Marlinspike's approach, implemented in a Firefox extension presented at DefCon '11, is to do away with the notion of CAs altogether in SSL, replacing it with a distributed network that reports on the certificate they see. Basically, if the certificate you see agrees with the rest of the network, then you're not being spoofed.
He had previously explained the properties a replacement to the CA system had to demonstrate in order to be viable
Moxie Marlinspike, the author of Convergence mentioned in TFA, addressed that very problem in a post. Long story short: a DNSSEC system would worsen the rigidity and centralization of the current CA system.
People are confusing this master key that breaks HDCP, saying it can help decrypt Blu-Ray discs. That's not the case: Blu-Ray is encrypted with AACS, which has a similar concept of device keys derived by a master key. AACS has a mechanism of revoking compromised device keys. Getting the AACS master key would bypass that mechanism, and would be great news.
This key isn't the AACS master key This is an HDCP key, which would allow one to create a "unauthorized" device that can connect to HDCP-encrypted HDMI and succesfully decrypt the HD stream.
HDCP has been known to be nearly broken since 2001, in that obtaining the device keys of 40-50 devices is enough to calculate the master key.
plus a donation of all of the offending HDTV's that were using BusyBox
Huh, WDE has to give away their HDTVs? Where do I sign up?
To clear things up a little, from TFA:
SFC has also secured the right to compel Westinghouse to hand over all unsold products loaded with BusyBox for donation to charity.
That sounds cool, but the cynic in me believes that won't happen for a variety of reasons ("we don't have any unsold products! The last ones went on eBay for 1$ each!")
I suggest that from now on, articles about far-out piracy number thrown out by special-interest should include a link to Wolfire's excellent analysis of video game piracy. Choice quote:
This means that even though games see that 80% of their copies are pirated, only 10% of their potential customers are pirates, which means they are losing at most 10% of their sales.
Considering the distances involved, I found it funny that the sentence implied simultaneity. Voyager 2 is about 92 AU out (according to WP), which is 12 light-hours and 45 light-minutes. So if they send the signal in the morning, the memory will be reset in the afternoon, and they can hope for clean signals the day after.
I've always envied their ability to maintain control over their brand and use it for appropriately portioned good and evil;)
From what I've understood from their past posts and various interviews, they owe a lot to their business manager, Robert Khoo.
They like explaining how they actually sold their brand and rights away before Khoo came aboard. Luckily, the buyer disappeared into bankruptcy and nobody else has since claimed that ownership. I'm not too sure of the details and current veracity of this:)
picture it: In the living room, the Killer (SCO) is lying on the ground, dead. The Hero (Novell) can finally relax and embrace his Girl (the OSS community). But no, shocking twist! The Killer rises behind them, brandishes a knife, and...
the hardware support for h.264 is really just a programmable DSP in most case
Yeah, no. I work as an embedded SW developer on the U8500 chip. Which codecs we have to support is factored in very early in the architectural phase, specifically because we then decide what HW acceleration is cost and power-effective. Efficient decoding from a power perspective is vital in the mobile market, of course. A DSP is better than a general-purpose CPU but much worse than dedicated HW. Also, you can't hold the expected performance (1080p at 60fps!) in our frequencies without HW.
My company originally cornered the MPEG2 market by being the first to provide a hw decoding chip. Newer codecs are... more complicated.
I'm probably already saying too much. Just a second, there are a couple of guys in black suits at the door, let me s:JKSDG*E^N#NB-- NO CARRIER
"A multitude of browsers will make the web more standardised and easier to browse".
Hah, that made me laugh. As much as it pains me to say it, Microsoft Windows standardized the desktop, and Internet Explorer the Web. Sure, the quality of that 'standard' was terrible, but at least it was a standard.
Every week I see cool new features demonstrated. But they're all tied to disclaimers such as Demo works best in Safari 4.x and pretty well in Firefox 3.5. and use css properties like "-webkit-text-stroke". That is the opposite of a standard.
