What kind of sick country tracks "race" in a database?
The typically usage for "race" is actually voluntary disclosure whether you are member of a visual minority for the purposes of "employment equity" status for hiring preference.
The recent US name was "affirimative action" hiring.
It gets quite funny with security id cards that try to describe appearance (the form on file) without actually offending anybody where the actual only purpose is to ensure that Jill's id card is only used by Jill.
Re: GoC does take privacy seriously
on
Canadian Privacy Act
·
· Score: 2, Interesting
Security classification for any document containing a person's name is "Protected B".... mind you , those are the very lowest form of 'classified' documents I've seen in the military. It's not that secure!
It doesn't have to be very secure, the largest threat is internal - employees, who can be easily sanctioned, not foreign militaries or governments. The next largest threat is "direct marketers" (read: junk mail and telemarketers) and "credit agencies" and data warehousers like Equifax.
He says that this makes adoption of open source software by governments particularly worrisome. In his words: 'An old adage that governments would be well-served to heed is: You get what you pay for. When you rely on free or low-cost products, you often get the shaft, and that, in my opinion, is exactly what governments are on track to get.'"
The federal department I work for is rapidly moving towards open source because we cannot afford to be constantly screwed by the traditional commercial vendors. We simply couldn't afford to keep paying for screw ups by HP, Cisco, Unisys, MCI, Teleglobe, and Dell. Nor could we afford the upgrade cycle recommended by commercial software vendors like Microsoft.
So we are increasing our in house staff by 3 full-time people - no expensive contractors, and adopting open source to reduce cost, and take control over our infrastructure and in the process improving reliability drastically, saving the taxpayers big dollars on reduced overtime for operational costs, drastically reduce software maintaince costs, and make nearly everyone but Microsoft and friends happy.
Carrier-phase differential GPS and a low-multipath environment will get you centimeter-level accuracy.
Since the device as depicted and described in the article appears to be a single GPS receiver, Carrier-phase D-GPS is not applicable. And there is the gotcha of a known reference point requirement which you didn't mention.
However, it is good enough for land titles in British Columbia (not very many survey monuments to tie into for minesites in the middle of nowhere).
Provided they met Survey accuracy standards of 0.02 meters, 2 centimeters plus "100 parts per million times the baseline distance" up to 0.12 metres.
AFAIK a single receiver GPS, as found is all consumer grade GPS units, and based on the photo in the article, the device in question, do not met this criteria.
There are plenty of apps where low-res is appropriate.
I did not mean to diss low-resolution usage - glad to hear such technology could be useful to you, but there was a naive subtext that traditional land/engineering surveying would be replaced with these high-tech gadgets without realising that they still operate on a very different scale of accuracy.
GPS, Differential GPS, and WAAS isn't accurate enough for high quality survey work. All of these of limited accuracy of more 1 meter, whereas any decent survey should measure error hopefully less than 10 millimeters.
I have found that ice on the sat dish will cause signal lose, and heavy thunderstorms at the uplink site (Toronto area I believe for Bell ExpressVu - BEV) will cause few outages for me over the past 1.5 years. Compared to cable outages, I'll take sat in rural Canada, thanks.
The available bandwidth (due to numerous new satellites) at BEV means that they use lower compression and as such, you see little compression artifacts, especially compared to some of my previous digital (and analog) cable (CATV) companies.
The cable set top boxes seem less powerful than the sat boxes, or at least I that it that is why I find that channel surfing much faster with sat then digital cable.
I seriously doubt that X.org, the new face of the former X Consortium (members like HP, IBM, Sun, XFree86), has merged with XFree86. They have two totally different goals. The goal of X.org is to promote a single X (currently 11R6) standard between different vendors and implementors. XFree86 was and is a member of X Consortium/X.org, and is a specific (Open Source) implementation of the X standard.
