Except that the md5Crypt() function isn't just a single MD5 operation. It actually carries out a sequence of 1000 md5 operations in sequence to try and slow down the overall operation.
Of course, 10 years of Moore's law eats 3 factors of magnitude fairly nicely.
Well, we don't use nispasswdd or ypasswdd. We run a Ganymede server which is responsible for mastering all password changes into NIS.
Ganymede has had md5Crypt support forever, so it'd be easy to generate the passwd map with md5crypted hashes, if we could rely on systems being able to make use of the new hash format.
Solaris source code is NOT needed to add new algorithms all code that uses crypt(3c) should continue to work.
That's presuming that the code is using the new generalized crypt functions, yes? I would assume that older code would be prone to having custom code to extract the salt from the hash, hash the plaintext, and do the comparison. That salt extraction would obviously not be portable to md5Crypt if it had been done in a naive fashion.
I would expect modern Solaris code that uses PAM modules for authentication would work, though.
I wonder if this functionality would make it feasible to use md5Crypt hashed passwords on a NIS network with Solaris 9 systems. md5Crypt and scalable blowfish (see the OpenBSD blowfish crypt paper) are designed so that you can identify the hash function used by looking for specific prefixes in the hashed text.
Obviously NIS should be dead and buried, but in far too many places it is not, yet. It would be nice if it were possible to use a more worthy hash function in conjunction with NIS.
Too many damn people want this stuff handed to them like it's their right to have it at their fingertips.
You mean like the vendors who are distributing software they didn't write or obtain a closed-source license for? Yeah, too damn many people want this stuff handed to them like it's their right to have it.
Eww, a whole new server? I hope there's more code sharing against XFree86 rather than less.. it would seem a tremendous waste to have to reinvent and maintain that particular wheel.
If RMS wants to rant about revision control systems, he'll need to say that CVS needs to be replaced with a more functional alternative (Subversion, perhaps), not BK.
Monotone is a new revision control system being developed by Graydon Hoare at RedHat. It's notable for having cryptographic hashs and signatures implemented through the entire system.. each delta in the archive has a signature associated with it, as does each bit of information about the delta.
I'm not sure how well such a system would perform, but there's no sneaking data into a system like that without subverting (sorry) someone's private GPG key.
NCSA Mosaic, Lynx and Athena all predated Netscape. All were free.
They weren't the product of browser manufacturers, though.. they were non-commercial university projects. There's a significant difference between that and an actual manufacturer in the sense of a commercial enterprise.
Netscape paid the ISPs and OEMs to support Netscape in the first place. Or don't you remember all the deals at the time saying "Sign up with XYZ provider, and get Netscape free!", right around the Netscape 1.0 timeframe.
Did they? Did they have to? Who didn't want a web browser when Netscape hit?
It amazes me how many people paint Netscape as whiter than white, and hard done by. They clearly forget everything that Netscape did, their original business model, and how they tried to build their own monopoly.
Netscape's original business model was to get early versions of their browser widely distributed to personal individiuals and educational outfits, while charging companies for copies for commercial use, and using the money from those sales to build a business in Internet servers.
Netscape never had the capacity for building a monopoly.. see the March 1997 Byte magazine cover story. It was all about how Netscape was looking to open the industry up by building a versatile services stack on non-proprietary standards like HTTP, IMAP, LDAP, even Netscape's own SSL, which was fully documented and open for other implementations from the beginning.
Netscape's plan was to out-develop and out-innovate Microsoft, leveraging the Internet to make it possible. Microsoft's plan was to force PC vendors to distribute IE to their customers at pain of losing the Windows license, to pay ISPs and ISVs to refuse to distribute or even mention Netscape, and to do the same thing on the server side with NT.
Some of that (perhaps even a good bit of that) is just good, clean competitive fun. But Microsoft crossed the legal line in several respects with their behavior. The Sherman anti-trust act holds that while having a monopoly or attempting to build a monopoly is legal, abusing an existing monopoly to force out competition from adjacent markets is not.
