Serial and Parallel in a SchizoPhrenic article?
on
Future I/O Standards
·
· Score: 4
OK, something is seriously, hardcore, balls-out to-the-mat bugging me about this article. It's as if two people wrote it--one with a clue(and an impressive amount of such at that--lots of very fascinating stuff embedded within this article!), and then, the one who went without.
I'm not kidding--I've actually never read an article that on certain levels provided a fascinating glimpse at things to come, but on others rang so wrong that I was left in shock.
Bottom line: Somebody's agenda is leaking. Lets look at the Parallel v. Serial chart:
Parallel I/O Bus Serial I/O Channel Max Physical Bus Length 1 meter 10,000 meters Conductors/Pins 90+ 4 to 8
Grantable.
Conductor Materials Copper Copper, fiber optic
What? You can't deploy a fiber solution with multiple cables? None exist?
Given the range on fiber cabling, a rather intriguing method of avoiding data interception is rotating your bits through the available transmission lines, then routing each line through a different path. Now, you could always have the same bit travel over the same cable, or you could use a pseudorandom algorithm with a shared secret seed(see spread spectrum), but you'd most assuredly have a parallel architecture that was fiber optically based.
Slots/Fanout 3 to 16 slots for adaptors Hundreds of channel addresses
Uhm, really? Serial doesn't necessarily possess hundreds of channel addresses any more than parallel must necessarily not be implemented over fiber lines. RS-232, HSSI, pretty much any serial standard outside of USB/Firewire/That funky serial PCI replacement that was hangin' around the last Linuxworld is strictly point to point.
The fact that Serial is much, much less tricky to physically handshake is the reason we've seen so many R&D development dollars poured into it. Make no mistake--Serial may be awesome, but this is a new thing. The general attempt has been to spooge parallel design style into a serial interface. The sheer fact that you have more channels to deal with generally means that it's far, far simpler to design for(how many of these serial systems just have a "magic chip" that expands the incoming serial stream into the parallel bus everybody knows and loves?). But, there's no conspiracy going on here; the advantages one gets from ridiculous quantities of theoretical bandwidth and easier hardware development are rather offset by the advantages of flexible cabling, smaller devices(ever seen those minimodems that aren't even the full size of the slot?), and a blurring between internal and external interfaces. Lets not forget the ability to Kill The Beige Box;-)
Power Supplied Yes No
Gee, small problem, you have twenty cards in your machine, now you have twenty more wires...anyway, this is ridiculous. They're pitching a specific implementation and calling it the architecture as a whole. You can power hard drives off of Firewire, which last I checked wasn't 90 pins in a fanned slot formation.
Addressing Scheme Physical address bus Network addressing
There's a mantra embedded in this that screwed USB rather royally for all sorts of reasons. Turned out USB provided no way to verify which instantiation of a device is which--in other words, if I plug two Super Nintendo controllers into a Super Nintendo, the console knows that the controller plugged into the "Player 1" slot is the 1st controller, and the controller plugged into the "Player 2" slot is the second controller.
You can't do that with USB--every time you boot up, the order randomly shifts. They were so keen on network centric addressing, and so loathe to demand addressing be physically built onto every single device, that they completely broke multiplayer gaming on the same system.
Again, a flaw with the implementation, not the overall architecture.
Total Bandwidth Single session, unidirectional Multiple session, bi-directional
Oh my. Is that so. I would have thought it was easier with those aforementioned 90 pins of parallel joy to have quite a few streams of data traveling over physically independent traces, as opposed to a multiplexed, time lagged, two wire system, which incidentally has no requirement to be bidirectional at all thank you very much.
I'm not one to go ballistic--check my posts, this is rather out of character. But reading something like this pretty much just forces me to go a bit out of character and post the following, care of Richard Heritage, Circa 1995:
God is this [stupid]. I mean, this is rock-hard stupid. Dehydrated-rock-hard stupid. Stupid so stupid that it goes way beyond the stupid we know into a whole different dimension of stupid. It is trans-stupid stupid. Meta-stupid. It is stupid collapsed on itself so far that even the neutrons have collapsed. Stupid gotten so dense that no intellect can escape. Singularity stupid. It is a blazing mid-day sun on Mercury stupid. It emits more stupid in one second than our entire galaxy emits in a year. Quasar stupid. This has to be a troll. Nothing in our universe can really be this stupid. Unless this is some primordial fragment from the original big bang of stupid. Some pure essence of a stupid so uncontaminated by anything else as to be beyond the laws of physics that we know. I'm sorry. I can't go on.
That being said, lets take a look at the rest of the article, which appears to be quite good:
the blurring of the distinction between I/O and networking
This is significant. There's an artificial distinction between networking and system I/O, propogated by belief that all the essential components that a system requires should be held as physically close and as accessably fast as possible. As individual device speeds fail to scale in comparison with available bandwidth(how many megs a sec are we pulling off of hard drives nowadays...now how fast can UDMA66 go? How fast can PCI 2.1 go?), aggregation of large numbers of individual devices becomes the primary design goal. The difference between multiprocessor boxes and Beowulf style clusters will blur, as systems literally become able to blob together--individual cache space for local processing, but it will end up no slower accessing the hard drive of a neighbor than accessing your own.
(Incidentally--I did some experiments a while back with two computers having their external SCSI adapters connected, thus appearing to make a single CDROM show up on both machines. Fascinating stuff, but it's not usable--one computer would freeze as the other initiated SCSI connectivity to the CD drive. Of course, this was on a friend's pair of Windows machines...)
Without adapters full of hardware providing a barrier to access for incompetent or wayward coders, device-level hackers will have unprecedented access to system internals. Obviously, this is a technology direction that needs to take security very seriously.
Somebody's trying to sell hardware that provides a barrier to access against incompetent or wayward coders. What, are they saying that device driver writers right now can't embed trojans in a mouse driver that send data from sensitive blocks of the hard drive to a drop point on a remote network? Give me a break--device drivers have low level system access. There are schemes to address limiting a given driver to a given range, but the entire concept of a driver(the segment in kernelspace that directly interfaces with some hardware) bristles pretty harshly at the reality of being unable to issue calls to given hardware addresses.
Actually, a general design where a driver must declare what bus addresses it plans to use--and is then held to that by the operating system--is a pretty good way to prevent faulty drivers from taking down excessive amounts of hardware.
No, the real thing to worry about isn't so much untrustable drivers as untrustable hardware. What happens when your network bus is your keyboard bus is your hard drive bus is your memory bus? Answer: You've suddenly got lots and lots of meaningless, inconsequential hardware on the same bus as mission critical, highly secured equipment. Imagine a rootmouse that, upon being plugged in, was able to query the harddrive for the contents of/etc/shadow, completely independant of the directives from the underlying operating system. This must remain a top priority of I/O designers, and actually stands as a reason for separating heavily trafficked interfaces from less traveled, more justifiable to lock off ports.
It'll be interesting to see what comes out of the whole SIO gambit. As long as it isn't utterly bungled by Firewire style licensing, it should be interesting.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Consider the ever rising age for requiring identification when purchasing alchohol or tobacco. What started out as a check against the young(read: politically irrelevant) became a burden against not only those commiting crimes but a privacy worry for anyone under the age of thirty(read: politically less relevant).
The parallels to not being able to move from city to city without the proper papers are striking, and while slippery slope logic may be fallacious, there's some pretty empirical evidence that this slope is very slippery, though it takes years to take the trip.
It is likely that the widespread presence of human scanning equipment would lead to mandatory "virtual strip searches" on everyone who passed through, just as the rather private contents of one's pockets and purses must be shown to an X-Ray technician in order to fly.
And strangely enough, should the equipment be there, this would absolutely be the right thing to do in terms of maintaining security.
C'mon. Many of us are network engineers here. If we don't thoroughly check the content that client software passes our servers, we're lambasted for excess trust as we should be. Network security is not different from physical security--the problem is that while packets don't mind being poked, prodded, analyzed, and logged, humans have a...somewhat different perspective. Worse, a human client can piggyback much more than a CGI exploit in their, um, packets.
Greater risk, with a higher "cost" of alleviating that risk. Ouch.
Frisking is undeniably more invasive than any scanner, but the high privacy cost means that agents cannot afford to roughly fondle every member of the public. The selection process used is guaranteed to incorporate profiles that are, at minimum, more accurate than chance, but much, much more questionable for political reasons. The entire quandry of getting full coverage on identified profiles without specifically inconveniencing those parties is cleanly avoided by a quick hands-free scan.
Security up, highly inconvenienced innocents who match the profile down.
Unfortunately, there's the whole problem of T&D.
Happily, this problem can be removed with some amount of programming. You're looking for an algorithm that takes the three input "discoveries"--
A) Blank backdrop B) Skin C) Object thicker than clothing that is obscuring skin
--and flags the machine operator if a given subject possesses any obvious non-skin segments in his scan. Should there be a hit, the computer could execute a filtering operation where the background flesh was erased from the foreground object, and a chart on the screen would overlay the shape of the object over live video of the subject. Should the only offending object be something that the agent could see directly on the person(such as a heart shaped belt buckle), the individual would be waved on. Only if the unidentified object could still not be easily explained by questioning the target would either a pat down search or a full scan need be executed.