The rest of it is too confused for me to make any real sense out of. I suspect that there is some good vibes between members of X.org, freedesktop.org, and hopefully XFree86 - which is a good thing. Key developers of XFree86 (e.g. David Dawes and Egbert Eich) and X.org (Alan Coopersmith) now seem eager to move forward and work together on making better software. Getting people all on the same page and working together is a lot of work, because of different interests and goals, but I think that XFree86 will see 2004 as a busy year with lots of improvements.
I really hope that freedesktop does not widely diverge from XFree86, let it be a test bed sure, but not a competing product.
To make any sense of the various Evaluation Assurance Levels (EAL) you need to understand what the Common Criteria is, where it came from (US military InfoSec), and what it is trying to do - a standard for purchasing and implmenting military and government computer systems for classified or sensitive data. You also need the other half of the equation, the Protection Profile, what it is trying to achieve. There is a far greater focus on access control, and auditing than in your typically commercial computing setting. It is about assurance, not security.
The EAL has become a media sound bite, it is quick and easy to mention in 30 seconds, but does not tell you much on its own.
So you really need two bits of information, the Evaluation Assurance Level, 3+ in this case, which implies that they producted a lot of documentation about how SuSE Linux Enterprise Server version 8 with Service Pack 3 on IBM eServers (entire line from x86 and PowerPC series to zSeries mainframes) and in the end it meets the Controlled Access Protection Profile.
Common Criteria does not focus on failure, or how things breaks, but looks at how things are designed to operate. It does NOT look for implementation flaws in most EAL levels actually acheived.
If you do any reading on Common Criteria (CC) you will quickly realise that it has little to do with secure computing, but more with assurance that if you use a given certified system you will not be blamed for any security breaches because you choose the supposely correctly labelled systems.
If CC was more popular, maybe more software programmers would focus on good software design, because their designs have to be documented, and at high enough level, they must be independently reviewed. Good design, as well as using the available resources to eliminate classes of flaws would reduce security risks by several orders of magnitude.
I would tend to agree with you that concerns about the security of ECC are overblown, and tend to come from the common wisdom that old-and-proven is better than new-and-unproven.
Let's see, RSA was put forth in 1977. ECC was first discussed in the mid-1980s, by Victor Miller (IBM) and Neal Koblitz.
So which is suppose to be "old-and-proven" and "new-and-unproven"?
In fact there is no assurance that RSA or DSA is any more secure than ECC. RSA is not proven (in the math sense) to be secure. We do not know for sure that if there is no easy way to factor large integers into their prime factors.
based on some non-trivial mathematics which, until recently, no-one's really been interested in.
By recently I take it you mean within the last century or so. Elliptic curves are pretty much a staple now in number theory and modern algebra.
the conjecture that the elliptic curve logarithm problem is very hard to solve might be proved wrong tomorrow.
And large integer factoring (RSA) and the discrete logarithm problem (DSA) are both believed to be hard, but both could be proved/demostrated to not be as hard as we expect they are tomorrow too. So your point is?
I'm still convinced that a closed-source competently-designed operating system will be, on the whole, less vulnerable than an open-source competently-designed operating system. The theoretical million eyes on the source isn't worth as much as it (used to be) hyped, because you're not talking about a million security professionals and you're really talking about maybe a thousand eyes on different parts of the code.
The disbanding of the current XFree86 core team does not mean an end to the continuing development of XFree86, it means a change of people recongised as being key players.
The biggest remaining question IMHO is whether there will be a expansion of cvs commit access. I think the former core team realises that new up and coming developers need to be added to the project to subtain the continuing improvement and work with others groups such as X.org, and freedesktop.org. To say nothing of expanding access to video card manufacturers so they can maintain and improve open source drivers for their cards (Most companies are at least partial supportive of 2D drivers, the real issues occur over 3D accelation).
I think it is worth mentioning that some of the most popular Canadian television production is political satire, Canadians are quite familiar with the genre.
