Borland extended the Pascal language with a specific contruct to handle Windows messages (the message keyword), so in this sense, even the language itself is Windows-oriented.
You've got a good point, but, to be fair, the MESSAGE keyword is (or should be) used only when implementing wrapper code for Windoze events. In other words, if you're hacking Windoze, that keyword makes your job easier. If you are writting a portable application, you don't touch it.
It is similar (but not the same, I know) to the C standard library's strong resemblence to the UNIX system call API. Of source, the C standard library is not part of the C language proper, which is a key difference. The MESSAGE keyword is indeed rather a nasty wart in an otherwise fairly elegant language.
The VCL of course it full of code that calls the Win API, and is therefore quite specific to that API.
Now that is immaterial. Yes, the VCL is full of Win32 API calls on Windows. On OS/400, it would be full of OS/400 calls instead. The VCL interface remains reasonably constant accross implementations.
To continue the comparison with C, a C standard library implementation will be full of platform-specific code as well. However, the interface defined by the headers is the same. That is the whole point of a standard library, after all: To abstract away platform differences.
VCL is Object Pascal's standard library, and while not as pure as C's, it does a pretty good job. IMNSHO.:-)
I wish there were more details, too. But I have a few insights to add.
On the GUI front, I see three choices:
1. Use WINElib to make existing their Windows code work.
I find this unlikely. For one, Borland generally does not take cheap short-cuts. For another, I know Borland has cross-platform experience: Delphi is available for IBM's OS/400, which is not like UNIX or Windows, AFAIK. Lastly, if Borland pays any attention to the poll they ran, they will see most of their users who knew anything were against WINElib. (Nothing against the WINE folks here; I think it just means Windoze is a pain. We knew that.)
2. Wrap the VCL around GTK, Qt, or some other existing toolkit.
This seems likely. It would make Borland's job a lot easier. As a guess, I would say they would pick Qt. It is more like Windoze then GTK, by design, and Delphi is a Windoze product. Qt is also a little more OOPish then GTK, since Qt uses C++ while GTK uses C. Then again, the free (beer) license of GTK may be appealing.
I doubt we will see more then one toolkit used. It would only make everyone's job harder. Borland's, because they would have to do twice as much work; developers', because they would have to deal with two sets of quirks rather then one; users, because they have twice as many runtime libraries that might be needed.
The VCL is fairly good at abstracting away most of Windows. Sure, there are ways to get at the Windows internals directly. You will find that in any good abstraction (e.g., the C standard library). Borland knows that sometimes you have to go down a level or two. But, properly written code should minimize the number of places that has to be done, or not need to do it at all.
3. Write their own X widget set
There are already too many to count. What difference does one more make?
Compilers
They have already ported their compiler technology, at least in part. A Borland guy mentioned awhile back that they had the Delphi/Builder back-end compiler working on Linux already. Compared to GCC, it has both strengths and weaknesses. I think it is a fair bet they will do their own compiler; that is Borland's bread-and-butter, after all.
OWL
I do not know about OWL. C++Builder does include OWL libraries, headers, and source. The problem is, OWL is just as dependent on Windoze as VCL is, and I doubt Borland is going to port two libraries if they can help it.
(For those who are wondering: OWL is the Object Windows Library, a OOP GUI framework for Windows back when MFC was still a gleam in Microsoft's eye. VCL is the Visual Component Library, the successor to OWL. VCL is even more OOPish then OWL was, and makes Windoze programming doable.)
JVM or JBuilder?
It appears to be just the JVM. Borland has been promising JBuilder for Linux for a few months now, though, so I think we can expect to see a commercial Linux product there soon. Prolly the Solaris port will have to come out first; does anyone know the status of JBuilder on Solaris?
A thin layer around Win32 API functions that has most things you need, but you won't find it.
The VCL is a bit more then a "thin layer"; see MFC for that. The VCL actually does pretty well as an abstraction of your typical GUI these days.
The second part of that sentence... doesn't make sense.:)
...everything in SysUtils.
In C, everything is in one huge namespace. At least Object Pascal gives you a little bit of sanity. Ever look at how many files stdlib.h or unistd.h bring in? Tens of thousands of lines of source is not unheard of.
Object Pascal and Delphi's RTL isn't perfect, no. But then, no language/RTL is. Delphi and the VCL are quite workable, IMNSHO.
I would like to think that someone could die without the discussion degerating into a flamewar on Slashdot. But I am not that naive.
Marion Zimmer Bradley stood out. Maybe she wasn't J.R.R. Tolkien or Issac Asimov, but she was a damn sight better then a lot of the other sci-fi/fantasy authors out there.
She was one of the early women in sci-fi/fantasy. Not only in being a writter, but what she wrote. Women usually figured strongly in her books, and could always think for themselves. That was not that common in sci-fi when she began Darkover in the early 1960s.
Mists of Avalon and its sequel was a unique take on the King Arthur legends.