I hope browser diversity will pull IE kicking and screaming into HTML5, but I certainly don't expect standardization!
Seriously, no antivirus. But then, I only use Windows occasionally to play games. I'm surprised I only had one (1) virus problem over the last 5 years in Windows, which I fixed thanks to a targeted tool. Apart from that, I practice Safe Computing, and that appears to have kept me out of trouble.
However, for all that I know, my windows system may be part of a few botnets that don't cause me any problems:\
On my family's computers... I forced Ubuntu upon those I could, and left the others to fend for themselves.
you'll 'regenerate' yourself entirely full of tumors by age 20.
The article states: "In these mice without p21, we do see the expected increase in DNA damage, but surprisingly no increase in cancer has been reported."
Also, I suggest other/.ers read the article. It is high quality, not a random blog post.
Those up high have understood that the USA's commercial future is not in manufacturing (they left that to China or Germany). If it's not physical goods, then what else is America selling abroad? IP, that's what. That's where the USA's commercial future lies, and that's what it'll have to defend at all costs, trampling their people's and other nation's right to defend that.
It's that or become insolvent. (look up the USA's trade balance over the last few 20 years. Think it'll improve? Think again.)
I've recently discovered the Fall From Heaven 2 mod for Civ4. It's the most sophisticated and complete mod for Civ4 out there. It's a fantasy mod set in a deep and well fleshed out universe It brings much more new concepts and content than both commercial extensions, Warlords and Beyond the Sword (although it requires these to work).
I expect it to keep me busy enough well past Civ V enters the discount bins. Having the mod ported to Civ V, however, will make me switch in an instant. Hint hint, Firaxis.
This year's FOSDEM in Bruxelles had over 2400 unique MAC addresses and 3600 visitors a day(source). We enjoyed a 1Gbps pipe, and far from saturated it.
It was overall of excellent quality, though there was a glitch in at least one of the hacker rooms where the operators had to upgrade the AP firmware. The geographic setup was more broken out: FOSDEM happens at the Universite Libre de Belgique (how appropriate), with talks in lots of classrooms spread across a few buildings.
It would be useful for everyone if they could post a writeup of their infrastructure.
"[This point was really hammered down for me when "Supreme Commander", highly hailed as innovative, came out and it turns out it's an almost 1-to-1 copy of the old "Total Annihilation" from 10 years ago only with better graphics]"
And that's exactly as I and thousands of other fans wanted it. Most remakes are crap. SupCom isn't.
(actually, a 1:1 copy of the old with better graphics would better describe TA: Spring)
It did add a vital gameplay mechanic in the zoomable tactical display*. Starcraft II is going to hurt so much when I won't be able to do that.
*I'm sure other games did it before... Rome: Total War?
PulseAudio was adopted to solve the problem of broken audio for some users, but PulseAudio broke stuff for some users for whom things worked before.
There is more loud complaining about newly-broken systems than there is praise for newly-working systems (humans are a fussy lot), and the complaining is drowning the praise.
Lesson: when you change something, make sure it works well and more importantly doesn't break anything for existing users, or the backlash will be terrible. Apple knows this, Ubuntu is learning this.
It's been close to 5 months now, and he still hasn't achieved his goal of publishing his apps on the store. He has had to put up with nonsensical paperwork and claims. He is at the mercy of a bureaucracy he doesn't control. He still doesn't know what to do to get through this mess. I dunno, it kinda reminds me of Kafka's The Trial.
Maybe your "Don't abuse Kafka" rant has merit for other situations. This one? Not so much.
Would Washington be a better place if MS just pulled up roots, and moved to another state? Another country?
Oh that stupid argument again. Let's cut the bull: There are about 30 000 employees on the Redmond campus, (and that was in 2005, before they started expansion to hold 12 000 more). That many employees, and that much infrastructure, does NOT move overnight, or even over a few years.
