I think I see where this is going. You are tring to get us coming and going. The differenct here that that Gates was trying to INFLUENCE the curriculm/research, not AUGMENT it. At my school, we literally had a company build us a new engineering building all on it's own. It's a nice building, but we do what we want in it. Research like TB is always going to go on because it's important - It's just easier to do when there is a roof over your head.
That deal that was going to happen betweeen the California schools and Microsoft was something along the lines of standardizing/mandating MS at every college site, or so I was told.
The deal got trashed, of course.
My main point is that things don't always fall nicely into easy to discern categories--I'm sure not too many people came into the discussion thinking that Clark shouldn't have had any right to influence where his money went. I mentioned what MS both could and, in ways we'll never fully know, has coerced its way into certain markets via methods similar to what Clark did.
I'm trying to spawn discussion, since honestly I'm not all too sure about this myself.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
1) PacketBioStorm. Every time I see an announcement about Biotech, I feel like I'm seeing a convergence between the both utterly dissimilar and disturbingly reminiscent fields of Network Security and Human Biology. Beyond the obvious "virus" appelation, much of the technology being applied to deal with both script kiddies and randomly evolved pathogens (you decide who you'll respect more) has to do with quick identification of massive streams of information through ingeneous code. Biotech adds another layer, since organic materials must be parsed, but it's still the same old schtick.
Sorry to the speakers at Linuxworld, incidentally, but the Human Genome Project is easily the world's largest reverse engineering effort. And will you take a look...a battle between open and closed source. Who's surprised?
2) So Jim Clark has specified the task his money is to be used for. There's actually alot of controversy about that--should donors be able to demand budget parameters? To what degree? Should donations be revokable if, say, a professor at the university violates some specific usage clause? Keeping in mind that most of our college educations either are, were, or will be endowed quite heavily by Alumni and Corporate Sponsorship.
Also remember that Gates intends to donate his fortune in entirety, and that Microsoft is a tremendous benefactor of educational institutions across the country. Think about what Clark's specification means in that context.
There are no easy answers, are there?
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
If this continues, there aren't going to be many executives left in the music industry...they're all going to be in church, having seen the signs of the end of the world.
OK, a bit apocalpytic, but no more than some of the wild eyed predictions we hear about all the time. Everyone else is allowed to make insane and unrealistic proclamations. Why not one more.
In all seriousness, a 4.6GB MP3 player is a significant technological advance. Consider that, at those sizes, the device literally needs to be able to allow file upload/download--the fact that people can and will use this as their primary storage not only for their music data but all of their portable content is beyond likely--it's probable.
Issues such as resilience to shock are worrisome, but should this product function as advertised it will cause shockwaves throughout the industry, if for no other reason that it will utterly eliminate the coming marketing flood backing WMA(forget security, it's twice the music on the same player, they'll say.)
The Compaq involvement is critical--there are serious fortunes to be made, even in the short term. They plan to sell 10,000 of them(their stock for the year) at $810 apiece($10 an hour * 81 hours). That's $8,100,000 revenue in three months--combine that with the amount of venture capital(and outright purchase offers from media corporations looking to suppress the technology, thus increasing the value of the company) that these guys could get their hands on and you have some serious money involved.
To say this should be interesting is an understatement. Now, all I need is to convince the company I'm worthy of a pre-release version to play with. You know, because I just don't listen to enough music as is or am in front of a computer enough as it stands...
I'm not surprised VB is so popular. Look how many Windows desktops there are out there, and look at how god-awful Visual C++ code is. VB has a pretty nice development environment, and is (apparently--I'm not a VB guy) great for quick and dirty Windows GUI apps.
The fact that the entire language seems to me like a gigantic glueball(in the sense of it binds everything together, it picks up some rather shocking cruft, and you'll sometimes get stabbed by something locked inside) doesn't take away from the fact that glue can be great for whipping things together--just ask TCL developers.
Past that, I'm not surprised Java hasn't overtaken C. Beyond the whole speed factor, C is just alot cleaner for the non-expert programmer to mess around in. Particularly when it comes to making patches to existing codebases, there's just so much less to need to figure out in C than in a fully object oriented language such as Java. Granted, when C is forced to do things C does not like to do, C gets very crufty(thus the recent complaining I've been hearing about lsh's pseudo-object system), but a) There's a massive codebase out there written in C, b) There's a massive amount of deployed C code(this isn't the same as a), and c) C is less daunting for a moderately skilled programmer to mess with.
However, I must say that the reason Java hasn't displaced VB down to third(VB/Java address a different market than C, if you think about it) is that Sun royally and utterly bungled its deployment. VB projects "compile" down to an.EXE and a few random.DLL's that might have to be installed. C code compiles to executable files and some libraries that you probably already had anyway.
Java development with the JDK is laughably awful, and will someday be a textbook example of how not to burden your coders and your users.
From what I've seen--and I'm sure the experts can enlighten all of us further--merely getting javac to function(got everything in the right folder? Got your path environment set right? Sacrifice the correct barnyard animal?), then executing that Java app(better nuke the henhouse just to be sure) is far beyond the difficulty in even writing a simple Hello World!
The fact that code never compiled into a single file didn't help either--web deployment was a mess, with forty web server connections for a single semi-useful app. JAR finally fixed this, but THAT standard got mangled by CABs.
Don't even get me started on Code Signing--there are three, three, three ways to go for this little project.
Alot of the problems wouldn't have been as significant if javac was as straightforward to play with on your average Linux distribution as, say, gcc. The non-free aspect of Java destroyed this possibility--and Sun's new "Gotcha Source" License isn't helping.
Java came out of the gate hard to install, harder to deploy, slow to load, and slower to run.
Things have gotten better--J++ and the MS VM have been instrumental in this regard--but the core usability of Java is farrrrr less than VB, and even less than C.
Actually, I had just about given up on Java until I found the one company that has truly understood the promise of Java. Mindbright. I've already written about these geniuses here, but suffice it to say, the fact that there's now a extremely high quality Java deployed SSH and SSH-VNC(VNC into those hosts behind the IP Masq, all via SSH) solution is amazing, and caused a complete reversal as to my opinion of the viability of Java as a useful platform.
Using something written in a language on a daily basis will do that.;-) So, yes, overall I'm still quite hopeful.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Someone might also want to inform our good friends over at Google about this.
It is hard to justify "worst operating system" coming up with www.microsoft.com. Especially when I think only the word operating is on the page.
The same is also with "best operating system" coming up with linux.com
Also "more evil than satan" also takes you through to microsoft.com.
Sure this is funny and all but why is this any different to the Lycos case.
Your post is more unintentionally relevant than you might think.
According to Google's scans, Microsoft is more closely associated with people writing on their web pages "worst operating system" than anyone else. Similarly, Linux gets the best operating system treatment.
Google is not a dumb engine--instead of merely rating by what's on the page, it rates by how people refer to the contents *of* the page. This is an incredibly cheap way to "borrow" intelligence from systems that can process complex information neurologically(human brains) and insert it into systems that can only marginally approximate that kind of intelligence.
Google executes its intelligence gathering in a Content Neutral manner, thus insulating it from any libel/slander that might result from returning certain values. Because Google didn't rig the system to have it return Microsoft as More Evil Than Satan, it's not their fault that that was the top hit.
If, however, Google removed that response, they'd be responsible for removing every response that could possibly be interpreted as slanderous. Note, this isn't the same as changing the algorithm to be more accurate--this is programming a specific "don't return this".
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Mindbright, for those who don't know, makes the GPL'd Mindterm java applet. It's an incredible SSH client written in 100% Portable Java and has completely changed my perceptions of what a quality Java applet can do.
Suddenly, I have a SSH client at any web browser I sit at. And it's fast, to boot.
If that wasn't enough to impress me, MindVNC is a merge of their SSH classes and the GPL VNC Java client. (VNC is essentially a remote frame buffer--the display is rendered or copied into a virtual screen then sent over the network.) You authenticate against the ssh server that hosts the Java app, and you can VNC to any terminal the remote sshd can access--yes, this means you can connect to your bastion IP Masqing host, then VNC to some 10.* machine behind the firewall, all through a secure link.
