Exactly, this is really all about filtering. Building a nice, zero-phase filter, with good cutoff properties, in the analog domain, is difficult. This was the rational for oversampling and pulse-width modulation, which allows one to use a much simpler filter in the analog domain.
Basically, we can get very fast and precise timing out of crystals, and less precise voltage regulation out of traditional D/A design (well, at least for the mass market). By using a super high sampling frequency, and less bits per sample, one can exploit this asymmetry and get better sound from cheaper (in theory) components.
Please... Everyone who submits patches would just resubmit to the new "leader", patched against the most recently blessed kernel. Just as it is now. The question is really one of who will lead; I'd guess Alan Cox, with a "cabinet" of others. This is a bogus argument.
Seriously, though, how did we let some jackass pundits decide for us that a presidential debate should not be a debate? What I saw was basically an interview with two candidates. They SHOULD be allowed to pose questions directly to each other, in response to the moderated questions, to try to point out specific flaws in each others arguments. Who the hell decided that "we the people" do not want to see conflict in a debate? Being against negative personal attacks in campaining, does not mean we want completely santized discourse...
We are! If we are able to change our habits, protect habitats through political influence, or take active measures to protect a species, who is to say that THAT wasn't meant to happen? The whole point of conservation, and wildlife preservation, is that there is a measureable value to it, and the laissez-faire attitude damages our own interests in the long run.
Now granted, I don't think bringing back species through DNA storage or surrogacy is anywhere near a good solution, but there are good reasons for trying.
I was at the San Diego Wildlife Animal Park about a month ago (a large open space zoo and preserve), and it was mentioned that one of the species of asian animals exhibited there (a Chinese deer of some sort, I believe), has existed solely in captivity for over 700 years! I found that amazing.
Exactly. My first thought (given the short nature of the quote) was that he was talking about primarily OSS companies (even then, his comments at best reflect the U.S. only), but I doubt he took credit for a revolution in OSS development. In fact, for any media representative to infer otherwise (without supporting their argument) is irresponsible, inflammatory, and just plain asinine.
Why not build a large laser that can repeatedly hit Mir (or any orbiting body) with energy, to "push" it to a higher orbit (by thermal pressure). Or just blast it out of the sky? Where is all this Star Wars technology when we need it?
Aha, this is why we use Triple-DES (the odd number of encodings is resistant to these meet in the middle attacks). So, how about using Triple-AES? Or even better, how about a TripleDES-AES-Twofish triple, for the really paranoid? I'll write the key down on a pad that I keep in my desk drawer.
Then don't use that key. If there are only a "few" (say 10 billion), the chance of selecting one of them randomly, is almost nil. Presumably the reviewers focused on checking for weak keys, among all the candidates.
Triple DES will be around for a (long) while. It has stood the test of time, and has not been shown to be breakable, after all these years. Any new AES cipher will still have to prove itself in the real world, which Triple DES has done.
Triple DES is slow (in software), and has some cumbersome key properties, as well as only 64 bit blocks. So they are replacing it with something that MIGHT be more secure (most likely). But Triple DES is probably considered the most secure algorithm currently available (again, because it has stood up to extreme pressure to "crack it)
If you use the same passwords for slashdot as you do for other systems, change them.
Does Slashdot store your password in plaintext, or is it hashed using a salt? If the latter, you have a lot less to worry about (assuming a decent hash; MD5 should be fine) Can anyone who has checked the slashcode comment on this? Otherwise, I'll be forced to look it up, and I hate perl.:)
The risk is the same when running ANY program that is downloaded, regardless of purpose.
The only way to be mostly sure, is to audit the source of every program you run, then compile and build yourself. Even then, you have to worry about the compiler, as the infamous compiler trojan illustrates, as described by Ken Thompson.
I am in the process of setting up RTLinux for data collection and device control (using D/A boards and digital I/O). The RTLinux approach seems VERY sound, and straightforward.
Looking at the QNX website, I can not find any information on what data aquisition boards it might support. Dow that mean I would have to write the drivers from scratch? (Not a problem, I have to do the same to RTLinux, although I can make use of much existing code). How does QNX support such hardware (not listed in "Supported Hardware")?
So, while Linux, as delivered by Linus and crew is not real-time, it has been successfully used in real-time systems (there are various methods; for my needs, RTLinux's approach appears quite adequate)
This is just a traditional mode for unix, in which networking is disabled, as well as most services, and superfluous filesystems are not mounted (/ and/usr only). Static binaries are usually made for this mode, so that dynamic library loading is not needed (in case it is broken).
