DEC brought up Alta Vista in 1995 and went public by at least 1996.
They started selling keywords fairly early on as well, which is a mechanism to affect the rank of the results. The only major difference between Alta-Vista's scheme and Google is that Google does it publicly.
The patent was filled in 1999 so prior art from 1998 invalidates it.
Sorry, that's a bad example. Pixar's existing compute farm doesn't need much networking.
But it sure needs confidentiality, both of the rendering code itself and the data it is working on. Otherwise we will all see random frames from every Pixar movie in advance.
Plus the rendering code is quite likely huge and has a lot of dependencies on proprietary codebases. I doubt the stuff would run well on Direct-X.
The liquid metal effect in Terminator cost a million or so to develop and sold for that the first time after which it was quickly copied so that no you can get it in a movie for a few $10K.
The idea of using the internet to do distributed computing is as old as the net itself. We were building SETI type configurations back in the mid 80s, as soon as the price performance of the workstation rendered mainframes obsolete.
Believe it, if Pixar need more compute cycles they will go to Dell and buy a room full of cheapo machines. It will cost much less to manage than scraping processing time up from arround the net.
Can microsoft stop someone from implementing the Technical Reference without signing the license agreement? Not unless they have a patent on the technology
Microsoft have indicated in at least one public forum that this is the case. The legalisms are there for the sole purpose of protecting their patent rights.
The courts have of late become inclined to invalidate patent licenses under an emerging doctrine similar to that of copyright abuse. Essentially if you encourage people to use a technology that you have filed patent claims on in certain ways the courts can decide to revoke the patent. This was done for a patent that covered EISA bus which covered technology that had been proposed to the standards committee without disclosure of the IP claims.
The issue on GPL is hardly suprising and in no way prevents anyone's ability to develop open source. All it does is to prevent the open source authors from placing certain restrictions on the re-use of that software that Microsoft objects to. The Samba people can still distribute code for free, they can distribute the source for free. What they cannot do is to place restrictions on their code that prevent others from modifying the code as they might want to.
GPL is an exercise in control-freakery, Microsoft don't want to be controlled by RMS. The spat is somewhat amusing but has no real consequences.
Let us imagine that someone does write an implementation and distributes it with a BSD license and someone else takes the code modifies it and sells the result. Just how exactly is that outcome meant to be baaaaaad? The original freeware version is still out there.
Firewall administrators spend their time finding a balance which allows the useful stuff from happening with a minimal risk.
Either you are a firewall administrator protecting the guild or you have never worked in a large company.
In a large company the firewall admins spend their time in CYA mode. It is not unusual for one of my consulting people doing non-firewall work that requires a firewall config to arrive on site to find it not done. The customer knows that the only way to make a change happen is to have a consultant onsite racking up $2,000 a day who is waiting for the change. It is not unusual for the consultant to wait several days.
The assumption that newer versions of programs are more secure is simply wrong. I have had several systems break after someone replaced a verified secure piece of code with an unverified insecure one.
Case in point was when someone decided to install the latest version of sendmail with the usual horde of bugs over a version of QMail.
The biggest problem when someone downloads new versions of software however is that they are typically installed with the wrong defaults or insecure defaults, or they blow away parts of the security profile to allow them to be installed.
The type of system build I would typically use probably has less than 10% of the typical Linux distribution. The eliminated portions are gone for good reason - if the feature isn't needed it goes. So having someone reinstall the components I have removed is a major problem.
The other issue to beware of is any form of automated update that does not have very stringent controls to validate the authenticity of the replacement code. Otherwise the update mechanism becomes a potential backdoor. Don't believe that downloading the latest source via FTP is the solution either. All I need to do is poinson your DNS and you are downloading the version with my trojan.
What is needed is some form of software resource database that keeps track of the version of each software package installed, differences between that and the standard installation etc etc. Ideally there would be integration with something like tripwire. The ideal would be to have the type of mechanism that the.NET security framework has in which you can require software components to be signed by an authorised source in order to run.
Building and maintaing such a system would be very tedious and expensive to do well however, if it isn't done well it is no good.
The sell by date proposal is simply clueless, the guy does not appear to have much real security experience, he is just repeating the dogma.
Cool. But I would sure love to have a ride in the XKEE that R&T reviewed about 30 years ago... I've heard good stories about the Jag 3.4 to 4.2 6-cylinder engines, and the thought of two welded end to end is just too fun.
I very much regret not buying one of those instead of my MGB. Although the MGB cost only a fraction of the cost of an XKE ($2K instead of $10) I have since spent $10K restoring it, the XKE would not have cost much more.
The main disadvantage of the older cats is that they are about as reliable as a Soyo motherboard overclocked to 3GHz in a sealed biscuit tin running a beta release of Windows 3.0.
I like to bring up when someone asks how well a dual-CPU system might perform. In general, most people would expect to get 20% to 80% over a single CPU, but in certain cases where the first CPU was stuck in a wait-state swamp, I believe that more than double the original performance.
Exactly, my twin processor 650MHz machine kicks the butt of most single processor machines when it comes to console work. It is not as hot for compilation but I have engineers to do programming for me these days.
XML RPC is simple - it has a 4 page specification. SOAP is, well, not so simple.
About 18 months ago I submitted two specifications that were at the time both ten pages to two different standards organizations. They are both 60 pages now and have spawned numerous sub-specifications.
XML RPC only addresses a part of the space addressed by SOAP and not the most interesting part either.
