It has been estimated that the US will spend $100 Billion in a year pursuing justice in the hinterlands of Afghanistan. That comes out to approximately $300 million per day! Or we will spend what is required to fix the SuperK in 12 hours. Kind of puts things in perspective.
The estimates reported by the BBC are a billion a year. The '100 billion' figure is the amount of corporate welfare the Republican party wants to ram through Congress under the pretense it is a stimulus package.
Before anyone gives these folk any more money they should be able to explain why the previous detectors went pop. Otherwise there is every chance the replacements will fail in exactly the same way.
$30 million is a pretty large chunk of change to lose. For the same money you could fund an awful lot of interesting Comp Sci research.
I don't doubt that there's some smart people involved in ICANN (as well as a bunch of lawyers) but a secretive autocratic organisation like ICANN is _not_ the place to design new protocols (particularly security related ones). The IETF, on the other hand, is the place to do this.
That is not what I said. I said that ICANN should specify the requirements they have for a DNS security infrastructure to secure the DNS and tell the IESG what they are.
The IETF has designed some good security protocols. It has also produced a lot of bad ones. They are not bad because they are insecure, they are bad because they don't meet the real requirements. PEM and MOSS being prime examples. IPSEC and DNSSEC both have clear usability problems that mean that they are not being used in practice for the purpose they were originally advertised as solving.
The scheme is stupid. The first premise is that the 'top 1000 web sites' agree to move to the pay per page system on the same date. That sounds like an illegal aggreement to set prices to me.
The second somewhat odd idea is that the whole scheme is costless and should be run by 'a non-profit corporation'. Why is it that people who are suggesting ways to make themselves rich always seem to think that everyone else should work for free?
In practice the cost of running a pay per view system would be much greater than 1 cent per page. Each payment transaction is by its nature statefull, maintaining state requires storage and CPU. Implementation of the system would be non-trivial. Cybercash invested tens of millions in their cybercoin system.
The privacy issues are very hard, as are the customer service issues as users deny visiting www.kinkyporn.ch etc. What most people do not seem to realise is that the more privacy the customer has the harder it is going to be to solve those customer relations problems.
The Chaum Patents are beautiful pieces of cryptography and commercially worthless. Digicash could never get the system to work for an economic transaction cost. There was in practice much less privacy than was claimed. Each transaction required a lot of CPU intensive processing. The patents were sold when Digicash went under for a very very large sum, I doubt that the purchasers will be willing to donate them to a non profit corporation.
The problem of fraudulent payment claims is definitely not solved by the suggestion in the Q&A. As with much of the rest of the proposal the suggestion is essentially 'magic happens here'. Yeah quite.
I also have difficulty believing that the author understands the issue of the banking regulations governing money transfers.
Micropayments might well happen, indeed they are probably likely. They will not be introduced through a non-profit corporation set up by a cartel of major web sites however. Nor will they be universal. Only a small number of sites have content that is worth paying for.
Why not save a step and put the whole thing onto a PLATTER!
Because I don't want the audience to hear every pop crackle and whiz on the soundtrack when a bad splice goes through the projector.
Unless you are showing an absolutely new print the chances are that there will be splices that should be repaired. If you just dump the thing on a platter you are hoping that the last projectionist was competent.
In that case it's easy to discover and fix because the last guy who had the film supposedly left a frame on the head and the tail for the specific purpose of matching it up to the reel when that happens, right?
If the film still has its original headers...
I stand by my original statement. It is IMPOSSIBLE for any projectionist worth his rate of pay to show a movie where he doesn't know the film title before the picture is on the screen if he has set up the movie himself.
I don't think that that anyone was suggesting that. They were saying that the cans were sometimes mislabelled.
ICANN should be... telling the IETF the characteristics of the security protocol it really needs" - oh please. What on _earth_ makes you think ICANN has the faintest idea about protocols and security?
Look at the members of the ICANN board, look at the membership of the IESG and IAB over the past 10 years. Oh and look up Steve Bellovin's research interests.
I had meant to type 'DNSSEC' in the original in place of BIND. DNSSEC many not be the answer, if it was the answer maybe it would have taken less than ten years to deploy after the RFCs were written.
The main problem is that DNSSEC turned into a design for a general purpose PKI. As a result lots of features were added such as the NXT record that make deployment sticky. Also the nature of DNS lookups has changed drastically. TTLs are often measured in minutes rather than days as they once were. This means that the DNSSEC method of signing each RR individually is a very high overhead. The servers can do the siging offline, not so hot for the clients though which can have ten or more signatures to verify for a single lookup.
Schneier always mentions that you have to watch out for people motivations. In this case, he should point out that his company makes its living watching for bugs/hacking/vulnerabilities in the systems of the customers that it monitors.
Well that is Bruce for you, he is kinda random. A while back he published a 'Schniergram' listing a whole rack of problems he had identified in IPSEC. Then after the group explained to him why he had entirely failed to understand the problem he didn't withdraw the paper, but it did disappear from the index on the counterpane site and kinda faded from view. Every so often someone reads back issues of cryptogram and rushes to the list to debate the issues raised by the 'expert'.