Such a solution would prevent inappropriate context from being passed to the shape analysis system(another human) while still allowing universal, non-profiled, secure scanning of aircraft clients wishing to be granted access to company hardware.
I would feel safer with this system.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
I resolve that, my copule hundred line todo list will shrink. I shall transform it from a fantasy document containing tasks that would take me but one caffeine motivated evening yet have remained unfulfilled for years on end, into a lean, mean, "cool shit I haven't yet put onto my killboard" machine. (As such, I now have a ridiculously massive list of resolutions. Great.)
I resolve that, I will care despite the pressure not to, and plunge forward in face of the obvious risk.
I resolve to be less surprised by life making literary sense. Foreshadow this!
I resolve that I shall watch more of the Simpsons, and share in the tragic truth that only an animated show can so skewer so many disturbing aspects of society and still get away with it.
I resolve that I will somehow meet this "CowboyNeal" guy that Rob keeps beating on.
I resolve to learn about such modern concepts as "responsibility", "professionality", and "security through inebriation".
I resolve to end this list.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
I have much to write about this topic, but I'll say this much for now:
The DVD Consortium sent in a serious legal strike team...and they struck out, against two EFF lawyers with nothing but 48 hours to prep and a strong sense of justice.
This is amazing.
When I say a serious legal strike team, I'm talking two lawyers flown in from New York, a local lead counsel, and a senior counsel that didn't even speak--she showed up, looked important, and charged a couple hundred bucks an hour. These guys didn't mess around--their level of preparation was astounding, and they attempted to turn every action of the Open Source community against us. Fortunately, their arrogant use of more than a few smoke and mirrors / straw man tactics was likely seen for what it was.
We don't know yet why the judge ruled the way he did--the ruling basically consisted of three large X's through the plaintiff's proposed order and a blunt denial of any such order.
Most interesting thing of the day? Can't tell you. Second most interesting thing of the day? We won over the sheriff's department. I'm serious--not only were they immensely cooperative(though they did request us to move when we were creating a fire hazard by sheer numbers;-), but the ones I spoke to were genuinely interested in why so many people were converging on their usually much quieter workplace and on the issues that we were there to support.
This was a good day, people. If you plan to come on January 14th, be civil--we stood in marked contrast to the disturbingly insistent lawyers for the plaintiff, and shined beautifully.
A great time was had by all.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
This post comes late in this discussion, and as such I have no guarantees that you'll end up seeing this message. However, your group has made a decidedly honorable request to Slashdot, so I'll take my chances and provide you with some commentary on your acquisition plan:
You're dooming yourself to, at best! Abit motherboards. It's tragic, but while Abit motherboards make for excellent gaming machines, they're simply not of Asus caliber. I'm dead serious: Recently, my friends and I spent upwards of 50 hours combined trying to get Linux to work with an Asus BH6 and a large Maxtor UDMA-66 drive. The number of incompatibilies and instabilities I encountered was pretty much the worst experience I've had with off the shelf stuff, bar none.
The Asus just worked, and has been rock solid for me ever since.
In any system you build, reliability is far more important than speed, and if you poke around you'll find far, far, far fewer horror stories referencing Asus motherboards than any other brand. The reason is simple--if they can't do a technology right, they won't do it at all. Asus has not yet released a motherboard with integrated UDMA-66 for this reason, and they're pretty much the hardware company I respect the most because of it.
If Asus hasn't released a RIMM supporting Mobo(they may have, I don't know), there's a reason.
CPUwise, has Asus given in on releasing a K7 mobo yet? Last I checked, Intel was playing off people like me who won't get a motherboard unless Asus makes it by threatening Asus with extreme price increases if they supported AMD's chips. Nasty stuff.
You should specify UDMA-66 expansion cards, and leave 'em empty.
SCSI: Integrated Ultra 160/M SCSI and Ultra/Wide SCSI Controllers 9GB Ultra 160/M SCSI (7200 rpm) hard drive (internal) 36GB (or larger) Ultra 160/M SCSI (10000 rpm) hard drive (internal)
SCSI on the motherboard is unnecessary, and you're risking greater downtime through the loss of replaceable components. A spurious shock through the SCSI line can (rarely, but possibly) short out your SCSI bus. Replacing a card is a hell of alot less downtime than replacing the system's motherboard!
Furthermore, it sounds like you plan to store quite a bit of content on this machine--I'd be interested in your design justifications for two, drastically different sized hard drives. Considering the amount of storage you're planning to use, I'm wondering if you shouldn't spec out using Hardware RAID-5 w/ three 36GB drives. That would give you much more aggregate transfer speed, as well as hot-swappable reliability(you'd be able to lose any single drive yet not lose a byte of data). While I understand RAID-5 is much more of a server technology than one you'd expect on a workstation, your workstation has been spec'd with server level design considerations and I can't imagine why the storage solution should be any less professional.
With regards to the controller, I'd normally suggest a solution based upon Adaptec's generally excellent hardware, but Mylex's eXtremeRAID 2000 looks like it'd fit your needs quite nicely, and has company-supported Linux drivers.
Diskwise, I've heard good things about IBM(who invented GMR, the technique a good chunk of the industry depends on for the kind of high density platters we know and love) and Seagate. I'd at minimum specify a range of brands you'd accept for the hard drive--remember, moving parts = more likely to die.
Networking: 3Com 3C905B-TX ethernet card (PCI)
(Disclaimer: I work for Cisco, but this advice long predates my employment there.)
Get a Tulip(DEC 21440 or Compaq-Purchase Remarked Equivalent) based card. Yes, they're inexpensive, but Beowulf code was originally developed on Tulip equipped clusters of machines. As such, Don Becker has optimized their drivers to an absolutely ridiculous degree, and there are several kernel networking settings that are just not easily available for any other architecture. (I believe the Intel cards have some of the fast routing code ported to them.)
In general, Tulips are pretty much the network cards to standardize on, no matter what your operating system.
Video's OK, I'd suggest something by Diamond based on nVidia's new GeForce256 processor with reservations that I haven't looked into their Linux 2D/3D performance yet. The GeForce256 is a specific model that's likely to end up very well supported, due to its extensive Christmas sales and ostensible inclusion in MS's coming X-Box. (3D Visualization hardware is now completely driven by gamers. Remember when gamers used to get the sims from the Army?;-)
Sound: Go SB-Live. The Linux drivers for it are excellently stable, the card has digital I/O, and the chipset is likely to become an immensely powerful programmable DSP in the near future. The card also has an excellent noise floor--a striking improvement over the rest of the historically noisy Sound Blaster line.
Specify the four point cambridge soundworks speakers, if you can. One thing you forgot is a microphone! You need one short range, noise/echo cancelling, unidirectional mic that gets mounted on the monitor. You need one long range "speakerphone" omnidirectional mic for conference-over-IP sessions. Both mikes(and probably all sound in general) need to be hooked through an A/V box that defaults to physically separating the microphones from the mic port on the sound card. It's great to be able to use data links as emergency/impromptu voice channels, but you don't want an adversary to use your computer as a listening post!
300W or greater power supply
Ah, power. Hot-swappable power? Not inconceivable, though we're starting to really push the separation between Workstationa and Server with one of those;-)
Specify a UPS for this machine, preferably one of those "Brick Walls" that can survive direct lightning strikes without sacrificial elements.
Portable Storage: LS-120 internal superfloppy (IDE) 5X (or faster) DVD drive (internal - IDE or SCSI)
The LS-120's are nice if your organization has standardized on them, but that's about it.
Specify a SCSI DVD drive, simply because you'll weed out the "consumers won't need this more the six months" fly by night hardware makers that only work in IDE. Plus, the CPU load of doing anything in IDE is ridiculous--I did a move from one large IDE drive to another...2.5MB/s, 75% CPU on Celeron 450. Ouch.
Another main advantage of a SCSI drive is that it lends itself well to integration with a SCSI CD-Burner. Don't discount these--there's just literally nothing at all better for moving 2 to 650 megs of data from one machine to another, particularly for emergency drop ships. (I built our groupware CD burning page at work for precisely this reason.) I highly suggest the Yamaha 8x SCSI-3 burner--I just bought one, and much like the Asus, it Just Worked.
Even if your system is prebuilt for you, parts that "Just Work" contribute significantly to the long term life of the system as a whole.
Keyboard: Soft-touch keyboard (no keyclick)
Specify the Microsoft Intellikey Pro, *NON ELITE*(with the god awful diamond star arrows). Technically, the thing is actually pretty nice, particularly with its feel, but RSI injuries are real and 2000 is pretty much going to be the year of Lawyers vs. Engineers. This is one less thing for you to worry about.
Warranty: 3 year parts and labor
No long term support contract on the operating system? (RH6.x? You might want to replace this with 'Red Hat Linux, Present Revision') I understand why you'd want this--either your in house talent is that good, or you don't want to be stuck with the random low bid being your support provider too. I'd personally vouch for VA Linux as a provider of enterprise level support--stock price aside, these guys know their stuff. IBM and Linuxcare(who doesn't sell machines, but provides top notch 24x7 support) are also good companies.