The relevance to the story is in simple and speedy deployment of tools--any and every machine with a Java VM can immediately and securely access both text and X based applications with minimal deployment pain. This exceedingly low pain for large scale client deployment via Java may actually benefit VNC in surprisingly powerful ways. Since the VNC system has been ported all over the place, from svgalib linux to windows, and as it poses an open source, well tested, very portable, and highly functional remote access platform, it may just end up becoming a formidable force as the years go on.
Those who don't think projects should be allowed to fork--at all--need to see the amazing work that Mindbright's been allowed to do on the shoulders of the GPL. (The analogue to scientific development wasn't accidental.) More work is left to be done--the Mindterm client could use telnet support, and VNC could seriously use a "single app" mode that sizes the desktop to that exact size of the remote application, translating resizings on the client to resize attempts on the remote app.
The seed of possibility is definitely there, though.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
That's why they seem to have an "infinite supply" of potatoes at New College... mmm... potatoes every day... int a=10000,b,c=2800,d,e,f[2801],g;main(){for(;b-c;)f[ b++]=a/5;for(;d=0,g=c*2;c-=14,printf("%. 4d",e+d/a),e=d%a)for(b=c;d+=f[b]*a,f[b]=d%--g,d/=g --,--b;d*=b);}
In philosophy and law, there's the concept of "content neutrality". To condense it down to its core, it basically means that busineses and structures don't care *what* they're working with; they merely work with whatever the customer provides.
In computing terms, most processes that take data in from a pipe are content neutral--it doesn't matter what you toss into mmencode, or tr, or mail. The apps perform a function on content--whatever that content happens to be is irrelevant.
The key to Content Neutrality is consistency. It's not enough to merely be "sometimes" or "usually" neutral.
Content Neutrality forms the protective construct in law that insulates from liability, for example, web site providers for the contents of their customer's web pages, email providers for the words and possible contraband relayed blindly over their networks, and telephone companies from being liable for bomb threats made over their lines.
If web site providers constantly monitor any of their sites, they're liable to constantly monitor all of them. The same goes for voice and email providers, who would quickly go out of business if they had to make sure no contraband speech passed over their lines. Telephone providers do not monitor any lines for contraband--that's not their job. Making sure a line exists is.
Content Neutrality gives the information industry it's primary shield against those who would exploit their infrastructure to blindly suppress both the criminal and the innocent.
Content Neutrality is also the only thing protecting the entire search engine industry from instant extinction.
What happens if I find a kiddie porn site through Google(as far as I can tell, it can find anything)?) What happens when some 12 year old kid at the local library finds www.whitehouseinterns.com off Yahoo? Or when anyone picks a song off of mp3.lycos.com? (Half of the Lycos employees who are reading this just went ghost pale.)
By preventing searches for site competitors from bringing up standard spider results, Lycos is accepting the role of gatekeeper, verifying that users aren't going to be led anywhere they shouldn't be led.
This Is Not A Position Lycos Wants To Be In!!!
Such a precedent means that Lycos would have to proactively verify the age of those who find sex sites through their search engine--after all, young children shouldn't be led to X rated sites. It means that Lycos could be held responsible for guiding people to fan sites--after all, illicit photography scanned from magazines should not be republished. Anything and everything Lycos does would have to go through an insurmountable gauntlet of legal checks before a return could be allowed, all because Lycos chose to sacrifice their content neutrality for the sirens of market share and myopia.
This is no joke. Content Neutrality is the reason why you can call MCI via AT&T Long Distance and ask them to change your service, rather then having your call redirected to a Ma Bell hard sell sales associate.
Somebody needs to slap Lycos's lawyers around a bit--someone fell asleep at the wheel.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Re:Consistency: Where's The Specs?
on
iBook boots Linux
·
· Score: 2
Trust is nice but I think many more people are going to like versions of Microsoft Office and Photoshop that run on top of a BSD based OS.
Which, I'm sure, are guaranteed to ported perfectly...
Of course, I'm extremely interested in seeing Office/Photoshop on a BSD based machine. It could completely rule. It might not. It's all vapor right now.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
I go to Santa Clara University. From our tech guides-- "If you have a Mac, do X. If you have a PC, do Y. If you have a Compaq, go get this alternative guide." I'm not joking. While Dell doesn't make purely standard "clone boxen" with a name and a hell of a support infrastructure, they're far less willing to play games with their motherboards such that they manage to create more instabilities than they're designed to ostensibily eliminate. HP Kayak's? Sorry, no NCR-810 support in the BIOS. Packard Bell? I'll just say nothing. Compaq's the world leader in creating motherboards with spiffy but grossly untested and non-standard features. Dell makes boxes that work. That's been my experience, doing tech support for a couple hundred machines on campus. You'll never see a Dell box with an arbitrary 32MB RAM limit(must have saved a few pennies per motherboard), for instance. That being said, if I remember right, Compaq did the initial reverse engineering of the IBM BIOS. If it wasn't for them, we wouldn't have PC clones. I just wish they'd(or anyone, really) would start advertising that they use Asus or Abit mobo's. Yours Truly, Dan Kaminsky DoxPara Research http://www.doxpara.com
Re:Consistency: Where's The Specs?
on
iBook boots Linux
·
· Score: 3
What I am interested in knowing is why anyone who had Mac OS X would have any interest in running Linux anyway. Soon after release people will start porting the open source stuff to Mac OS X, plus they will have Carbon plus all the legacy Mac apps. What does Linux offer? Just the open source stuff. The cost of OS X will be irrelevent because of the bundling that will go on.
So just what is the benefit of running Linux on a Mac after Mac OS X is out, anyway???
Trust.
I'll be blunt, I don't know how much I trust OSX to be a mature and fully functional Unix. It might rule. It might not. For the same reason I've become fascinated with *BSD, I've got alot of respect for Linux on the Mac platform.
Having recently taken SparcLinux off of a bunch of cheap IPC's and put on Solaris 2.7, I can tell you that while it's impressive that Sun's latest OS works on ANCIENT hardware, it doesn't work all that fast. Linux did.
Anyway, I look forward to Beowulf clusters w/ G4's, and I don't think Beowulf works cross-platform.
What a load of crap. Just because Apple hasn't released the Technotes on the G4 hardware yet doesn't mean they won't. Nor does it have anything to do with OS X - all the G3s, iMac and iBook tech notes are out - these machines are just as likely to run OS X as the G4s.
I stand corrected, then. I based my assumption on the fact that the iBook coder talked heavily of having to reverse engineer entire chunks of the iBook architecture.
(Yup, every once in a while some guy on Slashdot actually admits he fucked up. It happens.)
Complaining about Microsoft becomes much more disturbing when you realize what any number of other software companies would do in their place...
What pipe were you smoking when you came up with that one? Apple is not a software company. Apple is in fact, a hardware company. If they were a software company they wouldn't care about clones and in fact would encourage them. But they can't because almost all their revenues and profits come from selling - hardware.
That doesn't change the fact that if information is withheld from Linux developers but delivered to OSX people, Apple is ignoring the needs and desires of customers. I was unaware about the tech spec releases for the older macs--therefore, yup, I was wrong when I implied that Apple did alot of this.
Of course, when Apple banned MpegTV from supporting the codec that the Star Wars.MOV was encoded in, they weren't exactly being too friendly. Or do you disagree?
Those who complain about Microsoft keeping their OS specifications close to their chest, thus making their partners commit all sorts of beautiful First Wave anti-trust-be-damned actions:
MS ties their OS and their Applications together. Apple ties the OS and the Hardware together, which if you really think about it is really quite a bit more exclusionary than MS could even dream about. Linux has long since become enough of a force that companies that choose not to open their specifications to it have long since implicitly ignored the needs of their customers.
I'm a former Apple IIgs user, so the concept of me wanting a Mac is...a foreign concept. LinuxPPC is the first thing that's ever made me interested in owning a Mac again. The thought that Apple's software interests(OSX) are causing specifications to be hidden about their hardware products(mmm...G4...) is mildly disturbing, to say the least.
Of course, the whole CHRP(Common Hardware Reference Platform) fiasco does make all of this at least mildly expected. Complaining about Microsoft becomes much more disturbing when you realize what any number of other software companies would do in their place...