I have read that Don Box himself is questioning the SOAP protocol, or at the very least the HTTP transport it is coupled with
Not suprising since one of the other main authors on SOAP was also an author of HTTP and spent several years working on HTTP-NG.
The problem with improved transport protocols is that the time taken to negotiate the upgrade to the new protocol obviates any advantage you can gain. I suspect that Marshal Rose is going to find the same problem with BEEP, althought the current plot appears to be force folk to layer SACRED over BEEP to get BEEP adoption, which I suspect is more likely to kill SACRED. And if you dislike XML bloat you are going to hate BEEP.
Anyway enough yattering and on to write my XML Compression spec. The problem with the argument that the problems of XML bloat can be solved by compression is that nobody has produced a usefull compression scheme for XML. Lev Zimpel compression does not work well on the short messages used in SOAP and requires too much state to insert as a simple filter element. I think we can easily get to the point where XML encoding plus compression results in smaller messages than schemes like ASN.1.
Bruce says many things he really should not and often with far less thought than he should. You would think that someone who spends so much time talking to journalists would understand the way his pronouncements are taken.
The reason that Bruce is quoted so often on security is that he returns journalists calls within an hour or two and gives a quotable quote by the deadline.
I discussed the SOAP paper with Bruce and Adam. The comment about SOAP was not intended to be taken as gospel, it was simply a throw-away comment added to the end of a section.
Bruce's security expertise is largely in the area of cryptography. He has not been a player in the network security protocols area. His last foray into that area was his criticism of IPSEC which was wrong on almost every count according to Steve Bellovin (who knows rather a lot about internet firewalls having helped invent them)
The criticisms Bruce makes would be valid if they had not been anticipated. Microsoft has actually developed a very comprehensive security architecture for SOAP and.NET, one of the lead designers was Brian LaMachia who some folk will know as the one time author of the MIT PGP key server.
A big problem with firewalls is that they are in most cases managed by people whose job is to stop bad things happening, it is not their job to help make usefull things happen.
Another big problem is that they are often used in the manner of a +5 amulet of protection against hackers, the company does not know how they work but they hope they will ward of attacks. My company installs and configures firewalls. It is not uncommon for our PSO to go onsite to re-configure a longstanding installation and find that it is configured for passthrough on all ports.
If you deploy SOAP you need an application layer firewall. Which coincidentally Microsoft just happened to demonstrate at RSA 2002. Now running a firewall on top of Win2K would be a pretty bad idea, you don't want a full feature O/S for that type of application. But running a firewall over the NT for embedded systems that is comming soon would be a pretty good idea, particularly with the.NET security framework.
But is that a 24 valve V8 or a 24 valve V6, if it's a V6 then the 16 valve V8 (especially if it's a big block =) will kick it's ass!
Not necessarily. The V6 GTI I bought for the wife creates more horsepower than the majority of US made SUVs which are typically based on engines that were originally designed in the 60s.
Equally the V8 in my XK8 will easily outperform the V12 engine Jaguar used to use [and still do 20 Mpg arround town rather than 10]
What really matters though is the chasis the engine goes in. For example the GTI will nail any SUV in the street, even if you dropped the Jaguar engine into it. Heck you could drop the engine out of a Ferrari F40 into a Ford Exploder and the Jag would beat it round any track. To go fast arround a circuit you brakes matter as much as your engine.
Its pretty much the same when you get to MHz. A 2.4MHz processor will probably go faster than a 2.0MHz processor all things being equal. However how much faster is pretty variable and all things are usually far from equal.
Unless you have the motherboard and O/S design that will support the beast you will probably notice about as much improvement from a 2.4MHz processor as painting a go faster stripe on the box.
Unfortunately most of the O/S in common use tend to spend a lot of time in unnecessary wait states. They ask a piece of hardware to do something, guess how long it will take and poll for the result. This isn't the way it should be but it only takes one baddly written driver to stonk the whole machine.
Of course back in the days of real operating systems there were these asynchronus service traps...
The bottleneck in UNIX and Windows is the GUI interface in both cases. The Windows GUI has lots of unnecessary blocking states. X-Windows falls foul of the lousy performance of interprocess communications on most modern UNIX boxes.
I would want a 21" penis. Hmm, come to think of it, so would my girlfriend.
I know a doctor who can shorten it to any length you need.
Re:April Fools, or Political Conspiracy?
on
AOL Buying Up Blogs
·
· Score: 2
I'd be deeply afraid that AOL were trying to quash all new political thought that often seeks to encourage radical changes in the current state of politics
That can't be the reason, the article said they were Libertarian news blogs...
AOL/CNN has been trying to find ways of reaching the audience of Fox News. Apparently the executives of CNN look at the Fox News viewership and conclude that there is a market for political news with a right wing bias.
Of course they would never consider the fact that the decline in CNN viewers might be due to their policy of dumbing down the news and giving saturation 'OJ Simpson' style coverage for stories that don't produce that amount of news. CNN is trying to model its news coverage on the Network news model which does not work for an audience that wants news and not entertainment.
Ten years ago you could get a pretty good idea of world politics from CNN. Today the TV station is useless for news or analysis. They can have a half hour segment on the issue of steel tarifs without mention of the fact that imposing tarifs on EU steel means that the EU is unlikely to support Bush on Israel or Iraq. Go to the EU press and it is topic number one.
Buying up blogs for profit does not appear to be a very sensible move. Nobody has demonstrated that a Blog is a scalable business. There are a number of folk like Pub who runs F*****Company.com who make enough to cover their costs and eat. But almost all the attempts to do it at scale have folded.
