The key never leaves the chip. No process at all ever has access to the key. The chip does the decryption itself as a black box.
Well, I'll state the obvious and say that I consider it an essential feature to be able to copy out (securely) any and all keys the chip has generated, and if the chip does not have that feature then I certainly must question the motives of the designer. There, I said it would be obvious.
It's probably fun to make lists of things that suck all day long, but why not use some of that talent and nervous energy to join in and help?
Indeed. Instead of whining about the obvious gui glitches in mplayer, he should have submitted patches, he's certainly capable of it. If the patches are refused or ignored, then whine.
I've got lots of fonts already; I've got Adobe fonts, Bitstream fonts, Microsoft fonts, etc.. I just wish that the default configuration on my Red Hate 8 box didn't make them all look like crap.
Honestly, I'm glad that Bitstream is a good enough community player to donate these. Only problem is our community is served a whole lot more by quality than it is by quantity.
It's sad that such a display of ignorance would show as the first response to this important and generous donation by Bitstream. You do not know what a type 1 font is, do you, or what is important about scalable, hinted fonts? Thought so.
I have a friend who used it briefly on the machine it came preloaded on. But when he realized it was rigged so he couldn't use any source code without geting gcc, glib, and god-knows-what-else installed, he wiped it and went through several distributions before landing on (ugh) Caldera.
It all depends on your intent. If the intent is to teach business apps, Windows is the right choice because that's what businesses use. But Linux offers a richer environment for understanding computer principles.
If you had actually read the article, you would have seen that the students in the lab are about 8 years old. Obviously not a computer science lab. And your point is?
I liked Perl for CGI, but couldnt use it to make a GUI app very easily. VB was queer, but worked for GUI apps, but not very strong for complicated apps..NET framework includes a bunch of objects for dealing with everything from I/O to Databases to XML and Webservices.
It sounds like you want Python. No, really. It covers everything you mentioned with style, and with this compiler extension it's fast too.
It could be enough for someone to snag the SSH private keys for a connection.
The chance of fishing a usable key out of 256 Meg of memory soup, given a random look at a handful of leaking bytes in each packet, is slim indeed. The attacker has no way to control which bytes leak and doesn't know where in memory they came from. This is nothing remotely as serious as a buffer overflow, where the attacker gets to choose which bytes overflow into executable memory, and thus can exercise a great deal of control. Still, by sitting and watching long enough, maybe, just maybe the attacker will be able to piece together something useful.
Now, this is where Linux, BSD et al really show show their strength: this driver leak either has already been patched (sorry, I'm too lazy to check the change logs just now) or will be by the end of the day, and the patched kernel will be immediately available for download. Or I can get the patch and apply it myself if I'm in a panic (which I'm not for the above reasons).
Microsoft on the other hand has to round up dozens of vendors and get them all to apply fixes, and there will be stragglers. Then there is the question of how to get the patches onto customer's machines. It's a safe bet that the majority of home users will never patch this vulnerability, so if attackers need plenty of time to exploit the leak on Windows, they've got it.
Of course, Microsoft's favored solution to the latter problem is to take the liberty of patching your system for you, having required you to agree to this when you installed. You must then trust Microsof not to go further and install additional, unasked-for code, for example, something to send back all your web search terms to Microsoft HQ. I don't know about you, but for me, but that's too high an asking price for automatic security updates.
Interesting fact: Microsoft Windows is mentioned as "not vulnerable".
You mean Microsoft said they aren't vulnerable. But look at these weasel words: "However, we have found samples in our documentation that, when compiled without alteration, could yield a driver that could contain this issue." Draw your own conclusions.
...and that's why You'll always put a "personal firewall" on Your windows-machines and never let them out unless You specifically tell it to.
Putting a firewall on a box that's already running hostile code is a non-starter in terms of security. Remember, Microsoft has complete access to your system, and can do whatever they want to your firewall, including ignoring it completely. You'd be much better off front-ending your XP box with a firewall running on a Linux machine.
Interesting. I think it was modded as redundant (though it was the first post) because it says what everyone was already expecting it to say.