It is just a minimum level for the superuser to operate in and fix problems (not unlike "Safe mode" in windows). The idea is that by relying on minimal resources, the chances of the kernel not booting, or not presenting a login, are very low.
Plus, Transmeta has patents on some of their techniques, so Intel would have to develop other means to achieve the same type of speed/heat performance.
if you throw a quatum computer at any sort of modern encryption it will be cracked in an instant
Completely untrue and uninformed. If Quantum computers are one day able to make 1024 bit RSA keys "insecure", moving to 2048 or 4096 bit keys will almost surely still be secure. Quantum computers may possibly make things more inconvenient, but technology will also favor the users of cryptography, and allow them to use more powerful encryption. As qubits grow, so will key lengths.
I took a trip around the world in 1997, and was in Indonesia during June of that year. I hadn't known that DVD had been introduced, and was thus very surprised to find DVDs offered for "sale" in bootleg shops in Yogjakarta. These were bootleg DVDs, and they would usually rent out the player as well (presumably few could afford their own). They also had movies on VideoCD that had come out the US that Summer (ie. within the month). Now, I don't know what region the DVDs were, perhaps region 1, perhaps not. But, DVDs were definitely being pirated prior to DeCSS, and likely before any CSS crack had been done.
I may be responding to a troll, but "going gold" in this case means being put into final production (ie, CDs being stamped, boxes being made, shipping to start soon, etc.). It does NOT mean what it does for the record industry (ie. that half a million albums have sold). Half a million sales for a computer game is extraordinary, even these days.
It may have been coined originally by occasional Slashdot poster Leo Schwab for his Amiga demo of same name. It certainly helped to further popularize the term. The demo was a clever Robotron spoof.
As Bill Hicks said, "If you are in marketing or advertising... kill yourself."
We almost hired a very bright young programmer who hadn't gone to college. He scored VERY high on the BrainBrench.com C and C++ skills tests, and had other good credentials.
I asked him to provide some example code for me to look at, and he gave me a a short example where he had to optimize a C++ program that did a string rewrite (ie. convert character "A" into "BC", etc.) for a specified number of times. He precomputed the translation once, and gave up there, not realizing that he had taken steps toward moving from a O(N) algorithm to an O(N lg N) algorithm.
It was clear that he had never been drilled in recognizing certain algorithmic patterns, and thus his optimizations employed many language speed up tricks to make C++ faster, but largely ignored using a simple but better algorithm to improve the speed. I rewrote it to use the better algorithm (compute string replacements for levels 2, 4, 8, etc., when needed, rather than 1-N) and eliminate the repeated string copy (by rewriting front to back, then back to front, in a single buffer), and beat his "optimized" version.
In short, while he was great with language skills, particularly w/ C++, he had a lot to learn about algorithms in general, which is the kind of formalism that a university will drill you in, and which is very helpful. For the type of numerical and graphical software development we are doing, it is almost critical.
Still, we would have hired him anyway, but he decided to work elsewhere. Language skills alone made him quite valuable to many employers. But for someone who seemed as talented and bright as he was, he could really achieve much more.
They get profiling information based on archetypes and stereotypes, but they use profiling none-the-less. It may be based on gender, race, type of dress, accents, any other other perception that has taken hold over the years, and been reinforced in salesperson training.
If they COULD get individual information on each person (and that day may be approaching, even if it a company that sells user info globally, and that can recognize faces using a hidden camera; or perhaps home in on the ubiquitous cell phone IDs everyone has, etc.) they would be even happier.
But sales profiling is not new, and is well understood by those who employ it.
If the bad guys had hashed the password with MD5 the police would have been able to crack it much quicker.
Why is this? Clearly searching by brute force, using the assumption of a low-entropy password (ie. ascii characters, and dictionary words) would be quicker than a brute force MD5 match (ie. finding a key that hashes to the same value as the original key). To my knowledge, MD5 has never been shown to be a weak hash (ie. it has appropriate collision properties, and while 128 bits is not as great as SHA-160, it should be more than adequate for protecting simple passphrases)
Do you remember where this "Article" is, or any other details?
I also had problems w/ SCSI systems when installing 7.1 (on three different machines). It seems that the mkinitrd image just wasn't working right. I fixed it by using the bootdisk created during install to bring up the machine, then compiling a kernel with the proper SCSI support built in, rather than as a separate module.
Rather unfortunate, as that was really the only stain on an otherwise excellent system.
Slashdot Mirror
Was that an example of "Reply hazy, try again"?
Exactly, this is really all about filtering. Building a nice, zero-phase filter, with good cutoff properties, in the analog domain, is difficult. This was the rational for oversampling and pulse-width modulation, which allows one to use a much simpler filter in the analog domain.