In her Darkover books, she created a fantasy world where technology met medieval society. It was a world that was not limited to one or two books, but was a continuing, evolving story. Furthermore, she was quite willing to let other authors play in her worlds -- something that is quite rare these days. She may not have been the first to do this, but she stood out by it.
And obviously, "quite a number" of Slashdot readers thought the item newsworthy.
I know that I, for one, think she will be dearly missed.
While past versions of the BDE have been rather unstable, newer releases are much better. I had no problems at all with BDE V5 (Delphi/Builder V4).
It's the main reason my company switched over to C++.
The BDE (Borland Database Engine, for those who don't know) is a library. It is independent of language and compiler. Object Pascal or C++, it does not matter.
Now, if you mean that your company switched to MS Visual C++ and DAO, fine, but say so. (Although I find the idea of switch to DAO to avoid bugs hilarious.):-)
Delphi has a great set of tools for building applications, but the BDE is buggy as hell.
While past versions of the BDE have been buggier then Maine in June, the more recent versions have been much better. I haven't had any problems with BDE 5.0 stuff (Delphi/Builder V4).
It's the main reason my company switched over to C++.
The BDE (Borland Database Engine, for those who do not know) is a library. It does not depend on the language or compiler you are using. Delphi or C++Builder, they both use the same library.
If you meant you switched to MS Visual C++ and DAO, well, fine, but say so. (Even if the thought of switching to DAO to get away from buggy databases is rather amusing to me. )
I have my doubts that it would be an open-source compiler.
Of course it is not going to be an open source compiler. Not everyone cares. Me, I would be willing to pay for a quality RAD tool for Linux. RMS does not like it; that is his prerogative. So far, Borland's tools have done me well. If they stop doing that, then maybe I will start campaining for an OSS GUI IDE.
CBuilder is not that great of a product. [...] More often than not, the "reqirements" for CB4 to make and run my program get in the way of the actual design of what I want. It is not for the faint of heart users.
I am curious as to what the problem is.
If you are looking to build a traditional C/C++ program, then you are better off with the command-line C++Builder compiler, BCC32.EXE. Treat it like GCC and you'll be in good shape. Be sure to specify the "target" as a "Console" app, or it will not work. (This is the fault of Windows, which does not provide main(), amoung other things.)
If that is not the problem, what is? Let me know, I may be able to help.
Ya know, I can only believe this is pure flamebait, so I'm an idiot for responding, but your description shows zero knowledge of how digital signatures work.
Well, perhaps you are an idiot, but I do know how asymmetric cryptography works.
Did it ever occur to you that this chip may implement the algorithms for key generation, message signing, and encryption, while the keys themselves get stored on disk, and fed to the chip using device drivers?
As I said, like "PGP on a chip". Did you read me post at all?
No, I do not know how this chip from IBM works, but neither do you, as far as I can tell. Meanwhile, you and a bunch of other people are doing a headless-chicken-scene, which never helps.
The features of the security chip include key encryption, which encodes text messages, and "digital signatures", which act as unique "watermarks" that identify the sender of the document.
Where in that sentence does is say there is a unique ID embedded in each and every chip? To me, it sounds more like IBM is marketing a hardware-driven security engine, a "PGP on a chip", if you will. I do not see how this translates to a unique serial number on each and every chip.
(Whether you want to trust IBM's security implementation is another matter entirely.)
What does this have to do with My Rights Online? If every hardware crypto product on the market is a violation of the First Amendment to the US Constitution, Slashdot is going to become awful darn cluttered.
When I first read about YRO, I thought it seemed like a good idea. The Internet is a new medium in many ways, and I do not want the government panicking and trying to restrict it. However, YRO seems less about keeping a sensible eye on things and more about paranoid sensationalism, written by anarchists who think that all laws must be bad, all corporations must be bad, everything not invented here must be bad, ahhhhhhhhhhh!
Even if there is a unique ID embedded in this chip, so what? A Unique ID for each computer can be a useful thing. For example, if you are trying to implement property control in a large organization, an electronic serial number would be a Godsend.
The problem with Intel's serial number was twofold: First, they were marketing it for "secure online transactions", something which it is not appropriate for, and second, they tried to smuggle it into every system made, turned on by default. That is not good at all. But there is zero evidence that this scenario is even possible with IBM's chip, let alone going to happen.
Please. Keep your head. Do not react first and then stop to think, or you are just as guilty as the government for panicking when something new comes along.
(And before you tell me "Nobody is forcing you to read YRO": There is thing thing called feedback...)
Actually, it's more like 94^8 (the size of the set of printable characters raised to the number of significant characters in a UNIX password). My computer says that is 6,095,689,385,410,816. Still damn big, of course.
Seeing so many different numbers flying around for how long this should take, I decided to try an experiment. I wrote small C program to call the crypt() function repeatedly in a loop, and timed it. It look about 140 seconds to invoke crypt one million times. Doing the math, that works out to roughly 2706 years to process the entire DES keyspace for a single password. This on my AMD K6-2 at 300 MHz, lightly loaded.