More likely, it received 11 negative moderations because someone in Redmond has a Perl script that monitors Slashdot and sounds klaxons all over the campus every time the word Microsoft appears in an article.
However, I do question the point where much of the work for games is put into the engine, and little of it put into the gameplay itself.
Given a choice between John Carmack pushing forward game technology and John Carmack pushing forward the literary arts, I'll take the game technology, thanks. Some other team with less engineering talent can specialize in great stories. That said, Doom3 is to incorporate more cinematic elements, perhaps even some kind of story line. However, if developing a story line interfered with the raw technolody, that would be really sad. Let somebody else write stories, let John Carmack and the ID crew concentrate on the immersive experience.
If this bothers you, then send emails to your favorite game companies and plead with them to license the latest ID engine to produce some story with it.
But it looks like they found a better way to do things without breaking compatibility, without causing lots of problems, and without causing anything like you describe.
Yes, and for once I agree with you. I'd like to hear arguments from the Apache team about why a new RFC should not be written to enshrine the protocol extension. I can't find anything to hate about the extension at all: clearly nobody is forced to use it.
Now, as described, the extension is not evil, but it could become so, if for instance, Microsoft clients or servers were to use some out-of-band technique to descrimate against non-Microsoft servers or clients, and thus service the protocol extension only between Microsoft products, even if the other side understands it perfectly well. And this is not just paranoia either, since Microsoft is already well-known for discriminating against non-Microsoft web clients connecting to, for example, MSN. Which is pure evil, more so when done by a monopolist, and so far has gone both uncorrected and unpunished. Given such success and considering Microsoft's track record, it's hard to believe that a batch of considerably less laudable protocol extensions are not in the works, or already in the field.
But this protocol extension, I like. Somebody please give *technical* reasons why it is not good. But note: the scalability argument is already rejected, it's bogus. The server does not have to cache the connection when it's under heavy load, it can just drop it and let the client fall back to the vanilla protocol.
As far as I can see, the real problem is that no RFC has been drafted, submitted or proposed, and there's no white paper or anything like that. That's clearly wrong.
It's the Embrace and Extend model that people keep accusing Microsoft of.
You appear to have drunk too much koolaid and damaged your brain. GPL embraces what? GPL extends what? Oh, copyright law perhaps. How downright perverse.
(I can't believe believe I actually responded to your troll.)
I have to rain on your parade, but I have to wave the bullshit flag here. Teens are NOT acquainted with the likes of Led Zeppelin and Jimi Hendrix. They're much more busy listening to dance, pop, and electric music. People more likely to know of these old artists are people aged over 60.
I have to wave the clueless flag back at you. I know plenty of teens here, both in the Berlin region and where I used to live, a small city in the Ruhr. Without exception, every teen I know has a collection of classic rock, and they generally know the field better than I do.
You are an ignorant fucktard. Bach didn't copy his symphonies from some other musician/composer and rearrange them himself, to his liking. He wrote them by learning the techniques of those before him.
Showing our extensive knowledge and refined taste in the arts now, are we, to complement our gentlemanly demeanor? Well...
Michaelaneglo didn't paint by numbers when he painted the Sistine Chapel. He learned the techniques of painting then expressed himself through this medium. While the concepts in teh Sistine Chapel might not be completely original, his work most certtainly was.
Listen, my friend, it's time to stop spouting and start thinking about just where you and your opinions fit in the grand scheme of things, and how you might go about improving that situation. Bye now.
You apparently are not a creative individual. Copying or using another's work does not foster creativity. Learning from another's technique, using common themes from literature, creating a new medium to express yourself are wasy to foster creativity.
You are completely wrong about that. Throughout history, the masters have learned by copying the old masters, whom they respected, and whose skill they aspired to. Bach did it, Michelangelo, Rembrant, they all did it. It was accepted, even expected, if a student of art was ever to amount to anything.
Lessig is only pandering to a small group of cheap bastards who don't want to pay for shit. He's really a pathetic excuse for a human being if he believes he's making a difference.