That's precisely what Microsoft did and that's why they were convicted.
Were Netscape 'whiter than white and hard done by'? If by that do you mean were they the FSF or the BSD guys, with no competitive or commercial interests, no, they weren't. But they played a much more fair game than Microsoft did, and they did it without abusing a monopoly in violation of federal law.
Netscape? A failed company who tried to create their own monopoly, but failed when Microsoft gave away their browser for free -- something that every single other browser manufacturer before Netscape was doing already?
Oh, neat. There were other browser manufacturers before Netscape?
Spyglass was charging Microsoft a percentage of revenues for each copy of IE sold before Microsoft decided they simply weren't going to collect any revenues for any copy of IE.. thanks, Spyglass, sorry you didn't realize any income whatsoever for giving us your technology!
Besides, Microsoft innovated in paying ISPs and ISVs to not support Netscape. They didn't just give the browser away for free, they paid people not to use Netscape. You really couldn't ask for a clearer violation of the Sherman antitrust act.. monopolist uses monopoly rents to fund an anticompetitive attack against a new market.
Could Microsoft have prevailed over Netscape without the dirty tricks? Sure, absolutely they could have done, probably.. but they didn't. They broke the law to stick the knife in Netscape, they got caught, and they deserve to be held to account for it.
"Tough but fair," please.
Sun Microsystems? A company who created a virtual machine designed to best work on Sparc systems, who suddenly started to get cold feet when Microsoft managed to come up with a virtual machine that worked faster than anything they expected could be created? A company who also completely failed to sue Netscape for creating their own non-compliant Java libraries?
All of which has nothing to do with what Sun sued Microsoft over. Sun sued Microsoft because Microsoft declined to support JNI, which allowed C modules to be written which would work against any standard JVM that supported it. Microsoft preferred their own native code solution, fine, but the contract didn't allow them to unilaterally decide not to support part of the Java spec.
Well, if you read the article, they do point out that they are using the shockwaves resulting from mach speeds in air as a speculative analogy to the shockwaves resulting from warp speeds in space.
Now obviously Einstein showed everyone that that kind of analogy is not likely to be worth a bowl of warm spit, even after you get past the impossible part, but this sort of thing is still way unnecessarily cool, and precisely the sort of ilk I think we geeks should be encouraging.
Brilliant. You'd need to be a copyright holder to do that, of course, perhaps even a registered copyright holder, which I think remakably few GPL authors are, and you'd need to have evidence that they were distributing the code while not complying with the GPL.
The fact that SCO is distributing Linux still while disclaiming the GPL doesn't mean that they are affirmatively blocking the rights the GPL provides for, so I don't know that you can do anything other than ding them for hypocrisy and bring up their inconsistency in a legal forum.
Probably not adequate to trigger a DMCA take-down, sweet as that would be.
A torrent file is tiny.. only a few k, at most. The problem is that a torrent is useless unless you have someone ready to seed the file that matches the torrent. Clients start downloading the file from the initial seed, and quickly get enough bits of the file that they are capable of serving pieces to other downloaders. Rather quickly, there are enough chunks outside of the original server that the load should drop on the initial server.
At least, so long as people are continuously downloading/uploading the file. If everyone who downloads the file shuts off their bittorrent client when the download is complete, the original seed system may wind up being the only one providing the file.. as soon as that happens, you're back to square one, effectively.
I can't imagine giving up the 320x320 color display on my Sony Clie for a 160x160 display, even if it was also a decent phone.
On 320x320, a Sony makes a fantastic book reader, which is a lot of what I do with mine. Going back to 160x160 would be like gouging my eyes out at this point, I think.
Of course, I suppose the idea is that you don't need too high a resolution when you're holding the screen up to your ear, right?
And tons of PBS and NPR affiliates make a go of asking people who actually do care to actually contribute to the cost of the programs.