Slashdot Mirror
Marlinspike's approach, implemented in a Firefox extension presented at DefCon '11, is to do away with the notion of CAs altogether in SSL, replacing it with a distributed network that reports on the certificate they see. Basically, if the certificate you see agrees with the rest of the network, then you're not being spoofed.
He had previously explained the properties a replacement to the CA system had to demonstrate in order to be viable
Moxie Marlinspike, the author of Convergence mentioned in TFA, addressed that very problem in a post. Long story short: a DNSSEC system would worsen the rigidity and centralization of the current CA system.
People are confusing this master key that breaks HDCP, saying it can help decrypt Blu-Ray discs. That's not the case: Blu-Ray is encrypted with AACS, which has a similar concept of device keys derived by a master key. AACS has a mechanism of revoking compromised device keys. Getting the AACS master key would bypass that mechanism, and would be great news.
This key isn't the AACS master key This is an HDCP key, which would allow one to create a "unauthorized" device that can connect to HDCP-encrypted HDMI and succesfully decrypt the HD stream.
HDCP has been known to be nearly broken since 2001, in that obtaining the device keys of 40-50 devices is enough to calculate the master key.
plus a donation of all of the offending HDTV's that were using BusyBox
Huh, WDE has to give away their HDTVs? Where do I sign up?
To clear things up a little, from TFA:
SFC has also secured the right to compel Westinghouse to hand over all unsold products loaded with BusyBox for donation to charity.
That sounds cool, but the cynic in me believes that won't happen for a variety of reasons ("we don't have any unsold products! The last ones went on eBay for 1$ each!")
I'd like to preemptively buy a "Free Assange" wikileaks t-shirt. It doesn't exist yet, but I figure it's only a matter of time before it's necessary.
I suggest that from now on, articles about far-out piracy number thrown out by special-interest should include a link to Wolfire's excellent analysis of video game piracy. Choice quote:
This means that even though games see that 80% of their copies are pirated, only 10% of their potential customers are pirates, which means they are losing at most 10% of their sales.
The article says he even ran it by Gibson.
It does not, however, say that Gibson approved it.
NASA plans to reset Voyager's memory tomorrow
Considering the distances involved, I found it funny that the sentence implied simultaneity. Voyager 2 is about 92 AU out (according to WP), which is 12 light-hours and 45 light-minutes. So if they send the signal in the morning, the memory will be reset in the afternoon, and they can hope for clean signals the day after.
So how's that broadband market going for you? How about health care?
(and that's just off the top of my head.)
this post written from Europe.
From what I've understood from their past posts and various interviews, they owe a lot to their business manager, Robert Khoo.
They like explaining how they actually sold their brand and rights away before Khoo came aboard. Luckily, the buyer disappeared into bankruptcy and nobody else has since claimed that ownership. I'm not too sure of the details and current veracity of this :)
picture it: In the living room, the Killer (SCO) is lying on the ground, dead. The Hero (Novell) can finally relax and embrace his Girl (the OSS community). But no, shocking twist! The Killer rises behind them, brandishes a knife, and...
Yeah, no. I work as an embedded SW developer on the U8500 chip. Which codecs we have to support is factored in very early in the architectural phase, specifically because we then decide what HW acceleration is cost and power-effective. Efficient decoding from a power perspective is vital in the mobile market, of course. A DSP is better than a general-purpose CPU but much worse than dedicated HW. Also, you can't hold the expected performance (1080p at 60fps!) in our frequencies without HW.
My company originally cornered the MPEG2 market by being the first to provide a hw decoding chip. Newer codecs are... more complicated.
I'm probably already saying too much. Just a second, there are a couple of guys in black suits at the door, let me s:JKSDG*E^N#NB-- NO CARRIER
"A multitude of browsers will make the web more standardised and easier to browse".
Hah, that made me laugh. As much as it pains me to say it, Microsoft Windows standardized the desktop, and Internet Explorer the Web. Sure, the quality of that 'standard' was terrible, but at least it was a standard.