Other stuff you didn't mention
Modem: Don't try to depend on everything always being up. In a pinch, you need to be able to interact with analog(radio?) communication lines. Definitely v.90, and if it's internal, it must be a full com port implementation. Internal is preferable(nothing to lose), but it'll be harder to find one that isn't a Winmodem. Do not trust the Winmodem drivers for Linux--see the SB Live driver, before they opened it.
TV Adapter--you may need to output to video for presentations or whatnot. This is entirely dependant on your needs.
Temperature--heat sensors are a very, very good thing.
I hope this content was useful. All I ask in return is that if you end up reading this, you notify me so I know I didn't waste my time picking through your acquisition request(which was overall quite good!).
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Combine extreme paranoia about web site security, a money stream coming straight out of PR Maintenance, and a "get-rich-quick" mentality that infuses Internet businesses, and you get an environment rife for the creation of snake oil cures and security systems that work by seeing to the financial security of the software authors.
Of course, the natural defense to such hucksterism is the presence of groups such as yours. What are some of the products and techniques that you've seen, debunked, and felt you intelligence insulted by?
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Not when they exist. I think the word Don was reaching for in his quest for verbosity was arbitrariness.
Well, speaking of snobbery, sniffing loudly that I used "arbitrarity" instead of "arbitrariness" is pretty f*cking high up there;-)
Anyway, as long as we're having a rousing semantic discussion, check this out:
Security Through...
Obscurity, not Obscureness Impossibility, not Impossibleness Predictability, not Predictableness
That being said, I'd rather not my writing be interpreted as "dry". I'll work on that--last thing I want to do is bore or annoy people with something as relatively small as simple style.
netcat did not come from loft. it was made by hobbit.
Well, don't I feel foolish. Always assumed by the URL(http://www.l0pht.com/~weld/netcat/) that nc was their doing. I'd heard of hobbit, but for some reason assumed he was part of the l0pht.
*Feeling very, very, sheepish right now.*
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
One of the most interesting applications to come out of the L0pht has been nothing but the immensely useful Netcat. Built to transfer arbitrary data at all costs, it's been used countless times when one needs your data to get from point A to B without interference by the various vagaries of the underlying content.
What's interesting about this, in my mind, is that instead of whipping up a new protocol to transport the independent units of whatever types of data one needs to send, netcat allows simple, unimpeded transport of whatever happens to go over the pipe--syslogs, files, shells, video.
Yet, while each of these custom protocols will toss over the data they were built to, the quality of the protocol design is often eroded by the content normally transfered over it such that only that content can effectively be transported using that protocol.
And thus lies the problem--whereas netcat is built to transfer anything, and is thus very unlikely to fail no matter what traffic enters the datastream, it's enough trouble to write custom protocol handlers that manage to read the data as intended, let alone possess the hands-off arbitrarity that you've designed into netcat.
Thus, my question: Should there be a libnc equivalent, one that security-conscious software coders could use to avoid the vagaries of raw socket code(and the obvious insecurity of shell pipes)? Or would this inspire a false sense of security and in fact make things worse?
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Would you agree that security and stability are but different sides of the same coin? In other words, a security exploit is truly nothing more than a expertly controlled failure?
If so, how much stock can we put into the "metadesign" of limiting the damage an exploit can create by attacking the ability of a failure to be controlled? Should operating systems incorporate such "unpredictability engines" when being run in a production, non-debugging manner? Or is such a design not worth pursing, for various reasons?
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
P.S. First poster to make a crack about modulating the shield harmonics is gonna get a pie in the face;-)
Most, *not all*, but most client side hacks work because the server is trusting the client to provide data that provides state data regarding a separate client not under the same security/permissions context.
For example--I shoot a rocket launcher at you, and the server lets me decide whether or not the rocket hits. It doesn't matter whether the system is open or closed source--this is a flaw. Give a dedicated opponent a day with TCPDump and rockets will be teleporting all over the place.
Any server, whether it is a game server, an IP Telephony Gateway, or a simple web proxy, must be designed to exclude all contexts but those that originate from the client from what content will be accepted from that client.
This is not an impossible endeavor. Starcraft, for instance, has binary modification software that changes unit commands. Even in a peer to peer two player game, the modifications work perfectly until they ask a unit to execute a command that unit cannot do. Then, the other client detects the cheat and the game is immediately cancelled.
The immediate response, of course, is that this peer to peer arrangement prevents information hiding. If your client is always verifying that other clients aren't cheating, then you can always watch the incoming datastream to know what's going on. Therein lies the reason why peer to peer isn't a particularly good topology for competitive gaming--there's no server to restrict the visible dataflow to that which the given client should see.
Interestingly enough, the most inevitable (and least fixable) hack involves changing not the game but the video card drivers. Metabyte, the dementedly gifted hackers that gave gamers the first multi-API stereovision solution(and the single-pixel-resolution-adjustment power for Voodoo 2's), had a single revision of their drivers out for one day that artificially forced transparency on all surfaces. They called it X-Ray--needless to say, it made shooting around corners quite a bit easier. It also got shouted of existence rather quickly;-)
Reminiscent of Crypto, ain't it? Where's your trustable end point?
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
The Hubble Repair mission should remind us of what, sadly, has been somewhat forgotten as of late:
These guys know their stuff.
When I sysadmin a machine I'm standing next to...I'm standing on something. I'm not floating in nothingness, hoping my toolkits don't float away into the emptiness of space, trying not to bend a couple hundred gold pins while wearing massive mittens and a spacesuit that I have to continually check for tears.
I also don't generally do it for eight hours straight without so much as a water break.
Similarly, when I'm admining a system remotely, I'm not piggybacking on top of a defense network that I can lose access to at any moment, nor am I trying to fit modern computational systems into a space-hardened antiquated piece of hardware. These are some crazy skilled coders, and they deserve much more respect than the budget-forced unit conversion fiasco implied. (We should be ashamed for the reaction! These )
I'm proud of NASA, and I'm proud of the engineer-athlete-scientists who made the Hubble space telescope possible. Thank you. Your work is appreciated.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
There are two ways to deal with failures: Work to prevent them, or accomodate(and recognize) their presence.
NASA generally chooses to use failure prevention(via "hardening" engeering that adds voting circuits, for example) until it can get a high enough success rate such that the rare failed computations are an acceptable cost in the face of a vast majority of successful operations.
One thing to think about is that, in general, the Hubble itself is not the device that requires ridiculous amounts of computational power. It's far cheaper to have your supercomputers terrestrially based than to launch them twenty thousand miles in the sky! The Hubble is rather like the equivalent of a wireless VVVWAN passive sniffer / protocol converter, exchanging photons sent from distant lands into data which is then sent to the ground based equipment for rendering.
Do you demand that your network card have a Sixth Generation x86 chip? Same difference.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Go with the flow, Mr. Lucas. You're just one director, one movie studio in all of Hollywood (and in all of the world!).
Beyond that, he's one director who should know better, in the one movie studio that brags about it's ability to make its own choices. You can't on one hand have so much responsibility for the entire home theatre industry and in the other ignore the desires of that same industry!
I suppose Lucas could choose to release a copy of TPM spoken in Navajo Crypto Slang. That doesn't mean it wouldn't piss everyone off.
I mean, he's acting like TPM was a much better movie than it honestly really was. The flick excelled in pretty much the one department(graphics and sound) that he's choosing to ignore in his home release. It boggles the mind.
The way I see it, Lucas is saving me money. If he releases TPM on DVD next April, I will buy it. If he releases the next two separately, I will buy those as well. Then, when he decides to do a big box set of all 6, I will buy that too (I'm a completist collector, I have both Pan and Scan and Widescreens version of the original trilogy on both VHS and LD). This way, I just buy the one big box set and save myself some dough.
Look, I don't want to wait. I'm exercising my right to complain that George Lucas is not heeding the wishes of his customers, and I'm praising the Wachowski brothers for exceeding my expectations with their continual support of their film.
Lucas isn't saving you anything. You're losing time. It is a reasonable expectation of the movie industry to release their films for home consumption within a reasonably close timeframe--around three to six months. Lucas has violated this standard consumer expectation. Furthermore, it's unheard of for product to have no announced release date at this point of the movie's life--Lucas is violating this too.
I'm not asking or looking for a top-down boycott/lawsuit/whatever BS is out there. It's pretty simple economics--this provider is not meeting the needs of its customers. While there is an existing penalty to "switching interests"(Star Wars as Vendor Lock-In! Whoa!), I think the presence of far more consumer friendly media players will have its effect on Star Wars.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Ah, but this is not entirely correct. Average it out--an individual of a given interest level can be presumed to purchase x dollars of Star Wars goods over a period of y weeks, thus generating z revenue for George Lucas.
There is no contractual obligation for this consistent flow of dollars, but there's a relationship there. That I have a temporary contract with my bank is meaningless--I can close my account at any time, just like I can choose to lower my interest level in All Goods Star Wars.
Just because you want a TPM DVD for Christmas does not mean that he needs to accomodate you.