So when it comes to false alarms Bruce is not exactly whiter than the driven snow.
The balance between full disclosure and partial disclosure is very hard to draw. The problem is in large measure often on the side of the vendors. But security 'experts' are not always exactly blameless. Quite often the exploit scripts are written by people who have no connection with the discovery of the bug and after it has been acknowledged and is being worked on.
The basic problem is that the easiest method of getting press attention is to claim credit for the discovery of some security bug or other. 'Full disclosure' is often no more than a convenient excuse for being a media-whore. Those of us who are responsible for actually designing security systems do not in general spend much (or indeed any) of our time returning journalist's phone calls with nifty quotes.
I've NEVER seen a film with "mis-labelled" leaders. And no projectionist worth his rate-of-pay would put a movie together without reading the leader (and tail) on each and every reel
You obviously haven't shown many re-run films then. First thing I would do as a projectionist is to cut off the leaders and trailers of every reel (except perhaps the last). Then I would spool them all onto a couple of 6000's and put the whole film onto the cake stand.
Almost all modern projection equipment is continuous loop these days. Where on earth would you be using a twin projector set up (especially when projectors and lenses cost more than a cake stand)?
It is far from unusual to get a film where the last projectionist switched the leaders on a couple of reels. On occasion you get a film with the headers from an entirely different film altogether.
The bottom line is this. Don't be too worried about DNS going down. Unlike www.microsoft.com or www.whitehouse.gov, there is little incentive for a malicous script kiddie to attack DNS.
Untrue, DNS is like www.whitehouse.gov under permanent attack. The article is based on a number of assumptions that are not true of all the root servers.
Steve Bellovin is somewhat inaccurate in his statement about BIND. While it is true that most of the Root servers run code that originated in BIND most of the heavy lifting is done by a few servers that sit on the fattest pipes that run a stripped code base. The code paths of that code base have at this point been as near to completely tested as anything gets.
The real problem is that most of the root servers are still maintained by the ad-hoc volunteer network of the 1980s Internet. As a result many of the 'root servers' are hosted on drinking straws rather than pipes.
There are 13 servers however and all have to go down to take out the Internet. Even then the effect would take some time to be felt. The root servers only manage the top level domains. These tend not to change very often and so the TTL on the root records can be made very long without causing operational difficulty.
A much more serious problem would be if someone brought up a fake root server. DNS does not provide authentication.
Rather than obsess about the code base problem ICANN should be either deploying BIND or telling the IETF the characteristics of the security protocol it really needs.
The rest of the bands might as well be enciphered for all I care. Probably just means that I am old.
The 'anti-rip' technologies all work by exploiting bugs in the CDROM drivers that cause the ripping software to break. If the CDROM drivers start to break on large numbers of CDs then the manufacturers will be forced to fix them.
I suspect that Amazon and the like will find these CDs unecconomic to sell as the number of returns is going to be high. The CDROM driver bugs are not going to be unique to CDROMs. Expect Amazon to start pro-actively warning customers that certain CDs have a very high rate of return.
First, although it may seem like it, the COE has nothing to do with the European Union. The "Cybercrime Convention" has received some attention, but I hope that it is not as relevant as people claim it is. Similar to other such international treaties, signatory nations can basically disregard certain provisions or all of it without any further effect.
Council of Europe meetings are typically held behind closed doors and are usually attended by civil servants rather than ministers. Legislators sometimes attend but there is no democratic mandate and national parliaments do not consider COE decisions to be binding, in fact they are rarely even reported in the European press.
As a result the decisions made tend to be all things to all people. The decision will require legislation that considers X while also considering ~X.
European Union legislation is very different. EU directives are binding on the member states. But the voting rules are pretty complex and there is some democratic input in the form of the EU parliament. National parliaments still have to vote through the implementation legislation.
If both Fermilab and CERN found a similar deviance, then I don't believe it's a flaw at Fermilab.
If they both used the same Monte-Carlo simulation or the same analysis package the potential for common failure is high.
There was a similar event that happened with the 19KeV Neutrino, two apparently independent experiments turn out to have used the same counter unit with a bizare temperature-dependent fault that causes lost counts in wierd circumstances.
I wouldn't make any long term plans based on this paper. The "one chance in 400" is misleading -- if you look at the paper, what it's really saying is that their experimental result differed from their theoretical result by three standard deviations (three sigma). On the face of it, this isn't very impressive. The trouble with straightforward statistical analysis in this fasion is that particle physics is hard. Experiments are being done at the limits of detectability, and often in ways that have never been done before.
As a former experimentalist in the field (they gave me the Phd so I couldn't be all that bad) I am not getting excited.
The problem is that the experiments are simply not accurate enough to jump up and down in celebration for such a miniscule deviation.
What I am really suspicious about is that the number of observations is much lower than expected. That can happen because you just missed some particles you should have seen.