Every week I see cool new features demonstrated. But they're all tied to disclaimers such as Demo works best in Safari 4.x and pretty well in Firefox 3.5. and use css properties like "-webkit-text-stroke". That is the opposite of a standard.
I hope browser diversity will pull IE kicking and screaming into HTML5, but I certainly don't expect standardization!
Seriously, no antivirus. But then, I only use Windows occasionally to play games. I'm surprised I only had one (1) virus problem over the last 5 years in Windows, which I fixed thanks to a targeted tool. Apart from that, I practice Safe Computing, and that appears to have kept me out of trouble.
However, for all that I know, my windows system may be part of a few botnets that don't cause me any problems :\
On my family's computers... I forced Ubuntu upon those I could, and left the others to fend for themselves.
The article states: "In these mice without p21, we do see the expected increase in DNA damage, but surprisingly no increase in cancer has been reported."
Also, I suggest other /.ers read the article. It is high quality, not a random blog post.
I've always wondered: what was the difference, in DOS, between a .com and a .exe?
Those up high have understood that the USA's commercial future is not in manufacturing (they left that to China or Germany). If it's not physical goods, then what else is America selling abroad? IP, that's what. That's where the USA's commercial future lies, and that's what it'll have to defend at all costs, trampling their people's and other nation's right to defend that.
It's that or become insolvent. (look up the USA's trade balance over the last few 20 years. Think it'll improve? Think again.)
I've recently discovered the Fall From Heaven 2 mod for Civ4. It's the most sophisticated and complete mod for Civ4 out there. It's a fantasy mod set in a deep and well fleshed out universe
It brings much more new concepts and content than both commercial extensions, Warlords and Beyond the Sword (although it requires these to work).
I expect it to keep me busy enough well past Civ V enters the discount bins. Having the mod ported to Civ V, however, will make me switch in an instant. Hint hint, Firaxis.
This year's FOSDEM in Bruxelles had over 2400 unique MAC addresses and 3600 visitors a day(source). We enjoyed a 1Gbps pipe, and far from saturated it.
It was overall of excellent quality, though there was a glitch in at least one of the hacker rooms where the operators had to upgrade the AP firmware. The geographic setup was more broken out: FOSDEM happens at the Universite Libre de Belgique (how appropriate), with talks in lots of classrooms spread across a few buildings.
It would be useful for everyone if they could post a writeup of their infrastructure.
TFA already included that very XKCD. Its cultural embrace extends...
So what you're complaining about is that Symbian is not Unix?
As opposed to Unix?
And that's exactly as I and thousands of other fans wanted it. Most remakes are crap. SupCom isn't.
(actually, a 1:1 copy of the old with better graphics would better describe TA: Spring)
It did add a vital gameplay mechanic in the zoomable tactical display*. Starcraft II is going to hurt so much when I won't be able to do that.
*I'm sure other games did it before... Rome: Total War?
PulseAudio was adopted to solve the problem of broken audio for some users, but PulseAudio broke stuff for some users for whom things worked before.
There is more loud complaining about newly-broken systems than there is praise for newly-working systems (humans are a fussy lot), and the complaining is drowning the praise.
Lesson: when you change something, make sure it works well and more importantly doesn't break anything for existing users, or the backlash will be terrible. Apple knows this, Ubuntu is learning this.
It's been close to 5 months now, and he still hasn't achieved his goal of publishing his apps on the store. He has had to put up with nonsensical paperwork and claims. He is at the mercy of a bureaucracy he doesn't control. He still doesn't know what to do to get through this mess. I dunno, it kinda reminds me of Kafka's The Trial.
Maybe your "Don't abuse Kafka" rant has merit for other situations. This one? Not so much.
Would Washington be a better place if MS just pulled up roots, and moved to another state? Another country?
Oh that stupid argument again. Let's cut the bull: There are about 30 000 employees on the Redmond campus, (and that was in 2005, before they started expansion to hold 12 000 more). That many employees, and that much infrastructure, does NOT move overnight, or even over a few years.