theory, but they really muched up the implementation of it. as jwz once said, an x client has to go through at least three context switches just to blow it's nose, much less do any real work. there have been some attempts over the years to improve the situation, such as the shared memory extension, but most were rather half-hearted. the biggest problem is that the x toolkits do all of their rendering client side, so rather than passing a few high level toolkit calls to the x server, they are doing most of the high level work internally, and passing the redered application to the x server via a large number of very low level calls. it's a bummer really, but it's getting much better in recent years, and now that x.org has taken the reigns from xfree86, so to speak, the improvements seem to be coming a little faster.
Well, there are a number of native (or at least very fluent) English speakers on the FreeBSD core team. If they are going to put out a major announcement in English regarding the project, and presumably from the core team, do you suppose maybe one of them could have taken a minute to proofread it?
Slashdot Mirror
1. Imagine this from Blizzard's point of view. Someone calls up with your story. What do you think their position will be? Software companies must defend their best interests, and willfully going along with any request and any likely story could open them up to all kinds of abuses.
how is this defending blizzard's best interests? this guy is offering to pay them a monthly subscription fee. sure if they ignore him, and don't piss him off to much in the process, he might buy a new version in the store. (once it's available in stores again- who knows when that will be...) what's blizzard's cut on a retial box sale after the store and the distributor take their cut? a month's subscription? two? sounds to me like blizzard's 'best interest' here is to get this guy paying a monthly subscription fee as soon as possible, since the person who bought the box is no longer doing so...
2. I may be wrong, but I don't think the lack of mention of something in a EULA implies that the buyer has such a usage right.
if i understand the right in question correctly, the doctrine of first sale legally establishes such a right. if it's not mentioned in the eula, he has that right by default. (whether that right can be restricted in a eula is still hotly debated by both sides, but that is not the issue here.)
so are they putting any work into how these applications will work in the X Client/Server model, or are they just sweeping that under the rug (a la the dri and shm extensions). i'd be thrilled if they were looking at how they can add these as extensions that reduce the amount of X calls that need to be sent accross the wire, so you could use meaningful gui applications over slow to moderate speed network connections. of course it doesn't sound like it from any of the things that he mentioned, and it seems that X development lately has taken a 'the thin client is dead, so who needs network transparency' route.
the issue is not the increase of computing power. this attack would be just as valid if all the improvements of the last ten years had never happened.
if you have an algorithm where the only known attack is a brute force attack, with 2^160 possible permutations, then it doesn't matter if you have a 100mhz computer or a 10ghz computer, the chances of finding a collision within a human lifetime are all but zero.
however, if you can reduce the number of permutations that you have to search through to 2^80, or 2^69, or less, you have dramatically increased your chances of finding a collision, regardless of what hardware you have to use.
all the advances in computer technology over the last 9 years only reduce the amount of time required to do an exhaustive search by a factor of 15. this discovery, if it's for real, reduces the amount of time by many, many orders of magnitude.
all that said, i still think the parent poster is being a little bit ridiculous. Regardless, increases in computing power have almost nothing to do with cryptographic attacks.
he didn't expect it too. in the first entry he said that although the blog was meant to be for internal reading, he knew that this is the web he was dealing with, and it wouldn't stay internal forever.
of course, he may have expected it to stay internal a little longer, but who knows...
so, not one of those links even mentioned improved standards support. that doesn't sound good. if they aren't going to be improving their xhtml and css handling, i really don't see anything to get excited about....
unfortunately i don't see much hope. in ie6, they could break backwards compatibility by adding the strict mode / quirks mode doctype switch. that trick isn't going to work again. so while they may add css selectors and javascript methods that are missing from the current implementation (e.g. the child selector, hover state on objects other than anchors, document.addEventListener())), i don't think they'll do anything that would break existing sites (e.g. hasLayout, the broken float model, boxes espanding to fit their contents)
but i can always hope.
ok, then how about any character that is not in the same unicode range as the first character of the url be rendered in a different color. for urls that are all latin, al cyrillic, all chinese, etc, things will work perfectly normal. for any url that mixes the characters, there will be a visual cue that something is not right.
of course, covereing every roof in america with a black surface will really mess with weather patterns. if the typical solar panel is 30% effective (and that's actually a pretty high number based on what i've read) where do you think the other 70% goes? already some large cities are starting to pass ordinances regarding the roofs of commercial buildings to try and reduce the heat island effect.
not to mention that at current electricity prices, the current generation of solar cells cost almost as much to manufacture as all of the electricity they will produce in their lifetime....
i think the real problem with nuclea power in this country is that fr the first ~20 years or so, there was one organization that was responsible for both regulating and promoting nuclear power. talk about a conflict of interest....
if researchers had been focused on dealing with the byproducts of nuclear power from the beginning instead of letting plants seal it all in drums and hope it goes away, nuclear power probably wouldn't have the bad reputation it does today. and if the regulators had been doing their job from the start, three mile island might never have happened either.
agreed. anything that (purposefully, unlike your new p4) uses electricity to generate heat is going to use far more power than any consumer electronic device.
go look at your circuit breaker/fuse box sometime if you want extra confirmation of this. there's a good chance that all of the outlets that power your computers, tv, stereo, consoles, etc. are on one or two 15-20 amp circuits. if you have an electric stove/oven, it probably gets its own 50-60 amp circuit. other major culprits not mentioned by the parent are microwave ovens and air conditioners.
so what?