You can have a deviation that is 'significant' at twenty or a hundred standard deviations and it can still be the result of experimental error rather than a flaw in the standard model.
Given the way the physicists write their programs I would not be at all surprised if this turns out to be no more than the result of a flaw in PAW or GEANT. A physicist will go off to beg congress for a billion dollars to four experiments on the same accelerator (e.g. LEP) so that each can cross check the results of the other. Then they will all share the same analysis programs even though they are known to be riddled with bugs. And don't start on about the Web, first off the Web code was not built on a twenty year old code base from the dawn of Fortran, second there were multiple versions of the code written from the very start. In 1992 there were 10 browsers and at least 5 Web servers.
Ashcroft is opening a major opportunity for the terrorists to get off after they appeal their convictions claiming that they were denied the right to council. The courts might back Ashcroft now in the wake of attrocitiy, but a couple of years from now and the situation is likely to be very different. The right to council is negated if the accused cannot have confidence that the discussion will be confidential.
The ability to wiretap is stated to be slightly more restrictive than the headlines suggest. The enabling act (aka PATRIOT bill) does not require the restrictions stated and the administration has made no commitment to observe the restrictions. All the administration has said is that it will wiretap in certain additional circumstances, it has not said it will not use the unlimited wiretap powers in the bill. So if you are a civil rights activist don't rely on the non-promises.
All in all the administration is making a pigs ear of the war so far. The Brits are pissed off because they can't land their SAS troops and start shooting some Taleban. The French, Germans and Italians are scarred that Bush will listen to the administration hawks calling for bombs to be dropped on Iraq, thus opening up a second front forcing the deployment of toops to protect Saud before the war in Afghanistan has even properly started.
Bush appears to be driven more by the need to win the election than the need to win the war. To win the war he needs to have the help of the muslim countries bordering Afghanistan. Israel is doing its best to force Bush to choose between support for Israel and support from Pakistan. Instead of slapping Sharon down for his trecherous behavior, Bush is dithering in the hope he can pick up the votes of the six members of the Israeli lobby who did not vote for Lieberman.
What we need to see is a bold stroke of leadership. Bush has a perfect opportunity to go for a raprochement with Iran, boosting the democratically elected moderates against the unelected mulahs. Offer to lift the sanctions in return for Iran opening its borders to the refugees. Get the Europeans to supply the necessary food from their EEC grain mountains.
I don't care what you think about school prayer. Get rid of your preconceptions, and think about it. Should a group with the name "American Civil Liberties Union" be for or against allowing children to worship as they wish?
Perhaps what they are concerned about is kids being coerced into praying to a christian God who aren't Christians?
The law protects religious activities that are genuinely student led. What it prohibits is the various subterfuges that have been used in the south to introduce coerced prayer. The courts did nothing to stop student prayer activities until the school boards started to create bogus 'student activities' to give cover for compulsory prayers.
Everything (as in EVERYTHING - from every source) said that they upheld the finding of fact, but reversed the penalty. I only glossed over the ruling, but I don't recall anything like what you're imlying.
"I didn't read the judgement but the reports of the judgement I read on slashdot said that the court decided Gates was the antichrist"
I read the judgement, as reported in most of the press it overturns the finding that integrating IE into windows was illegal tying.
1) The nationality of the person making the response is not significant.
Any written comments relating to such proposal and any responses by the United States thereto, shall also be filed with such district court and published by the United States in the Federal Register within such sixty-day period.
2) The act does not actually require responses to be listened to. All that is required is that they be published in the Federal Register.
3) The biggest problem with the government case is the behavior of the judge.
4) The second biggest problem is that the case the DoJ made in the trial is not the one made out on Slashdot.
5) The appeals court reversed substantial parts of Jackson's 'findings of fact'. In particular they rejected the view that they were bound to consider a statement to be a statement of fact and not a conclusion. As a result Jackson's findings of fact mean very little because most of the findings slashdotters are enjoying are conclusatory opinions that would not have been binding on the new judge in the retrial.
Somewhere along the line the DoJ was captured by Sun, Netscape et. al. The legitimate case against the MSFT licensing arrangements was not given anywhere near the attention it deserved in the trial. Instead the DoJ case was largely made on the basis of Netscape's view of the injustices Netscape felt had been done to them.
It is not surprising then that the remedy is not what many on Slashdot would want. The DoJ did not bring a case against MSFT integrating the Web browser APIs deep into the operating system. In fact the DoJ explicitly denied that it was doing so because by doing so it could claim that MSFT was lying when it said it could not remove IE from the O/S. As a result we now have a court rulling that requires the user to be able to remove the IE user interface application but not the dlls it calls. The IE platform is absolutely untouched by the settlement.
Your experience of computing is obviously not great enough to make that type of attack.
I have six systems from various sources that are post 96 that require the BIOS to be programmed for the disk geometry. One of those systems has an Intel motherboard so it is hardly an obscure problem.