For starters, This Hour Has 22 Minutes, and Royal Canadian Air Farce. Both of these are shown on CBC TV, the CBC being the federal government sponsored media group (TV, AM/FM/SW radio) similar in design but smaller than the BBC.
A guy who had to work to satisfy the camera demands of an artist like Adams just might be a good source to pose this completely hypothetical question. As opposed to an art professor who has vested interest in maintaining the status quo.
So we should trust the opinion of a employee of the company with a vested interested in promoting the idea that Ansel Adams would of gone digital rather than an source with no financial benefit (an art professor will lecture about art history regardless of what technology is being used today). That's a pretty lame argument especially considering the number of art professors whom met Adams over his career.
If you focus and put stress into the "gone digital", then IMHO I think Ansel Adams would not give up large format (analog) photography, and go strictly to a digital 35mm (or medium - e.g. 6x6cm) format camera system. His love for large format (8x10in and 4x5in) was strong, and the majority of his most famous images were made with large format view cameras. I have no doubt Adams would of experimented with digital, but whether he would put his heavy backpack away - I don't think so.
Now Kodak T-Max, and Fuji Velvia would of had Adams very excited IMHO, T-Max with its tiny film grain, and Velvia with its hyper-real colours.
regardless of whether the project is an open source (or not).
We (popular IT community) are re-learning the lessons of IBM in the 60s which Fred Brooks distilled in his famous The Mythical Man-Month.
I think the bigger misunderstanding is that new developers/IT types/CS academics thinks that everything is new. Most computer security issues were first discussed based in the 1960s or 1970s. Much of Distributed Computing is now being "re-discovered" as Grid Computing.
This was two years ago, and I've received over 20 patches
Um, 20 patches is not a flurry, regardless if it was just a like script you listed on freshmeat. The probem is your own experience doesn't scale. The best real life example of that it XFree86, which has hundred thousands of users yet has a regular developer base of less than 20 and less than 100 patch contributors.
That said, congrats on successfully sharing a open source project. Regardless of its size, it appears that it was useful (and hopefully helpful) to others.
Does it just cover the GCC suite? gcc, g77, p2c and such or does it include commercial tools like the Intel C/C++ compiler for Linux, Borland's C/C++ compiler, Portland Group's Fortran and C++ compilers?
Does it mention cross-platform or standards based (POSIX, or 4.3BSD and newer) development? That is likely one of the largest stumbling blocks for new developers who's project grows from meeting her needs into a popular project on multiple systems.
Does it explain how to work well with (or within) an open source project, like the linux kernel, XFree86, or any one of thousands hosted at SourceForge?
Solutions like distributed.net where you have a variable number of available CPU cycles is bad because you NEED to be able to certain that a numeric model run will complete on time.
The second more important reason is that distributed computing with low bandwidth like distributed.net, GIMPS, Seti@Home, forecasting cannot be packaged into the same sort of small request packets and process, and return the answer, because weather forecasting is based upon computational fluid dynamics in essances, you need to share interative intermedatary results with neighbouring "cells" that could be on a different processor.
It is possible in a high bandwidth cluster a la a Beowulf cluster, but currently most forecasting uses many CPU'ed supercomputers where the memory and inter-CPU bandwidth is extremely high (>1Gb/s). Small area forecasting can be done on a SMP system.
Short range forecasting up to about 72 hours is very good actually.
Slashdot Mirror
What kind of sick country tracks "race" in a database?
The typically usage for "race" is actually voluntary disclosure whether you are member of a visual minority for the purposes of "employment equity" status for hiring preference.
The recent US name was "affirimative action" hiring.
It gets quite funny with security id cards that try to describe appearance (the form on file) without actually offending anybody where the actual only purpose is to ensure that Jill's id card is only used by Jill.
Security classification for any document containing a person's name is "Protected B". ...
mind you , those are the very lowest form of 'classified' documents I've seen in the military. It's not that secure!