Now, this is hardly an optimized case, but I cannot imagine optimization taking more then an order of magnitude or two off the total. So, 27 years, best case (likely longer). Hmmm. I guess that demonstrates that my information was erroneous. Either my memory is foggy or I was misinformed (or both).:-( Well, foo.
In fact her answer wasn't "I don't know" but rather "I can't discuss that" (not verbatum). I probably should've said this earlier though.
Now that is interesting. If she cannot discuss it, it means she has been instructed not to, for one reason or another. It might simply be NSA policy not to discuss specific commercial products... or that some aspect of the research on the algorithms PGP uses is classified... or maybe the NSA has discovered a weakness somewhere.
Food for thought, for sure. Cool. Thanks for the reply.
Actually, thats impossible, but I think I'm wrong as well.
I don't know jack about the actual crypto algorithms. I am a system admin and an application programer, not a math weenie.:-) So I cannot speak for your math stuff.
But I do know that there are freely available tools that will check UNIX passwords for weakness, and they don't take long to run at all. Granted, they don't cover the *entire* DES keyspace.
I also recall an old college friend getting in trouble for trying to brute-force a UNIX password. His program ran for a couple days on a fairly heavily loaded machine, and covered a good chunk of the keyspace, before they caught him.
So I imagine that there is more to this picture then simply how many IOPS or FLOPS a processor can do.
Besides, she new every single fact about RSA,DES, etc. How could she not know about PGP?
Because she was not part of this hypothetical PGP cracking unit, and she did not need to know.
You have said she was working on a large supercomputer for NSA. Simply working on such a system certainly doesn't mean she has access to the status of every algorithm NSA is aware of. Working on such a system might not even involve any crypto, if she was, e.g., just an OS implementer.
She knows RSA and DES, which is a better sign, but there are a lot of algorithms out there, and I doubt she knows all of them. Maybe her unit is focusing on cracking hardware-based products -- PGP wouldn't even be on their radar!:-)
Come to think of it, isn't RSA used in some flavors of PGP?
Anyway, Occam's Razor says the simplist answer is the correct one. Unless you know otherwise, if she didn't know, it likely means she didn't know.
They also said that it was able to brute force a regular unix password in less than a second!
A modern day PC can brute-force a typical UNIX password in under ten hours. Far less for a password based on a dictionary word, etc. Put a supercomputer on it, and I'm sure it won't take long. This is why we have shadow passwords...:-)
I figured if she would answer my question that it'd be that they attack the seperate components of PGP, but since she _didn't_ answer it, I assumed that they know of a weakness in it
More likely, she just didn't know. The biggest misconception people have about large government agencies is that they function as a single unit. That is contrary to one of the most basic rules of security -- unless you need to know, you don't.
Isn't satellite monitoring the responsibility of the NRO?
The NRO is responsible for visual spy satalites, i.e., pictures of things the enemy is doing.
The satalite stuff the NSA does is to intercept electronic communications (voice and data), so the NSA can monitor and attempt to decrypt enemy message traffic.
I used to work for a USAF contractor developing COMSEC (communications security) accounting software. I can tell you that that primary role of the NSA is making and breaking cryptography. (If you want to speculate wildly on secondary roles, be my guest.)
Ironically, the two parts of their major role are polar opposites. On one hand, the NSA researches new crypto systems, evaluates and approves third-party (i.e., commercial) crypto systems, generates and distributes key, and provides infrastructure to keep all that running.
On the other hand, they are constantly involved in trying to break enemy crypto systems -- providing COMINT (communications intelligence) and SIGINT (signal intelligence) to the rest of the government. They're generally not involved in classic Hollywood "spy stuff". They don't have agents (ala James Bond), domestically or abroad. That's the domain of the CIA.
To the people in the field, the NSA was a source of bureaucracy and paperwork, but did not inspire much fear. The expansion "National Stupidity Agency" was far more common then "No Such Agency".
Which is not to say the NSA is not extremely paranoid. It is. The rules for EMSEC, COMPUSEC, and the like are a royal pain in the you-know-what. The NSA invented them all. But there is nothing "secret" about those rules.
Incidentally, the NSA is trying to get out of the business of generating and distributing crypto key, because it is damn expensive and rather impractical. They distribute over something like 200 tons of crypto key annually. At the same time, however, they want to maintain full, draconian control over everything. The resulting conflicting efforts would be amusing if my tax dollars weren't paying for it.
It [clustering] is taking a bunch of machines and making them act as one... Beowulf-style clusters are one way of doing this...
AFAIK, Beowulf is not really a general clusting solution. Beowulf is more concerned with parallel processing then general clustering. PP takes a problem and breaks it down into many small pieces, distributes those pieces to a bunch of nodes, sets them working, and then collects the result. Your application has to be written specifically for Beowulf, and each node is distinct.