Nope. He doesn't. But I don't need to go buy the VHS version, or for that matter be all too happy with the enterprise as a whole. Remember--my bank had every right to reject my request, just like I had every right to close my account, or fail to recommend them to my friends, or whatnot.
Perhaps a better analogy is a supermarket--fail to stock the Mountain Dew that I crave, and not only will I go elsewhere to find Mountain Dew, but I'm going to think less of that supermarket and will be much less likely to return there in the future.
The man probably has many reasons for not releasing a DVD:
1) Plans to rerelease in the theatre
He plans to release in VHS, therefore irrelevant.
2) Doesn't want to put out a DVD months after being released in theatre
Too bad. Consumers don't expect having to wait nine months to buy a movie. The industry standard is, what, four to five months, with the release date announced long in advance?
Lucas refuses to follow the industry lead? Fine. I refuse to look forward to the video release of the movie. I did, however, look quite a bit forward to buying the Matrix DVD, and I wasn't alone.
3) Wants to put out a quality DVD without being rushed
What's he doing, hand-encoding the frames?;-)
4) Has concerns about DVD's ability to protect his IP
Compared to what, VHS?
I just don't understand where you sense of entitelment is coming from.
Consumer Entitlement is the basis of the entire capitalist economy. Customers feel they deserve X. If they're not getting X, they go to another provider who actually does provide X. The original provider thus loses money/influence/power/whatnot, and either goes out of business or fulfills the consumer entitlement.
It's that simple.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
I don't see what any of the above has to do with the DVD release of TPM. Lucas didn't start the rumor. Don't blame him if some people will believe/repeat anything they hear.
Quick clarification(it's an important one):
I'm not disappointed in Lucas denying the rumors--nothing wrong with eliminating falsehood. I'm disappointed that I'm sitting here, half a year after Phantom Menace was released, and the originator of the most stringent audiophile standard(THX) won't even correct the rumor with an official release date.
Hell, he won't even confirm that there will ever be a release date, except for maybe, some time in the future, when all three movies in the trilogy are released.
I'm not pissed at the rumor. I'm pissed that the situation existed for such a basic rumor to even spawn. And, yes, he has every right to release TPM on any media he damn well pleases. However, I'd rather patronize a vendor who meets my needs. The man who spread THX can surely understand why I'd rather watch the Matrix DVD than TPM VHS.
Bad service is bad service. Just because it comes from George Lucas doesn't make it any more forgivable. In fact, it probably makes it even less--The Buck Stops With Him.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
If he chooses not to release on DVD, that is his perrogative. I don't care what his reasoning is. If he doesn't want to release on DVD because he thinks Satan wrote the DVD standards, then so be it.
Allow me to provide an analogy.
I went to my bank today with my paycheck(it finally arrived; just in time for Christmas!). I told 'em I needed the funds from the checks available immediately--I couldn't wait two days, because then I'd be shopping on Christmas.
"Do you have an account with us?"
"Of course."
"Would you like your money in large bills or small?"
I actually just wanted to have the money available on my check card, so I could run to Fry's and imbibe some obscene amount of raw tech. No problem--the teller told me she'd talk to the manager, and make sure the funds went through.
Now, you know? My bank really had no obligation to do anything beyond cash my checks according to the policies I agreed to when I opened my account. That's their job--to hold my money, and give me electronically mediated access to it when I need to withdraw some amount to pay for something.
But, you know what? They did more. They've actually given me surprisingly good service every time I've called upon them. They've gone above and beyond what I'd expect, and I've got myself a 40GB Hard Drive and a 8x Yamaha Burner sitting in my 2.2.14pre16 Linux box(had to upgrade the kernel to support the drive) right now because of their service.
I don't have to do business with Bank of America. I've even heard of other people having far less positive experiences than I. But they've been good to me, so I'll stick with them.
George Lucas, on the other hand, appears to have an autocratic and idiosyncratic grip on what he will and will not provide for the consumer. And that's fine. That's his right. But I'm going to enjoy his movies less, enjoy the universe and all the synergy he can shove down my throat less, because he doesn't see fit to meet the needs of his customers.
This isn't like Open Source. We're paying Lucas quite handsomely for the services he provides. BofA could have left me hanging until tommorow, or even till Christmas Eve, before they would have given me access to my funds. Lucas has chosen to leave his fans hanging until at least some time well after Christmas before he'll fulfill their request for a DVD version of TPM, very literally not in the same century or even millenium that the movie was released in theatres. BofA impressed me. Lucas, I am sad to report, failed to even surprise me.
But that's fine. That's his right. It's also my right to become progressively less and less interested in the increasingly contrived Star Wars universe, and more and more intrigued by the world the Wachowski brothers have created.
That's how it works. As a consumer, I vote with my dollars. And my dollars are going elsewhere.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
I defended The Matrix in another post, but the bottom line is that The Matrix could dwell in the ranks of Ishtar and Planb 9, and I'd still take note of the fact that while Lucas seems to be going out of his way to bleed the Star Wars license out of every red cent, the folks behind the Matrix have seen fit not only to *gasp* actually release what consumers want in time for Christmas, but *also* commission a wide range of stories and comics taking place in the Matrix universe and place them online, free for anyone to read.
I see nothing much left in the Star Wars universe but pretty graphics and dollar signs. There's much more potential to be found with The Matrix.
Our opinions differ. I'll survive.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
hahahaha. You got all hoity toity and then you admitted liking The Matrix. You sir, have no credibility.
Damn straight I liked the Matrix. Forget the obvious reasons--you've heard them, Descartes, kick ass graphics, whatnot.
It's the little touches--the polish--that made that movie what it was.
Remember the scene with the women in the red dress? Betcha didn't notice that the entire crowd was composed of identical twins and triplets--the concept being, Mouse needed to duplicate people in order to create a crowd. Gee, nobody notices, but it's there, and it gives another edge of loneliness once you realize just what that means.
What about the reuse of numbers throughout the movie? Or the fact that the movie has a surprising amount of symmetry, more than you'd expect(sometimes obvious, like the movie beginning/ending in an apartment with a specific number, sometimes less so).
The point is, Matrix was probably one of the more memorable movies in some time, and even if it wasn't, the creators of the movie have shown their fans far more respect than "Independant Filmmaker" Lucas has.
If I lose credibility in your eyes for being of this opinion, oh well.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Aspects of the tragic human tendancy to continually return to an abusive mate are beginning to show up here--a (now retracted) headline story about how maybe, possibly, somehow George Lucas's Audience might actually be granted an ever-so-precious DVD home release of Star Wars, The Phantom Menace, within a year of the original theatrical debut(ooh!).
Oh! My word! He's so great! What a wonderful, selfless, giving man, always willing to take that extra step*BZZZZ* Youch! Damn Pizza Hut chick with a blaster...
C'mon, people. Being jerked around is being jerked around. Lucas is more of an audiophile than most of us combined--for crying out loud, THX. He knows who his fans are. He knows why he's able to fund the entire production of his movies(flicks?) based on the licensing of toy rights alone.
If any film studio was treating its customer base the way Lucas was, the Slashdot community would be up in arms. As is, we truly cannot comprehend how the film industry's ultimate indepedent, a shining symbol of individuality in a land of second guesses and conditional green lighting, could behave in ways more exactingly greedy than the biggest, most cynical corporate mogul could ever imagine. Consumers have purchased--often redundantly--millions of Episodes, Trilogies, and Special Editions, yet we're left in such baited breath that Slashdot posts two stories in three days about how "Oh, we might get DVD...oh wait, who knows if we'll ever get it. Oh fooey!"
Mr. Lucas, this is not the way you respect your customers. This is the way you alienate them. But that's fine, because you know what? This summer, I watched a movie that engaged me technically, that appealed to my philisophical intelligence, that asked questions that were left unanswered. At the end of the movie, not only did I remember each of the character's names but I cared about who they were and why they were. The effects blew me away, both in their originality and in their execution. And you know what the best part was?
No bullshit. No games. Just the top selling DVD thus far. The Matrix has all the magic that George Lucas once tried to honestly sell. Maybe he can do a turnaround--I've made mistakes in my life, publically admitting here the tragedy I see in the fall of Lucas may end up being one of them. Redemption's a good thing. But it's not the end of the world if he doesn't find it. While Lucas was out complaining about all the fans, the Wachowski brothers were hard at work updating www.whatisthematrix.com.
You want to know what the future of engaging your audience looks like? Ask the Wachowski Brothers. They understand.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Slashdot Mirror
OK, something is seriously, hardcore, balls-out to-the-mat bugging me about this article. It's as if two people wrote it--one with a clue(and an impressive amount of such at that--lots of very fascinating stuff embedded within this article!), and then, the one who went without.
;-)
/etc/shadow, completely independant of the directives from the underlying operating system. This must remain a top priority of I/O designers, and actually stands as a reason for separating heavily trafficked interfaces from less traveled, more justifiable to lock off ports.
I'm not kidding--I've actually never read an article that on certain levels provided a fascinating glimpse at things to come, but on others rang so wrong that I was left in shock.