The BIOS does have an 'auto-config' setting. However the damn thing does not work. Instead of reading out one set of geometry settings and using it the BIOS allows cylinders to be traded for tracks and vice versa.
This is kinda a strange way of looking at the problem. It is not as if changing the config file changes the geometry of the disk!
What is really going on here is that there is a bizare set of hacks where we tell the BIOS some lies about the disk geometry so that it can use a disk that was somewhat larger than the largest availble when the machine was made.
My 1996 machine has a providence motherboard which was designed for use in servers. The auto-config only works on a 3.5" disk smaller than about 20Gb. Above that point the number of cylinders goes above 65536 and some BIOS field overflows.
Now this may constitute 'auto-config' for geeks but it certainly does not in my book, it means that I have to spend time fixing machines that should not need fixing.
20Gb was larger than the disks that were common when the machine came out (just), but it was pretty obvious that this was a very short term issue. I had a 6Gb disk in the machine when I bought it and had swapped that out for a 12 pretty soon after.
A large part of the problem is that the disk drive manufacturers used one kludge after another to extend the IDE spec for another 18 months or so. Instead of fixing the basic problem they did things like saying 'blocks are now 4 times the amount of data they were before'.
The announcement is pretty irrelevant, all it says is that there is a Linux driver for the new disk drive interface that supports bigger disks.
The real advance here is that the disk drive weenies have at last realised that they need to come out with a real fix for the 'big drive' problem and not yet another temporary measure.
Despite the fact that hard drives have increased from 5 Mb storage to 100Gb over the past 20 years the disk drive manufacturers have time after time proposed new interface standards that have been obsolete within a couple of years of their introduction.
Remember the 2Gb barrier? Today we are rapidly approaching the 128Gb barrier.
What annoys me is that the disk drive manufaturers seem to be unable to comprehend the idea of 'automatic configuration'. Why should I have to spend time telling my BIOS how many cylinders and tracks my drive has? I have a couple of older machines with somewhat wonky battery backup for the settings, every so often the damn things forget what size their boot disk is. Like just how many days would it take to define an interface that allowed the BIOS to query the drive about its own geometry?
Of course in many cases the figures you have to enter into the drive config are fiddled because the O/S has some constraint on the size of drives it handles.
We probably need a true 64 bit Linux before people start attaching Petabyte drives for real. For some reason file systems tend to be rife with silly limitations on file sizes etc.
Bit saving made a lot of sense when we had 5Mb hard drives and 100kb floppy drives. It does not make a lot of sense to worry about a 32bit or 64 bit file size field when we are storing 100kb files.
If folk go about modifying Linux, please don't let them just deal with the drives of today. Insist on at least 64 bits for all file size and location pointers.
We are already at the point where Terrabyte storage systems are not unsusual. Petabyte stores are not exactly commonplace but there are several in existence. At any given time there are going to be applications that take 1000 odd of the largest disk available in their day. Today that means people are using 100Tb stores, it won't be very long before 100Pb is reached.
It would make a very cool MP3 player, it has a type II compact flash so you can put ye old IBM microdrive in it.
Would be somewhat more interesting with some sorta wireless capacity. I guess that the modems for Pocket PC should work OK (with possible driver tweakage)
Might well cut into the palm user base quite quickly
The main differences between XP and W2K are the market they are optimized for and the level of Win 98 backwards compatibility.
It is quite possible that whatever compatibility box is run to allow creeky Win95 programs to still work would slow the system.
It is also quite possible that the hardware used was running Win98 drivers under XP which is going to cause a performance hit.
Most likely however is that the benchmarks don't measure the things XP is optimized for. XP is a personal user O/S. As such you would expect the apparent speed of the O/S to be optimized rather than the actual time taken to run compute heavy Excel spreadsheets.
A more reasonable test would be to measure the speed of running Quake or Civ III on the two platforms.
I don't much care about the speed of the machine, what I really care about is the amount of time I spend waiting while the machine is busy. My main frustrations with both X-Windows and MS Windows are the times when I am waiting for the window manager to catch up with what I am doing.
I don't much care about tasks that normally take 5 minutes taking 6 minutes. But I do care about a popup box responding in 100ms rather than 10 seconds. I do care about the times when the UI freezes because some application has locked some resource it has no business messing with.
That said, the benchmark will no doubt be used in the usual highly partisan manner to 'prove' that Linux is best on the basis of a comparison between two versions of windows. After all the weenie faction did (and are) doing exactly that last week when Amazon moved from Compaq Tru64 to Linux
If the document was published deliberately a more realistic motive would be to signal that MSFT does not consider Sun to be a threat because OSS is going to kill it.
He isn't a very good journalist either. What he really is is a pundit, he has an opinion about everything and is paid to write about it. Unfortunately it is not very easy to make sense of what Katz writes and the effort is never repaid in any great or deep insight.
If you read the works of good journalists (try the London or New York Times) they are able to make coherent, well reasoned arguments.
What makes you so sure? I'd have said it takes a lot more weapons and followers. Look at the Taliban. I'm not saying they're stupid, but they got to their position of power after being trained by the US.