General clustering is, as you say, making many machines appear as one, not only to the outside world, but to the processes running in the cluster. Ideally, a cluster is no different from a single machine. In practice, it gets a little more complex (your applications typically need to be cluster-aware), but from a user POV, it should appear, roughly, as "one big machine".
I have to agree regarding most default free UNIX-like OS installs (political correctness because i'm a FreeBSD fan).
That's funny, because one of the BSDs (OpenBSD, I think) is the major exception to this rule. By default, the machine is locked down, and you have to explictly open doors. I wish Red Hat was that way.
I have never used any of the bigger name UNIXes, so I don't know about those.
My information is a little vague here, as most of the commercial UNIX stuff I've admin'ed has been pre-existing, but my impression was: They didn't come with a whole lot to begin with, but what they did come with, was installed and running by default.
Running SMB over TCP/IP does not involve broadcase packets for data exchange between machines, but does rely on broadcast for the "Network Neighborhood"... how the hell else are you supposed to see who's on your subnet?
My point was that this technique does not affect modem users of Windows, since the broadcasts don't travel over the modem, as far I have seen.
But since you bring it up... the design is still brain-damaged. The only thing you should use broadcasts are is for things like ARP (finding MAC addresses from protocol addresses) or BOOTP/DHCP (to get network configuration information).
The design of SMB around subnets is completely stupid. A subnet is a physical networking structure, but SMB forces you to treat it as a logical grouping. It works fine as long as you're on a single-segment LAN, but as soon as you move onto something like a corporate network, things fall to pieces. The result is a collection of kludges and bad hacks (SMB browse relaying, WINS, NetBlooie broadcast packet forwarding).
The proper way to do name-to-address translation is with a central server. IP's DNS, for example. Even Microsoft has realized this, and is moving towards SMB-with-DNS for Windows 2000 (whenever that comes out).
The file & print sharing service is not installed by default. You have install that separately
On my machine (Windows 95, Revision "B", OEM Service Release 2.0), if I install the drivers for my Ethernet card, Windows add the service automatically.
and then state what you want to share on the network. The hard drive is not share automatically.
Windows creates "hidden" shares by default, of the form "D$", where D is the drive letter, and the dollar sign is literal, indicating it does not show when browsed by the SMB protocol. The share is for the root directory of the drive in question. This might be an NT-only thing, it has been awhile and I don't want to reboot into Windows95 just for this.
My associate recently installed a cable modem in her home and was shocked to find that 'Network Neighborhood' was, literally, her neighborhood! She could see the desktops of all her connected neighbors. This seems like an enormous oversight on the part of cable modem companies...
Geez. How is that Microsoft takes credit for inventing the Internet, yet it is the cable company's fault the security in Windows isn't worth a rat's rear-end? I mean, really. This is like buying a car with no door locks, and then complaining to the highway department when it gets stolen.
For the record: The problem here is that in many cases, when you install a network card, Windows loads the "File & Print Sharing for Windows" (SMB) service by default. Because SMB is brain-damaged and depends on broadcast packets at the datalink layer, this is not a problem over a modem link. Put any "real" network connection on the machine, though, and your entire subnet can see your machine, and in many cases, read the entire hard drive! (MS's SMB server creates "hidden shares" for each disk drive by default as well.)
For that matter, why do so many UNIX/Linux distributions ship with every service on Earth installed and running by default?
The "Site Diary" link at the top of the page is broken.
The "We'll be updating..." (/schedule) link on the front page is also broken.
The "Home Office-Online" link in the sidebar under "Equipment Used" gives you the write-up for the H/P server.
The "IIS on NT vs. Apache on Linux..." (/backgrounder.html) link has bogus characters in it (a target for the "Demoroniser" Perl script).
This is supposed to make us believe the server admins know what they are doing? Please. Why not just have some high school students setup the site? I have a feeling that would be about as valid.
I don't mean to belittle your effort, but if you check the front page of www.hackpcweek.com, you will find they prominately list AboveNet as their host ISP for this test.:-)
Moderating anything up in this discussion just because you think someone deserves the award is rather pointless.
That's not entirely true.
If someone is sitting at their terminal, going, "Hmmm... who could I nominate?", then a constructive thread on Slashdot may well plant an idea. For example, Donald Knuth never occured to me, but I think I like the idea.
You could also use Slashdot to "lobby" for your favorite "canidate", similar to a political rally. And in the sense of trying to show support for someone you think has made an honest contribution, I think that works, too.
Now, trying to manipulate Slashdot comments to affect the outcome of anything outside of Slashdot comments is rather pointless on the whole....:-)
Slashdot Mirror
I occasionally see an app with the giveaway OWL "check" button.
:-)
Just FYI: Delphi's VCL includes a TBitBtn component that gives you those buttons-with-bitmaps as well.
Every time I see GNOME/GTK's buttons with the colored balls and such on them, I think of Delphi.