Hrm, let me see, whom should I pay attention to, a) you, a foulmouthed person posting on Slashdot that nobody ever heard of b) Lawrence Lessig, a man who has made a name for himself by repeatedly taking on legal work for compensation considerably below what he's capable of earning, for causes he believes in, and arguing those in a clear, reasoned and well-researched and energetic manner, that impresses even his adversaries. Hmm, tough one.
"I predict a wave of creativity in ways of making updated 50's tunes from european bands."
I doubt that, since their record companies will tell them that they wont be able to sell these recordings in the US without paying steep royalties.
Well, since Europeon market alone is now bigger than the U.S. market, I doubt that's going to slow anyone down much over here. I wouldn't even be surprised to see some U.S. companies getting into the act. In Europe the demand certainly exists, and CDs are still very, very popular. Classic rock is really big here, for example, Buddy Holly is held in high regard, not to mention Ella Fitzgerald, Glenn Miller, etc. etc. etc. The interesting thing is, it's not just the old folks. Teens over here tend to be familiar with that stuff, collect it, and know it well. This applies to classic rock as well, for example, Led Zeppelin, Iron butterfly, The Band, Jimi Hendrix, etc. Just a few more years, if all goes well, and those artist's work will also return to the realm of free ideas that everybody can share and build upon. Err, everybody in Europe that is. Yes, it sucks for you Americans, but until you actually take a stand and do something about it, it's just going to keep sucking worse.
The real questions is: Who cares? First of all, we are talking about Elvis. Secondly, with p2p you don't need to buy it.
People care who take their cultural heritage seriously and also wish to obey the law. I realize that we're talking about a pretty small minority, getting smaller by the day. It's sad, really.
I never thought I would see in my own lifetime a copyright expire. Honestly, this is an interesting feeling that I can legally use some music of my culture I grew up with without being charged with a crime to do so? Except, this probably doesn't help me much since I live in America, eh? *sigh*
Yes. Well. I've been invited to move to the U.S. at least half a dozen times this year. No way am I doing that, I value my freedom, I value free expression of ideas.
The Dragon chips you're referring to are equivalent to a 200-260Mhz Pentium......you're also missing the point that x86 doesn't do multiple processing well....and the Dragon's don't do multi-processing at all. Nor do they have a significant addressable memory space.
So, they'd make lousy compute nodes for a supercomputer!!!! Heck, it'd be doubtful they even had the I/O bandwidth for the required high speed networking connections of a compute node.
Nice try, though.
I wouldn't take your arguments as evidence of anything in particular, if I were you. A Chinese kid did a knockoff of a complete ARM 7 core, didn't take him very long either. Anyone who thinks the U.S. lead in microprocessor design is something permanent is kidding themselves. Hrm, at last I see this clearly: since there's little future in technology IP, it becomes prudent and necessary to protect IP earnings on Mickey Mouse et al via extending copyright terms indefinitely.
Yes, yet another anti-US rant... accusations of hegemony on all fronts without any knowledge of world politics, how the US operates, and pandering to the/. opinion that the US is naturally big, bad, and evil. By the way, India is our friend. Please keep up on world politics in the last 75 years before you shoot your mouth off for some cheap karma.
"Yes, yet another anti-Microsoft rant... accusations of monopolistic abuse on all fronts without any knowledge of business realities, how Microsoft operates, and pandering to the/. opinion that Microsoft is naturally big, bad, and evil. By the way, Corel is our friend. Please keep up on business history in the last 25 years before you shoot your mouth off for some cheap karma."
Do you understand my message? Perhaps a slight lack of external perspective? Perhaps a little... self interest?
Slashdot Mirror
The key never leaves the chip. No process at all ever has access to the key. The chip does the decryption itself as a black box.
Well, I'll state the obvious and say that I consider it an essential feature to be able to copy out (securely) any and all keys the chip has generated, and if the chip does not have that feature then I certainly must question the motives of the designer. There, I said it would be obvious.
A HW accelerated encryption engine would give us snappy remote xsessions out of the box with ssh->ssl->kernel hw calls.
If only that's all it was.
It's probably fun to make lists of things that suck all day long, but why not use some of that talent and nervous energy to join in and help?