Buying up blogs to influence opinion or drive people to another site is an even sillier move, all available evidence suggests that people don't behave that way on the Web. Internet communities are typically ephemeral, most mailing lists last only about three or four years before the signal to noise ratio plumets and it is time to go elsewhere. Without moderation Web forums last even less time, the first Web forum WIT lasted only a couple of weeks before the S/N went to zero.
I also have a Tyan thunder and it works really well. I have not had a system halt since I moved the system to XP (the machine is pretty much dedicated to Tombraider)
I find the article to have a skewed sense of priorities, they put 'performance' above all, even stability. That might be good for the overclocking crowd, certainly not for me.
While people compare the uptime of operating systems my experience suggests that unreliable hardware is at least as big an issue. I didn't notice much difference between the stability of DEC UNIX or VMS, both would stay up for months, VMS would stay up for years. There was a huge gap in the reliability of DEC and Sun hardware five years ago.
The odd thing about reliability is that you can have a Mac user complain about the machine going down twice a day one minute and then rail against the reliability of PCs the next.
I tend to conclude that reliability is largely ignored because it is tedious to measure accurately.
The article was pure FUD. Sun and Gosling may honestly believe that there is nothing of any value in.NET and that Java has all the answers. I don't think they do, I don't think anyone does.
Java was not a particularly innovative language. Interpreted byte code has been arround since the p-system. There were many cleaned up object orented extensions to C, such as Objective C.
Sun's Java vision is based arround a particular goal of processor independence that is practically irrelevant in mainstream computing, particularly with the SPARC chips lagging behind Intel in performance.
---This is generally true. You can determine the ' random' output of any process by knowing the algorithm and all of the seed values.
You haven't studied quantum mechanics, have you?
Actually that was pretty much Einstein's position. He refused to believe QM to be random and insisted on a determinstic universe.
The point is that QM theory does not and indeed according to itself cannot tell us wether the universe is genuinely random on that scale or whether there is a layer of hidden variables whose inner workings are not observable.
But getting back to the algorithm, the system described is not a one time pad, it is a stream cipher. I tend to avoid stream ciphers myself in favor of block ciphers. While there are good stream ciphers arround a stream cipher is much more fragile and much more sensitive to the exact circumstances of its application. The WEP protocol would merely be bad rather than broken if they had specified a block cipher. The reason they use a stream cpher is that they can be made fast.
Re:Grounds for divorce.
on
Spy v. Spy
·
· Score: 4, Interesting
oh PUHLEEAASSSEEE. If you are married, you shouldn't have anything to hide from your spouse.
I have confidential information concerning many of my clients and former clients on my machines. I do not share that info with my spouse. Nor do I want my doctor, lawyer or accountant sharing my confidential information with their spouses.
The spyware folk appear to me to have got off very likely in the article. It appears likely to me that the overwhelming use of their wares in the long term is likely to be outright criminal, capturing passwords, credit card numbers etc. This was the modus operandi in the crimes Mitnick was sent to jail for the first time.
The law enforcement issue sounds to me to be bogus, if law enforcement really needs such tools they would be best advised to develop them internally and use them sparingly. Genuine vendors of law enforcement tools will typically only sell to law enforcement and verify who they are selling to.
Using the tools without a court order is very likely to be illegal in many jurisdictions. It would appear to be unauthorised modification of a computer system. If it isn't illegal already it is an oversight and it is likely to be made so.
This story strikes me as being very similar in tone to the early stories we would hears from the hacker community. 'We never do damage' they would say, 'we only go after child pornographers and terorists', having (legally) reviewed intercepts of the activities of certain widely reported hacker's activities I can assure people that they misrepresent their actions and motives.
No, it's not just semantics. There's actually a huge difference between gravastars and black holes.
Not as far as any external observations go. What is comes down to is philosophy of science.
The definition of a black hole = singularity is a modern one. The idea that things might be so massive that light cannot escape predate Einstein by a couple of centuries. Hawking has the paper in the back of one of his books, the one that starts 'Consider a Hausdorfian Manifold of Lipschit signature...' clearly one of his pop-science efforts.
There being no observable difference from outside the black hole the issue of what happens inside is irrelevant (except to omnipotent beings). Conventional physics might as well go hang when it tries to predict what happens since the area beyond the event horizon is out of bounds.
There is a similar debate in QM (which Einstein was also on the losing side of), does God really play dice? The apparently random interactions of QM can be explained deterministically if one posits the existence of hidden variables. However a theory based on variables that cannot be observed is not empirically verifiable, let alone falsifiable and thus lies in theology rather than science.
What underlies the whole debate is the question of whether physics is a model of the universe or THE TRUTH. Theoretical physicists often fall into the belief that they are discovering the truth about everything rather than merely a theory that is consistent with empirical observations. This is what is really behind the Sokal attack on Literary criticism, he takes offense at the insistence of Derrida and others that science is a set of working assumptions rather than an absolute. Ironically Sokal appears to be enlisting Popper in his cause which is strange because Popper's entire point was that absolutist ideas were bad and that the term 'science' was being abused by the pseudo-science of Marxists and Freudiam Psychoanalysis. Later discussions between Popper and his critics (notably Khune) makes it very clear that Popper was quite consciously raising the bar of 'scientific method' above the standards science itself applies.
So the fact that the standard model and relativity fall apart in the inside of black holes does not worry me much. We know that they are both wrong since they are (currently) incompatible.
