The thing about the World Bank is that it is large and bureacratic and probably wastes too much money on administration. OTOH, with its headquarters in DC, it is in good company.
Freenet works behind a firewall, but like edonkey, you need to open up an inbound port to direct to your node. You can't then have another node on the inner-side of the firewall because at the moment because freenet assumes full IP connectivity between the nodes.
I assume that better tunneling will appear at a later time.
Ok, first I should say that many of my family have been civil engineers and land surveyors. I know what their sign-off means. On the land survey side, very little was done that could endanger people, mostly it was the basis that people would use your plans to establish ownership rights and as starting point for construction projects.
Is the problem about APIs? Well, no APIs aren't what is important, otherwise we would have over half the software suppliers in the dock. What is important is whether it does the job.
I also know what it is to sign off on a project which is important to a lot of people. On one such project, we are talking about the securities depository for a small country. Who owns what company is defined by the contents of the depository, not by physical share certificates. There is registary data, but it lags behind the depository by up to about a year.
If something goes wrong, not only do I take financial liability, but it is possible that I would end up in prison. One of the reasons for the system is that some persons took advantage of a rather inadequate preceding system and a very convenient disk crash to attempt to cover up a major fraud.
For this, not only was I running the development project for the system, but I was also responsible for the laws, regulations and operating procedures. I did none of the work, I just guided and managed the project, acting as a consultant and project manager.
The difference is that I was responsible for delivering a solution not just a program. Other expats I met out in the country were engineers and our work really wasn't that different.
Sorry, I misunderstood you but I agree that all I leaned about running big projects was out of school.
I'm curious though about your definition of liability though. I've never been in the construction industry myself but have had a lot in the family (land surveyors and civil engineers). I don't really see a difference on a project. The main criteria is "who has sign-off".
What do you see as being different about running a large s/w project to running a large project in a conventional area? Certainly, if a major project where I have sign-off ever went bottom up, I would have great deal of problems, so where is the difference?
Having a BSxE degree simply won't allow you to sign off and carry the professional liability that goes with building a very expensive highway, electrical subsystem, or water dam.
You are a student, you have not tried to run high-end projects, so you may be forgiven for thinking that we can not be sued for producing bad systems. This is also why professional indemnity insurance is considered a good idea for consultants.
Acceptance as a full member of certain professional organisations allows you to call yourself an engineer. Generally it meens an academic qualification plus a few years project experience. Actually the same goes for the 'classic' engineering disciplines too, academice experince alone means that you are just halfway there.
The killer for me would have been 64-bit Excel. Fast with big spreadsheets. A lot of banks would have loved that for their dealing rooms. The banks in those days had big budgets for their dealing rooms too so the price wouldn't have been a problem if the performance could justify it.
If you want a nice clean 64-bit architcture, it is out there, it is called Alpha, but nobody wanted it. Alpha was clean and fast and had a long future of growth possibilities ahead of it. It has been around for over ten years.
Unfortunatlely, the majority of people who had heard of Alpha just said "Nice, but we don't need it yet". Altavista was built as a technology demonstrator for the advantage of 64-bit addressing for databases and people still said "So what". Digital never made it to the big time for chip production and without the economics associated with real mass production, their stuff stayed pricey.
People understand the 8088 architecture and its descendants, which essentially just perpetrated the earlier errors, and they feel comfortable. Anything else is a risk. MS made NT run on Alpha, but the applications didn't follow as nobody saw the market.
We have a mixed setup at home, Win2K, Win 98 and about four Linux boxen. The Mrs complains when she has to change her password and because she likes to keep the same password on all the systems, she complains about Linux's "Weak Password". I just tell her that password expiries and password security tests are difficult to disable and bluff it out.
She doesn't realise that if our firewall doesn't work, there is nothing between us and the internet except those passwords. I'm luck that making a password strong enough to pass Linux means that her password is ok for Win.
As the program is distributed in source getting it to compile is just a matter of hacking. Getting numeric code compiled tends to be easy, it is just the GUI framework that tends to be painful to adjust, at least that was when we did it.
The main offices all have reasonable systems, Pentium 2s or better. Roaming field workers for HROs may have quite reasonable laptops.