Indeed. Instead of whining about the obvious gui glitches in mplayer, he should have submitted patches, he's certainly capable of it. If the patches are refused or ignored, then whine.
I've got lots of fonts already; I've got Adobe fonts, Bitstream fonts, Microsoft fonts, etc.. I just wish that the default configuration on my Red Hate 8 box didn't make them all look like crap.
Honestly, I'm glad that Bitstream is a good enough community player to donate these. Only problem is our community is served a whole lot more by quality than it is by quantity.
It's sad that such a display of ignorance would show as the first response to this important and generous donation by Bitstream. You do not know what a type 1 font is, do you, or what is important about scalable, hinted fonts? Thought so.
I have a friend who used it briefly on the machine it came preloaded on. But when he realized it was rigged so he couldn't use any source code without geting gcc, glib, and god-knows-what-else installed, he wiped it and went through several distributions before landing on (ugh) Caldera.
"apt-get install gcc"
It all depends on your intent. If the intent is to teach business apps, Windows is the right choice because that's what businesses use. But Linux offers a richer environment for understanding computer principles.
If you had actually read the article, you would have seen that the students in the lab are about 8 years old. Obviously not a computer science lab. And your point is?
You know what? People won't produce under your system - they have no rights to the product of their own efforts.
That's absolute rubbish. By your logic, Linux does not exist, nor does Apache, nor do Free/Net/OpenBSD. Etc.
I liked Perl for CGI, but couldnt use it to make a GUI app very easily. VB was queer, but worked for GUI apps, but not very strong for complicated apps. .NET framework includes a bunch of objects for dealing with everything from I/O to Databases to XML and Webservices.
It sounds like you want Python. No, really. It covers everything you mentioned with style, and with this compiler extension it's fast too.
It could be enough for someone to snag the SSH private keys for a connection.
The chance of fishing a usable key out of 256 Meg of memory soup, given a random look at a handful of leaking bytes in each packet, is slim indeed. The attacker has no way to control which bytes leak and doesn't know where in memory they came from. This is nothing remotely as serious as a buffer overflow, where the attacker gets to choose which bytes overflow into executable memory, and thus can exercise a great deal of control. Still, by sitting and watching long enough, maybe, just maybe the attacker will be able to piece together something useful.
Now, this is where Linux, BSD et al really show show their strength: this driver leak either has already been patched (sorry, I'm too lazy to check the change logs just now) or will be by the end of the day, and the patched kernel will be immediately available for download. Or I can get the patch and apply it myself if I'm in a panic (which I'm not for the above reasons).
Microsoft on the other hand has to round up dozens of vendors and get them all to apply fixes, and there will be stragglers. Then there is the question of how to get the patches onto customer's machines. It's a safe bet that the majority of home users will never patch this vulnerability, so if attackers need plenty of time to exploit the leak on Windows, they've got it.
Of course, Microsoft's favored solution to the latter problem is to take the liberty of patching your system for you, having required you to agree to this when you installed. You must then trust Microsof not to go further and install additional, unasked-for code, for example, something to send back all your web search terms to Microsoft HQ. I don't know about you, but for me, but that's too high an asking price for automatic security updates.
Interesting fact: Microsoft Windows is mentioned as "not vulnerable".
You mean Microsoft said they aren't vulnerable. But look at these weasel words: "However, we have found samples in our documentation that, when compiled without alteration, could yield a driver that could contain this issue." Draw your own conclusions.
...and that's why You'll always put a "personal firewall" on Your windows-machines and never let them out unless You specifically tell it to.
Putting a firewall on a box that's already running hostile code is a non-starter in terms of security. Remember, Microsoft has complete access to your system, and can do whatever they want to your firewall, including ignoring it completely. You'd be much better off front-ending your XP box with a firewall running on a Linux machine.
Interesting. I think it was modded as redundant (though it was the first post) because it says what everyone was already expecting it to say.
More likely, it received 11 negative moderations because someone in Redmond has a Perl script that monitors Slashdot and sounds klaxons all over the campus every time the word Microsoft appears in an article.