Basically, we can get very fast and precise timing out of crystals, and less precise voltage regulation out of traditional D/A design (well, at least for the mass market). By using a super high sampling frequency, and less bits per sample, one can exploit this asymmetry and get better sound from cheaper (in theory) components.
Please... Everyone who submits patches would just resubmit to the new "leader", patched against the most recently blessed kernel. Just as it is now. The question is really one of who will lead; I'd guess Alan Cox, with a "cabinet" of others. This is a bogus argument.
And "fuzzy math"... Don't forget "fuzzy math." :)
Seriously, though, how did we let some jackass pundits decide for us that a presidential debate should not be a debate? What I saw was basically an interview with two candidates. They SHOULD be allowed to pose questions directly to each other, in response to the moderated questions, to try to point out specific flaws in each others arguments. Who the hell decided that "we the people" do not want to see conflict in a debate? Being against negative personal attacks in campaining, does not mean we want completely santized discourse...
Oh well, rant off.
...what is to say that it wasn't meant to happen?
We are! If we are able to change our habits, protect habitats through political influence, or take active measures to protect a species, who is to say that THAT wasn't meant to happen? The whole point of conservation, and wildlife preservation, is that there is a measureable value to it, and the laissez-faire attitude damages our own interests in the long run.
Now granted, I don't think bringing back species through DNA storage or surrogacy is anywhere near a good solution, but there are good reasons for trying.
I was at the San Diego Wildlife Animal Park about a month ago (a large open space zoo and preserve), and it was mentioned that one of the species of asian animals exhibited there (a Chinese deer of some sort, I believe), has existed solely in captivity for over 700 years! I found that amazing.
it will force Red Hat to continue to maintain the same random development snapshot through the entire 7.x series
:-)
What 7.x series? The new release is Redhat 7, which suggests the next release will be RedHat 8, sidestepping the problem entirely.
1/2
Exactly. My first thought (given the short nature of the quote) was that he was talking about primarily OSS companies (even then, his comments at best reflect the U.S. only), but I doubt he took credit for a revolution in OSS development. In fact, for any media representative to infer otherwise (without supporting their argument) is irresponsible, inflammatory, and just plain asinine.
Why not build a large laser that can repeatedly hit Mir (or any orbiting body) with energy, to "push" it to a higher orbit (by thermal pressure). Or just blast it out of the sky? Where is all this Star Wars technology when we need it?
Aha, this is why we use Triple-DES (the odd number of encodings is resistant to these meet in the middle attacks). So, how about using Triple-AES? Or even better, how about a TripleDES-AES-Twofish triple, for the really paranoid? I'll write the key down on a pad that I keep in my desk drawer.
Maybe the key 2^84-1 is equivalent to rot13?
Then don't use that key. If there are only a "few" (say 10 billion), the chance of selecting one of them randomly, is almost nil. Presumably the reviewers focused on checking for weak keys, among all the candidates.
Triple DES will be around for a (long) while. It has stood the test of time, and has not been shown to be breakable, after all these years. Any new AES cipher will still have to prove itself in the real world, which Triple DES has done.
Triple DES is slow (in software), and has some cumbersome key properties, as well as only 64 bit blocks. So they are replacing it with something that MIGHT be more secure (most likely). But Triple DES is probably considered the most secure algorithm currently available (again, because it has stood up to extreme pressure to "crack it)
If you use the same passwords for slashdot as you do for other systems, change them.
:)
Does Slashdot store your password in plaintext, or is it hashed using a salt? If the latter, you have a lot less to worry about (assuming a decent hash; MD5 should be fine) Can anyone who has checked the slashcode comment on this? Otherwise, I'll be forced to look it up, and I hate perl.
How do I know I'm not running a trojan
The risk is the same when running ANY program that is downloaded, regardless of purpose.
The only way to be mostly sure, is to audit the source of every program you run, then compile and build yourself. Even then, you have to worry about the compiler, as the infamous compiler trojan illustrates, as described by Ken Thompson.
RTLinux is a soft realtime platform if I'm not mistaken.
RTLinux is hard real time.
I am in the process of setting up RTLinux for data collection and device control (using D/A boards and digital I/O). The RTLinux approach seems VERY sound, and straightforward.
Looking at the QNX website, I can not find any information on what data aquisition boards it might support. Dow that mean I would have to write the drivers from scratch? (Not a problem, I have to do the same to RTLinux, although I can make use of much existing code). How does QNX support such hardware (not listed in "Supported Hardware")?