The Taleban are far from representative of leaders of the third world. I have met the Prime Ministers and Presidents of many countries and most of them are actually pretty sharp intellectually. The exceptions tend to have inherited the position.
I have not met any of the Taleban leaders. However they do appear to be determinedly ignorant fanatics rather than incredibly stupid fanatics. Their main problem is that they have wound up believing their own propaganda. They have been telling each other that the West is weak, soft and stupid. So they think that we don't know that the Taleban were up to their necks in the WTC plot as deep as Bin Laden. They think that after dropping a few bombs we are going to drift away. They are about to get a nasty shock.
But then your exact stance is very vague
You mean that my ideas do not follow from some pre-canned ideological position so you can file it away as pro-US or anti-US? I am an analyst, not a courtier. If fools want to surround themselves with advisers that only tell them what they want to hear, then best not ask me for advice. The small number of people who do seek my advice are highly influential.
There are two dimensions to the analysis of US policy, first is the ethical, second is the pragmatic. Has the US policy towards Afghanistan been unethical? Clearly not, we have not intervened to save the country from itself, but there was no moral obligation to do so and certainly little the US or the West could have done to make the situation better.
On the pragmatic side, has US policy in the gulf region been perfect? Clearly not, we allowed the loonies to murder 5000 civilians. There was a failure of US foreign policy.
If you have a serial killer on the loose and the police fail to catch him you can hold the police chief responsible for not catching the murderer and thus preventing further deaths.
While GWB's foreign policy was not responsible for the attack it could have crippled the possibility of an effective response had it been indulged in for much longer. As it is GWB has largely been carried by Colin Powell and Tony Blair. That does not matter at the moment, however next time round we hope that the US will expect rather more of their Presidential candidates than he did not make an absolute hash of the debates. A Roosevelt, a JFK, a Churchill in the oval office would be very usefull right now.
Yea, because people are FORCED to upgrade everytime a patch is allowed.
I was in an SDMI meeting when that is precisely what was proposed. The drop dead codes would be encoded into CDs. The first time that the MP3 player saw the drop dead code it would set a switch so that it would only accept SDMI encoded MP3 files.
That was the first and last meeting with those loonies that I attended. The basic idea that they had was that I would spend several million dollars building security technology for them and they would pay me $0.10 per player until the royalties reached a certain point when they would buy my interest out completely for about $100K.
Hey, most people tend to appreciate my input on requirements analysis. That is probably why I am cited as contributing to umpteen RFCs.
Some of us have other things to do than build MP3 players, not because we don't want to but because there is only so much time in the day.
The whole idea of open source is that someone may well have built what you need already so why not share?
Someone may well get a kick out of building a dedicated Linux based MP3 appliance and uploading the source.
Of course if (as appears likely) you don't have to spend any time with a girl friend, or working, engaging in social activities or personal hygiene then you probaly have enough time to build every geek toy yourself.
Slashdot Mirror
The estimates reported by the BBC are a billion a year. The '100 billion' figure is the amount of corporate welfare the Republican party wants to ram through Congress under the pretense it is a stimulus package.
Before anyone gives these folk any more money they should be able to explain why the previous detectors went pop. Otherwise there is every chance the replacements will fail in exactly the same way.
$30 million is a pretty large chunk of change to lose. For the same money you could fund an awful lot of interesting Comp Sci research.
That is not what I said. I said that ICANN should specify the requirements they have for a DNS security infrastructure to secure the DNS and tell the IESG what they are.
The IETF has designed some good security protocols. It has also produced a lot of bad ones. They are not bad because they are insecure, they are bad because they don't meet the real requirements. PEM and MOSS being prime examples. IPSEC and DNSSEC both have clear usability problems that mean that they are not being used in practice for the purpose they were originally advertised as solving.
The second somewhat odd idea is that the whole scheme is costless and should be run by 'a non-profit corporation'. Why is it that people who are suggesting ways to make themselves rich always seem to think that everyone else should work for free?
In practice the cost of running a pay per view system would be much greater than 1 cent per page. Each payment transaction is by its nature statefull, maintaining state requires storage and CPU. Implementation of the system would be non-trivial. Cybercash invested tens of millions in their cybercoin system.
The privacy issues are very hard, as are the customer service issues as users deny visiting www.kinkyporn.ch etc. What most people do not seem to realise is that the more privacy the customer has the harder it is going to be to solve those customer relations problems.
The Chaum Patents are beautiful pieces of cryptography and commercially worthless. Digicash could never get the system to work for an economic transaction cost. There was in practice much less privacy than was claimed. Each transaction required a lot of CPU intensive processing. The patents were sold when Digicash went under for a very very large sum, I doubt that the purchasers will be willing to donate them to a non profit corporation.
The problem of fraudulent payment claims is definitely not solved by the suggestion in the Q&A. As with much of the rest of the proposal the suggestion is essentially 'magic happens here'. Yeah quite.
I also have difficulty believing that the author understands the issue of the banking regulations governing money transfers.