However, I do question the point where much of the work for games is put into the engine, and little of it put into the gameplay itself.
Given a choice between John Carmack pushing forward game technology and John Carmack pushing forward the literary arts, I'll take the game technology, thanks. Some other team with less engineering talent can specialize in great stories. That said, Doom3 is to incorporate more cinematic elements, perhaps even some kind of story line. However, if developing a story line interfered with the raw technolody, that would be really sad. Let somebody else write stories, let John Carmack and the ID crew concentrate on the immersive experience.
If this bothers you, then send emails to your favorite game companies and plead with them to license the latest ID engine to produce some story with it.
But it looks like they found a better way to do things without breaking compatibility, without causing lots of problems, and without causing anything like you describe.
Yes, and for once I agree with you. I'd like to hear arguments from the Apache team about why a new RFC should not be written to enshrine the protocol extension. I can't find anything to hate about the extension at all: clearly nobody is forced to use it.
Now, as described, the extension is not evil, but it could become so, if for instance, Microsoft clients or servers were to use some out-of-band technique to descrimate against non-Microsoft servers or clients, and thus service the protocol extension only between Microsoft products, even if the other side understands it perfectly well. And this is not just paranoia either, since Microsoft is already well-known for discriminating against non-Microsoft web clients connecting to, for example, MSN. Which is pure evil, more so when done by a monopolist, and so far has gone both uncorrected and unpunished. Given such success and considering Microsoft's track record, it's hard to believe that a batch of considerably less laudable protocol extensions are not in the works, or already in the field.
But this protocol extension, I like. Somebody please give *technical* reasons why it is not good. But note: the scalability argument is already rejected, it's bogus. The server does not have to cache the connection when it's under heavy load, it can just drop it and let the client fall back to the vanilla protocol.
As far as I can see, the real problem is that no RFC has been drafted, submitted or proposed, and there's no white paper or anything like that. That's clearly wrong.
It's the Embrace and Extend model that people keep accusing Microsoft of.
You appear to have drunk too much koolaid and damaged your brain. GPL embraces what? GPL extends what? Oh, copyright law perhaps. How downright perverse.
(I can't believe believe I actually responded to your troll.)
I have to rain on your parade, but I have to wave the bullshit flag here. Teens are NOT acquainted with the likes of Led Zeppelin and Jimi Hendrix. They're much more busy listening to dance, pop, and electric music. People more likely to know of these old artists are people aged over 60.
I have to wave the clueless flag back at you. I know plenty of teens here, both in the Berlin region and where I used to live, a small city in the Ruhr. Without exception, every teen I know has a collection of classic rock, and they generally know the field better than I do.
You are an ignorant fucktard. Bach didn't copy his symphonies from some other musician/composer and rearrange them himself, to his liking. He wrote them by learning the techniques of those before him.
Showing our extensive knowledge and refined taste in the arts now, are we, to complement our gentlemanly demeanor? Well...
All through his life, Bach learned by copying out works of other composers, among them Vivaldi, Albinoni, Corelli and Marcello.
Oh, but your're not done yet...
Michaelaneglo didn't paint by numbers when he painted the Sistine Chapel. He learned the techniques of painting then expressed himself through this medium. While the concepts in teh Sistine Chapel might not be completely original, his work most certtainly was.
Ahem:
The thirteen-year-old Michelangelo joined the studio as an apprentice, and there he learned fresco painting and began to draw compulsively, copying works by Early Renaissance masters Giotto, Masaccio, and Schongauer.
Listen, my friend, it's time to stop spouting and start thinking about just where you and your opinions fit in the grand scheme of things, and how you might go about improving that situation. Bye now.
You apparently are not a creative individual. Copying or using another's work does not foster creativity. Learning from another's technique, using common themes from literature, creating a new medium to express yourself are wasy to foster creativity.
You are completely wrong about that. Throughout history, the masters have learned by copying the old masters, whom they respected, and whose skill they aspired to. Bach did it, Michelangelo, Rembrant, they all did it. It was accepted, even expected, if a student of art was ever to amount to anything.