Borland extended the Pascal language with a specific contruct to handle Windows messages (the message keyword), so in this sense, even the language itself is Windows-oriented.
:-)
You've got a good point, but, to be fair, the MESSAGE keyword is (or should be) used only when implementing wrapper code for Windoze events. In other words, if you're hacking Windoze, that keyword makes your job easier. If you are writting a portable application, you don't touch it.
It is similar (but not the same, I know) to the C standard library's strong resemblence to the UNIX system call API. Of source, the C standard library is not part of the C language proper, which is a key difference. The MESSAGE keyword is indeed rather a nasty wart in an otherwise fairly elegant language.
The VCL of course it full of code that calls the Win API, and is therefore quite specific to that API.
Now that is immaterial. Yes, the VCL is full of Win32 API calls on Windows. On OS/400, it would be full of OS/400 calls instead. The VCL interface remains reasonably constant accross implementations.
To continue the comparison with C, a C standard library implementation will be full of platform-specific code as well. However, the interface defined by the headers is the same. That is the whole point of a standard library, after all: To abstract away platform differences.
VCL is Object Pascal's standard library, and while not as pure as C's, it does a pretty good job. IMNSHO.
I wish there were more details, too. But I have a few insights to add.
On the GUI front, I see three choices:
1. Use WINElib to make existing their Windows code work.
I find this unlikely. For one, Borland generally does not take cheap short-cuts. For another, I know Borland has cross-platform experience: Delphi is available for IBM's OS/400, which is not like UNIX or Windows, AFAIK. Lastly, if Borland pays any attention to the poll they ran, they will see most of their users who knew anything were against WINElib. (Nothing against the WINE folks here; I think it just means Windoze is a pain. We knew that.)
2. Wrap the VCL around GTK, Qt, or some other existing toolkit.
This seems likely. It would make Borland's job a lot easier. As a guess, I would say they would pick Qt. It is more like Windoze then GTK, by design, and Delphi is a Windoze product. Qt is also a little more OOPish then GTK, since Qt uses C++ while GTK uses C. Then again, the free (beer) license of GTK may be appealing.
I doubt we will see more then one toolkit used. It would only make everyone's job harder. Borland's, because they would have to do twice as much work; developers', because they would have to deal with two sets of quirks rather then one; users, because they have twice as many runtime libraries that might be needed.
The VCL is fairly good at abstracting away most of Windows. Sure, there are ways to get at the Windows internals directly. You will find that in any good abstraction (e.g., the C standard library). Borland knows that sometimes you have to go down a level or two. But, properly written code should minimize the number of places that has to be done, or not need to do it at all.
3. Write their own X widget set
There are already too many to count. What difference does one more make?
Compilers
They have already ported their compiler technology, at least in part. A Borland guy mentioned awhile back that they had the Delphi/Builder back-end compiler working on Linux already. Compared to GCC, it has both strengths and weaknesses. I think it is a fair bet they will do their own compiler; that is Borland's bread-and-butter, after all.
OWL
I do not know about OWL. C++Builder does include OWL libraries, headers, and source. The problem is, OWL is just as dependent on Windoze as VCL is, and I doubt Borland is going to port two libraries if they can help it.
(For those who are wondering: OWL is the Object Windows Library, a OOP GUI framework for Windows back when MFC was still a gleam in Microsoft's eye. VCL is the Visual Component Library, the successor to OWL. VCL is even more OOPish then OWL was, and makes Windoze programming doable.)
JVM or JBuilder?
It appears to be just the JVM. Borland has been promising JBuilder for Linux for a few months now, though, so I think we can expect to see a commercial Linux product there soon. Prolly the Solaris port will have to come out first; does anyone know the status of JBuilder on Solaris?
A thin layer around Win32 API functions that has most things you need, but you won't find it.
:)
...everything in SysUtils.
The VCL is a bit more then a "thin layer"; see MFC for that. The VCL actually does pretty well as an abstraction of your typical GUI these days.
The second part of that sentence... doesn't make sense.
In C, everything is in one huge namespace. At least Object Pascal gives you a little bit of sanity. Ever look at how many files stdlib.h or unistd.h bring in? Tens of thousands of lines of source is not unheard of.
Object Pascal and Delphi's RTL isn't perfect, no. But then, no language/RTL is. Delphi and the VCL are quite workable, IMNSHO.
I would like to think that someone could die without the discussion degerating into a flamewar on Slashdot. But I am not that naive.
Marion Zimmer Bradley stood out. Maybe she wasn't J.R.R. Tolkien or Issac Asimov, but she was a damn sight better then a lot of the other sci-fi/fantasy authors out there.
She was one of the early women in sci-fi/fantasy. Not only in being a writter, but what she wrote. Women usually figured strongly in her books, and could always think for themselves. That was not that common in sci-fi when she began Darkover in the early 1960s.
Mists of Avalon and its sequel was a unique take on the King Arthur legends.
She was a founding member of the Society for Creative Anachronism, including naming the organization.