Black holes and the QM hidden variables appear to me to satisfy Broomfondle's demand for 'rigidly defined areas of doubt and uncertainty'.
dammit! I hate you fucking assholes who use "Bzzt! Wrong" in reply to posts. It's so fucking pretentious. Who the fuck do you think you are??? I don't care if the previous poster was wrong, show some fucking respect!
OK, I am sooooo sorry, in future I'll say:
You are the weakest link goodbye...
I kinda find folk pontificating incorrectly about the strengths of cipher algorithms somewhat pretentious. Since you ask, I am one of the people who Lucky discussed his paper with before publication.
Which is wierd because most people who realised back in 1994 that the Internet would be huge commercially and acted on it are millionaires today. Canter could have been Amazon, or at the very least CEO of a startup that went under but only after making the founders ten million or so in the IPO.
Instead Canter was disbarred from practising law in the whole US as a direct result of the SPAM incident. He dosen't mention that of course. Most lawyers would think $200,000 to be a pretty poor return for something that causes you to loose your license to practise law. Admittedly Canter's case was overdetermined, he had been previously disbarred in another state. However the Arizona bar chose to bar him for the SPAM and bringing the profession into disrepute rather than failing to inform them of disciplinary proceedings in another state.
The fact is that on the Internet you don't do so well by using sharp practices. The guy who wrote the Perl script for Canter disputes the claim that they made any money. The ratio of genuine to false responses was way to high for it to be economic. However Canter and Siegel thought that they could make a fortune by conning others into spamming.
Canter and Siegel managed to wreck Usenet, but it probably would have gone down anyway. I had a look at soc.culture.british last night, not a single substantive post. Almost everything there was political spam from various varieties of fascist in support (or opposition to) some war criminal or other.
Fixing USEnet is one of those things that lots of people keep trying to get arround to. It is pretty clear that there is a need to have some form of authentication on the posts and that some form of moderation is necessary. I originally became interested in Slashdot after Jammie told me about the moderation scheme. Thing is that Slashdot is a very narrow resource compared to UseNet.
Oh and I do mean fixing USEnet, not just NNTP, although NNTP's flood fill routing is broken too.
2^2048 is 2^1024 times more than 2^1024 (that is, it's 2^1024 squared). Meaning that to crack 2^2048 - in theory - it would take roughly 1.797e308 times as long to crack.
Bzzt! Wrong
That would be the case if the fastest attack was brute force, in fact there are much better attacks. 1024 bit RSA is generally considered to be equivalent in strength to an 80 bit symmetric cipher. 2048 bit RSA is only equivalent to about 132 bits.
Even so, the issue has been known for some time and that is why the crypto world is in the middle of a transition to 2048 bit keys. Only it will take arround 5 years to complete the move. VeriSign has been distributing 2048 bit root keys for some time.
So that you can port applications from the PC easily.
In fact I currently have a large amount of Java code that we are considering using J# to compile down to.NET to get acceptable performance. Processor independent binary distrbution is not something I am particularly concerned about. The code will only ever run in a small number of datacenters on specified hardware.
.NET's VM is still non-deterministic. You can't force cleanup of objects, unless there's something I've missed. You also can't force objects to be allocated out of a memory pool. And it's tricks like this that people do to make games run smoothly and fast.
I am told that you can even change the VM manager on.NET, how I don't know. However the real constraint comes down to transparent vs explicit memory handling. I suspect that Microsoft's VM is probably close to optimal on what can be done for transparent memory management, however as you point out that is not necessarily acceptable performance for games.
ASM is king of the gaming domain, and I don't see that ever changing.
That hasn't been the case since the machines were powerful enough to run a compiler and the choice wasn't assembly or Basic.
Interpreted languages have been used for games, still are in fact, but they are generally interpreters built specifically to do gaming. Infocom was the first to do this with an interpreter for adventure games which let them sell Zork for Apple and Pet (as Al Vezza pointed out to the designers they would have a bigger market for games on that machine than on the PDP 6).
]C++ will NEVER be as fast as Assembler. Assembler will NEVER NEVER be as fast as pure machine code.... Sound familar. Who programs in machine code anymore? Not me.
You're a schmuck. Assembler IS machine code. There is *no* difference, other than one is written as binary, the other as text.
The guy was clearly pointing out the falacies told in the past. Actually the average code turned out by a good C++ compiler these days is better than that turned out by good assembler hackers for all but a handful of very compact problems - crypto algorithms and graphcs being the principle ones.
The problem with the 'they laughed at Gallileo' approach is that although Java is eventually going to catch up with C in performance it won't be on the basis of the JVM approach. The problem with the JVM is that you don't have enough information to do really good optimization and generating that information is not the kind of thing you want to do just in time.
When it comes to cross platform gaming JVM is not a credible platform and no amount of Sun hype will make it so..NET on the other hand does provide the optimization hints needed to do a good code generation phase.
Sun is really playing into Microsoft's hands here, this is one ground where performance is the absolute.
From a technical point of view Suns approach makes no sense for games consoles because the whole point of a console is that there is no O/S layer. That is how a machine with pretty tepid hardware performance can outpace a high end PC, there are no abstraction layers between the program and the hardware. It is like writing code for an early micro-computer, no O/S between you and the hardware.
More generally Sun's approach s clueless because they appear to not understand the way the gaming market works. The manufacturers deliberately introduce incompatibilities between players in different markets. Game console games are typically $15 to $20 more expensive than equivalent titles because the console companies charge for access to their platform. Sony and Sega don't want you to be able to play cross platform games and they will fix the hardware to stop you.