Field offices may have just 486s. PCs tend to get looted or are gratuitously destroyed by militia, so you don't really want to have your latest cool stuff there.
Please remember that Java can be compiled. When it is, it can run ok even on older systems. We did a stock exchange client in Uzbekistan in Java on a 32MB 66MHz 486 under Win98SE because that was all they had available for the dealers at the exchange.
About twelve years or so ago, I contributed towards a popular public domain encryption program. I have reason to believe that it may have been used by terrorists, but I also know that it was used by human-rights organisations and even state institutions. The principal author of this little program wrote at the time that if everyone used 'envelopes' for their electronic letters, it would make some those persons who make it their business to read other people's mail a little harder.
Actually you don't need cryptography to attack the USA, words can have many meanings and it is easy to prearrange code words within an organisation. Where cryptography is important and vital in the west is business. There are lots of us who use cryptography on a daily basis. Most are just doing mundane things like legal money laundering (investment banking) or even just buying/selling over the internet.
Btw, forget Singh as an author. Go to Kahn's "The Codebreakers" instead. His book is far more authoritative.
Finally, I prefer to watch news rather than views so I gave up on CNN a long time ago.
It concerns me that you should believe that the state is to be any more trusted with information than law-abiding individuals.
Under recent laws, not just in the US, but in other countries like the UK, you may be forced to disclose keys. The state by definition is generally law abiding, but the officers of the state are individuals. Some of those, I may trust, some I definitely will not. Yes there are criminals working for the state too.
Once information is acquired, it can not be forgotten. It may then be abused by the less honest state officials.
You raise the prospect of terrorists using this system. Look, I do not need crypto to tell a terrorist to attach. In WW2, the British SOE used the BBC to send messages to the French Resistance.
GCC is a compiler. It shoulldn't be a probllem to construct a local cross reference from the symbol information that it produces, especially if debugging is enabled. The advantage is that GCC would be used in the same way that it is to compile the kernel.
I can't remember if GCC assigns attributes to symbols so it is possible to keep track of code references but to forget the data references, but that would mean chasing through the debug symbol format.
Actually, for thousands of years, architects have used models. 2-D is great for construction but not for perceiving relationships, or explaing the building to others. Now the 3-d model is on the computer, it is easier to produce virtual models and they are done all the time.
Look at Phrack and so on
on
Windows Rootkits
·
· Score: 2, Informative
These guys do root kits that can hide in protocol eror messages so unless you have an air-gap, all a firewall will do is to stop it being installed in the first place. Standard messages often have unused places in which a covert channel can be established. The message can go out from the rooted system looking like anything. The trick is to ensure that the firewall is open for the technique used.
The main issue is that although NT has quite good privilege separation and 2K even better (both better than a non-security enhanced Unix), 90% of the apps don't use this. That means once you're in, you have the machine.
Forget about all except the last few years...
on
An IMDb for Books
·
· Score: 1
Library science was stuck with card catalogues for donkeys years. Only in the last few years have necessary tools been available to radically improve things. Catalogues were always very one-dimensional, and things could be 'lost'. Now we have more flexibility, sso the librarians are having to think again as well.
IBM's has some of its own Unix expertise from AIX, which has very little relationship to AT&T Unix and only a marginal relationship to BSD. OTOH, IBM has been writing operating systems for 'big-iron' mainframes, like for ever. I would guess they would have picked up something on multiprocessing.
Look at some of the other contributors to the Linux game. Many of them have expertise on multiprocessing. The point is rather than hide the expertise in their propietary binaries, thjey chose to contribute.
What would have really been useful was a version of this test to apply to business plans in the high-tech industry so that VCs didn't go chasing after fool's gold.
Of course, what happened is that we had the high-tech bubble which then popped. Now the VCs are so suspicious that very few high-tech business plans ever attract funding.
But there have been stories in the Australian papers recently that suggest that ISPs are actually hosting p2p fodder on their own account in order to stimulate traffic.
I had always though that it would be in the interest of an ISP to quietly run a Kazaa supernode or two, maybe with some ed2k servers as well as a mthod of minimising their bandwidth. Not particularly legal, but it could seriously reduce their bandwidth costs.