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
It's always strange for me to hear about Kryotech, ever since I found out what happened to one of the cofounders. Apparently, he partied a bit too hard at some company function, had some form of heart attack, and died.
He was 33.
Actually, if I remember right, they were celebrating cooling an Athlon(then K7) up to a Gigahertz...
For some reason, this has always stuck in my mind as a weird reminder that even us crazy young techs are all sooner or later going to have no more toys to play with...
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
(Warning. Take this post in jest. No offense is intended to all of those I'd otherwise offend. We now return you to your regularly scheduled post.)
OK.
When the Stick became 3Com(soon to rename itself 3.Com, I'm sure;-), I didn't care too much.
When the Oakland Colliseum was rechristened Network Associations Station, thus making all games there played "At The Net", I shrugged a bit.
I mean heh, corporations do these kind of things--it's just the 90's version of the Commercial Jingle. Who are we to complain.
I really feel for Massachusetts taxpayers, who are funding this...ummm...experiment in corporate sleazification of the government. I feel so much, that I've got a little list for them. Without further ado...
TOP TEN SIGNS CORPORATE INTERNET MARKETING AND GOVERNMENT POLICY HAS HAS CONVERGED A BIT TOO MUCH. 10. www.speedingticket.com 9. No Property Taxes!* 8. New Position: Justice of the Piece 7. New, easy to fake California Drivers Licenses have "hily sek00r" Autobot/Decepticon Authentication Systems. 6. deltree k:\ansas\biology 5. "Superfund 2, brought to you by your friends at McDonalds. Isn't Ronald's hair a special color?" 4. http://www.whitehouse.gov, now with new and improved autopopup windows to http://www.gore2000.com and http://www.whitehouseinterns.com(gotta recruit some stiffs...)! 3. Watch C-SPAN for 20 hours a month and get a check from http://www.capitoladvantage.com 2. [ ] Nuke [ ] Don't Nuke [SUBMIT] 1. lobby.ebay.com
* With three years of modem rate MSN at a low low low price of $19.95 a month.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Before I say anything, I want to commend Hannibal on an absolutely excellent article that clarified issues I thought I understood and illuminated much of the technological history behind the technology we each use every day.
I am completely impressed.
That being said, I'd like to take a moment and theorize on the direction microprocessor design is likely to go. This is my theory; you're welcome to disagree and in fact eagerly await commentary from those far deeper in the industry than I. Insert Slashdot Self-Correcting Nature here.
Of all the chasms in the computer world, there are few as vast as the speed differential between general purpose processors programmed to execute a given task and hard-coded ASICs(Application Specific Integrated Circuits) designed to meet the functional needs of a given process. (OK, granted, Internet -> Local Network -> Hard Drive -> System Memory -> Processor Cache -> Processor Registers is pretty vast too, but cut me some slack here.)
Telephony is a joke without ASICs--I haven't found a voice over IP solution that operates in software well enough to even be used as a room to room intercom over a 100BaseT Lan--but it's actually reasonably lag-free with hardware encoding.
Similarly, huge banks of boxen rendering frames for movies became significantly less impressive to me when I realized how many banks of Pentium Processors it would take to match, say, a single Voodoo 2. While, in recent times 3D Rendering has gotten shots in the arm on the general purpose x86 architecture via both MMX and KNI, the order of magnitude difference in speed makes CPU rendering of realtime 3D graphics almost useless.
(Then again, Sumea is probably the single coolest thing I've done with Java, short of Mindterm.)
As I observed in the Amiga newsgroup, shove a couple of custom ASICs in a box and you can run a highly competitive multitasking OS in 512K of RAM, with unmatched graphical support to boot.
But ASICs have their limitations--while they're fast at what they do, they're extremely inflexible. You can't merely program in a new transparency algorithm, nor implement Depth of Field in an architecture that totally lacks it. The inflexibility of ASICs dooms their long term viability.
CPU's are flexible but slow, ASICs are inflexible but fast. It's a dichotomy the industry is on the verge of smashing.
I dub the coming processor design specificiation(which, as the article correctly noted, is all RISC/CISC really are) XISC, for eXtensible Instruction Set Computing. XISC essentially specifies that the underlying computational structures--be they microcode or raw gate arrays--ought to be dynamically reconfigurable to meet the needs of the process.
Just as the lack of a quick bilinear filter function(SIMD stuff) on older Intel chips doomed them as far as efficient 3D in relation to customized ASICs, the ability to insert such a command directly into the internal microcode of a processor has a theoretical chance of executing at extremely high speeds for a non-dedicated processor.
Transmeta, also known as the only reason many people willingly acknowledge the US Patent Office, appears to be spearheading the XISC drive. Their patents refer to technologies that automatically cache microcode translations, that provide backwards-flow in case of a broken emulate, and so on. They've often been "accused" of developing a chip that can emulate any chip--in the XISC context, a chip optimized to execute the instruction set most required by any given process.
If you accept that performance drops in the orders of magnitude are suffered when a processor lacks the appropriate design for a given set of requests, it's quite obvious that intelligent designers seeking to execute a quantum leap in system performance would try to allow processors to acquire any necessary designs to achieve much higher speeds.
Of course, most of my chip designer friends would be happy to remind me that much of the speed of ASICs comes from their hard coded nature--the literal gates correspond to whatever output is desired, no translation is necessary.
Of course, here's where FPGA's come in. Field Programmable Gate Arrays are chips whose internal gate structure can be rewritten on command, sometimes many thousands of time per second. They can't be clocked as fast as true ASICs, nor are the yields as high, but one quickly morphing chip can do the job of three or four in a digital camera. With at least one company(someone give me a name!) developing a language for programmatically defining instruction sets for a FPGA processor, the technology for XISC is obviously in development.
Ah, but not all is not fair thee well. In fact, while on the topic of 3D chips, the Rendition Verite chipset had a programmable RISC core, and the chip ended up failing because it could not scale in speed like 3DFX's Voodoo could. Developers could write new 3D instructions, but didn't (in general) because it was just too hard. (Yes, Carmack did.)
That's why there's such a powerful force towards automation in this XISC evo/revolution, such as the FPGA language and Transmeta's automated Microcode translations that stay in memory so as to speed up future similar instruction requests. In an ideal world, a developer merely compiles a chunk of code that profiles as heavy usage directly into CPU microcode, or at least specifies in some way that a given routine ought to be run through the "special ops" part of the system.
Whether the world will become ideal is a point of question. Whether we will have instruction sets that morph is almost obvious, it's just a matter of when will the bridge between ASICs and CPU's finally be resolved.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Watching the development of Samba, I'm struck by the degree to which system stability and system security are related.
If you ever want to find a program that's easy to crash, look for one that's been designed without any security in mind. Similarly, if you wish to locate the most stable, trustable system, look for those where security is a critical specification to which every design pattern must adhere to.
This isn't that hard to understand. Software that's not designed to accept data streams that lack "sanity"(translation: Data formatted according to the protocol specification) from external procedures, processes, or network connections is doomed to, on occasion, accidentally recieve such "contraband" information and crash and burn from the time-bomb buried within.
Often, such missing sanity checks are the result of the following "famous last words" from a software developer: "That'll never happen--the code would never do that."
Not only can it happen, not only will it happen eventually, but because of those who would exploit such weaknesses--be they joyriders, or worse--it will happen to such a degree that customers will be harmed, and code will need to be patched and deployed long after it was written.
The same kind of bean counters that decide it's cheaper to let 100K people die from an exploding gas tank and settle each of those lawsuits than fix a problem that's embedded in a few million vehicles also work at computer companies. If it wasn't for those who would discover and address the flaws in the infrastructure of our increasingly critical(and simultaneously fragile and surprisingly resilient) technological lifestyle, the computer industry's accountants could honestly claim it would be much less expensive for customers to crash(making them more likely to upgrade anyway!) then for the company to build security/stability into their code.