Bottom line: Somebody's agenda is leaking. Lets look at the Parallel v. Serial chart:
Parallel I/O Bus Serial I/O Channel
Max Physical Bus Length 1 meter 10,000 meters
Conductors/Pins 90+ 4 to 8
Grantable.
Conductor Materials Copper Copper, fiber optic
What? You can't deploy a fiber solution with multiple cables? None exist?
Given the range on fiber cabling, a rather intriguing method of avoiding data interception is rotating your bits through the available transmission lines, then routing each line through a different path. Now, you could always have the same bit travel over the same cable, or you could use a pseudorandom algorithm with a shared secret seed(see spread spectrum), but you'd most assuredly have a parallel architecture that was fiber optically based.
Slots/Fanout 3 to 16 slots for adaptors Hundreds of channel addresses
Uhm, really? Serial doesn't necessarily possess hundreds of channel addresses any more than parallel must necessarily not be implemented over fiber lines. RS-232, HSSI, pretty much any serial standard outside of USB/Firewire/That funky serial PCI replacement that was hangin' around the last Linuxworld is strictly point to point.
The fact that Serial is much, much less tricky to physically handshake is the reason we've seen so many R&D development dollars poured into it. Make no mistake--Serial may be awesome, but this is a new thing. The general attempt has been to spooge parallel design style into a serial interface. The sheer fact that you have more channels to deal with generally means that it's far, far simpler to design for(how many of these serial systems just have a "magic chip" that expands the incoming serial stream into the parallel bus everybody knows and loves?). But, there's no conspiracy going on here; the advantages one gets from ridiculous quantities of theoretical bandwidth and easier hardware development are rather offset by the advantages of flexible cabling, smaller devices(ever seen those minimodems that aren't even the full size of the slot?), and a blurring between internal and external interfaces. Lets not forget the ability to Kill The Beige Box
Power Supplied Yes No
Gee, small problem, you have twenty cards in your machine, now you have twenty more wires...anyway, this is ridiculous. They're pitching a specific implementation and calling it the architecture as a whole. You can power hard drives off of Firewire, which last I checked wasn't 90 pins in a fanned slot formation.
Addressing Scheme Physical address bus Network addressing
There's a mantra embedded in this that screwed USB rather royally for all sorts of reasons. Turned out USB provided no way to verify which instantiation of a device is which--in other words, if I plug two Super Nintendo controllers into a Super Nintendo, the console knows that the controller plugged into the "Player 1" slot is the 1st controller, and the controller plugged into the "Player 2" slot is the second controller.
You can't do that with USB--every time you boot up, the order randomly shifts. They were so keen on network centric addressing, and so loathe to demand addressing be physically built onto every single device, that they completely broke multiplayer gaming on the same system.
Again, a flaw with the implementation, not the overall architecture.
Total Bandwidth Single session, unidirectional Multiple session, bi-directional
Oh my. Is that so. I would have thought it was easier with those aforementioned 90 pins of parallel joy to have quite a few streams of data traveling over physically independent traces, as opposed to a multiplexed, time lagged, two wire system, which incidentally has no requirement to be bidirectional at all thank you very much.
I'm not one to go ballistic--check my posts, this is rather out of character. But reading something like this pretty much just forces me to go a bit out of character and post the following, care of Richard Heritage, Circa 1995:
God is this [stupid]. I mean, this is rock-hard stupid. Dehydrated-rock-hard stupid. Stupid so stupid that it goes way beyond the stupid we know into a whole different dimension of stupid. It is trans-stupid stupid. Meta-stupid. It is stupid collapsed on itself so far that even the neutrons have collapsed. Stupid gotten so dense that no intellect can escape. Singularity stupid. It is a blazing mid-day sun on Mercury stupid. It emits more stupid in one second than our entire galaxy emits in a year. Quasar stupid. This has to be a troll. Nothing in our universe can really be this stupid. Unless this is some primordial fragment from the original big bang of stupid. Some pure essence of a stupid so uncontaminated by anything else as to be beyond the laws of physics that we know. I'm sorry. I can't go on.
That being said, lets take a look at the rest of the article, which appears to be quite good:
the blurring of the distinction between I/O and networking
This is significant. There's an artificial distinction between networking and system I/O, propogated by belief that all the essential components that a system requires should be held as physically close and as accessably fast as possible. As individual device speeds fail to scale in comparison with available bandwidth(how many megs a sec are we pulling off of hard drives nowadays...now how fast can UDMA66 go? How fast can PCI 2.1 go?), aggregation of large numbers of individual devices becomes the primary design goal. The difference between multiprocessor boxes and Beowulf style clusters will blur, as systems literally become able to blob together--individual cache space for local processing, but it will end up no slower accessing the hard drive of a neighbor than accessing your own.
(Incidentally--I did some experiments a while back with two computers having their external SCSI adapters connected, thus appearing to make a single CDROM show up on both machines. Fascinating stuff, but it's not usable--one computer would freeze as the other initiated SCSI connectivity to the CD drive. Of course, this was on a friend's pair of Windows machines...)
Without adapters full of hardware providing a barrier to access for incompetent or wayward coders, device-level hackers will have unprecedented access to system internals. Obviously, this is a technology direction that needs to take security very seriously.
Somebody's trying to sell hardware that provides a barrier to access against incompetent or wayward coders. What, are they saying that device driver writers right now can't embed trojans in a mouse driver that send data from sensitive blocks of the hard drive to a drop point on a remote network? Give me a break--device drivers have low level system access. There are schemes to address limiting a given driver to a given range, but the entire concept of a driver(the segment in kernelspace that directly interfaces with some hardware) bristles pretty harshly at the reality of being unable to issue calls to given hardware addresses.
Actually, a general design where a driver must declare what bus addresses it plans to use--and is then held to that by the operating system--is a pretty good way to prevent faulty drivers from taking down excessive amounts of hardware.
No, the real thing to worry about isn't so much untrustable drivers as untrustable hardware. What happens when your network bus is your keyboard bus is your hard drive bus is your memory bus? Answer: You've suddenly got lots and lots of meaningless, inconsequential hardware on the same bus as mission critical, highly secured equipment. Imagine a rootmouse that, upon being plugged in, was able to query the harddrive for the contents of
It'll be interesting to see what comes out of the whole SIO gambit. As long as it isn't utterly bungled by Firewire style licensing, it should be interesting.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Consider the ever rising age for requiring identification when purchasing alchohol or tobacco. What started out as a check against the young(read: politically irrelevant) became a burden against not only those commiting crimes but a privacy worry for anyone under the age of thirty(read: politically less relevant).
The parallels to not being able to move from city to city without the proper papers are striking, and while slippery slope logic may be fallacious, there's some pretty empirical evidence that this slope is very slippery, though it takes years to take the trip.
It is likely that the widespread presence of human scanning equipment would lead to mandatory "virtual strip searches" on everyone who passed through, just as the rather private contents of one's pockets and purses must be shown to an X-Ray technician in order to fly.
And strangely enough, should the equipment be there, this would absolutely be the right thing to do in terms of maintaining security.
C'mon. Many of us are network engineers here. If we don't thoroughly check the content that client software passes our servers, we're lambasted for excess trust as we should be. Network security is not different from physical security--the problem is that while packets don't mind being poked, prodded, analyzed, and logged, humans have a...somewhat different perspective. Worse, a human client can piggyback much more than a CGI exploit in their, um, packets.
Greater risk, with a higher "cost" of alleviating that risk. Ouch.
Frisking is undeniably more invasive than any scanner, but the high privacy cost means that agents cannot afford to roughly fondle every member of the public. The selection process used is guaranteed to incorporate profiles that are, at minimum, more accurate than chance, but much, much more questionable for political reasons. The entire quandry of getting full coverage on identified profiles without specifically inconveniencing those parties is cleanly avoided by a quick hands-free scan.
Security up, highly inconvenienced innocents who match the profile down.
Unfortunately, there's the whole problem of T&D.
Happily, this problem can be removed with some amount of programming. You're looking for an algorithm that takes the three input "discoveries"--
A) Blank backdrop
B) Skin
C) Object thicker than clothing that is obscuring skin
--and flags the machine operator if a given subject possesses any obvious non-skin segments in his scan. Should there be a hit, the computer could execute a filtering operation where the background flesh was erased from the foreground object, and a chart on the screen would overlay the shape of the object over live video of the subject. Should the only offending object be something that the agent could see directly on the person(such as a heart shaped belt buckle), the individual would be waved on. Only if the unidentified object could still not be easily explained by questioning the target would either a pat down search or a full scan need be executed.
Such a solution would prevent inappropriate context from being passed to the shape analysis system(another human) while still allowing universal, non-profiled, secure scanning of aircraft clients wishing to be granted access to company hardware.
I would feel safer with this system.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
I resolve that, my copule hundred line todo list will shrink. I shall transform it from a fantasy document containing tasks that would take me but one caffeine motivated evening yet have remained unfulfilled for years on end, into a lean, mean, "cool shit I haven't yet put onto my killboard" machine. (As such, I now have a ridiculously massive list of resolutions. Great.)