In her Darkover books, she created a fantasy world where technology met medieval society. It was a world that was not limited to one or two books, but was a continuing, evolving story. Furthermore, she was quite willing to let other authors play in her worlds -- something that is quite rare these days. She may not have been the first to do this, but she stood out by it.
And obviously, "quite a number" of Slashdot readers thought the item newsworthy.
I know that I, for one, think she will be dearly missed.
For more information, check out Marion Zimmer Bradley's Fantasy Magazine.
...the BDE is buggy as hell...
:-)
While past versions of the BDE have been rather unstable, newer releases are much better. I had no problems at all with BDE V5 (Delphi/Builder V4).
It's the main reason my company switched over to C++.
The BDE (Borland Database Engine, for those who don't know) is a library. It is independent of language and compiler. Object Pascal or C++, it does not matter.
Now, if you mean that your company switched to MS Visual C++ and DAO, fine, but say so. (Although I find the idea of switch to DAO to avoid bugs hilarious.)
Delphi has a great set of tools for building applications, but the BDE is buggy as hell.
While past versions of the BDE have been buggier then Maine in June, the more recent versions have been much better. I haven't had any problems with BDE 5.0 stuff (Delphi/Builder V4).
It's the main reason my company switched over to C++.
The BDE (Borland Database Engine, for those who do not know) is a library. It does not depend on the language or compiler you are using. Delphi or C++Builder, they both use the same library.
If you meant you switched to MS Visual C++ and DAO, well, fine, but say so. (Even if the thought of switching to DAO to get away from buggy databases is rather amusing to me. )
I have my doubts that it would be an open-source compiler.
Of course it is not going to be an open source compiler. Not everyone cares. Me, I would be willing to pay for a quality RAD tool for Linux. RMS does not like it; that is his prerogative. So far, Borland's tools have done me well. If they stop doing that, then maybe I will start campaining for an OSS GUI IDE.
CBuilder is not that great of a product. [...] More often than not, the "reqirements" for CB4 to make and run my program get in the way of the actual design of what I want. It is not for the faint of heart users.
I am curious as to what the problem is.
If you are looking to build a traditional C/C++ program, then you are better off with the command-line C++Builder compiler, BCC32.EXE. Treat it like GCC and you'll be in good shape. Be sure to specify the "target" as a "Console" app, or it will not work. (This is the fault of Windows, which does not provide main(), amoung other things.)
If that is not the problem, what is? Let me know, I may be able to help.
Ya know, I can only believe this is pure flamebait, so I'm an idiot for responding, but your description shows zero knowledge of how digital signatures work.
Well, perhaps you are an idiot, but I do know how asymmetric cryptography works.
Did it ever occur to you that this chip may implement the algorithms for key generation, message signing, and encryption, while the keys themselves get stored on disk, and fed to the chip using device drivers?
As I said, like "PGP on a chip". Did you read me post at all?
No, I do not know how this chip from IBM works, but neither do you, as far as I can tell. Meanwhile, you and a bunch of other people are doing a headless-chicken-scene, which never helps.
Has anybody tried reading the article?
The features of the security chip include key encryption, which encodes text messages, and "digital signatures", which act as unique "watermarks" that identify the sender of the document.
Where in that sentence does is say there is a unique ID embedded in each and every chip? To me, it sounds more like IBM is marketing a hardware-driven security engine, a "PGP on a chip", if you will. I do not see how this translates to a unique serial number on each and every chip.
(Whether you want to trust IBM's security implementation is another matter entirely.)
What does this have to do with My Rights Online? If every hardware crypto product on the market is a violation of the First Amendment to the US Constitution, Slashdot is going to become awful darn cluttered.
When I first read about YRO, I thought it seemed like a good idea. The Internet is a new medium in many ways, and I do not want the government panicking and trying to restrict it. However, YRO seems less about keeping a sensible eye on things and more about paranoid sensationalism, written by anarchists who think that all laws must be bad, all corporations must be bad, everything not invented here must be bad, ahhhhhhhhhhh!
Even if there is a unique ID embedded in this chip, so what? A Unique ID for each computer can be a useful thing. For example, if you are trying to implement property control in a large organization, an electronic serial number would be a Godsend.
The problem with Intel's serial number was twofold: First, they were marketing it for "secure online transactions", something which it is not appropriate for, and second, they tried to smuggle it into every system made, turned on by default. That is not good at all. But there is zero evidence that this scenario is even possible with IBM's chip, let alone going to happen.
Please. Keep your head. Do not react first and then stop to think, or you are just as guilty as the government for panicking when something new comes along.
(And before you tell me "Nobody is forcing you to read YRO": There is thing thing called feedback...)
2^56 = 72057594037927936 keys
:-( Well, foo.
Actually, it's more like 94^8 (the size of the set of printable characters raised to the number of significant characters in a UNIX password). My computer says that is 6,095,689,385,410,816. Still damn big, of course.