There are some, of course, who criticize the willingness of hackers to release vulnerability information publically, primarily because the information can then be used (and abused) by the cracker set. There are two responses to this:
1) Software companies have a miserable record responding to anything but crisis. If I close my eyes and imagine a half million people like me(only much more experienced in whatever field they're specialized in), I completely understand. Regardless, it bothers me to know that, from what I've seen, security/stability patches are almost never issued unless there is an active exploit being used. It is a common theme for example code to be released with the disclaimer "I sent this to Microsoft a month ago and they never responded." I personally discovered a reasonably troublesome flaw in the Windows 9x TCP/IP stack--the most I've ever gotten back from Microsoft is a third hand message through a PR Flack that--you guessed it--"This is hardly ever a problem." And, of course--no fix.
I'd like to say YMMV(Your Mileage May Vary), but I doubt it. As for my second response...
2) I'll take some kid playing around with his first script long before I want to be attacked by either a competitor or (shudder) a hostile foreign government. Competing corporations(*ahem* I'll avoid getting Gibsonian for this one post) and hostile governments are quite unlikely to divulge their discoveries regarding infrastructural weaknesses, but the Hacker Ethic demands that Hackers do. Furthermore, it assigns significant prestige to those who not only describe flaws but provide effective solutions to them as well. It is these solutions that are the "carrot" delivered to server administrators in an honest attempt to strengthen the stability/security of the overall infrastructure, while the crackers of the world essentially form a constant, low-level "stick" that reminds administrators of the damage a full-scale, corporate or military infrastructure attack can levy.
Mandating security by governmental fiat is essentially ineffective, though there is no small irony as to the inititals of the Internal Security Service such a mandate would create. (For those who don't know, ISS is one of the more respected groups of security professionals.)
The continual, open dialog of hackers, however, is responsible for the fact that we actually do have a pretty extensive Certificate Authority architecture backing online Credit Card Transactions. Without hackers raising the red flag, businesses would have ignored the risk so as to increase online purchasing at lower initial investments, media would have ignored the faults so as to not upset the advertisers, and government would have stayed out of the way so as to not lose any votes from Big Business. (Granted, it's likely the Hackers got so much press in the mid-90's because preventing people from feeling secure inputting CC#'s online benefited certain uberconglomerate interests that weren't ready to go online just yet and had a large stake in people actually *gasp* going to a store/mall. But the same guys who spoke about what you shouldn't do online also emphasized the SSL solution to transactional privacy, thus training millions of people to look for the lock before sending in their card #. That the SSL system is actually reasonably air-tight considering its ambition is genuinely impressive.)
I have, of course, spoken of only one subset of hackers--the network security gurus that I worship and hope to one day be among. Each of the many flavors--and yes, they all blend together in one form or another--of hackers bring something to the table that, yes, is of significant social import.
It'll be interesting when the sociologists turn around and start analyzing the scene in earnest...
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
WARNING: THIS POST CONTAINS BOTH A GEEK WALK THROUGH MEMORY LANE AND ACTUAL TECH ANALYSIS. IT'S MY POST, AND I CAN WRITE WHAT I PLEASE. THANK YOU FOR YOUR CONSIDERATION.;-)
[FAKEHTMLTAG][GEEKCHAT][/FAKEHTMLTAG] I'm as surprised as...well, I guess none of you have any reason to be surprised. But I've never owned an Amiga; hell, I've barely even seen one.
OK, so I grew up drooling over the concept of having a pimped out Amiga system, and can completely identify with the rabidly loyal Amiga community(I had an Apple IIgs and lived in the city Applefest used to be held in. 'Nuff said.)
And, now that I think about it, a very large proportion of the music I grew up listening to was downloaded to my IIgs via a 2400 baud modem, straight from Aminet sites. Ah, yes, the good old days of blasting data through *FSP*(does anyone else remember this beautiful little hack of a UDP protocol?) so I could get around FTP user limits...not to mention, downloading to my system that didn't even possess a hard drive! 800K floppiez, K-RAD 3133+...;-)
No, but I think the real reason I've been loving Amiga's lately is this comic strip I found off of Memepool--it's called Sabrina; the archives are here, and this is undoubtedly one of the most dementedly weird strips I've ever seen.
It's joined User Friendly and After Y2K(mmm..TTB...mmm...NTZC...) for "gotta read it" value. Imagine this strip about a bunch of Amiga-addict Anthropormophized Kitten/Skunk/Squirrels-Cum-Hot Chicks who have lives that traverse the range of Web Site Designer for Porno Director to pregnancy.
I really can't describe how strange of a geek strip this is. It's definitely geek. It's obsessively geek. In someone else's hands, it'd be Geek Sold Out. In this guy's hands...just go. Go now. [FAKEHTMLTAG][/GEEKCHAT][/FAKEHTMLTAG]
[FAKEHTMLTAG][TECHANALYSIS][/FAKEHTMLTAG] Oh, yeah. The Amiga. The point that the Amiga was an insanely efficient OS with 512K ram should be muted by the fact that there was significant amounts of extremely useful custom hardware embedded within that system. I think one of the slowest realizations the industry is going to eventually come to grips with is that general purpose processors are really f*cking slow at many tasks, at least compared to hardwired solutions.
Just consider how many Pentium III's you'd need to match a Voodoo 3 at bilinearly filtering the texture coatings for large amounts of polygons.
One of the major things I'm looking forward to seeing out of Transmeta is the degree to which they've bridged the specialty opcode vs. general purpose architecture divide that's somewhat divided the industry over the last few years. I'm tremendously interested, for example, in if we're going to see things like Routing and Firewall Opcodes dynamically programmable into the Transmeta CPU.
If Transmeta doesn't do it, those guys with that mass FPGA programming language will. Sooner or later, we're going to have hardware morph itself into the configurations various applications and utilities require. Should be interesting to watch.
What do you guys think?
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
MainSoft also probably is in the First Wave program - but it is usually top-secret, only high executives know about it usually. You are required contractually to deny even the existence of First Wave. First Wave gives even more money, at the price of *serious* dependency on Microsoft.
This is very, very intriguing.
What other companies are suspected to be First Wave shops? And where can I read more about this tactic(which I haven't yet decided is predatory/evil/whatever, so back off/.'ers;-)
The part about writing op-eds--this seems really interesting. The story behind the story...
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Am I the only one who noticed something rather...fascinating about the Title bar on a certain
So let me get this straight. Harry Potter traveled to the land of the Mighty Ns'AH, where everybody lived happily ever after in peace with one another because of free simple crypto that's simple to crack but still can't be exported...
*WHACK*
Oops. Sorry about that, lost my sense of humor for a second.;-)
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
To the various illustrious(translation: I've worshipped you guys for the majority of my life) members of the Cult of the Dead Cow:
Moo.
That being said, I'd like to know what have been the most surprising events in the computer industry for you. Anything's fair game. What just came out of nowhere and knocked the Cult flat on its ass?
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Software product as defined by the FSF, this four CD set does not contain Netscape, Qt, KDE, and several additional non-open-source packages which are available in other Linux products.
Interesting implication there, eh? Qt and KDE aren't Open Source, says the article.
Based on the amount I've been coding with the excellent open source Libnet library as of late, having a library I can work with and perhaps release updated features for is critical to my personal experience of open source code. Since, as far as I can tell, there's a very strong "look, maybe even touch, but don't share in a convenient manner" aspect to the QPL, for the way I've been using Open Source Products, I probably have to agree with Redhat on this one.
Your Mileage May Vary, of course.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Also, since there is not infinite bandwidth for all ISPs, who is to decide which ISPs get a partition and which don't?
A cable provider that cannot expand their network to support more bandwidth can't extract any more revenue from their assets.
The bandwidth crunch occurs whether or not a cable provider also doubles as an ISP. It's not like there's more bandwidth available if the cable company refuses to sell it to anyone else.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Slashdot Mirror
I think I see where this is going. You are tring to get us coming and going. The differenct here that that Gates was trying to INFLUENCE the curriculm/research, not AUGMENT it. At my school, we literally had a company build us a new engineering building all on it's own. It's a nice building, but we do what we want in it. Research like TB is always going to go on because it's important - It's just easier to do when there is a roof over your head.
That deal that was going to happen betweeen the California schools and Microsoft was something along the lines of standardizing/mandating MS at every college site, or so I was told.
The deal got trashed, of course.