Micropayments might well happen, indeed they are probably likely. They will not be introduced through a non-profit corporation set up by a cartel of major web sites however. Nor will they be universal. Only a small number of sites have content that is worth paying for.
Because I don't want the audience to hear every pop crackle and whiz on the soundtrack when a bad splice goes through the projector.
Unless you are showing an absolutely new print the chances are that there will be splices that should be repaired. If you just dump the thing on a platter you are hoping that the last projectionist was competent.
In that case it's easy to discover and fix because the last guy who had the film supposedly left a frame on the head and the tail for the specific purpose of matching it up to the reel when that happens, right?
If the film still has its original headers...
I stand by my original statement. It is IMPOSSIBLE for any projectionist worth his rate of pay to show a movie where he doesn't know the film title before the picture is on the screen if he has set up the movie himself.
I don't think that that anyone was suggesting that. They were saying that the cans were sometimes mislabelled.
Look at the members of the ICANN board, look at the membership of the IESG and IAB over the past 10 years. Oh and look up Steve Bellovin's research interests.
I had meant to type 'DNSSEC' in the original in place of BIND. DNSSEC many not be the answer, if it was the answer maybe it would have taken less than ten years to deploy after the RFCs were written.
The main problem is that DNSSEC turned into a design for a general purpose PKI. As a result lots of features were added such as the NXT record that make deployment sticky. Also the nature of DNS lookups has changed drastically. TTLs are often measured in minutes rather than days as they once were. This means that the DNSSEC method of signing each RR individually is a very high overhead. The servers can do the siging offline, not so hot for the clients though which can have ten or more signatures to verify for a single lookup.
Well that is Bruce for you, he is kinda random. A while back he published a 'Schniergram' listing a whole rack of problems he had identified in IPSEC. Then after the group explained to him why he had entirely failed to understand the problem he didn't withdraw the paper, but it did disappear from the index on the counterpane site and kinda faded from view. Every so often someone reads back issues of cryptogram and rushes to the list to debate the issues raised by the 'expert'.
So when it comes to false alarms Bruce is not exactly whiter than the driven snow.
The balance between full disclosure and partial disclosure is very hard to draw. The problem is in large measure often on the side of the vendors. But security 'experts' are not always exactly blameless. Quite often the exploit scripts are written by people who have no connection with the discovery of the bug and after it has been acknowledged and is being worked on.
The basic problem is that the easiest method of getting press attention is to claim credit for the discovery of some security bug or other. 'Full disclosure' is often no more than a convenient excuse for being a media-whore. Those of us who are responsible for actually designing security systems do not in general spend much (or indeed any) of our time returning journalist's phone calls with nifty quotes.
You obviously haven't shown many re-run films then. First thing I would do as a projectionist is to cut off the leaders and trailers of every reel (except perhaps the last). Then I would spool them all onto a couple of 6000's and put the whole film onto the cake stand.
Almost all modern projection equipment is continuous loop these days. Where on earth would you be using a twin projector set up (especially when projectors and lenses cost more than a cake stand)?
It is far from unusual to get a film where the last projectionist switched the leaders on a couple of reels. On occasion you get a film with the headers from an entirely different film altogether.
Untrue, DNS is like www.whitehouse.gov under permanent attack. The article is based on a number of assumptions that are not true of all the root servers.
Steve Bellovin is somewhat inaccurate in his statement about BIND. While it is true that most of the Root servers run code that originated in BIND most of the heavy lifting is done by a few servers that sit on the fattest pipes that run a stripped code base. The code paths of that code base have at this point been as near to completely tested as anything gets.
The real problem is that most of the root servers are still maintained by the ad-hoc volunteer network of the 1980s Internet. As a result many of the 'root servers' are hosted on drinking straws rather than pipes.
There are 13 servers however and all have to go down to take out the Internet. Even then the effect would take some time to be felt. The root servers only manage the top level domains. These tend not to change very often and so the TTL on the root records can be made very long without causing operational difficulty.
A much more serious problem would be if someone brought up a fake root server. DNS does not provide authentication.
Rather than obsess about the code base problem ICANN should be either deploying BIND or telling the IETF the characteristics of the security protocol it really needs.
The 'anti-rip' technologies all work by exploiting bugs in the CDROM drivers that cause the ripping software to break. If the CDROM drivers start to break on large numbers of CDs then the manufacturers will be forced to fix them.
I suspect that Amazon and the like will find these CDs unecconomic to sell as the number of returns is going to be high. The CDROM driver bugs are not going to be unique to CDROMs. Expect Amazon to start pro-actively warning customers that certain CDs have a very high rate of return.
Council of Europe meetings are typically held behind closed doors and are usually attended by civil servants rather than ministers. Legislators sometimes attend but there is no democratic mandate and national parliaments do not consider COE decisions to be binding, in fact they are rarely even reported in the European press.
As a result the decisions made tend to be all things to all people. The decision will require legislation that considers X while also considering ~X.