I resolve that, I will care despite the pressure not to, and plunge forward in face of the obvious risk.
I resolve to be less surprised by life making literary sense. Foreshadow this!
I resolve that I shall watch more of the Simpsons, and share in the tragic truth that only an animated show can so skewer so many disturbing aspects of society and still get away with it.
I resolve that I will somehow meet this "CowboyNeal" guy that Rob keeps beating on.
I resolve to learn about such modern concepts as "responsibility", "professionality", and "security through inebriation".
I resolve to end this list.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
What did they say? I'd really like to see a transcript.
Transcripts have been ordered, and DiBona said he'd scan 'em ASAP.
--Dan
I have much to write about this topic, but I'll say this much for now:
;-), but the ones I spoke to were genuinely interested in why so many people were converging on their usually much quieter workplace and on the issues that we were there to support.
The DVD Consortium sent in a serious legal strike team...and they struck out, against two EFF lawyers with nothing but 48 hours to prep and a strong sense of justice.
This is amazing.
When I say a serious legal strike team, I'm talking two lawyers flown in from New York, a local lead counsel, and a senior counsel that didn't even speak--she showed up, looked important, and charged a couple hundred bucks an hour. These guys didn't mess around--their level of preparation was astounding, and they attempted to turn every action of the Open Source community against us. Fortunately, their arrogant use of more than a few smoke and mirrors / straw man tactics was likely seen for what it was.
We don't know yet why the judge ruled the way he did--the ruling basically consisted of three large X's through the plaintiff's proposed order and a blunt denial of any such order.
Most interesting thing of the day? Can't tell you. Second most interesting thing of the day? We won over the sheriff's department. I'm serious--not only were they immensely cooperative(though they did request us to move when we were creating a fire hazard by sheer numbers
This was a good day, people. If you plan to come on January 14th, be civil--we stood in marked contrast to the disturbingly insistent lawyers for the plaintiff, and shined beautifully.
A great time was had by all.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
To Whom It May Concern:
;-)
;-)
This post comes late in this discussion, and as such I have no guarantees that you'll end up seeing this message. However, your group has made a decidedly honorable request to Slashdot, so I'll take my chances and provide you with some commentary on your acquisition plan:
Motherboard:
Intel® 840 chipset
Integrated dual ATA-66 EIDE controllers
You're dooming yourself to, at best! Abit motherboards. It's tragic, but while Abit motherboards make for excellent gaming machines, they're simply not of Asus caliber. I'm dead serious: Recently, my friends and I spent upwards of 50 hours combined trying to get Linux to work with an Asus BH6 and a large Maxtor UDMA-66 drive. The number of incompatibilies and instabilities I encountered was pretty much the worst experience I've had with off the shelf stuff, bar none.
The Asus just worked, and has been rock solid for me ever since.
In any system you build, reliability is far more important than speed, and if you poke around you'll find far, far, far fewer horror stories referencing Asus motherboards than any other brand. The reason is simple--if they can't do a technology right, they won't do it at all. Asus has not yet released a motherboard with integrated UDMA-66 for this reason, and they're pretty much the hardware company I respect the most because of it.
If Asus hasn't released a RIMM supporting Mobo(they may have, I don't know), there's a reason.
CPUwise, has Asus given in on releasing a K7 mobo yet? Last I checked, Intel was playing off people like me who won't get a motherboard unless Asus makes it by threatening Asus with extreme price increases if they supported AMD's chips. Nasty stuff.
You should specify UDMA-66 expansion cards, and leave 'em empty.
SCSI:
Integrated Ultra 160/M SCSI and Ultra/Wide SCSI Controllers
9GB Ultra 160/M SCSI (7200 rpm) hard drive (internal)
36GB (or larger) Ultra 160/M SCSI (10000 rpm) hard drive (internal)
SCSI on the motherboard is unnecessary, and you're risking greater downtime through the loss of replaceable components. A spurious shock through the SCSI line can (rarely, but possibly) short out your SCSI bus. Replacing a card is a hell of alot less downtime than replacing the system's motherboard!
Furthermore, it sounds like you plan to store quite a bit of content on this machine--I'd be interested in your design justifications for two, drastically different sized hard drives. Considering the amount of storage you're planning to use, I'm wondering if you shouldn't spec out using Hardware RAID-5 w/ three 36GB drives. That would give you much more aggregate transfer speed, as well as hot-swappable reliability(you'd be able to lose any single drive yet not lose a byte of data). While I understand RAID-5 is much more of a server technology than one you'd expect on a workstation, your workstation has been spec'd with server level design considerations and I can't imagine why the storage solution should be any less professional.
With regards to the controller, I'd normally suggest a solution based upon Adaptec's generally excellent hardware, but Mylex's eXtremeRAID 2000 looks like it'd fit your needs quite nicely, and has company-supported Linux drivers.
Diskwise, I've heard good things about IBM(who invented GMR, the technique a good chunk of the industry depends on for the kind of high density platters we know and love) and Seagate. I'd at minimum specify a range of brands you'd accept for the hard drive--remember, moving parts = more likely to die.
Networking:
3Com 3C905B-TX ethernet card (PCI)
(Disclaimer: I work for Cisco, but this advice long predates my employment there.)
Get a Tulip(DEC 21440 or Compaq-Purchase Remarked Equivalent) based card. Yes, they're inexpensive, but Beowulf code was originally developed on Tulip equipped clusters of machines. As such, Don Becker has optimized their drivers to an absolutely ridiculous degree, and there are several kernel networking settings that are just not easily available for any other architecture. (I believe the Intel cards have some of the fast routing code ported to them.)
In general, Tulips are pretty much the network cards to standardize on, no matter what your operating system.
Multimedia:
Diamond Viper V770 Ultra 32 (AGP 2X/4X)
SoundBlaster PCI128 (PCI)
Powered speakers with wall adapter
Video's OK, I'd suggest something by Diamond based on nVidia's new GeForce256 processor with reservations that I haven't looked into their Linux 2D/3D performance yet. The GeForce256 is a specific model that's likely to end up very well supported, due to its extensive Christmas sales and ostensible inclusion in MS's coming X-Box. (3D Visualization hardware is now completely driven by gamers. Remember when gamers used to get the sims from the Army?
Sound: Go SB-Live. The Linux drivers for it are excellently stable, the card has digital I/O, and the chipset is likely to become an immensely powerful programmable DSP in the near future. The card also has an excellent noise floor--a striking improvement over the rest of the historically noisy Sound Blaster line.
Specify the four point cambridge soundworks speakers, if you can. One thing you forgot is a microphone! You need one short range, noise/echo cancelling, unidirectional mic that gets mounted on the monitor. You need one long range "speakerphone" omnidirectional mic for conference-over-IP sessions. Both mikes(and probably all sound in general) need to be hooked through an A/V box that defaults to physically separating the microphones from the mic port on the sound card. It's great to be able to use data links as emergency/impromptu voice channels, but you don't want an adversary to use your computer as a listening post!
300W or greater power supply
Ah, power. Hot-swappable power? Not inconceivable, though we're starting to really push the separation between Workstationa and Server with one of those
Specify a UPS for this machine, preferably one of those "Brick Walls" that can survive direct lightning strikes without sacrificial elements.
Portable Storage:
LS-120 internal superfloppy (IDE)
5X (or faster) DVD drive (internal - IDE or SCSI)
The LS-120's are nice if your organization has standardized on them, but that's about it.
Specify a SCSI DVD drive, simply because you'll weed out the "consumers won't need this more the six months" fly by night hardware makers that only work in IDE. Plus, the CPU load of doing anything in IDE is ridiculous--I did a move from one large IDE drive to another...2.5MB/s, 75% CPU on Celeron 450. Ouch.
Another main advantage of a SCSI drive is that it lends itself well to integration with a SCSI CD-Burner. Don't discount these--there's just literally nothing at all better for moving 2 to 650 megs of data from one machine to another, particularly for emergency drop ships. (I built our groupware CD burning page at work for precisely this reason.) I highly suggest the Yamaha 8x SCSI-3 burner--I just bought one, and much like the Asus, it Just Worked.
Even if your system is prebuilt for you, parts that "Just Work" contribute significantly to the long term life of the system as a whole.
Keyboard:
Soft-touch keyboard (no keyclick)
Specify the Microsoft Intellikey Pro, *NON ELITE*(with the god awful diamond star arrows). Technically, the thing is actually pretty nice, particularly with its feel, but RSI injuries are real and 2000 is pretty much going to be the year of Lawyers vs. Engineers. This is one less thing for you to worry about.
Warranty: 3 year parts and labor
No long term support contract on the operating system? (RH6.x? You might want to replace this with 'Red Hat Linux, Present Revision') I understand why you'd want this--either your in house talent is that good, or you don't want to be stuck with the random low bid being your support provider too. I'd personally vouch for VA Linux as a provider of enterprise level support--stock price aside, these guys know their stuff. IBM and Linuxcare(who doesn't sell machines, but provides top notch 24x7 support) are also good companies.