My main point is that things don't always fall nicely into easy to discern categories--I'm sure not too many people came into the discussion thinking that Clark shouldn't have had any right to influence where his money went. I mentioned what MS both could and, in ways we'll never fully know, has coerced its way into certain markets via methods similar to what Clark did.
I'm trying to spawn discussion, since honestly I'm not all too sure about this myself.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Two comments, actually.
1) PacketBioStorm. Every time I see an announcement about Biotech, I feel like I'm seeing a convergence between the both utterly dissimilar and disturbingly reminiscent fields of Network Security and Human Biology. Beyond the obvious "virus" appelation, much of the technology being applied to deal with both script kiddies and randomly evolved pathogens (you decide who you'll respect more) has to do with quick identification of massive streams of information through ingeneous code. Biotech adds another layer, since organic materials must be parsed, but it's still the same old schtick.
Sorry to the speakers at Linuxworld, incidentally, but the Human Genome Project is easily the world's largest reverse engineering effort. And will you take a look...a battle between open and closed source. Who's surprised?
2) So Jim Clark has specified the task his money is to be used for. There's actually alot of controversy about that--should donors be able to demand budget parameters? To what degree? Should donations be revokable if, say, a professor at the university violates some specific usage clause? Keeping in mind that most of our college educations either are, were, or will be endowed quite heavily by Alumni and Corporate Sponsorship.
Also remember that Gates intends to donate his fortune in entirety, and that Microsoft is a tremendous benefactor of educational institutions across the country. Think about what Clark's specification means in that context.
There are no easy answers, are there?
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
If this continues, there aren't going to be many executives left in the music industry...they're all going to be in church, having seen the signs of the end of the world.
OK, a bit apocalpytic, but no more than some of the wild eyed predictions we hear about all the time. Everyone else is allowed to make insane and unrealistic proclamations. Why not one more.
In all seriousness, a 4.6GB MP3 player is a significant technological advance. Consider that, at those sizes, the device literally needs to be able to allow file upload/download--the fact that people can and will use this as their primary storage not only for their music data but all of their portable content is beyond likely--it's probable.
Issues such as resilience to shock are worrisome, but should this product function as advertised it will cause shockwaves throughout the industry, if for no other reason that it will utterly eliminate the coming marketing flood backing WMA(forget security, it's twice the music on the same player, they'll say.)
The Compaq involvement is critical--there are serious fortunes to be made, even in the short term. They plan to sell 10,000 of them(their stock for the year) at $810 apiece($10 an hour * 81 hours). That's $8,100,000 revenue in three months--combine that with the amount of venture capital(and outright purchase offers from media corporations looking to suppress the technology, thus increasing the value of the company) that these guys could get their hands on and you have some serious money involved.
To say this should be interesting is an understatement. Now, all I need is to convince the company I'm worthy of a pre-release version to play with. You know, because I just don't listen to enough music as is or am in front of a computer enough as it stands...
Oh well. All else fails, I'm getting this $279 MP3CD player the moment it comes out.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
I'm not surprised VB is so popular. Look how many Windows desktops there are out there, and look at how god-awful Visual C++ code is. VB has a pretty nice development environment, and is (apparently--I'm not a VB guy) great for quick and dirty Windows GUI apps.
.EXE and a few random .DLL's that might have to be installed. C code compiles to executable files and some libraries that you probably already had anyway.
;-) So, yes, overall I'm still quite hopeful.
The fact that the entire language seems to me like a gigantic glueball(in the sense of it binds everything together, it picks up some rather shocking cruft, and you'll sometimes get stabbed by something locked inside) doesn't take away from the fact that glue can be great for whipping things together--just ask TCL developers.
Past that, I'm not surprised Java hasn't overtaken C. Beyond the whole speed factor, C is just alot cleaner for the non-expert programmer to mess around in. Particularly when it comes to making patches to existing codebases, there's just so much less to need to figure out in C than in a fully object oriented language such as Java. Granted, when C is forced to do things C does not like to do, C gets very crufty(thus the recent complaining I've been hearing about lsh's pseudo-object system), but a) There's a massive codebase out there written in C, b) There's a massive amount of deployed C code(this isn't the same as a), and c) C is less daunting for a moderately skilled programmer to mess with.
However, I must say that the reason Java hasn't displaced VB down to third(VB/Java address a different market than C, if you think about it) is that Sun royally and utterly bungled its deployment. VB projects "compile" down to an
Java development with the JDK is laughably awful, and will someday be a textbook example of how not to burden your coders and your users.
From what I've seen--and I'm sure the experts can enlighten all of us further--merely getting javac to function(got everything in the right folder? Got your path environment set right? Sacrifice the correct barnyard animal?), then executing that Java app(better nuke the henhouse just to be sure) is far beyond the difficulty in even writing a simple Hello World!
The fact that code never compiled into a single file didn't help either--web deployment was a mess, with forty web server connections for a single semi-useful app. JAR finally fixed this, but THAT standard got mangled by CABs.
Don't even get me started on Code Signing--there are three, three, three ways to go for this little project.
Alot of the problems wouldn't have been as significant if javac was as straightforward to play with on your average Linux distribution as, say, gcc. The non-free aspect of Java destroyed this possibility--and Sun's new "Gotcha Source" License isn't helping.
Java came out of the gate hard to install, harder to deploy, slow to load, and slower to run.
Things have gotten better--J++ and the MS VM have been instrumental in this regard--but the core usability of Java is farrrrr less than VB, and even less than C.
Actually, I had just about given up on Java until I found the one company that has truly understood the promise of Java. Mindbright. I've already written about these geniuses here, but suffice it to say, the fact that there's now a extremely high quality Java deployed SSH and SSH-VNC(VNC into those hosts behind the IP Masq, all via SSH) solution is amazing, and caused a complete reversal as to my opinion of the viability of Java as a useful platform.
Using something written in a language on a daily basis will do that.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Someone might also want to inform our good
friends over at Google about this.
It is hard to justify "worst operating system"
coming up with www.microsoft.com. Especially
when I think only the word operating is on the
page.
The same is also with "best operating system"
coming up with linux.com
Also "more evil than satan" also takes you through
to microsoft.com.
Sure this is funny and all but why is this any
different to the Lycos case.
Your post is more unintentionally relevant than you might think.
According to Google's scans, Microsoft is more closely associated with people writing on their web pages "worst operating system" than anyone else. Similarly, Linux gets the best operating system treatment.
Google is not a dumb engine--instead of merely rating by what's on the page, it rates by how people refer to the contents *of* the page. This is an incredibly cheap way to "borrow" intelligence from systems that can process complex information neurologically(human brains) and insert it into systems that can only marginally approximate that kind of intelligence.
Google executes its intelligence gathering in a Content Neutral manner, thus insulating it from any libel/slander that might result from returning certain values. Because Google didn't rig the system to have it return Microsoft as More Evil Than Satan, it's not their fault that that was the top hit.
If, however, Google removed that response, they'd be responsible for removing every response that could possibly be interpreted as slanderous. Note, this isn't the same as changing the algorithm to be more accurate--this is programming a specific "don't return this".
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
A curious thing happened on my way to Freshmeat.
Where the hell did Mindbright come from?
Mindbright, for those who don't know, makes the GPL'd Mindterm java applet. It's an incredible SSH client written in 100% Portable Java and has completely changed my perceptions of what a quality Java applet can do.
Suddenly, I have a SSH client at any web browser I sit at. And it's fast, to boot.
If that wasn't enough to impress me, MindVNC is a merge of their SSH classes and the GPL VNC Java client. (VNC is essentially a remote frame buffer--the display is rendered or copied into a virtual screen then sent over the network.) You authenticate against the ssh server that hosts the Java app, and you can VNC to any terminal the remote sshd can access--yes, this means you can connect to your bastion IP Masqing host, then VNC to some 10.* machine behind the firewall, all through a secure link.
The relevance to the story is in simple and speedy deployment of tools--any and every machine with a Java VM can immediately and securely access both text and X based applications with minimal deployment pain. This exceedingly low pain for large scale client deployment via Java may actually benefit VNC in surprisingly powerful ways. Since the VNC system has been ported all over the place, from svgalib linux to windows, and as it poses an open source, well tested, very portable, and highly functional remote access platform, it may just end up becoming a formidable force as the years go on.