Xbox is kinda odd in that early reports stated that the hardware was open and there were no fees. Microsoft's interests are to have as many games on their platform as possible. But I doubt they would provide Sun with any help for their current scheme.
That leaves the PC platform running either Windows or Linux. There is absolutely no need for a virtual machine translation layer when the only platforms are i86.
While Sun goes on about the evils of Microsoft the only party that would benefit from this scheme would be Sun who would be able to market the SPARC as a games chip.
I disagree entirely. Never underestimate the government's ability to stretch censorship to new levels.
I think it is possible to reduce the bandwidth consumption of USEnet by at least one order of magnitude and introduce much better censorship resistance.
It is actually quite easy to block posts in the current flood fill algorithm, just introduce your own post with the same article ID.
If I were dealing with a simple proxy router (such as you apparently helped design the standard for) then my solution would be simple: direct ICANN URLs through the proxy and other ones elsewhere. But I really have no choice but to use the proxy, because my ISP is intercepting all of my port 80 packets.
So modify the host header appropriately as suggested.
Unless of course you don't really want it to work and all you really want to do is complain that your mickey mouse ISP does not support your mickey mouse DNS root.
Incidentaly, looks like someone really didn't like hearing criticism of openNIC, they moderated my previous comment 'overrated' which means 'I want to punish the person for posting this but I know that the metamoderators are likely to punish me for using any of the other down mods'
Slashdot Mirror
DEC brought up Alta Vista in 1995 and went public by at least 1996.
They started selling keywords fairly early on as well, which is a mechanism to affect the rank of the results. The only major difference between Alta-Vista's scheme and Google is that Google does it publicly.
The patent was filled in 1999 so prior art from 1998 invalidates it.
But it sure needs confidentiality, both of the rendering code itself and the data it is working on. Otherwise we will all see random frames from every Pixar movie in advance.
Plus the rendering code is quite likely huge and has a lot of dependencies on proprietary codebases. I doubt the stuff would run well on Direct-X.
The liquid metal effect in Terminator cost a million or so to develop and sold for that the first time after which it was quickly copied so that no you can get it in a movie for a few $10K.
The idea of using the internet to do distributed computing is as old as the net itself. We were building SETI type configurations back in the mid 80s, as soon as the price performance of the workstation rendered mainframes obsolete.
Believe it, if Pixar need more compute cycles they will go to Dell and buy a room full of cheapo machines. It will cost much less to manage than scraping processing time up from arround the net.
Microsoft have indicated in at least one public forum that this is the case. The legalisms are there for the sole purpose of protecting their patent rights.
The courts have of late become inclined to invalidate patent licenses under an emerging doctrine similar to that of copyright abuse. Essentially if you encourage people to use a technology that you have filed patent claims on in certain ways the courts can decide to revoke the patent. This was done for a patent that covered EISA bus which covered technology that had been proposed to the standards committee without disclosure of the IP claims.
The issue on GPL is hardly suprising and in no way prevents anyone's ability to develop open source. All it does is to prevent the open source authors from placing certain restrictions on the re-use of that software that Microsoft objects to. The Samba people can still distribute code for free, they can distribute the source for free. What they cannot do is to place restrictions on their code that prevent others from modifying the code as they might want to.
GPL is an exercise in control-freakery, Microsoft don't want to be controlled by RMS. The spat is somewhat amusing but has no real consequences.
Let us imagine that someone does write an implementation and distributes it with a BSD license and someone else takes the code modifies it and sells the result. Just how exactly is that outcome meant to be baaaaaad? The original freeware version is still out there.
Either you are a firewall administrator protecting the guild or you have never worked in a large company.
In a large company the firewall admins spend their time in CYA mode. It is not unusual for one of my consulting people doing non-firewall work that requires a firewall config to arrive on site to find it not done. The customer knows that the only way to make a change happen is to have a consultant onsite racking up $2,000 a day who is waiting for the change. It is not unusual for the consultant to wait several days.
Case in point was when someone decided to install the latest version of sendmail with the usual horde of bugs over a version of QMail.
The biggest problem when someone downloads new versions of software however is that they are typically installed with the wrong defaults or insecure defaults, or they blow away parts of the security profile to allow them to be installed.
The type of system build I would typically use probably has less than 10% of the typical Linux distribution. The eliminated portions are gone for good reason - if the feature isn't needed it goes. So having someone reinstall the components I have removed is a major problem.
The other issue to beware of is any form of automated update that does not have very stringent controls to validate the authenticity of the replacement code. Otherwise the update mechanism becomes a potential backdoor. Don't believe that downloading the latest source via FTP is the solution either. All I need to do is poinson your DNS and you are downloading the version with my trojan.
What is needed is some form of software resource database that keeps track of the version of each software package installed, differences between that and the standard installation etc etc. Ideally there would be integration with something like tripwire. The ideal would be to have the type of mechanism that the .NET security framework has in which you can require software components to be signed by an authorised source in order to run.
Building and maintaing such a system would be very tedious and expensive to do well however, if it isn't done well it is no good.
The sell by date proposal is simply clueless, the guy does not appear to have much real security experience, he is just repeating the dogma.
I very much regret not buying one of those instead of my MGB. Although the MGB cost only a fraction of the cost of an XKE ($2K instead of $10) I have since spent $10K restoring it, the XKE would not have cost much more.