If CSN is basing their model on C-SPAN, then it won't be like anything Discovery is doing, but it also won't be so expensive to produce programming for.
Of course, C-SPAN is subsidized by cable companies.. we'll have to see how CSN gets its funding.
Ah, yes, the Randite hero, bravely proving himself the superior man in the face of the sea of incapable beggers demanding alms.
You do understand that that's not what's at issue here? The question is what do you do when globally competitive labor is so cheap as to make it impossible to maintain the status quo standard of living through the sweat of one's brow?
Absolutely correct, and rather frightening, actually.
Capitalism is about driving towards economic efficiency, and that means Walmart devouring everything in the American general retail market and countries with cheaper cost structures providing whatever labor they possibly can, to maximize corporate profits.
I'm starting to see a lot more pro-tariff proposals in reaction to this, but in the absence of that sort of trade policy, it seems inevitable that wages will eventually reach equilibrium, corrected for education and technological resources.
Which wouldn't be bad, but it suggests a dramatic reduction in the absolute standard of living in the United States.. or perhaps just a reduction in the rate of growth of standard of living. 21st century middle class Americans enjoy in many respects a far higher standard of living than the absolute richest did in the 19th.
There are things that could preserve our higher standard of living, though, potentially.. the biomedical industry might do it, if American companies can extract enough wealth from the rest of the world for a cure for AIDS or malaria or antibiotic-resistant tuberculosis or the cancers. The technology industry might do it, except we really are giving away the store when it comes to open source software..
Anyone know of any good science fiction or speculative non-fiction that deals in detail with what such a move towards economic equilibrium might look like in this country, say 20 years out?
A classic Slashdot post, linked
on
Software Fashion
·
· Score: 1
This perfectly fits a classic reposting of a classic Slashdot post.. let me think, I believe the year was 2001...
The paper is rather decent, but all it really describes is a rather simple design for a GUI framework, of the kind that has been designed and implemented dozens of times over in the last 20 years.
It would take dozens of man-years of development to turn the implementation described into anything that would be competitive with X11. At this point, all that it is is a polemic for a simple high-level GUI protocol. There's no graphics model other than rectangles, blitting and line drawing, there's no font management API to speak of, no affine transforms, no splines, no region fills.. and what about a unified imaging model for on-screen displays and printing? Cut and paste/drag and drop? What about sound and multimedia? Event synchronization? Surely you'd want to link those into a new GUI standard. The paper properly points out the need to develop a security infrastructure.. how about a way to deal with the widget resources of a terminated client? Is there a distributed garbage collector in the system?
It's those kind of precise detail-oriented issues that are the real challenge in developing a user interface/presentation system. Sketching out a basic object communications model that puts responsibility for refresh into server-side data structures is nice, but it is such a tiny part of the problem at hand.
Don't get me wrong, I give the author high marks for a nice bit of work for a school project, particularly given that he actually implemented the thing. It's just not of a level of detail, functionality, or novelty to deserve to be brought up on Slashdot as 'Y: A Successor to the X Window System'.
At least, not yet. If the author is able to collect a rag-tag band of coding warriors to his banner, he might well make a significant contribution with Y in three or four years. There wasn't anything particularly special about Linux in the beginning either, until Linus gathered his tribe and showed the quality of his leadership. But remember, Linus was trying to support the execution of legacy code, not to rip and replace all of it. The author of this work is setting himself up for a much harder and lonelier task.
Slashdot Mirror
I was imagining that she killed the baby out of mercy, actually, on the theory that things were going to get real, real ugly in that city very soon.
In general, they portrayed her character as one tormented by the necessity of what the Cylons had to do, which I thought was a brilliant touch.
Except that the md5Crypt() function isn't just a single MD5 operation. It actually carries out a sequence of 1000 md5 operations in sequence to try and slow down the overall operation.