Those who don't think projects should be allowed to fork--at all--need to see the amazing work that Mindbright's been allowed to do on the shoulders of the GPL. (The analogue to scientific development wasn't accidental.) More work is left to be done--the Mindterm client could use telnet support, and VNC could seriously use a "single app" mode that sizes the desktop to that exact size of the remote application, translating resizings on the client to resize attempts on the remote app.
The seed of possibility is definitely there, though.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
That's why they seem to have an "infinite supply" of potatoes at New College... mmm... potatoes every day...[ b++]=a/5;for(;d=0,g=c*2;c-=14,printf("%. 4d",e+d/a),e=d%a)for(b=c;d+=f[b]*a,f[b]=d%--g,d/=g --,--b;d*=b);}
./test
int a=10000,b,c=2800,d,e,f[2801],g;main(){for(;b-c;)f
[root@dsl archives]# gcc -o test sig.c
[root@dsl archives]#
%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.
0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0
4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d
%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.
0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0
4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d
%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.
0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0
4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d
%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.
0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0
4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d
%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.
0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0
4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d
Debugging is anticipated with distaste, performed with reluctance, and bragged about forever.
The above response was marked a troll.
People, when moderating, *DO SO IN CONTEXT*. I compiled his signature, got nothing workable, and asked wtf.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
In philosophy and law, there's the concept of "content neutrality". To condense it down to its core, it basically means that busineses and structures don't care *what* they're working with; they merely work with whatever the customer provides.
In computing terms, most processes that take data in from a pipe are content neutral--it doesn't matter what you toss into mmencode, or tr, or mail. The apps perform a function on content--whatever that content happens to be is irrelevant.
The key to Content Neutrality is consistency. It's not enough to merely be "sometimes" or "usually" neutral.
Content Neutrality forms the protective construct in law that insulates from liability, for example, web site providers for the contents of their customer's web pages, email providers for the words and possible contraband relayed blindly over their networks, and telephone companies from being liable for bomb threats made over their lines.
If web site providers constantly monitor any of their sites, they're liable to constantly monitor all of them. The same goes for voice and email providers, who would quickly go out of business if they had to make sure no contraband speech passed over their lines. Telephone providers do not monitor any lines for contraband--that's not their job. Making sure a line exists is.
Content Neutrality gives the information industry it's primary shield against those who would exploit their infrastructure to blindly suppress both the criminal and the innocent.
Content Neutrality is also the only thing protecting the entire search engine industry from instant extinction.
What happens if I find a kiddie porn site through Google(as far as I can tell, it can find anything)?) What happens when some 12 year old kid at the local library finds www.whitehouseinterns.com off Yahoo? Or when anyone picks a song off of mp3.lycos.com? (Half of the Lycos employees who are reading this just went ghost pale.)
By preventing searches for site competitors from bringing up standard spider results, Lycos is accepting the role of gatekeeper, verifying that users aren't going to be led anywhere they shouldn't be led.
This Is Not A Position Lycos Wants To Be In!!!
Such a precedent means that Lycos would have to proactively verify the age of those who find sex sites through their search engine--after all, young children shouldn't be led to X rated sites. It means that Lycos could be held responsible for guiding people to fan sites--after all, illicit photography scanned from magazines should not be republished. Anything and everything Lycos does would have to go through an insurmountable gauntlet of legal checks before a return could be allowed, all because Lycos chose to sacrifice their content neutrality for the sirens of market share and myopia.
This is no joke. Content Neutrality is the reason why you can call MCI via AT&T Long Distance and ask them to change your service, rather then having your call redirected to a Ma Bell hard sell sales associate.
Somebody needs to slap Lycos's lawyers around a bit--someone fell asleep at the wheel.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
What's your sig supposed to do?
./test
[root@dsl archives]# gcc -o test sig.c
[root@dsl archives]#
%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.
0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0
4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d
%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.
0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0
4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d
%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.
0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0
4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d
%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.
0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0
4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d
%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.
0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0
4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d%.0 4d
Trust is nice but I think many more people are going to like versions of Microsoft Office and Photoshop that run on top of a BSD based OS.
Which, I'm sure, are guaranteed to ported perfectly...
Of course, I'm extremely interested in seeing Office/Photoshop on a BSD based machine. It could completely rule. It might not. It's all vapor right now.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
I go to Santa Clara University. From our tech guides-- "If you have a Mac, do X. If you have a PC, do Y. If you have a Compaq, go get this alternative guide." I'm not joking. While Dell doesn't make purely standard "clone boxen" with a name and a hell of a support infrastructure, they're far less willing to play games with their motherboards such that they manage to create more instabilities than they're designed to ostensibily eliminate. HP Kayak's? Sorry, no NCR-810 support in the BIOS. Packard Bell? I'll just say nothing. Compaq's the world leader in creating motherboards with spiffy but grossly untested and non-standard features. Dell makes boxes that work. That's been my experience, doing tech support for a couple hundred machines on campus. You'll never see a Dell box with an arbitrary 32MB RAM limit(must have saved a few pennies per motherboard), for instance. That being said, if I remember right, Compaq did the initial reverse engineering of the IBM BIOS. If it wasn't for them, we wouldn't have PC clones. I just wish they'd(or anyone, really) would start advertising that they use Asus or Abit mobo's. Yours Truly, Dan Kaminsky DoxPara Research http://www.doxpara.com
What I am interested in knowing is why anyone who had Mac OS X would have any interest in running Linux anyway. Soon after release people will start porting the open source stuff to Mac OS X, plus they will have Carbon plus all the legacy Mac apps. What does Linux offer? Just the open source stuff. The cost of OS X will be irrelevent because of the bundling that will go on.
.MOV was encoded in, they weren't exactly being too friendly. Or do you disagree?
So just what is the benefit of running Linux on a Mac after Mac OS X is out, anyway???
Trust.
I'll be blunt, I don't know how much I trust OSX to be a mature and fully functional Unix. It might rule. It might not. For the same reason I've become fascinated with *BSD, I've got alot of respect for Linux on the Mac platform.
Having recently taken SparcLinux off of a bunch of cheap IPC's and put on Solaris 2.7, I can tell you that while it's impressive that Sun's latest OS works on ANCIENT hardware, it doesn't work all that fast. Linux did.
Anyway, I look forward to Beowulf clusters w/ G4's, and I don't think Beowulf works cross-platform.
What a load of crap. Just because Apple hasn't released the Technotes on the G4 hardware yet doesn't mean they won't. Nor does it have anything to do with OS X - all the G3s, iMac and iBook tech notes are out - these machines are just as likely to run OS X as the G4s.
I stand corrected, then. I based my assumption on the fact that the iBook coder talked heavily of having to reverse engineer entire chunks of the iBook architecture.
(Yup, every once in a while some guy on Slashdot actually admits he fucked up. It happens.)
Complaining about Microsoft becomes much more disturbing when you realize what any number of other software companies would do in their place...
What pipe were you smoking when you came up with that one? Apple is not a software company. Apple is in fact, a hardware company. If they were a software company they wouldn't care about clones and in fact would encourage them. But they can't because almost all their revenues and profits come from selling - hardware.
That doesn't change the fact that if information is withheld from Linux developers but delivered to OSX people, Apple is ignoring the needs and desires of customers. I was unaware about the tech spec releases for the older macs--therefore, yup, I was wrong when I implied that Apple did alot of this.
Of course, when Apple banned MpegTV from supporting the codec that the Star Wars
Those who complain about Microsoft keeping their OS specifications close to their chest, thus making their partners commit all sorts of beautiful First Wave anti-trust-be-damned actions:
MS ties their OS and their Applications together. Apple ties the OS and the Hardware together, which if you really think about it is really quite a bit more exclusionary than MS could even dream about. Linux has long since become enough of a force that companies that choose not to open their specifications to it have long since implicitly ignored the needs of their customers.
I'm a former Apple IIgs user, so the concept of me wanting a Mac is...a foreign concept. LinuxPPC is the first thing that's ever made me interested in owning a Mac again. The thought that Apple's software interests(OSX) are causing specifications to be hidden about their hardware products(mmm...G4...) is mildly disturbing, to say the least.