It doesn't have to be very secure, the largest threat is internal - employees, who can be easily sanctioned, not foreign militaries or governments. The next largest threat is "direct marketers" (read: junk mail and telemarketers) and "credit agencies" and data warehousers like Equifax.
He says that this makes adoption of open source software by governments particularly worrisome. In his words: 'An old adage that governments would be well-served to heed is: You get what you pay for. When you rely on free or low-cost products, you often get the shaft, and that, in my opinion, is exactly what governments are on track to get.'"
The federal department I work for is rapidly moving towards open source because we cannot afford to be constantly screwed by the traditional commercial vendors. We simply couldn't afford to keep paying for screw ups by HP, Cisco, Unisys, MCI, Teleglobe, and Dell. Nor could we afford the upgrade cycle recommended by commercial software vendors like Microsoft.
So we are increasing our in house staff by 3 full-time people - no expensive contractors, and adopting open source to reduce cost, and take control over our infrastructure and in the process improving reliability drastically, saving the taxpayers big dollars on reduced overtime for operational costs, drastically reduce software maintaince costs, and make nearly everyone but Microsoft and friends happy.
Carrier-phase differential GPS and a low-multipath environment will get you centimeter-level accuracy.
Since the device as depicted and described in the article appears to be a single GPS receiver, Carrier-phase D-GPS is not applicable. And there is the gotcha of a known reference point requirement which you didn't mention.
However, it is good enough for land titles in British Columbia (not very many survey monuments to tie into for minesites in the middle of nowhere).
Provided they met Survey accuracy standards of 0.02 meters, 2 centimeters plus "100 parts per million times the baseline distance" up to 0.12 metres.
AFAIK a single receiver GPS, as found is all consumer grade GPS units, and based on the photo in the article, the device in question, do not met this criteria.
Wow, that's really an uninformed statement.
There are plenty of apps where low-res is appropriate.
I did not mean to diss low-resolution usage - glad to hear such technology could be useful to you, but there was a naive subtext that traditional land/engineering surveying would be replaced with these high-tech gadgets without realising that they still operate on a very different scale of accuracy.
GPS, Differential GPS, and WAAS isn't accurate enough for high quality survey work. All of these of limited accuracy of more 1 meter, whereas any decent survey should measure error hopefully less than 10 millimeters.
I have found that ice on the sat dish will cause signal lose, and heavy thunderstorms at the uplink site (Toronto area I believe for Bell ExpressVu - BEV) will cause few outages for me over the past 1.5 years. Compared to cable outages, I'll take sat in rural Canada, thanks.
The available bandwidth (due to numerous new satellites) at BEV means that they use lower compression and as such, you see little compression artifacts, especially compared to some of my previous digital (and analog) cable (CATV) companies.
The cable set top boxes seem less powerful than the sat boxes, or at least I that it that is why I find that channel surfing much faster with sat then digital cable.
I seriously doubt that X.org, the new face of the former X Consortium (members like HP, IBM, Sun, XFree86), has merged with XFree86. They have two totally different goals. The goal of X.org is to promote a single X (currently 11R6) standard between different vendors and implementors. XFree86 was and is a member of X Consortium/X.org, and is a specific (Open Source) implementation of the X standard.
The rest of it is too confused for me to make any real sense out of. I suspect that there is some good vibes between members of X.org, freedesktop.org, and hopefully XFree86 - which is a good thing. Key developers of XFree86 (e.g. David Dawes and Egbert Eich) and X.org (Alan Coopersmith) now seem eager to move forward and work together on making better software. Getting people all on the same page and working together is a lot of work, because of different interests and goals, but I think that XFree86 will see 2004 as a busy year with lots of improvements.
I really hope that freedesktop does not widely diverge from XFree86, let it be a test bed sure, but not a competing product.