Seeing so many different numbers flying around for how long this should take, I decided to try an experiment. I wrote small C program to call the crypt() function repeatedly in a loop, and timed it. It look about 140 seconds to invoke crypt one million times. Doing the math, that works out to roughly 2706 years to process the entire DES keyspace for a single password. This on my AMD K6-2 at 300 MHz, lightly loaded.
Now, this is hardly an optimized case, but I cannot imagine optimization taking more then an order of magnitude or two off the total. So, 27 years, best case (likely longer). Hmmm. I guess that demonstrates that my information was erroneous. Either my memory is foggy or I was misinformed (or both).
Somebody flag that post of mine "Overrated".
In fact her answer wasn't "I don't know" but rather "I can't discuss that" (not verbatum). I probably should've said this earlier though.
Now that is interesting. If she cannot discuss it, it means she has been instructed not to, for one reason or another. It might simply be NSA policy not to discuss specific commercial products... or that some aspect of the research on the algorithms PGP uses is classified... or maybe the NSA has discovered a weakness somewhere.
Food for thought, for sure. Cool. Thanks for the reply.
Actually, thats impossible, but I think I'm wrong as well.
:-) So I cannot speak for your math stuff.
I don't know jack about the actual crypto algorithms. I am a system admin and an application programer, not a math weenie.
But I do know that there are freely available tools that will check UNIX passwords for weakness, and they don't take long to run at all. Granted, they don't cover the *entire* DES keyspace.
I also recall an old college friend getting in trouble for trying to brute-force a UNIX password. His program ran for a couple days on a fairly heavily loaded machine, and covered a good chunk of the keyspace, before they caught him.
So I imagine that there is more to this picture then simply how many IOPS or FLOPS a processor can do.
Besides, she new every single fact about RSA,DES, etc. How could she not know about PGP?
:-)
Because she was not part of this hypothetical PGP cracking unit, and she did not need to know.
You have said she was working on a large supercomputer for NSA. Simply working on such a system certainly doesn't mean she has access to the status of every algorithm NSA is aware of. Working on such a system might not even involve any crypto, if she was, e.g., just an OS implementer.
She knows RSA and DES, which is a better sign, but there are a lot of algorithms out there, and I doubt she knows all of them. Maybe her unit is focusing on cracking hardware-based products -- PGP wouldn't even be on their radar!
Come to think of it, isn't RSA used in some flavors of PGP?
Anyway, Occam's Razor says the simplist answer is the correct one. Unless you know otherwise, if she didn't know, it likely means she didn't know.
:-)
They also said that it was able to brute force a regular unix password in less than a second!
:-)
A modern day PC can brute-force a typical UNIX password in under ten hours. Far less for a password based on a dictionary word, etc. Put a supercomputer on it, and I'm sure it won't take long. This is why we have shadow passwords...
I figured if she would answer my question that it'd be that they attack the seperate components of PGP, but since she _didn't_ answer it, I assumed that they know of a weakness in it
More likely, she just didn't know. The biggest misconception people have about large government agencies is that they function as a single unit. That is contrary to one of the most basic rules of security -- unless you need to know, you don't.
Isn't satellite monitoring the responsibility of the NRO?
The NRO is responsible for visual spy satalites, i.e., pictures of things the enemy is doing.
The satalite stuff the NSA does is to intercept electronic communications (voice and data), so the NSA can monitor and attempt to decrypt enemy message traffic.
I used to work for a USAF contractor developing COMSEC (communications security) accounting software. I can tell you that that primary role of the NSA is making and breaking cryptography. (If you want to speculate wildly on secondary roles, be my guest.)
Ironically, the two parts of their major role are polar opposites. On one hand, the NSA researches new crypto systems, evaluates and approves third-party (i.e., commercial) crypto systems, generates and distributes key, and provides infrastructure to keep all that running.
On the other hand, they are constantly involved in trying to break enemy crypto systems -- providing COMINT (communications intelligence) and SIGINT (signal intelligence) to the rest of the government. They're generally not involved in classic Hollywood "spy stuff". They don't have agents (ala James Bond), domestically or abroad. That's the domain of the CIA.
To the people in the field, the NSA was a source of bureaucracy and paperwork, but did not inspire much fear. The expansion "National Stupidity Agency" was far more common then "No Such Agency".
Which is not to say the NSA is not extremely paranoid. It is. The rules for EMSEC, COMPUSEC, and the like are a royal pain in the you-know-what. The NSA invented them all. But there is nothing "secret" about those rules.
Incidentally, the NSA is trying to get out of the business of generating and distributing crypto key, because it is damn expensive and rather impractical. They distribute over something like 200 tons of crypto key annually. At the same time, however, they want to maintain full, draconian control over everything. The resulting conflicting efforts would be amusing if my tax dollars weren't paying for it.
It [clustering] is taking a bunch of machines and making them act as one... Beowulf-style clusters are one way of doing this...