RH 8.0 runs the ALSA stuff niicely. In any case, it should be there for the 2.6 stable release, properl;y integrated in the kernel.
I agree, they hide Xterm just like cmd.exe in Win
on
Has GNOME Become LAME?
·
· Score: 1
In the more recent versions of Windows, the terminal window (cmd.exe) is activated through two menu levels (until you change it), ie., open menu, click on accessories and thenopen the terminal session. Regrettably Redhat has decided to do the same with Gnome under RH 8.0. Ok, you make a short cut, but why hide the shell, this is after all Unix!!!!!
When the German Federal Govt started wanting to go in the direction of Linux, stressing security concerns, they were invited to meet with Microsoft officials in Munich to review the source code.
They said fine, but parlaimentary officials said they would like to bring some expertise with them as they didn't know much about internals of an operating system, they would like to bing some experts. These would be from the BSI (sort of like NIST) and some invited consultants from the Chaos Computer Club. MS objected to the latter so the Germans pulled out. This is why the servers at the Bundesrat (German Parliament) will not be running Windows.
Biometrics are perfectly ok but only as an adjunct to other forms of identification.. I understand that the US Govt is quite strong on this form of ID, I wonder if anyone has got some good closeups of Bush's eyes.
Also when you use biometrics, as with any other ID, there needs to be a well implemented protocol between the server holding the information and the client system (ATM in this case). If the ID is stolen, unlike a PIN, an eye is hard to reissue.
I like to ski and snow-machines are regrettably very much part of the scene. At crossings in particular, the snow cover can get very thin so they have to use snow machines, usually several to keep the piste in order.
One of the problems with these machines, which as you rightly say, require a lot of power for the fans and pumps but they require a lot of something to pump. At ski-resorts they may even have to build new reservoirs (sometimes by excavating out existing lakes, to increase volume). On a permanet installation, the pipes have to be heated too.
Slashdot Mirror
The thing about the World Bank is that it is large and bureacratic and probably wastes too much money on administration. OTOH, with its headquarters in DC, it is in good company.
I assume that better tunneling will appear at a later time.
Is the problem about APIs? Well, no APIs aren't what is important, otherwise we would have over half the software suppliers in the dock. What is important is whether it does the job.
I also know what it is to sign off on a project which is important to a lot of people. On one such project, we are talking about the securities depository for a small country. Who owns what company is defined by the contents of the depository, not by physical share certificates. There is registary data, but it lags behind the depository by up to about a year.
If something goes wrong, not only do I take financial liability, but it is possible that I would end up in prison. One of the reasons for the system is that some persons took advantage of a rather inadequate preceding system and a very convenient disk crash to attempt to cover up a major fraud.
For this, not only was I running the development project for the system, but I was also responsible for the laws, regulations and operating procedures. I did none of the work, I just guided and managed the project, acting as a consultant and project manager.
The difference is that I was responsible for delivering a solution not just a program. Other expats I met out in the country were engineers and our work really wasn't that different.
I'm curious though about your definition of liability though. I've never been in the construction industry myself but have had a lot in the family (land surveyors and civil engineers). I don't really see a difference on a project. The main criteria is "who has sign-off".
What do you see as being different about running a large s/w project to running a large project in a conventional area? Certainly, if a major project where I have sign-off ever went bottom up, I would have great deal of problems, so where is the difference?
Acceptance as a full member of certain professional organisations allows you to call yourself an engineer. Generally it meens an academic qualification plus a few years project experience. Actually the same goes for the 'classic' engineering disciplines too, academice experince alone means that you are just halfway there.
The killer for me would have been 64-bit Excel. Fast with big spreadsheets. A lot of banks would have loved that for their dealing rooms. The banks in those days had big budgets for their dealing rooms too so the price wouldn't have been a problem if the performance could justify it.
Unfortunatlely, the majority of people who had heard of Alpha just said "Nice, but we don't need it yet". Altavista was built as a technology demonstrator for the advantage of 64-bit addressing for databases and people still said "So what". Digital never made it to the big time for chip production and without the economics associated with real mass production, their stuff stayed pricey.