Of course, 10 years of Moore's law eats 3 factors of magnitude fairly nicely.
Well, we don't use nispasswdd or ypasswdd. We run a Ganymede server which is responsible for mastering all password changes into NIS.
Ganymede has had md5Crypt support forever, so it'd be easy to generate the passwd map with md5crypted hashes, if we could rely on systems being able to make use of the new hash format.
Solaris source code is NOT needed to add new algorithms all code that uses crypt(3c) should continue to work.
That's presuming that the code is using the new generalized crypt functions, yes? I would assume that older code would be prone to having custom code to extract the salt from the hash, hash the plaintext, and do the comparison. That salt extraction would obviously not be portable to md5Crypt if it had been done in a naive fashion.
I would expect modern Solaris code that uses PAM modules for authentication would work, though.
I wonder if this functionality would make it feasible to use md5Crypt hashed passwords on a NIS network with Solaris 9 systems. md5Crypt and scalable blowfish (see the OpenBSD blowfish crypt paper) are designed so that you can identify the hash function used by looking for specific prefixes in the hashed text.
Obviously NIS should be dead and buried, but in far too many places it is not, yet. It would be nice if it were possible to use a more worthy hash function in conjunction with NIS.
No, linux-2.4.18-mmap-sem-debug.patch does not address this bug. Nothing in that patch touches the do_brk() function in mm/mmap.c.
Red Hat 9, latest released kernel as of today, appears still to have this bug.
Too many damn people want this stuff handed to them like it's their right to have it at their fingertips.
You mean like the vendors who are distributing software they didn't write or obtain a closed-source license for? Yeah, too damn many people want this stuff handed to them like it's their right to have it.
This is The Man Who Would Be King that Gandalf wrote and directed, yes?
Eww, a whole new server? I hope there's more code sharing against XFree86 rather than less.. it would seem a tremendous waste to have to reinvent and maintain that particular wheel.
Even for someone as renowned as Keith.
If RMS wants to rant about revision control systems, he'll need to say that CVS needs to be replaced with a more functional alternative (Subversion, perhaps), not BK.
Or Monotone, perhaps.
Monotone is a new revision control system being developed by Graydon Hoare at RedHat. It's notable for having cryptographic hashs and signatures implemented through the entire system.. each delta in the archive has a signature associated with it, as does each bit of information about the delta.
I'm not sure how well such a system would perform, but there's no sneaking data into a system like that without subverting (sorry) someone's private GPG key.
NCSA Mosaic, Lynx and Athena all predated Netscape. All were free.
They weren't the product of browser manufacturers, though.. they were non-commercial university projects. There's a significant difference between that and an actual manufacturer in the sense of a commercial enterprise.
Netscape paid the ISPs and OEMs to support Netscape in the first place. Or don't you remember all the deals at the time saying "Sign up with XYZ provider, and get Netscape free!", right around the Netscape 1.0 timeframe.
Did they? Did they have to? Who didn't want a web browser when Netscape hit?
It amazes me how many people paint Netscape as whiter than white, and hard done by. They clearly forget everything that Netscape did, their original business model, and how they tried to build their own monopoly.
Netscape's original business model was to get early versions of their browser widely distributed to personal individiuals and educational outfits, while charging companies for copies for commercial use, and using the money from those sales to build a business in Internet servers.
Netscape never had the capacity for building a monopoly.. see the March 1997 Byte magazine cover story. It was all about how Netscape was looking to open the industry up by building a versatile services stack on non-proprietary standards like HTTP, IMAP, LDAP, even Netscape's own SSL, which was fully documented and open for other implementations from the beginning.
Netscape's plan was to out-develop and out-innovate Microsoft, leveraging the Internet to make it possible. Microsoft's plan was to force PC vendors to distribute IE to their customers at pain of losing the Windows license, to pay ISPs and ISVs to refuse to distribute or even mention Netscape, and to do the same thing on the server side with NT.