Of course, the whole CHRP(Common Hardware Reference Platform) fiasco does make all of this at least mildly expected. Complaining about Microsoft becomes much more disturbing when you realize what any number of other software companies would do in their place...
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
It's always strange for me to hear about Kryotech, ever since I found out what happened to one of the cofounders. Apparently, he partied a bit too hard at some company function, had some form of heart attack, and died.
He was 33.
Actually, if I remember right, they were celebrating cooling an Athlon(then K7) up to a Gigahertz...
For some reason, this has always stuck in my mind as a weird reminder that even us crazy young techs are all sooner or later going to have no more toys to play with...
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
(Warning. Take this post in jest. No offense is intended to all of those I'd otherwise offend. We now return you to your regularly scheduled post.)
;-), I didn't care too much.
OK.
When the Stick became 3Com(soon to rename itself 3.Com, I'm sure
When the Oakland Colliseum was rechristened Network Associations Station, thus making all games there played "At The Net", I shrugged a bit.
I mean heh, corporations do these kind of things--it's just the 90's version of the Commercial Jingle. Who are we to complain.
I really feel for Massachusetts taxpayers, who are funding this...ummm...experiment in corporate sleazification of the government. I feel so much, that I've got a little list for them. Without further ado...
TOP TEN SIGNS CORPORATE INTERNET MARKETING AND GOVERNMENT POLICY HAS HAS CONVERGED A BIT TOO MUCH.
10. www.speedingticket.com
9. No Property Taxes!*
8. New Position: Justice of the Piece
7. New, easy to fake California Drivers Licenses have "hily sek00r" Autobot/Decepticon Authentication Systems.
6. deltree k:\ansas\biology
5. "Superfund 2, brought to you by your friends at McDonalds. Isn't Ronald's hair a special color?"
4. http://www.whitehouse.gov, now with new and improved autopopup windows to http://www.gore2000.com and http://www.whitehouseinterns.com(gotta recruit some stiffs...)!
3. Watch C-SPAN for 20 hours a month and get a check from http://www.capitoladvantage.com
2. [ ] Nuke
[ ] Don't Nuke
[SUBMIT]
1. lobby.ebay.com
* With three years of modem rate MSN at a low low low price of $19.95 a month.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Before I say anything, I want to commend Hannibal on an absolutely excellent article that clarified issues I thought I understood and illuminated much of the technological history behind the technology we each use every day.
I am completely impressed.
That being said, I'd like to take a moment and theorize on the direction microprocessor design is likely to go. This is my theory; you're welcome to disagree and in fact eagerly await commentary from those far deeper in the industry than I. Insert Slashdot Self-Correcting Nature here.
Of all the chasms in the computer world, there are few as vast as the speed differential between general purpose processors programmed to execute a given task and hard-coded ASICs(Application Specific Integrated Circuits) designed to meet the functional needs of a given process. (OK, granted, Internet -> Local Network -> Hard Drive -> System Memory -> Processor Cache -> Processor Registers is pretty vast too, but cut me some slack here.)
Telephony is a joke without ASICs--I haven't found a voice over IP solution that operates in software well enough to even be used as a room to room intercom over a 100BaseT Lan--but it's actually reasonably lag-free with hardware encoding.
Similarly, huge banks of boxen rendering frames for movies became significantly less impressive to me when I realized how many banks of Pentium Processors it would take to match, say, a single Voodoo 2. While, in recent times 3D Rendering has gotten shots in the arm on the general purpose x86 architecture via both MMX and KNI, the order of magnitude difference in speed makes CPU rendering of realtime 3D graphics almost useless.
(Then again, Sumea is probably the single coolest thing I've done with Java, short of Mindterm.)
As I observed in the Amiga newsgroup, shove a couple of custom ASICs in a box and you can run a highly competitive multitasking OS in 512K of RAM, with unmatched graphical support to boot.
But ASICs have their limitations--while they're fast at what they do, they're extremely inflexible. You can't merely program in a new transparency algorithm, nor implement Depth of Field in an architecture that totally lacks it. The inflexibility of ASICs dooms their long term viability.
CPU's are flexible but slow, ASICs are inflexible but fast. It's a dichotomy the industry is on the verge of smashing.
I dub the coming processor design specificiation(which, as the article correctly noted, is all RISC/CISC really are) XISC, for eXtensible Instruction Set Computing. XISC essentially specifies that the underlying computational structures--be they microcode or raw gate arrays--ought to be dynamically reconfigurable to meet the needs of the process.
Just as the lack of a quick bilinear filter function(SIMD stuff) on older Intel chips doomed them as far as efficient 3D in relation to customized ASICs, the ability to insert such a command directly into the internal microcode of a processor has a theoretical chance of executing at extremely high speeds for a non-dedicated processor.
Transmeta, also known as the only reason many people willingly acknowledge the US Patent Office, appears to be spearheading the XISC drive. Their patents refer to technologies that automatically cache microcode translations, that provide backwards-flow in case of a broken emulate, and so on. They've often been "accused" of developing a chip that can emulate any chip--in the XISC context, a chip optimized to execute the instruction set most required by any given process.
If you accept that performance drops in the orders of magnitude are suffered when a processor lacks the appropriate design for a given set of requests, it's quite obvious that intelligent designers seeking to execute a quantum leap in system performance would try to allow processors to acquire any necessary designs to achieve much higher speeds.
Of course, most of my chip designer friends would be happy to remind me that much of the speed of ASICs comes from their hard coded nature--the literal gates correspond to whatever output is desired, no translation is necessary.
Of course, here's where FPGA's come in. Field Programmable Gate Arrays are chips whose internal gate structure can be rewritten on command, sometimes many thousands of time per second. They can't be clocked as fast as true ASICs, nor are the yields as high, but one quickly morphing chip can do the job of three or four in a digital camera. With at least one company(someone give me a name!) developing a language for programmatically defining instruction sets for a FPGA processor, the technology for XISC is obviously in development.
Ah, but not all is not fair thee well. In fact, while on the topic of 3D chips, the Rendition Verite chipset had a programmable RISC core, and the chip ended up failing because it could not scale in speed like 3DFX's Voodoo could. Developers could write new 3D instructions, but didn't (in general) because it was just too hard. (Yes, Carmack did.)
That's why there's such a powerful force towards automation in this XISC evo/revolution, such as the FPGA language and Transmeta's automated Microcode translations that stay in memory so as to speed up future similar instruction requests. In an ideal world, a developer merely compiles a chunk of code that profiles as heavy usage directly into CPU microcode, or at least specifies in some way that a given routine ought to be run through the "special ops" part of the system.
Whether the world will become ideal is a point of question. Whether we will have instruction sets that morph is almost obvious, it's just a matter of when will the bridge between ASICs and CPU's finally be resolved.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Watching the development of Samba, I'm struck by the degree to which system stability and system security are related.
If you ever want to find a program that's easy to crash, look for one that's been designed without any security in mind. Similarly, if you wish to locate the most stable, trustable system, look for those where security is a critical specification to which every design pattern must adhere to.
This isn't that hard to understand. Software that's not designed to accept data streams that lack "sanity"(translation: Data formatted according to the protocol specification) from external procedures, processes, or network connections is doomed to, on occasion, accidentally recieve such "contraband" information and crash and burn from the time-bomb buried within.
Often, such missing sanity checks are the result of the following "famous last words" from a software developer: "That'll never happen--the code would never do that."
Not only can it happen, not only will it happen eventually, but because of those who would exploit such weaknesses--be they joyriders, or worse--it will happen to such a degree that customers will be harmed, and code will need to be patched and deployed long after it was written.
The same kind of bean counters that decide it's cheaper to let 100K people die from an exploding gas tank and settle each of those lawsuits than fix a problem that's embedded in a few million vehicles also work at computer companies. If it wasn't for those who would discover and address the flaws in the infrastructure of our increasingly critical(and simultaneously fragile and surprisingly resilient) technological lifestyle, the computer industry's accountants could honestly claim it would be much less expensive for customers to crash(making them more likely to upgrade anyway!) then for the company to build security/stability into their code.