People understand the 8088 architecture and its descendants, which essentially just perpetrated the earlier errors, and they feel comfortable. Anything else is a risk. MS made NT run on Alpha, but the applications didn't follow as nobody saw the market.
She doesn't realise that if our firewall doesn't work, there is nothing between us and the internet except those passwords. I'm luck that making a password strong enough to pass Linux means that her password is ok for Win.
As the program is distributed in source getting it to compile is just a matter of hacking. Getting numeric code compiled tends to be easy, it is just the GUI framework that tends to be painful to adjust, at least that was when we did it.
Please remember that Java can be compiled. When it is, it can run ok even on older systems. We did a stock exchange client in Uzbekistan in Java on a 32MB 66MHz 486 under Win98SE because that was all they had available for the dealers at the exchange.
Actually you don't need cryptography to attack the USA, words can have many meanings and it is easy to prearrange code words within an organisation. Where cryptography is important and vital in the west is business. There are lots of us who use cryptography on a daily basis. Most are just doing mundane things like legal money laundering (investment banking) or even just buying/selling over the internet.
Btw, forget Singh as an author. Go to Kahn's "The Codebreakers" instead. His book is far more authoritative.
Finally, I prefer to watch news rather than views so I gave up on CNN a long time ago.
Under recent laws, not just in the US, but in other countries like the UK, you may be forced to disclose keys. The state by definition is generally law abiding, but the officers of the state are individuals. Some of those, I may trust, some I definitely will not. Yes there are criminals working for the state too.
Once information is acquired, it can not be forgotten. It may then be abused by the less honest state officials.
You raise the prospect of terrorists using this system. Look, I do not need crypto to tell a terrorist to attach. In WW2, the British SOE used the BBC to send messages to the French Resistance.
I can't remember if GCC assigns attributes to symbols so it is possible to keep track of code references but to forget the data references, but that would mean chasing through the debug symbol format.
Actually, for thousands of years, architects have used models. 2-D is great for construction but not for perceiving relationships, or explaing the building to others. Now the 3-d model is on the computer, it is easier to produce virtual models and they are done all the time.
The main issue is that although NT has quite good privilege separation and 2K even better (both better than a non-security enhanced Unix), 90% of the apps don't use this. That means once you're in, you have the machine.
Library science was stuck with card catalogues for donkeys years. Only in the last few years have necessary tools been available to radically improve things. Catalogues were always very one-dimensional, and things could be 'lost'. Now we have more flexibility, sso the librarians are having to think again as well.
Look at some of the other contributors to the Linux game. Many of them have expertise on multiprocessing. The point is rather than hide the expertise in their propietary binaries, thjey chose to contribute.
Of course, what happened is that we had the high-tech bubble which then popped. Now the VCs are so suspicious that very few high-tech business plans ever attract funding.
RH 8.0 runs the ALSA stuff niicely. In any case, it should be there for the 2.6 stable release, properl;y integrated in the kernel.
In the more recent versions of Windows, the terminal window (cmd.exe) is activated through two menu levels (until you change it), ie., open menu, click on accessories and thenopen the terminal session. Regrettably Redhat has decided to do the same with Gnome under RH 8.0. Ok, you make a short cut, but why hide the shell, this is after all Unix!!!!!
They said fine, but parlaimentary officials said they would like to bring some expertise with them as they didn't know much about internals of an operating system, they would like to bing some experts. These would be from the BSI (sort of like NIST) and some invited consultants from the Chaos Computer Club. MS objected to the latter so the Germans pulled out. This is why the servers at the Bundesrat (German Parliament) will not be running Windows.
Also when you use biometrics, as with any other ID, there needs to be a well implemented protocol between the server holding the information and the client system (ATM in this case). If the ID is stolen, unlike a PIN, an eye is hard to reissue.
What happens when they are swwitched off, i.e., whilst the Piste is open? Does the water drain back down?
One of the problems with these machines, which as you rightly say, require a lot of power for the fans and pumps but they require a lot of something to pump. At ski-resorts they may even have to build new reservoirs (sometimes by excavating out existing lakes, to increase volume). On a permanet installation, the pipes have to be heated too.