European Union legislation is very different. EU directives are binding on the member states. But the voting rules are pretty complex and there is some democratic input in the form of the EU parliament. National parliaments still have to vote through the implementation legislation.
It does not take a degree in Nuclear Physics to know that the probability this turns out to be experimental error is way more than 1 in 400.
And don't pine on about getting a Phd, no one gives a shit if you wasted six years of your life at Mulligan College in Jerkwater, Missouri.
Oxford UK.
They were published in Physical Review Letters, you were published in Slashdot
Last time I bothered to look I had 30 publications in the likes of Physics Review Letters. They mean absolutely nothing.
If there is an experimental error the referee is not going to find it.
If they both used the same Monte-Carlo simulation or the same analysis package the potential for common failure is high.
There was a similar event that happened with the 19KeV Neutrino, two apparently independent experiments turn out to have used the same counter unit with a bizare temperature-dependent fault that causes lost counts in wierd circumstances.
As a former experimentalist in the field (they gave me the Phd so I couldn't be all that bad) I am not getting excited.
The problem is that the experiments are simply not accurate enough to jump up and down in celebration for such a miniscule deviation.
What I am really suspicious about is that the number of observations is much lower than expected. That can happen because you just missed some particles you should have seen.
You can have a deviation that is 'significant' at twenty or a hundred standard deviations and it can still be the result of experimental error rather than a flaw in the standard model.
Given the way the physicists write their programs I would not be at all surprised if this turns out to be no more than the result of a flaw in PAW or GEANT. A physicist will go off to beg congress for a billion dollars to four experiments on the same accelerator (e.g. LEP) so that each can cross check the results of the other. Then they will all share the same analysis programs even though they are known to be riddled with bugs. And don't start on about the Web, first off the Web code was not built on a twenty year old code base from the dawn of Fortran, second there were multiple versions of the code written from the very start. In 1992 there were 10 browsers and at least 5 Web servers.
The ability to wiretap is stated to be slightly more restrictive than the headlines suggest. The enabling act (aka PATRIOT bill) does not require the restrictions stated and the administration has made no commitment to observe the restrictions. All the administration has said is that it will wiretap in certain additional circumstances, it has not said it will not use the unlimited wiretap powers in the bill. So if you are a civil rights activist don't rely on the non-promises.
All in all the administration is making a pigs ear of the war so far. The Brits are pissed off because they can't land their SAS troops and start shooting some Taleban. The French, Germans and Italians are scarred that Bush will listen to the administration hawks calling for bombs to be dropped on Iraq, thus opening up a second front forcing the deployment of toops to protect Saud before the war in Afghanistan has even properly started.
Bush appears to be driven more by the need to win the election than the need to win the war. To win the war he needs to have the help of the muslim countries bordering Afghanistan. Israel is doing its best to force Bush to choose between support for Israel and support from Pakistan. Instead of slapping Sharon down for his trecherous behavior, Bush is dithering in the hope he can pick up the votes of the six members of the Israeli lobby who did not vote for Lieberman.
What we need to see is a bold stroke of leadership. Bush has a perfect opportunity to go for a raprochement with Iran, boosting the democratically elected moderates against the unelected mulahs. Offer to lift the sanctions in return for Iran opening its borders to the refugees. Get the Europeans to supply the necessary food from their EEC grain mountains.
Perhaps what they are concerned about is kids being coerced into praying to a christian God who aren't Christians?
The law protects religious activities that are genuinely student led. What it prohibits is the various subterfuges that have been used in the south to introduce coerced prayer. The courts did nothing to stop student prayer activities until the school boards started to create bogus 'student activities' to give cover for compulsory prayers.
"I didn't read the judgement but the reports of the judgement I read on slashdot said that the court decided Gates was the antichrist"
I read the judgement, as reported in most of the press it overturns the finding that integrating IE into windows was illegal tying.
Any written comments relating to such proposal and any responses by the United States thereto, shall also be filed with such district court and published by the United States in the Federal Register within such sixty-day period.
2) The act does not actually require responses to be listened to. All that is required is that they be published in the Federal Register.
3) The biggest problem with the government case is the behavior of the judge.
4) The second biggest problem is that the case the DoJ made in the trial is not the one made out on Slashdot.
5) The appeals court reversed substantial parts of Jackson's 'findings of fact'. In particular they rejected the view that they were bound to consider a statement to be a statement of fact and not a conclusion. As a result Jackson's findings of fact mean very little because most of the findings slashdotters are enjoying are conclusatory opinions that would not have been binding on the new judge in the retrial.
Somewhere along the line the DoJ was captured by Sun, Netscape et. al. The legitimate case against the MSFT licensing arrangements was not given anywhere near the attention it deserved in the trial. Instead the DoJ case was largely made on the basis of Netscape's view of the injustices Netscape felt had been done to them.