So, while Linux, as delivered by Linus and crew is not real-time, it has been successfully used in real-time systems (there are various methods; for my needs, RTLinux's approach appears quite adequate)
This is just a traditional mode for unix, in which networking is disabled, as well as most services, and superfluous filesystems are not mounted (/ and /usr only). Static binaries are usually made for this mode, so that dynamic library loading is not needed (in case it is broken).
It is just a minimum level for the superuser to operate in and fix problems (not unlike "Safe mode" in windows). The idea is that by relying on minimal resources, the chances of the kernel not booting, or not presenting a login, are very low.
Plus, Transmeta has patents on some of their techniques, so Intel would have to develop other means to achieve the same type of speed/heat performance.
if you throw a quatum computer at any sort of modern encryption it will be cracked in an instant
Completely untrue and uninformed. If Quantum computers are one day able to make 1024 bit RSA keys "insecure", moving to 2048 or 4096 bit keys will almost surely still be secure. Quantum computers may possibly make things more inconvenient, but technology will also favor the users of cryptography, and allow them to use more powerful encryption. As qubits grow, so will key lengths.
I took a trip around the world in 1997, and was in Indonesia during June of that year. I hadn't known that DVD had been introduced, and was thus very surprised to find DVDs offered for "sale" in bootleg shops in Yogjakarta. These were bootleg DVDs, and they would usually rent out the player as well (presumably few could afford their own). They also had movies on VideoCD that had come out the US that Summer (ie. within the month). Now, I don't know what region the DVDs were, perhaps region 1, perhaps not. But, DVDs were definitely being pirated prior to DeCSS, and likely before any CSS crack had been done.
I may be responding to a troll, but "going gold" in this case means being put into final production (ie, CDs being stamped, boxes being made, shipping to start soon, etc.). It does NOT mean what it does for the record industry (ie. that half a million albums have sold). Half a million sales for a computer game is extraordinary, even these days.
It may have been coined originally by occasional Slashdot poster Leo Schwab for his Amiga demo of same name. It certainly helped to further popularize the term. The demo was a clever Robotron spoof.
As Bill Hicks said, "If you are in marketing or advertising... kill yourself."
We almost hired a very bright young programmer who hadn't gone to college. He scored VERY high on the BrainBrench.com C and C++ skills tests, and had other good credentials.
I asked him to provide some example code for me to look at, and he gave me a a short example where he had to optimize a C++ program that did a string rewrite (ie. convert character "A" into "BC", etc.) for a specified number of times. He precomputed the translation once, and gave up there, not realizing that he had taken steps toward moving from a O(N) algorithm to an O(N lg N) algorithm.
It was clear that he had never been drilled in recognizing certain algorithmic patterns, and thus his optimizations employed many language speed up tricks to make C++ faster, but largely ignored using a simple but better algorithm to improve the speed. I rewrote it to use the better algorithm (compute string replacements for levels 2, 4, 8, etc., when needed, rather than 1-N) and eliminate the repeated string copy (by rewriting front to back, then back to front, in a single buffer), and beat his "optimized" version.
In short, while he was great with language skills, particularly w/ C++, he had a lot to learn about algorithms in general, which is the kind of formalism that a university will drill you in, and which is very helpful. For the type of numerical and graphical software development we are doing, it is almost critical.
Still, we would have hired him anyway, but he decided to work elsewhere. Language skills alone made him quite valuable to many employers. But for someone who seemed as talented and bright as he was, he could really achieve much more.
They get profiling information based on archetypes and stereotypes, but they use profiling none-the-less. It may be based on gender, race, type of dress, accents, any other other perception that has taken hold over the years, and been reinforced in salesperson training.
If they COULD get individual information on each person (and that day may be approaching, even if it a company that sells user info globally, and that can recognize faces using a hidden camera; or perhaps home in on the ubiquitous cell phone IDs everyone has, etc.) they would be even happier.
But sales profiling is not new, and is well understood by those who employ it.
If the bad guys had hashed the password with MD5 the police would have been able to crack it much quicker.
Why is this? Clearly searching by brute force, using the assumption of a low-entropy password (ie. ascii characters, and dictionary words) would be quicker than a brute force MD5 match (ie. finding a key that hashes to the same value as the original key). To my knowledge, MD5 has never been shown to be a weak hash (ie. it has appropriate collision properties, and while 128 bits is not as great as SHA-160, it should be more than adequate for protecting simple passphrases)
Do you remember where this "Article" is, or any other details?
I also had problems w/ SCSI systems when installing 7.1 (on three different machines). It seems that the mkinitrd image just wasn't working right. I fixed it by using the bootdisk created during install to bring up the machine, then compiling a kernel with the proper SCSI support built in, rather than as a separate module.
Rather unfortunate, as that was really the only stain on an otherwise excellent system.