The main disadvantage of the older cats is that they are about as reliable as a Soyo motherboard overclocked to 3GHz in a sealed biscuit tin running a beta release of Windows 3.0.
I like to bring up when someone asks how well a dual-CPU system might perform. In general, most people would expect to get 20% to 80% over a single CPU, but in certain cases where the first CPU was stuck in a wait-state swamp, I believe that more than double the original performance.
Exactly, my twin processor 650MHz machine kicks the butt of most single processor machines when it comes to console work. It is not as hot for compilation but I have engineers to do programming for me these days.
About 18 months ago I submitted two specifications that were at the time both ten pages to two different standards organizations. They are both 60 pages now and have spawned numerous sub-specifications.
XML RPC only addresses a part of the space addressed by SOAP and not the most interesting part either.
I have read that Don Box himself is questioning the SOAP protocol, or at the very least the HTTP transport it is coupled with
Not suprising since one of the other main authors on SOAP was also an author of HTTP and spent several years working on HTTP-NG.
The problem with improved transport protocols is that the time taken to negotiate the upgrade to the new protocol obviates any advantage you can gain. I suspect that Marshal Rose is going to find the same problem with BEEP, althought the current plot appears to be force folk to layer SACRED over BEEP to get BEEP adoption, which I suspect is more likely to kill SACRED. And if you dislike XML bloat you are going to hate BEEP.
Anyway enough yattering and on to write my XML Compression spec. The problem with the argument that the problems of XML bloat can be solved by compression is that nobody has produced a usefull compression scheme for XML. Lev Zimpel compression does not work well on the short messages used in SOAP and requires too much state to insert as a simple filter element. I think we can easily get to the point where XML encoding plus compression results in smaller messages than schemes like ASN.1.
The reason that Bruce is quoted so often on security is that he returns journalists calls within an hour or two and gives a quotable quote by the deadline.
I discussed the SOAP paper with Bruce and Adam. The comment about SOAP was not intended to be taken as gospel, it was simply a throw-away comment added to the end of a section.
Bruce's security expertise is largely in the area of cryptography. He has not been a player in the network security protocols area. His last foray into that area was his criticism of IPSEC which was wrong on almost every count according to Steve Bellovin (who knows rather a lot about internet firewalls having helped invent them)
The criticisms Bruce makes would be valid if they had not been anticipated. Microsoft has actually developed a very comprehensive security architecture for SOAP and .NET, one of the lead designers was Brian LaMachia who some folk will know as the one time author of the MIT PGP key server.
A big problem with firewalls is that they are in most cases managed by people whose job is to stop bad things happening, it is not their job to help make usefull things happen.
Another big problem is that they are often used in the manner of a +5 amulet of protection against hackers, the company does not know how they work but they hope they will ward of attacks. My company installs and configures firewalls. It is not uncommon for our PSO to go onsite to re-configure a longstanding installation and find that it is configured for passthrough on all ports.
If you deploy SOAP you need an application layer firewall. Which coincidentally Microsoft just happened to demonstrate at RSA 2002. Now running a firewall on top of Win2K would be a pretty bad idea, you don't want a full feature O/S for that type of application. But running a firewall over the NT for embedded systems that is comming soon would be a pretty good idea, particularly with the .NET security framework.
Not necessarily. The V6 GTI I bought for the wife creates more horsepower than the majority of US made SUVs which are typically based on engines that were originally designed in the 60s. Equally the V8 in my XK8 will easily outperform the V12 engine Jaguar used to use [and still do 20 Mpg arround town rather than 10]
What really matters though is the chasis the engine goes in. For example the GTI will nail any SUV in the street, even if you dropped the Jaguar engine into it. Heck you could drop the engine out of a Ferrari F40 into a Ford Exploder and the Jag would beat it round any track. To go fast arround a circuit you brakes matter as much as your engine.
Its pretty much the same when you get to MHz. A 2.4MHz processor will probably go faster than a 2.0MHz processor all things being equal. However how much faster is pretty variable and all things are usually far from equal.
Unless you have the motherboard and O/S design that will support the beast you will probably notice about as much improvement from a 2.4MHz processor as painting a go faster stripe on the box.
Unfortunately most of the O/S in common use tend to spend a lot of time in unnecessary wait states. They ask a piece of hardware to do something, guess how long it will take and poll for the result. This isn't the way it should be but it only takes one baddly written driver to stonk the whole machine.
Of course back in the days of real operating systems there were these asynchronus service traps...
The bottleneck in UNIX and Windows is the GUI interface in both cases. The Windows GUI has lots of unnecessary blocking states. X-Windows falls foul of the lousy performance of interprocess communications on most modern UNIX boxes.
I know a doctor who can shorten it to any length you need.
That can't be the reason, the article said they were Libertarian news blogs...
AOL/CNN has been trying to find ways of reaching the audience of Fox News. Apparently the executives of CNN look at the Fox News viewership and conclude that there is a market for political news with a right wing bias.
Of course they would never consider the fact that the decline in CNN viewers might be due to their policy of dumbing down the news and giving saturation 'OJ Simpson' style coverage for stories that don't produce that amount of news. CNN is trying to model its news coverage on the Network news model which does not work for an audience that wants news and not entertainment.
Ten years ago you could get a pretty good idea of world politics from CNN. Today the TV station is useless for news or analysis. They can have a half hour segment on the issue of steel tarifs without mention of the fact that imposing tarifs on EU steel means that the EU is unlikely to support Bush on Israel or Iraq. Go to the EU press and it is topic number one.