I've said it over and over that Miguel and crew have done a remarkable job. Really. But the biggest flaw in their tower is the fact that it's a spawn of Microsoft. I can completely understand their target of a langauage/platform that they know will succeed.
yeah, and unix, c, and c++ were the spawn of at&t. that didn't stop the gnu project, even though at&t at the time was every bit the monster we see today in microsoft.
what's your point?
actually, you just made the parent's point for him.
you and i and most slashdot readers know that if a page works in ie and doesn't work in firefox/opera/etc that, most likely, the page is not written preoperly. just like you and i and everyone else on slashdot knows that the ipod will only work with itms drm, and vice versa.
but try installing firefox on your father's brother's nephew's cousin's former roomate's computer, and then when he goes to his online banking site and it doesn't work (but always worked just fine with internet explorer), just try explaining to him that it's the site, and not the browser you just installed, that is broken....
really? that surprises me.
i used to work for a major online advertising company back in 2000. my impression was that already back then cpm was on the way out and cpc (and when possible, cpa) were taking over the market. i haven't followed the ad industry much since then, but i really can't see why anyone would pay cpm for ads anymore- it's been pretty much shown that most people don't even see them unless you use popup ads, and popup blockers are now mainstream.
well, the supposed reason for sco revoking their license was initially one of the claims of their suit (in fact, the primary claim) which they have since dropped, i don't think their outlook is very good on that one. if their reason for revoking the license wasn't even good enough to stand up in civil court, i would guess that doesn't count as sufficient grounds, even if they ever did have the authority to do it (which ibm is also disputing).
/. that this case was beginning to resemble a little clown car loaded with clowns on a full speed collision course with a tank, and even though we all knew the inevitable outcome, we couldn't help but watch. "won't somebody think of the clowns?"
i wish i could find the post now, but long, long ago (over a year ago), somebody posted on
Copyright infringement can be considered a type of denial of compensation. It can also be considered a type of civil disobedience.
or it could be considered a matter of national security, according to some people...
- if you compare RedHat/SuSE then you have to compare it to Windows Server + complete BackOffice + complete Visual Studio + complete MS Office and you still are not close enough...
...
+ windows media player (is this in windows server 2003 by default? not sure.) + photoshop + illustrator + acrobat + quicken + instant messenging + putty +
and then to top it all off, through in two competing versions of all the above. that should get you close.
regardless of how many programs you install on your server, comparing the number of patches realeased by redhat/suse in a given time frame, which covers all applications in the entire distribution regardless of whether you have them installed, to the number of patches released for windows server 2003, which pretty much only covers the os, web browser, and web server, is beyond ridiculous.
not to mention microsofts tendency to roll up multiple patches into one, something redhat/suse can't do because they don't know which packages you have installed, so bugs that affect different packages can't be compbined.
since most ads these days are payed for on a cpc basis (cost per click) linking to his site doesn't really affect anything unless the slashbots start clicking on the ads like crazy.
anyone who still pays for their ads on a cpm basis deserves what they get.
Apart from the latency, I think the process priority of X and its child processes should also be rethought, under heavy load X and its WM becomes very unresponsive.
this is easy enough to do on most unices without making any changes either to X or the under lying os. learn about 'nice'- the semantics vary a bit depending on which unix you are using, but you can start the X server with a higher priority if you choose. you can also start your X session with a higher priority, and any apps you run from that session should inherit that. this is not always desirable, but if you think it would improve things, you are welcome to try it out- it's not too tough.
compiling a window manager into X would provide little or no advantage to the current method, and would probably cause riots in most of the open source community.
as for client server, the client server model is fine in theory, but they really muched up the implementation of it. as jwz once said, an x client has to go through at least three context switches just to blow it's nose, much less do any real work. there have been some attempts over the years to improve the situation, such as the shared memory extension, but most were rather half-hearted. the biggest problem is that the x toolkits do all of their rendering client side, so rather than passing a few high level toolkit calls to the x server, they are doing most of the high level work internally, and passing the redered application to the x server via a large number of very low level calls. it's a bummer really, but it's getting much better in recent years, and now that x.org has taken the reigns from xfree86, so to speak, the improvements seem to be coming a little faster.
no need to block a whole country- just purge anyone who sues them from their database. in every country.
what, you don't want your competitors pages to show up when somebody searches for your company name? ok, no results at all. how's that?
then see how long it will be before people stop bringing stupid suits like this against them.
ah. well that would explain a lot then.
(like why the text i read is no longer available on the linked page)
also the sun devils, in arizona. i'm sure there are others as well...
Well, there are a number of native (or at least very fluent) English speakers on the FreeBSD core team. If they are going to put out a major announcement in English regarding the project, and presumably from the core team, do you suppose maybe one of them could have taken a minute to proofread it?
would a fat stoned cartoon penguin be any better?
And which standard are they promoting with XmlHttpRequest?