Some of that (perhaps even a good bit of that) is just good, clean competitive fun. But Microsoft crossed the legal line in several respects with their behavior. The Sherman anti-trust act holds that while having a monopoly or attempting to build a monopoly is legal, abusing an existing monopoly to force out competition from adjacent markets is not.
That's precisely what Microsoft did and that's why they were convicted.
Were Netscape 'whiter than white and hard done by'? If by that do you mean were they the FSF or the BSD guys, with no competitive or commercial interests, no, they weren't. But they played a much more fair game than Microsoft did, and they did it without abusing a monopoly in violation of federal law.
Netscape? A failed company who tried to create their own monopoly, but failed when Microsoft gave away their browser for free -- something that every single other browser manufacturer before Netscape was doing already?
Oh, neat. There were other browser manufacturers before Netscape?
Spyglass was charging Microsoft a percentage of revenues for each copy of IE sold before Microsoft decided they simply weren't going to collect any revenues for any copy of IE.. thanks, Spyglass, sorry you didn't realize any income whatsoever for giving us your technology!
Besides, Microsoft innovated in paying ISPs and ISVs to not support Netscape. They didn't just give the browser away for free, they paid people not to use Netscape. You really couldn't ask for a clearer violation of the Sherman antitrust act.. monopolist uses monopoly rents to fund an anticompetitive attack against a new market.
Could Microsoft have prevailed over Netscape without the dirty tricks? Sure, absolutely they could have done, probably.. but they didn't. They broke the law to stick the knife in Netscape, they got caught, and they deserve to be held to account for it.
"Tough but fair," please.
Sun Microsystems? A company who created a virtual machine designed to best work on Sparc systems, who suddenly started to get cold feet when Microsoft managed to come up with a virtual machine that worked faster than anything they expected could be created? A company who also completely failed to sue Netscape for creating their own non-compliant Java libraries?
All of which has nothing to do with what Sun sued Microsoft over. Sun sued Microsoft because Microsoft declined to support JNI, which allowed C modules to be written which would work against any standard JVM that supported it. Microsoft preferred their own native code solution, fine, but the contract didn't allow them to unilaterally decide not to support part of the Java spec.
You mean you're not married?
Well, if you read the article, they do point out that they are using the shockwaves resulting from mach speeds in air as a speculative analogy to the shockwaves resulting from warp speeds in space.
Now obviously Einstein showed everyone that that kind of analogy is not likely to be worth a bowl of warm spit, even after you get past the impossible part, but this sort of thing is still way unnecessarily cool, and precisely the sort of ilk I think we geeks should be encouraging.
Brilliant. You'd need to be a copyright holder to do that, of course, perhaps even a registered copyright holder, which I think remakably few GPL authors are, and you'd need to have evidence that they were distributing the code while not complying with the GPL.
The fact that SCO is distributing Linux still while disclaiming the GPL doesn't mean that they are affirmatively blocking the rights the GPL provides for, so I don't know that you can do anything other than ding them for hypocrisy and bring up their inconsistency in a legal forum.
Probably not adequate to trigger a DMCA take-down, sweet as that would be.
IANAL, YAAIIYTTFLA.
A torrent file is tiny.. only a few k, at most. The problem is that a torrent is useless unless you have someone ready to seed the file that matches the torrent. Clients start downloading the file from the initial seed, and quickly get enough bits of the file that they are capable of serving pieces to other downloaders. Rather quickly, there are enough chunks outside of the original server that the load should drop on the initial server.
At least, so long as people are continuously downloading/uploading the file. If everyone who downloads the file shuts off their bittorrent client when the download is complete, the original seed system may wind up being the only one providing the file.. as soon as that happens, you're back to square one, effectively.
I can't imagine giving up the 320x320 color display on my Sony Clie for a 160x160 display, even if it was also a decent phone.
On 320x320, a Sony makes a fantastic book reader, which is a lot of what I do with mine. Going back to 160x160 would be like gouging my eyes out at this point, I think.