To make any sense of the various Evaluation Assurance Levels (EAL) you need to understand what the Common Criteria is, where it came from (US military InfoSec), and what it is trying to do - a standard for purchasing and implmenting military and government computer systems for classified or sensitive data. You also need the other half of the equation, the Protection Profile, what it is trying to achieve. There is a far greater focus on access control, and auditing than in your typically commercial computing setting. It is about assurance, not security.
The EAL has become a media sound bite, it is quick and easy to mention in 30 seconds, but does not tell you much on its own.
So you really need two bits of information, the Evaluation Assurance Level, 3+ in this case, which implies that they producted a lot of documentation about how SuSE Linux Enterprise Server version 8 with Service Pack 3 on IBM eServers (entire line from x86 and PowerPC series to zSeries mainframes) and in the end it meets the Controlled Access Protection Profile.
Common Criteria does not focus on failure, or how things breaks, but looks at how things are designed to operate. It does NOT look for implementation flaws in most EAL levels actually acheived.
If you do any reading on Common Criteria (CC) you will quickly realise that it has little to do with secure computing, but more with assurance that if you use a given certified system you will not be blamed for any security breaches because you choose the supposely correctly labelled systems.
If CC was more popular, maybe more software programmers would focus on good software design, because their designs have to be documented, and at high enough level, they must be independently reviewed. Good design, as well as using the available resources to eliminate classes of flaws would reduce security risks by several orders of magnitude.
wrong problem...
rsa requires factoring...this isn't rsa
Are we talking RSA-ECC or DLP-ECC? (See: RSA Labs FAQ)
I would tend to agree with you that concerns about the security of ECC are overblown, and tend to come from the common wisdom that old-and-proven is better than new-and-unproven.
Let's see, RSA was put forth in 1977. ECC was first discussed in the mid-1980s, by Victor Miller (IBM) and Neal Koblitz.
So which is suppose to be "old-and-proven" and "new-and-unproven"?
In fact there is no assurance that RSA or DSA is any more secure than ECC. RSA is not proven (in the math sense) to be secure. We do not know for sure that if there is no easy way to factor large integers into their prime factors.
Free implementation?
See OpenSSL and Sun's announcement for including ECC code in OpenSSL.
start brute forcing the keys.
Ah, you don't bother to bruce force the public key to recovery the private key. You use factoring.
based on some non-trivial mathematics which, until recently, no-one's really been interested in.
By recently I take it you mean within the last century or so. Elliptic curves are pretty much a staple now in number theory and modern algebra.
the conjecture that the elliptic curve logarithm problem is very hard to solve might be proved wrong tomorrow.
And large integer factoring (RSA) and the discrete logarithm problem (DSA) are both believed to be hard, but both could be proved/demostrated to not be as hard as we expect they are tomorrow too. So your point is?
I'm still convinced that a closed-source competently-designed operating system will be, on the whole, less vulnerable than an open-source competently-designed operating system. The theoretical million eyes on the source isn't worth as much as it (used to be) hyped, because you're not talking about a million security professionals and you're really talking about maybe a thousand eyes on different parts of the code.
Read the paper Security in Open versus Closed Systems -- The Dance of Boltzmann, Coase and Moore (pdf) by Computer Security expert (since the 1980s) and Cambridge University professor Ross Anderson.
Your conclusion of more secure because it is close-sourced and "competently-designed" OS does not hold. The million eyes argument is a red herring.
The disbanding of the current XFree86 core team does not mean an end to the continuing development of XFree86, it means a change of people recongised as being key players.
The biggest remaining question IMHO is whether there will be a expansion of cvs commit access. I think the former core team realises that new up and coming developers need to be added to the project to subtain the continuing improvement and work with others groups such as X.org, and freedesktop.org. To say nothing of expanding access to video card manufacturers so they can maintain and improve open source drivers for their cards (Most companies are at least partial supportive of 2D drivers, the real issues occur over 3D accelation).
I expect it will end up being a good thing.