Other stuff you didn't mention
Modem: Don't try to depend on everything always being up. In a pinch, you need to be able to interact with analog(radio?) communication lines. Definitely v.90, and if it's internal, it must be a full com port implementation. Internal is preferable(nothing to lose), but it'll be harder to find one that isn't a Winmodem. Do not trust the Winmodem drivers for Linux--see the SB Live driver, before they opened it.
TV Adapter--you may need to output to video for presentations or whatnot. This is entirely dependant on your needs.
Temperature--heat sensors are a very, very good thing.
I hope this content was useful. All I ask in return is that if you end up reading this, you notify me so I know I didn't waste my time picking through your acquisition request(which was overall quite good!).
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
GPL0 Virii?
Care to email me some info about these? Never heard of 'em, sound interesting.
(Yes, I've heard of the GNU Public License being referred to as a virus, but I don't think that's what you're referring to.)
--Dan
L0pht Crew--
Combine extreme paranoia about web site security, a money stream coming straight out of PR Maintenance, and a "get-rich-quick" mentality that infuses Internet businesses, and you get an environment rife for the creation of snake oil cures and security systems that work by seeing to the financial security of the software authors.
Of course, the natural defense to such hucksterism is the presence of groups such as yours. What are some of the products and techniques that you've seen, debunked, and felt you intelligence insulted by?
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Not when they exist. I think the word Don was reaching for in his quest for verbosity was arbitrariness.
;-)
Well, speaking of snobbery, sniffing loudly that I used "arbitrarity" instead of "arbitrariness" is pretty f*cking high up there
Anyway, as long as we're having a rousing semantic discussion, check this out:
Security Through...
Obscurity, not Obscureness
Impossibility, not Impossibleness
Predictability, not Predictableness
That being said, I'd rather not my writing be interpreted as "dry". I'll work on that--last thing I want to do is bore or annoy people with something as relatively small as simple style.
Keep me posted, preferably through email.
--Dan
*Hobbit* wrote netcat, Weld Pond ported it to NT.
Yeah, I noticed. Feel pretty stupid about the whole thing. Duh.
--Dan
netcat did not come from loft. it was made by hobbit.
Well, don't I feel foolish. Always assumed by the URL(http://www.l0pht.com/~weld/netcat/) that nc was their doing. I'd heard of hobbit, but for some reason assumed he was part of the l0pht.
*Feeling very, very, sheepish right now.*
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
"Unix? Linux? Nyet, vee heard never of those...want see 2000-(19)95 year plan, yes?"
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
L0pht Guys:
One of the most interesting applications to come out of the L0pht has been nothing but the immensely useful Netcat. Built to transfer arbitrary data at all costs, it's been used countless times when one needs your data to get from point A to B without interference by the various vagaries of the underlying content.
What's interesting about this, in my mind, is that instead of whipping up a new protocol to transport the independent units of whatever types of data one needs to send, netcat allows simple, unimpeded transport of whatever happens to go over the pipe--syslogs, files, shells, video.
Yet, while each of these custom protocols will toss over the data they were built to, the quality of the protocol design is often eroded by the content normally transfered over it such that only that content can effectively be transported using that protocol.
And thus lies the problem--whereas netcat is built to transfer anything, and is thus very unlikely to fail no matter what traffic enters the datastream, it's enough trouble to write custom protocol handlers that manage to read the data as intended, let alone possess the hands-off arbitrarity that you've designed into netcat.
Thus, my question: Should there be a libnc equivalent, one that security-conscious software coders could use to avoid the vagaries of raw socket code(and the obvious insecurity of shell pipes)? Or would this inspire a false sense of security and in fact make things worse?
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
L0pht Crew:
;-)
Would you agree that security and stability are but different sides of the same coin? In other words, a security exploit is truly nothing more than a expertly controlled failure?
If so, how much stock can we put into the "metadesign" of limiting the damage an exploit can create by attacking the ability of a failure to be controlled? Should operating systems incorporate such "unpredictability engines" when being run in a production, non-debugging manner? Or is such a design not worth pursing, for various reasons?
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
P.S. First poster to make a crack about modulating the shield harmonics is gonna get a pie in the face
No, no, no.
;-)
Most, *not all*, but most client side hacks work because the server is trusting the client to provide data that provides state data regarding a separate client not under the same security/permissions context.
For example--I shoot a rocket launcher at you, and the server lets me decide whether or not the rocket hits. It doesn't matter whether the system is open or closed source--this is a flaw. Give a dedicated opponent a day with TCPDump and rockets will be teleporting all over the place.
Any server, whether it is a game server, an IP Telephony Gateway, or a simple web proxy, must be designed to exclude all contexts but those that originate from the client from what content will be accepted from that client.
This is not an impossible endeavor. Starcraft, for instance, has binary modification software that changes unit commands. Even in a peer to peer two player game, the modifications work perfectly until they ask a unit to execute a command that unit cannot do. Then, the other client detects the cheat and the game is immediately cancelled.
The immediate response, of course, is that this peer to peer arrangement prevents information hiding. If your client is always verifying that other clients aren't cheating, then you can always watch the incoming datastream to know what's going on. Therein lies the reason why peer to peer isn't a particularly good topology for competitive gaming--there's no server to restrict the visible dataflow to that which the given client should see.
Interestingly enough, the most inevitable (and least fixable) hack involves changing not the game but the video card drivers. Metabyte, the dementedly gifted hackers that gave gamers the first multi-API stereovision solution(and the single-pixel-resolution-adjustment power for Voodoo 2's), had a single revision of their drivers out for one day that artificially forced transparency on all surfaces. They called it X-Ray--needless to say, it made shooting around corners quite a bit easier. It also got shouted of existence rather quickly
Reminiscent of Crypto, ain't it? Where's your trustable end point?
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
The Hubble Repair mission should remind us of what, sadly, has been somewhat forgotten as of late:
These guys know their stuff.
When I sysadmin a machine I'm standing next to...I'm standing on something. I'm not floating in nothingness, hoping my toolkits don't float away into the emptiness of space, trying not to bend a couple hundred gold pins while wearing massive mittens and a spacesuit that I have to continually check for tears.
I also don't generally do it for eight hours straight without so much as a water break.
Similarly, when I'm admining a system remotely, I'm not piggybacking on top of a defense network that I can lose access to at any moment, nor am I trying to fit modern computational systems into a space-hardened antiquated piece of hardware. These are some crazy skilled coders, and they deserve much more respect than the budget-forced unit conversion fiasco implied. (We should be ashamed for the reaction! These )
I'm proud of NASA, and I'm proud of the engineer-athlete-scientists who made the Hubble space telescope possible. Thank you. Your work is appreciated.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Failures occur, or more bluntly, sh*t happens.
There are two ways to deal with failures: Work to prevent them, or accomodate(and recognize) their presence.
NASA generally chooses to use failure prevention(via "hardening" engeering that adds voting circuits, for example) until it can get a high enough success rate such that the rare failed computations are an acceptable cost in the face of a vast majority of successful operations.
One thing to think about is that, in general, the Hubble itself is not the device that requires ridiculous amounts of computational power. It's far cheaper to have your supercomputers terrestrially based than to launch them twenty thousand miles in the sky! The Hubble is rather like the equivalent of a wireless VVVWAN passive sniffer / protocol converter, exchanging photons sent from distant lands into data which is then sent to the ground based equipment for rendering.
Do you demand that your network card have a Sixth Generation x86 chip? Same difference.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Go with the flow, Mr. Lucas. You're just one director, one movie studio in all of Hollywood (and in all of the world!).
Beyond that, he's one director who should know better, in the one movie studio that brags about it's ability to make its own choices. You can't on one hand have so much responsibility for the entire home theatre industry and in the other ignore the desires of that same industry!
I suppose Lucas could choose to release a copy of TPM spoken in Navajo Crypto Slang. That doesn't mean it wouldn't piss everyone off.
I mean, he's acting like TPM was a much better movie than it honestly really was. The flick excelled in pretty much the one department(graphics and sound) that he's choosing to ignore in his home release. It boggles the mind.
--Dan
The way I see it, Lucas is saving me money. If he releases TPM on DVD next April, I will buy it. If he releases the next two separately, I will buy those as well. Then, when he decides to do a big box set of all 6, I will buy that too (I'm a completist collector, I have both Pan and Scan and Widescreens version of the original trilogy on both VHS and LD). This way, I just buy the one big box set and save myself some dough.
Look, I don't want to wait. I'm exercising my right to complain that George Lucas is not heeding the wishes of his customers, and I'm praising the Wachowski brothers for exceeding my expectations with their continual support of their film.
Lucas isn't saving you anything. You're losing time. It is a reasonable expectation of the movie industry to release their films for home consumption within a reasonably close timeframe--around three to six months. Lucas has violated this standard consumer expectation. Furthermore, it's unheard of for product to have no announced release date at this point of the movie's life--Lucas is violating this too.
I'm not asking or looking for a top-down boycott/lawsuit/whatever BS is out there. It's pretty simple economics--this provider is not meeting the needs of its customers. While there is an existing penalty to "switching interests"(Star Wars as Vendor Lock-In! Whoa!), I think the presence of far more consumer friendly media players will have its effect on Star Wars.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Your bank analogy is poor.