AFAIK, Beowulf is not really a general clusting solution. Beowulf is more concerned with parallel processing then general clustering. PP takes a problem and breaks it down into many small pieces, distributes those pieces to a bunch of nodes, sets them working, and then collects the result. Your application has to be written specifically for Beowulf, and each node is distinct.
General clustering is, as you say, making many machines appear as one, not only to the outside world, but to the processes running in the cluster. Ideally, a cluster is no different from a single machine. In practice, it gets a little more complex (your applications typically need to be cluster-aware), but from a user POV, it should appear, roughly, as "one big machine".
I have to agree regarding most default free UNIX-like OS installs (political correctness because i'm a FreeBSD fan).
That's funny, because one of the BSDs (OpenBSD, I think) is the major exception to this rule. By default, the machine is locked down, and you have to explictly open doors. I wish Red Hat was that way.
I have never used any of the bigger name UNIXes, so I don't know about those.
My information is a little vague here, as most of the commercial UNIX stuff I've admin'ed has been pre-existing, but my impression was: They didn't come with a whole lot to begin with, but what they did come with, was installed and running by default.
Running SMB over TCP/IP does not involve broadcase packets for data exchange between machines, but does rely on broadcast for the "Network Neighborhood"... how the hell else are you supposed to see who's on your subnet?
My point was that this technique does not affect modem users of Windows, since the broadcasts don't travel over the modem, as far I have seen.
But since you bring it up... the design is still brain-damaged. The only thing you should use broadcasts are is for things like ARP (finding MAC addresses from protocol addresses) or BOOTP/DHCP (to get network configuration information).
The design of SMB around subnets is completely stupid. A subnet is a physical networking structure, but SMB forces you to treat it as a logical grouping. It works fine as long as you're on a single-segment LAN, but as soon as you move onto something like a corporate network, things fall to pieces. The result is a collection of kludges and bad hacks (SMB browse relaying, WINS, NetBlooie broadcast packet forwarding).
The proper way to do name-to-address translation is with a central server. IP's DNS, for example. Even Microsoft has realized this, and is moving towards SMB-with-DNS for Windows 2000 (whenever that comes out).
The file & print sharing service is not installed by default. You have install that separately
On my machine (Windows 95, Revision "B", OEM Service Release 2.0), if I install the drivers for my Ethernet card, Windows add the service automatically.
and then state what you want to share on the network. The hard drive is not share automatically.
Windows creates "hidden" shares by default, of the form "D$", where D is the drive letter, and the dollar sign is literal, indicating it does not show when browsed by the SMB protocol. The share is for the root directory of the drive in question. This might be an NT-only thing, it has been awhile and I don't want to reboot into Windows95 just for this.
My associate recently installed a cable modem in her home and was shocked to find that 'Network Neighborhood' was, literally, her neighborhood! She could see the desktops of all her connected neighbors. This seems like an enormous oversight on the part of cable modem companies...
Geez. How is that Microsoft takes credit for inventing the Internet, yet it is the cable company's fault the security in Windows isn't worth a rat's rear-end? I mean, really. This is like buying a car with no door locks, and then complaining to the highway department when it gets stolen.
For the record: The problem here is that in many cases, when you install a network card, Windows loads the "File & Print Sharing for Windows" (SMB) service by default. Because SMB is brain-damaged and depends on broadcast packets at the datalink layer, this is not a problem over a modem link. Put any "real" network connection on the machine, though, and your entire subnet can see your machine, and in many cases, read the entire hard drive! (MS's SMB server creates "hidden shares" for each disk drive by default as well.)
For that matter, why do so many UNIX/Linux distributions ship with every service on Earth installed and running by default?
It hardly stops there.
The "Site Diary" link at the top of the page is broken.
The "We'll be updating..." (/schedule) link on the front page is also broken.
The "Home Office-Online" link in the sidebar under "Equipment Used" gives you the write-up for the H/P server.
The "IIS on NT vs. Apache on Linux..." (/backgrounder.html) link has bogus characters in it (a target for the "Demoroniser" Perl script).
This is supposed to make us believe the server admins know what they are doing? Please. Why not just have some high school students setup the site? I have a feeling that would be about as valid.
I don't mean to belittle your effort, but if you check the front page of www.hackpcweek.com, you will find they prominately list AboveNet as their host ISP for this test. :-)
I'm seeing:
Clear! Bzzzzt!
Moderating anything up in this discussion just because you think someone deserves the award is rather pointless.
:-)
That's not entirely true.
If someone is sitting at their terminal, going, "Hmmm... who could I nominate?", then a constructive thread on Slashdot may well plant an idea. For example, Donald Knuth never occured to me, but I think I like the idea.
You could also use Slashdot to "lobby" for your favorite "canidate", similar to a political rally. And in the sense of trying to show support for someone you think has made an honest contribution, I think that works, too.
Now, trying to manipulate Slashdot comments to affect the outcome of anything outside of Slashdot comments is rather pointless on the whole....