I think it is worth mentioning that some of the most popular Canadian television production is political satire, Canadians are quite familiar with the genre.
For starters, This Hour Has 22 Minutes, and Royal Canadian Air Farce. Both of these are shown on CBC TV, the CBC being the federal government sponsored media group (TV, AM/FM/SW radio) similar in design but smaller than the BBC.
You say RTFM on a tech forum... Honestly! The whole point of this forum is to exchange ideas and not to put down other people.
RTFM is not a put down or insult, it is advice. I provided 2 links (and others provides additional) which answered the question.
It's people with attitudes like you that keep many windows users away from linux.
If trying to help people without spoonfeeding them is a problem, then let them stay with windows.
How does this benefit me?
RTFM ChangeLog for a detailed explaination. Or go back to this slashdot story on the linux 2.6 kernel.
A guy who had to work to satisfy the camera demands of an artist like Adams just might be a good source to pose this completely hypothetical question. As opposed to an art professor who has vested interest in maintaining the status quo.
So we should trust the opinion of a employee of the company with a vested interested in promoting the idea that Ansel Adams would of gone digital rather than an source with no financial benefit (an art professor will lecture about art history regardless of what technology is being used today). That's a pretty lame argument especially considering the number of art professors whom met Adams over his career.
If you focus and put stress into the "gone digital", then IMHO I think Ansel Adams would not give up large format (analog) photography, and go strictly to a digital 35mm (or medium - e.g. 6x6cm) format camera system. His love for large format (8x10in and 4x5in) was strong, and the majority of his most famous images were made with large format view cameras. I have no doubt Adams would of experimented with digital, but whether he would put his heavy backpack away - I don't think so.
Now Kodak T-Max, and Fuji Velvia would of had Adams very excited IMHO, T-Max with its tiny film grain, and Velvia with its hyper-real colours.
regardless of whether the project is an open source (or not).
We (popular IT community) are re-learning the lessons of IBM in the 60s which Fred Brooks distilled in his famous The Mythical Man-Month.
I think the bigger misunderstanding is that new developers/IT types/CS academics thinks that everything is new. Most computer security issues were first discussed based in the 1960s or 1970s. Much of Distributed Computing is now being "re-discovered" as Grid Computing.
This was two years ago, and I've received over 20 patches
Um, 20 patches is not a flurry, regardless if it was just a like script you listed on freshmeat. The probem is your own experience doesn't scale. The best real life example of that it XFree86, which has hundred thousands of users yet has a regular developer base of less than 20 and less than 100 patch contributors.
That said, congrats on successfully sharing a open source project. Regardless of its size, it appears that it was useful (and hopefully helpful) to others.
Does it just cover the GCC suite? gcc, g77, p2c and such or does it include commercial tools like the Intel C/C++ compiler for Linux, Borland's C/C++ compiler, Portland Group's Fortran and C++ compilers?
Does it mention cross-platform or standards based (POSIX, or 4.3BSD and newer) development? That is likely one of the largest stumbling blocks for new developers who's project grows from meeting her needs into a popular project on multiple systems.
Does it explain how to work well with (or within) an open source project, like the linux kernel, XFree86, or any one of thousands hosted at SourceForge?
Solutions like distributed.net where you have a variable number of available CPU cycles is bad because you NEED to be able to certain that a numeric model run will complete on time.
The second more important reason is that distributed computing with low bandwidth like distributed.net, GIMPS, Seti@Home, forecasting cannot be packaged into the same sort of small request packets and process, and return the answer, because weather forecasting is based upon computational fluid dynamics in essances, you need to share interative intermedatary results with neighbouring "cells" that could be on a different processor.
It is possible in a high bandwidth cluster a la a Beowulf cluster, but currently most forecasting uses many CPU'ed supercomputers where the memory and inter-CPU bandwidth is extremely high (>1Gb/s). Small area forecasting can be done on a SMP system.
Short range forecasting up to about 72 hours is very good actually.