Of course, I suppose the idea is that you don't need too high a resolution when you're holding the screen up to your ear, right?
Best. Southpark. Ever.
And tons of PBS and NPR affiliates make a go of asking people who actually do care to actually contribute to the cost of the programs.
If CSN is basing their model on C-SPAN, then it won't be like anything Discovery is doing, but it also won't be so expensive to produce programming for.
Of course, C-SPAN is subsidized by cable companies.. we'll have to see how CSN gets its funding.
Ah, yes, the Randite hero, bravely proving himself the superior man in the face of the sea of incapable beggers demanding alms.
You do understand that that's not what's at issue here? The question is what do you do when globally competitive labor is so cheap as to make it impossible to maintain the status quo standard of living through the sweat of one's brow?
Absolutely correct, and rather frightening, actually.
Capitalism is about driving towards economic efficiency, and that means Walmart devouring everything in the American general retail market and countries with cheaper cost structures providing whatever labor they possibly can, to maximize corporate profits.
I'm starting to see a lot more pro-tariff proposals in reaction to this, but in the absence of that sort of trade policy, it seems inevitable that wages will eventually reach equilibrium, corrected for education and technological resources.
Which wouldn't be bad, but it suggests a dramatic reduction in the absolute standard of living in the United States.. or perhaps just a reduction in the rate of growth of standard of living. 21st century middle class Americans enjoy in many respects a far higher standard of living than the absolute richest did in the 19th.
There are things that could preserve our higher standard of living, though, potentially.. the biomedical industry might do it, if American companies can extract enough wealth from the rest of the world for a cure for AIDS or malaria or antibiotic-resistant tuberculosis or the cancers. The technology industry might do it, except we really are giving away the store when it comes to open source software..
Anyone know of any good science fiction or speculative non-fiction that deals in detail with what such a move towards economic equilibrium might look like in this country, say 20 years out?
This perfectly fits a classic reposting of a classic Slashdot post.. let me think, I believe the year was 2001...
REPOST:A classic /. posting on languages as fasion
Gah, never mind. I had to wget the torrent file before using btdownloadcurses.py. I just assumed that it would work with a URL.
Downloading/seeding it now, thanks.
No such file or directory, says BitTorrent when I try to visit that link.
The paper is rather decent, but all it really describes is a rather simple design for a GUI framework, of the kind that has been designed and implemented dozens of times over in the last 20 years.
It would take dozens of man-years of development to turn the implementation described into anything that would be competitive with X11. At this point, all that it is is a polemic for a simple high-level GUI protocol. There's no graphics model other than rectangles, blitting and line drawing, there's no font management API to speak of, no affine transforms, no splines, no region fills.. and what about a unified imaging model for on-screen displays and printing? Cut and paste/drag and drop? What about sound and multimedia? Event synchronization? Surely you'd want to link those into a new GUI standard. The paper properly points out the need to develop a security infrastructure.. how about a way to deal with the widget resources of a terminated client? Is there a distributed garbage collector in the system?
It's those kind of precise detail-oriented issues that are the real challenge in developing a user interface/presentation system. Sketching out a basic object communications model that puts responsibility for refresh into server-side data structures is nice, but it is such a tiny part of the problem at hand.
Don't get me wrong, I give the author high marks for a nice bit of work for a school project, particularly given that he actually implemented the thing. It's just not of a level of detail, functionality, or novelty to deserve to be brought up on Slashdot as 'Y: A Successor to the X Window System'.
At least, not yet. If the author is able to collect a rag-tag band of coding warriors to his banner, he might well make a significant contribution with Y in three or four years. There wasn't anything particularly special about Linux in the beginning either, until Linus gathered his tribe and showed the quality of his leadership. But remember, Linus was trying to support the execution of legacy code, not to rip and replace all of it. The author of this work is setting himself up for a much harder and lonelier task.