Buying up blogs for profit does not appear to be a very sensible move. Nobody has demonstrated that a Blog is a scalable business. There are a number of folk like Pub who runs F*****Company.com who make enough to cover their costs and eat. But almost all the attempts to do it at scale have folded.
Buying up blogs to influence opinion or drive people to another site is an even sillier move, all available evidence suggests that people don't behave that way on the Web. Internet communities are typically ephemeral, most mailing lists last only about three or four years before the signal to noise ratio plumets and it is time to go elsewhere. Without moderation Web forums last even less time, the first Web forum WIT lasted only a couple of weeks before the S/N went to zero.
I also have a Tyan thunder and it works really well. I have not had a system halt since I moved the system to XP (the machine is pretty much dedicated to Tombraider)
I find the article to have a skewed sense of priorities, they put 'performance' above all, even stability. That might be good for the overclocking crowd, certainly not for me.
While people compare the uptime of operating systems my experience suggests that unreliable hardware is at least as big an issue. I didn't notice much difference between the stability of DEC UNIX or VMS, both would stay up for months, VMS would stay up for years. There was a huge gap in the reliability of DEC and Sun hardware five years ago.
The odd thing about reliability is that you can have a Mac user complain about the machine going down twice a day one minute and then rail against the reliability of PCs the next.
I tend to conclude that reliability is largely ignored because it is tedious to measure accurately.
Java was not a particularly innovative language. Interpreted byte code has been arround since the p-system. There were many cleaned up object orented extensions to C, such as Objective C.
Sun's Java vision is based arround a particular goal of processor independence that is practically irrelevant in mainstream computing, particularly with the SPARC chips lagging behind Intel in performance.
Let me guess, their accountants are Arthur Anderssen?
You haven't studied quantum mechanics, have you?
Actually that was pretty much Einstein's position. He refused to believe QM to be random and insisted on a determinstic universe.
The point is that QM theory does not and indeed according to itself cannot tell us wether the universe is genuinely random on that scale or whether there is a layer of hidden variables whose inner workings are not observable.
But getting back to the algorithm, the system described is not a one time pad, it is a stream cipher. I tend to avoid stream ciphers myself in favor of block ciphers. While there are good stream ciphers arround a stream cipher is much more fragile and much more sensitive to the exact circumstances of its application. The WEP protocol would merely be bad rather than broken if they had specified a block cipher. The reason they use a stream cpher is that they can be made fast.
I have confidential information concerning many of my clients and former clients on my machines. I do not share that info with my spouse. Nor do I want my doctor, lawyer or accountant sharing my confidential information with their spouses.
The spyware folk appear to me to have got off very likely in the article. It appears likely to me that the overwhelming use of their wares in the long term is likely to be outright criminal, capturing passwords, credit card numbers etc. This was the modus operandi in the crimes Mitnick was sent to jail for the first time.
The law enforcement issue sounds to me to be bogus, if law enforcement really needs such tools they would be best advised to develop them internally and use them sparingly. Genuine vendors of law enforcement tools will typically only sell to law enforcement and verify who they are selling to.
Using the tools without a court order is very likely to be illegal in many jurisdictions. It would appear to be unauthorised modification of a computer system. If it isn't illegal already it is an oversight and it is likely to be made so.
This story strikes me as being very similar in tone to the early stories we would hears from the hacker community. 'We never do damage' they would say, 'we only go after child pornographers and terorists', having (legally) reviewed intercepts of the activities of certain widely reported hacker's activities I can assure people that they misrepresent their actions and motives.
Not as far as any external observations go. What is comes down to is philosophy of science.
The definition of a black hole = singularity is a modern one. The idea that things might be so massive that light cannot escape predate Einstein by a couple of centuries. Hawking has the paper in the back of one of his books, the one that starts 'Consider a Hausdorfian Manifold of Lipschit signature...' clearly one of his pop-science efforts.
There being no observable difference from outside the black hole the issue of what happens inside is irrelevant (except to omnipotent beings). Conventional physics might as well go hang when it tries to predict what happens since the area beyond the event horizon is out of bounds.
There is a similar debate in QM (which Einstein was also on the losing side of), does God really play dice? The apparently random interactions of QM can be explained deterministically if one posits the existence of hidden variables. However a theory based on variables that cannot be observed is not empirically verifiable, let alone falsifiable and thus lies in theology rather than science.
What underlies the whole debate is the question of whether physics is a model of the universe or THE TRUTH. Theoretical physicists often fall into the belief that they are discovering the truth about everything rather than merely a theory that is consistent with empirical observations. This is what is really behind the Sokal attack on Literary criticism, he takes offense at the insistence of Derrida and others that science is a set of working assumptions rather than an absolute. Ironically Sokal appears to be enlisting Popper in his cause which is strange because Popper's entire point was that absolutist ideas were bad and that the term 'science' was being abused by the pseudo-science of Marxists and Freudiam Psychoanalysis. Later discussions between Popper and his critics (notably Khune) makes it very clear that Popper was quite consciously raising the bar of 'scientific method' above the standards science itself applies.
So the fact that the standard model and relativity fall apart in the inside of black holes does not worry me much. We know that they are both wrong since they are (currently) incompatible.
Black holes and the QM hidden variables appear to me to satisfy Broomfondle's demand for 'rigidly defined areas of doubt and uncertainty'.
OK, I am sooooo sorry, in future I'll say:
You are the weakest link goodbye...
I kinda find folk pontificating incorrectly about the strengths of cipher algorithms somewhat pretentious. Since you ask, I am one of the people who Lucky discussed his paper with before publication.