;-)
I prefer "my balance is neglible"...
You have no tangible relationship with Lucas.
Ah, but this is not entirely correct. Average it out--an individual of a given interest level can be presumed to purchase x dollars of Star Wars goods over a period of y weeks, thus generating z revenue for George Lucas.
There is no contractual obligation for this consistent flow of dollars, but there's a relationship there. That I have a temporary contract with my bank is meaningless--I can close my account at any time, just like I can choose to lower my interest level in All Goods Star Wars.
Just because you want a TPM DVD for Christmas does not mean that he needs to accomodate you.
Nope. He doesn't. But I don't need to go buy the VHS version, or for that matter be all too happy with the enterprise as a whole. Remember--my bank had every right to reject my request, just like I had every right to close my account, or fail to recommend them to my friends, or whatnot.
Perhaps a better analogy is a supermarket--fail to stock the Mountain Dew that I crave, and not only will I go elsewhere to find Mountain Dew, but I'm going to think less of that supermarket and will be much less likely to return there in the future.
The man probably has many reasons for not releasing a DVD:
1) Plans to rerelease in the theatre
He plans to release in VHS, therefore irrelevant.
2) Doesn't want to put out a DVD months after being released in theatre
Too bad. Consumers don't expect having to wait nine months to buy a movie. The industry standard is, what, four to five months, with the release date announced long in advance?
Lucas refuses to follow the industry lead? Fine. I refuse to look forward to the video release of the movie. I did, however, look quite a bit forward to buying the Matrix DVD, and I wasn't alone.
3) Wants to put out a quality DVD without being rushed
What's he doing, hand-encoding the frames?
4) Has concerns about DVD's ability to protect his IP
Compared to what, VHS?
I just don't understand where you sense of entitelment is coming from.
Consumer Entitlement is the basis of the entire capitalist economy. Customers feel they deserve X. If they're not getting X, they go to another provider who actually does provide X. The original provider thus loses money/influence/power/whatnot, and either goes out of business or fulfills the consumer entitlement.
It's that simple.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
I don't see what any of the above has to do with the DVD release of TPM. Lucas didn't start the rumor. Don't blame him if some people will believe/repeat anything they hear.
Quick clarification(it's an important one):
I'm not disappointed in Lucas denying the rumors--nothing wrong with eliminating falsehood. I'm disappointed that I'm sitting here, half a year after Phantom Menace was released, and the originator of the most stringent audiophile standard(THX) won't even correct the rumor with an official release date.
Hell, he won't even confirm that there will ever be a release date, except for maybe, some time in the future, when all three movies in the trilogy are released.
I'm not pissed at the rumor. I'm pissed that the situation existed for such a basic rumor to even spawn. And, yes, he has every right to release TPM on any media he damn well pleases. However, I'd rather patronize a vendor who meets my needs. The man who spread THX can surely understand why I'd rather watch the Matrix DVD than TPM VHS.
Bad service is bad service. Just because it comes from George Lucas doesn't make it any more forgivable. In fact, it probably makes it even less--The Buck Stops With Him.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
If he chooses not to release on DVD, that is his perrogative. I don't care what his reasoning is. If he doesn't want to release on DVD because he thinks Satan wrote the DVD standards, then so be it.
Allow me to provide an analogy.
I went to my bank today with my paycheck(it finally arrived; just in time for Christmas!). I told 'em I needed the funds from the checks available immediately--I couldn't wait two days, because then I'd be shopping on Christmas.
"Do you have an account with us?"
"Of course."
"Would you like your money in large bills or
small?"
I actually just wanted to have the money available on my check card, so I could run to Fry's and imbibe some obscene amount of raw tech. No problem--the teller told me she'd talk to the manager, and make sure the funds went through.
Now, you know? My bank really had no obligation to do anything beyond cash my checks according to the policies I agreed to when I opened my account. That's their job--to hold my money, and give me electronically mediated access to it when I need to withdraw some amount to pay for something.
But, you know what? They did more. They've actually given me surprisingly good service every time I've called upon them. They've gone above and beyond what I'd expect, and I've got myself a 40GB Hard Drive and a 8x Yamaha Burner sitting in my 2.2.14pre16 Linux box(had to upgrade the kernel to support the drive) right now because of their service.
I don't have to do business with Bank of America. I've even heard of other people having far less positive experiences than I. But they've been good to me, so I'll stick with them.
George Lucas, on the other hand, appears to have an autocratic and idiosyncratic grip on what he will and will not provide for the consumer. And that's fine. That's his right. But I'm going to enjoy his movies less, enjoy the universe and all the synergy he can shove down my throat less, because he doesn't see fit to meet the needs of his customers.
This isn't like Open Source. We're paying Lucas quite handsomely for the services he provides. BofA could have left me hanging until tommorow, or even till Christmas Eve, before they would have given me access to my funds. Lucas has chosen to leave his fans hanging until at least some time well after Christmas before he'll fulfill their request for a DVD version of TPM, very literally not in the same century or even millenium that the movie was released in theatres. BofA impressed me. Lucas, I am sad to report, failed to even surprise me.
But that's fine. That's his right. It's also my right to become progressively less and less interested in the increasingly contrived Star Wars universe, and more and more intrigued by the world the Wachowski brothers have created.
That's how it works. As a consumer, I vote with my dollars. And my dollars are going elsewhere.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
I defended The Matrix in another post, but the bottom line is that The Matrix could dwell in the ranks of Ishtar and Planb 9, and I'd still take note of the fact that while Lucas seems to be going out of his way to bleed the Star Wars license out of every red cent, the folks behind the Matrix have seen fit not only to *gasp* actually release what consumers want in time for Christmas, but *also* commission a wide range of stories and comics taking place in the Matrix universe and place them online, free for anyone to read.
I see nothing much left in the Star Wars universe but pretty graphics and dollar signs. There's much more potential to be found with The Matrix.
Our opinions differ. I'll survive.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
hahahaha. You got all hoity toity and then you admitted liking The Matrix. You sir, have no credibility.
Damn straight I liked the Matrix. Forget the obvious reasons--you've heard them, Descartes, kick ass graphics, whatnot.
It's the little touches--the polish--that made that movie what it was.
Remember the scene with the women in the red dress? Betcha didn't notice that the entire crowd was composed of identical twins and triplets--the concept being, Mouse needed to duplicate people in order to create a crowd. Gee, nobody notices, but it's there, and it gives another edge of loneliness once you realize just what that means.
What about the reuse of numbers throughout the movie? Or the fact that the movie has a surprising amount of symmetry, more than you'd expect(sometimes obvious, like the movie beginning/ending in an apartment with a specific number, sometimes less so).
The point is, Matrix was probably one of the more memorable movies in some time, and even if it wasn't, the creators of the movie have shown their fans far more respect than "Independant Filmmaker" Lucas has.
If I lose credibility in your eyes for being of this opinion, oh well.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
OK, this is getting ridiculous.
Aspects of the tragic human tendancy to continually return to an abusive mate are beginning to show up here--a (now retracted) headline story about how maybe, possibly, somehow George Lucas's Audience might actually be granted an ever-so-precious DVD home release of Star Wars, The Phantom Menace, within a year of the original theatrical debut(ooh!).
Oh! My word! He's so great! What a wonderful, selfless, giving man, always willing to take that extra step*BZZZZ* Youch! Damn Pizza Hut chick with a blaster...
C'mon, people. Being jerked around is being jerked around. Lucas is more of an audiophile than most of us combined--for crying out loud, THX. He knows who his fans are. He knows why he's able to fund the entire production of his movies(flicks?) based on the licensing of toy rights alone.
If any film studio was treating its customer base the way Lucas was, the Slashdot community would be up in arms. As is, we truly cannot comprehend how the film industry's ultimate indepedent, a shining symbol of individuality in a land of second guesses and conditional green lighting, could behave in ways more exactingly greedy than the biggest, most cynical corporate mogul could ever imagine. Consumers have purchased--often redundantly--millions of Episodes, Trilogies, and Special Editions, yet we're left in such baited breath that Slashdot posts two stories in three days about how "Oh, we might get DVD...oh wait, who knows if we'll ever get it. Oh fooey!"
Mr. Lucas, this is not the way you respect your customers. This is the way you alienate them. But that's fine, because you know what? This summer, I watched a movie that engaged me technically, that appealed to my philisophical intelligence, that asked questions that were left unanswered. At the end of the movie, not only did I remember each of the character's names but I cared about who they were and why they were. The effects blew me away, both in their originality and in their execution. And you know what the best part was?
No bullshit. No games. Just the top selling DVD thus far. The Matrix has all the magic that George Lucas once tried to honestly sell. Maybe he can do a turnaround--I've made mistakes in my life, publically admitting here the tragedy I see in the fall of Lucas may end up being one of them. Redemption's a good thing. But it's not the end of the world if he doesn't find it. While Lucas was out complaining about all the fans, the Wachowski brothers were hard at work updating www.whatisthematrix.com.
You want to know what the future of engaging your audience looks like? Ask the Wachowski Brothers. They understand.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com