There are some, of course, who criticize the willingness of hackers to release vulnerability information publically, primarily because the information can then be used (and abused) by the cracker set. There are two responses to this:
1) Software companies have a miserable record responding to anything but crisis. If I close my eyes and imagine a half million people like me(only much more experienced in whatever field they're specialized in), I completely understand. Regardless, it bothers me to know that, from what I've seen, security/stability patches are almost never issued unless there is an active exploit being used. It is a common theme for example code to be released with the disclaimer "I sent this to Microsoft a month ago and they never responded." I personally discovered a reasonably troublesome flaw in the Windows 9x TCP/IP stack--the most I've ever gotten back from Microsoft is a third hand message through a PR Flack that--you guessed it--"This is hardly ever a problem." And, of course--no fix.
I'd like to say YMMV(Your Mileage May Vary), but I doubt it. As for my second response...
2) I'll take some kid playing around with his first script long before I want to be attacked by either a competitor or (shudder) a hostile foreign government. Competing corporations(*ahem* I'll avoid getting Gibsonian for this one post) and hostile governments are quite unlikely to divulge their discoveries regarding infrastructural weaknesses, but the Hacker Ethic demands that Hackers do. Furthermore, it assigns significant prestige to those who not only describe flaws but provide effective solutions to them as well. It is these solutions that are the "carrot" delivered to server administrators in an honest attempt to strengthen the stability/security of the overall infrastructure, while the crackers of the world essentially form a constant, low-level "stick" that reminds administrators of the damage a full-scale, corporate or military infrastructure attack can levy.
Mandating security by governmental fiat is essentially ineffective, though there is no small irony as to the inititals of the Internal Security Service such a mandate would create. (For those who don't know, ISS is one of the more respected groups of security professionals.)
The continual, open dialog of hackers, however, is responsible for the fact that we actually do have a pretty extensive Certificate Authority architecture backing online Credit Card Transactions. Without hackers raising the red flag, businesses would have ignored the risk so as to increase online purchasing at lower initial investments, media would have ignored the faults so as to not upset the advertisers, and government would have stayed out of the way so as to not lose any votes from Big Business. (Granted, it's likely the Hackers got so much press in the mid-90's because preventing people from feeling secure inputting CC#'s online benefited certain uberconglomerate interests that weren't ready to go online just yet and had a large stake in people actually *gasp* going to a store/mall. But the same guys who spoke about what you shouldn't do online also emphasized the SSL solution to transactional privacy, thus training millions of people to look for the lock before sending in their card #. That the SSL system is actually reasonably air-tight considering its ambition is genuinely impressive.)
I have, of course, spoken of only one subset of hackers--the network security gurus that I worship and hope to one day be among. Each of the many flavors--and yes, they all blend together in one form or another--of hackers bring something to the table that, yes, is of significant social import.
It'll be interesting when the sociologists turn around and start analyzing the scene in earnest...
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
WARNING: THIS POST CONTAINS BOTH A GEEK WALK THROUGH MEMORY LANE AND ACTUAL TECH ANALYSIS. IT'S MY POST, AND I CAN WRITE WHAT I PLEASE. THANK YOU FOR YOUR CONSIDERATION.
[FAKEHTMLTAG][GEEKCHAT][/FAKEHTMLTAG]
I'm as surprised as...well, I guess none of you have any reason to be surprised. But I've never owned an Amiga; hell, I've barely even seen one.
OK, so I grew up drooling over the concept of having a pimped out Amiga system, and can completely identify with the rabidly loyal Amiga community(I had an Apple IIgs and lived in the city Applefest used to be held in. 'Nuff said.)
And, now that I think about it, a very large proportion of the music I grew up listening to was downloaded to my IIgs via a 2400 baud modem, straight from Aminet sites. Ah, yes, the good old days of blasting data through *FSP*(does anyone else remember this beautiful little hack of a UDP protocol?) so I could get around FTP user limits...not to mention, downloading to my system that didn't even possess a hard drive! 800K floppiez, K-RAD 3133+...;-)
No, but I think the real reason I've been loving Amiga's lately is this comic strip I found off of Memepool--it's called Sabrina; the archives are here, and this is undoubtedly one of the most dementedly weird strips I've ever seen.
It's joined User Friendly and After Y2K(mmm..TTB...mmm...NTZC...) for "gotta read it" value. Imagine this strip about a bunch of Amiga-addict Anthropormophized Kitten/Skunk/Squirrels-Cum-Hot Chicks who have lives that traverse the range of Web Site Designer for Porno Director to pregnancy.
I really can't describe how strange of a geek strip this is. It's definitely geek. It's obsessively geek. In someone else's hands, it'd be Geek Sold Out. In this guy's hands...just go. Go now.
[FAKEHTMLTAG][/GEEKCHAT][/FAKEHTMLTAG]
[FAKEHTMLTAG][TECHANALYSIS][/FAKEHTMLTAG]
Oh, yeah. The Amiga. The point that the Amiga was an insanely efficient OS with 512K ram should be muted by the fact that there was significant amounts of extremely useful custom hardware embedded within that system. I think one of the slowest realizations the industry is going to eventually come to grips with is that general purpose processors are really f*cking slow at many tasks, at least compared to hardwired solutions.
Just consider how many Pentium III's you'd need to match a Voodoo 3 at bilinearly filtering the texture coatings for large amounts of polygons.
One of the major things I'm looking forward to seeing out of Transmeta is the degree to which they've bridged the specialty opcode vs. general purpose architecture divide that's somewhat divided the industry over the last few years. I'm tremendously interested, for example, in if we're going to see things like Routing and Firewall Opcodes dynamically programmable into the Transmeta CPU.
If Transmeta doesn't do it, those guys with that mass FPGA programming language will. Sooner or later, we're going to have hardware morph itself into the configurations various applications and utilities require. Should be interesting to watch.
What do you guys think?
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
P.S. [FAKEHTMLTAG][/TECHANALYSIS][/FAKEHTMLTAG]
Are the Microsoft transcripts online anywhere, as far as you know?
Eventually the judge declined to seal the document, and the trial transcript wasnt edited either.
I'm particularly interested in seeing this document, as well as the op-ed piece that MS authored. Any ideas as to how I can get my hands on them?
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
MainSoft also probably is in the First Wave program - but it is usually top-secret, only high executives know about it usually. You are required contractually to deny even the existence of First Wave. First Wave gives even more money, at the price of *serious* dependency on Microsoft.
/.'ers ;-)
This is very, very intriguing.
What other companies are suspected to be First Wave shops? And where can I read more about this tactic(which I haven't yet decided is predatory/evil/whatever, so back off
The part about writing op-eds--this seems really interesting. The story behind the story...
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Somebody slap me for not hitting preview.
Sorry for the UglyCode(TM). --Dan
Am I the only one who noticed something rather...fascinating about the Title bar on a certain
;-)
So let me get this straight. Harry Potter traveled to the land of the Mighty Ns'AH, where everybody lived happily ever after in peace with one another because of free simple crypto that's simple to crack but still can't be exported...
*WHACK*
Oops. Sorry about that, lost my sense of humor for a second.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
To the various illustrious(translation: I've worshipped you guys for the majority of my life) members of the Cult of the Dead Cow:
Moo.
That being said, I'd like to know what have been the most surprising events in the computer industry for you. Anything's fair game. What just came out of nowhere and knocked the Cult flat on its ass?
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Software product as defined by the FSF, this four CD set does not contain Netscape, Qt, KDE, and several additional non-open-source packages which are available in other Linux products.
Interesting implication there, eh? Qt and KDE aren't Open Source, says the article.
Based on the amount I've been coding with the excellent open source Libnet library as of late, having a library I can work with and perhaps release updated features for is critical to my personal experience of open source code. Since, as far as I can tell, there's a very strong "look, maybe even touch, but don't share in a convenient manner" aspect to the QPL, for the way I've been using Open Source Products, I probably have to agree with Redhat on this one.
Your Mileage May Vary, of course.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Also, since there is not infinite bandwidth for all ISPs, who is to decide which ISPs get a partition and which don't?
A cable provider that cannot expand their network to support more bandwidth can't extract any more revenue from their assets.
The bandwidth crunch occurs whether or not a cable provider also doubles as an ISP. It's not like there's more bandwidth available if the cable company refuses to sell it to anyone else.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com