Lessig is only pandering to a small group of cheap bastards who don't want to pay for shit. He's really a pathetic excuse for a human being if he believes he's making a difference.
Hrm, let me see, whom should I pay attention to, a) you, a foulmouthed person posting on Slashdot that nobody ever heard of b) Lawrence Lessig, a man who has made a name for himself by repeatedly taking on legal work for compensation considerably below what he's capable of earning, for causes he believes in, and arguing those in a clear, reasoned and well-researched and energetic manner, that impresses even his adversaries. Hmm, tough one.
"I predict a wave of creativity in ways of making updated 50's tunes from european bands."
I doubt that, since their record companies will tell them that they wont be able to sell these recordings in the US without paying steep royalties.
Well, since Europeon market alone is now bigger than the U.S. market, I doubt that's going to slow anyone down much over here. I wouldn't even be surprised to see some U.S. companies getting into the act. In Europe the demand certainly exists, and CDs are still very, very popular. Classic rock is really big here, for example, Buddy Holly is held in high regard, not to mention Ella Fitzgerald, Glenn Miller, etc. etc. etc. The interesting thing is, it's not just the old folks. Teens over here tend to be familiar with that stuff, collect it, and know it well. This applies to classic rock as well, for example, Led Zeppelin, Iron butterfly, The Band, Jimi Hendrix, etc. Just a few more years, if all goes well, and those artist's work will also return to the realm of free ideas that everybody can share and build upon. Err, everybody in Europe that is. Yes, it sucks for you Americans, but until you actually take a stand and do something about it, it's just going to keep sucking worse.
The real questions is: Who cares? First of all, we are talking about Elvis. Secondly, with p2p you don't need to buy it.
People care who take their cultural heritage seriously and also wish to obey the law. I realize that we're talking about a pretty small minority, getting smaller by the day. It's sad, really.
I never thought I would see in my own lifetime a copyright expire. Honestly, this is an interesting feeling that I can legally use some music of my culture I grew up with without being charged with a crime to do so? Except, this probably doesn't help me much since I live in America, eh? *sigh*
Yes. Well. I've been invited to move to the U.S. at least half a dozen times this year. No way am I doing that, I value my freedom, I value free expression of ideas.
Kind of funny it's come to that, huh?
The Dragon chips you're referring to are equivalent to a 200-260Mhz Pentium......you're also missing the point that x86 doesn't do multiple processing well....and the Dragon's don't do multi-processing at all. Nor do they have a significant addressable memory space.
So, they'd make lousy compute nodes for a supercomputer!!!! Heck, it'd be doubtful they even had the I/O bandwidth for the required high speed networking connections of a compute node.
Nice try, though.
I wouldn't take your arguments as evidence of anything in particular, if I were you. A Chinese kid did a knockoff of a complete ARM 7 core, didn't take him very long either. Anyone who thinks the U.S. lead in microprocessor design is something permanent is kidding themselves. Hrm, at last I see this clearly: since there's little future in technology IP, it becomes prudent and necessary to protect IP earnings on Mickey Mouse et al via extending copyright terms indefinitely.
Yes, yet another anti-US rant... accusations of hegemony on all fronts without any knowledge of world politics, how the US operates, and pandering to the /. opinion that the US is naturally big, bad, and evil. By the way, India is our friend. Please keep up on world politics in the last 75 years before you shoot your mouth off for some cheap karma.
/. opinion that Microsoft is naturally big, bad, and evil. By the way, Corel is our friend. Please keep up on business history in the last 25 years before you shoot your mouth off for some cheap karma."
"Yes, yet another anti-Microsoft rant... accusations of monopolistic abuse on all fronts without any knowledge of business realities, how Microsoft operates, and pandering to the
Do you understand my message? Perhaps a slight lack of external perspective? Perhaps a little... self interest?
It's very easy to get the mob to do stupid things, like elect the Nazis. I'm against pure democracy.
Logical falacy alert! Your example is incorrect: the Nazi party was never elected by a majority.
If absolutely every law was put to referendum, we'd essentially have mob rule.
Apparently, the Swiss put all their laws to referendum, and they do not have mob rule.