Which is wierd because most people who realised back in 1994 that the Internet would be huge commercially and acted on it are millionaires today. Canter could have been Amazon, or at the very least CEO of a startup that went under but only after making the founders ten million or so in the IPO.
Instead Canter was disbarred from practising law in the whole US as a direct result of the SPAM incident. He dosen't mention that of course. Most lawyers would think $200,000 to be a pretty poor return for something that causes you to loose your license to practise law. Admittedly Canter's case was overdetermined, he had been previously disbarred in another state. However the Arizona bar chose to bar him for the SPAM and bringing the profession into disrepute rather than failing to inform them of disciplinary proceedings in another state.
The fact is that on the Internet you don't do so well by using sharp practices. The guy who wrote the Perl script for Canter disputes the claim that they made any money. The ratio of genuine to false responses was way to high for it to be economic. However Canter and Siegel thought that they could make a fortune by conning others into spamming.
Canter and Siegel managed to wreck Usenet, but it probably would have gone down anyway. I had a look at soc.culture.british last night, not a single substantive post. Almost everything there was political spam from various varieties of fascist in support (or opposition to) some war criminal or other.
Fixing USEnet is one of those things that lots of people keep trying to get arround to. It is pretty clear that there is a need to have some form of authentication on the posts and that some form of moderation is necessary. I originally became interested in Slashdot after Jammie told me about the moderation scheme. Thing is that Slashdot is a very narrow resource compared to UseNet.
Oh and I do mean fixing USEnet, not just NNTP, although NNTP's flood fill routing is broken too.
Bzzt! Wrong
That would be the case if the fastest attack was brute force, in fact there are much better attacks. 1024 bit RSA is generally considered to be equivalent in strength to an 80 bit symmetric cipher. 2048 bit RSA is only equivalent to about 132 bits.
Even so, the issue has been known for some time and that is why the crypto world is in the middle of a transition to 2048 bit keys. Only it will take arround 5 years to complete the move. VeriSign has been distributing 2048 bit root keys for some time.
So that you can port applications from the PC easily.
In fact I currently have a large amount of Java code that we are considering using J# to compile down to .NET to get acceptable performance. Processor independent binary distrbution is not something I am particularly concerned about. The code will only ever run in a small number of datacenters on specified hardware.
I am told that you can even change the VM manager on .NET, how I don't know. However the real constraint comes down to transparent vs explicit memory handling. I suspect that Microsoft's VM is probably close to optimal on what can be done for transparent memory management, however as you point out that is not necessarily acceptable performance for games.
That hasn't been the case since the machines were powerful enough to run a compiler and the choice wasn't assembly or Basic.
Interpreted languages have been used for games, still are in fact, but they are generally interpreters built specifically to do gaming. Infocom was the first to do this with an interpreter for adventure games which let them sell Zork for Apple and Pet (as Al Vezza pointed out to the designers they would have a bigger market for games on that machine than on the PDP 6).
You're a schmuck. Assembler IS machine code. There is *no* difference, other than one is written as binary, the other as text.
The guy was clearly pointing out the falacies told in the past. Actually the average code turned out by a good C++ compiler these days is better than that turned out by good assembler hackers for all but a handful of very compact problems - crypto algorithms and graphcs being the principle ones.
The problem with the 'they laughed at Gallileo' approach is that although Java is eventually going to catch up with C in performance it won't be on the basis of the JVM approach. The problem with the JVM is that you don't have enough information to do really good optimization and generating that information is not the kind of thing you want to do just in time.
When it comes to cross platform gaming JVM is not a credible platform and no amount of Sun hype will make it so. .NET on the other hand does provide the optimization hints needed to do a good code generation phase.
Sun is really playing into Microsoft's hands here, this is one ground where performance is the absolute.
From a technical point of view Suns approach makes no sense for games consoles because the whole point of a console is that there is no O/S layer. That is how a machine with pretty tepid hardware performance can outpace a high end PC, there are no abstraction layers between the program and the hardware. It is like writing code for an early micro-computer, no O/S between you and the hardware.
More generally Sun's approach s clueless because they appear to not understand the way the gaming market works. The manufacturers deliberately introduce incompatibilities between players in different markets. Game console games are typically $15 to $20 more expensive than equivalent titles because the console companies charge for access to their platform. Sony and Sega don't want you to be able to play cross platform games and they will fix the hardware to stop you.
Xbox is kinda odd in that early reports stated that the hardware was open and there were no fees. Microsoft's interests are to have as many games on their platform as possible. But I doubt they would provide Sun with any help for their current scheme.
That leaves the PC platform running either Windows or Linux. There is absolutely no need for a virtual machine translation layer when the only platforms are i86.
While Sun goes on about the evils of Microsoft the only party that would benefit from this scheme would be Sun who would be able to market the SPARC as a games chip.
I think it is possible to reduce the bandwidth consumption of USEnet by at least one order of magnitude and introduce much better censorship resistance.
It is actually quite easy to block posts in the current flood fill algorithm, just introduce your own post with the same article ID.
So modify the host header appropriately as suggested.
Unless of course you don't really want it to work and all you really want to do is complain that your mickey mouse ISP does not support your mickey mouse DNS root.
Incidentaly, looks like someone really didn't like hearing criticism of openNIC, they moderated my previous comment 'overrated' which means 'I want to punish the person for posting this but I know that the metamoderators are likely to punish me for using any of the other down mods'