It is not surprising then that the remedy is not what many on Slashdot would want. The DoJ did not bring a case against MSFT integrating the Web browser APIs deep into the operating system. In fact the DoJ explicitly denied that it was doing so because by doing so it could claim that MSFT was lying when it said it could not remove IE from the O/S. As a result we now have a court rulling that requires the user to be able to remove the IE user interface application but not the dlls it calls. The IE platform is absolutely untouched by the settlement.
Your experience of computing is obviously not great enough to make that type of attack.
I have six systems from various sources that are post 96 that require the BIOS to be programmed for the disk geometry. One of those systems has an Intel motherboard so it is hardly an obscure problem.
The BIOS does have an 'auto-config' setting. However the damn thing does not work. Instead of reading out one set of geometry settings and using it the BIOS allows cylinders to be traded for tracks and vice versa.
This is kinda a strange way of looking at the problem. It is not as if changing the config file changes the geometry of the disk!
What is really going on here is that there is a bizare set of hacks where we tell the BIOS some lies about the disk geometry so that it can use a disk that was somewhat larger than the largest availble when the machine was made.
My 1996 machine has a providence motherboard which was designed for use in servers. The auto-config only works on a 3.5" disk smaller than about 20Gb. Above that point the number of cylinders goes above 65536 and some BIOS field overflows.
Now this may constitute 'auto-config' for geeks but it certainly does not in my book, it means that I have to spend time fixing machines that should not need fixing.
20Gb was larger than the disks that were common when the machine came out (just), but it was pretty obvious that this was a very short term issue. I had a 6Gb disk in the machine when I bought it and had swapped that out for a 12 pretty soon after.
A large part of the problem is that the disk drive manufacturers used one kludge after another to extend the IDE spec for another 18 months or so. Instead of fixing the basic problem they did things like saying 'blocks are now 4 times the amount of data they were before'.
The real advance here is that the disk drive weenies have at last realised that they need to come out with a real fix for the 'big drive' problem and not yet another temporary measure.
Despite the fact that hard drives have increased from 5 Mb storage to 100Gb over the past 20 years the disk drive manufacturers have time after time proposed new interface standards that have been obsolete within a couple of years of their introduction.
Remember the 2Gb barrier? Today we are rapidly approaching the 128Gb barrier.
What annoys me is that the disk drive manufaturers seem to be unable to comprehend the idea of 'automatic configuration'. Why should I have to spend time telling my BIOS how many cylinders and tracks my drive has? I have a couple of older machines with somewhat wonky battery backup for the settings, every so often the damn things forget what size their boot disk is. Like just how many days would it take to define an interface that allowed the BIOS to query the drive about its own geometry?
Of course in many cases the figures you have to enter into the drive config are fiddled because the O/S has some constraint on the size of drives it handles.
We probably need a true 64 bit Linux before people start attaching Petabyte drives for real. For some reason file systems tend to be rife with silly limitations on file sizes etc.
Bit saving made a lot of sense when we had 5Mb hard drives and 100kb floppy drives. It does not make a lot of sense to worry about a 32bit or 64 bit file size field when we are storing 100kb files.
If folk go about modifying Linux, please don't let them just deal with the drives of today. Insist on at least 64 bits for all file size and location pointers.
We are already at the point where Terrabyte storage systems are not unsusual. Petabyte stores are not exactly commonplace but there are several in existence. At any given time there are going to be applications that take 1000 odd of the largest disk available in their day. Today that means people are using 100Tb stores, it won't be very long before 100Pb is reached.
It would make a very cool MP3 player, it has a type II compact flash so you can put ye old IBM microdrive in it.
Would be somewhat more interesting with some sorta wireless capacity. I guess that the modems for Pocket PC should work OK (with possible driver tweakage)
Might well cut into the palm user base quite quickly
It is quite possible that whatever compatibility box is run to allow creeky Win95 programs to still work would slow the system.
It is also quite possible that the hardware used was running Win98 drivers under XP which is going to cause a performance hit.
Most likely however is that the benchmarks don't measure the things XP is optimized for. XP is a personal user O/S. As such you would expect the apparent speed of the O/S to be optimized rather than the actual time taken to run compute heavy Excel spreadsheets.
A more reasonable test would be to measure the speed of running Quake or Civ III on the two platforms.
I don't much care about the speed of the machine, what I really care about is the amount of time I spend waiting while the machine is busy. My main frustrations with both X-Windows and MS Windows are the times when I am waiting for the window manager to catch up with what I am doing.
I don't much care about tasks that normally take 5 minutes taking 6 minutes. But I do care about a popup box responding in 100ms rather than 10 seconds. I do care about the times when the UI freezes because some application has locked some resource it has no business messing with.
That said, the benchmark will no doubt be used in the usual highly partisan manner to 'prove' that Linux is best on the basis of a comparison between two versions of windows. After all the weenie faction did (and are) doing exactly that last week when Amazon moved from Compaq Tru64 to Linux
If the document was published deliberately a more realistic motive would be to signal that MSFT does not consider Sun to be a threat because OSS is going to kill it.
He isn't a very good journalist either. What he really is is a pundit, he has an opinion about everything and is paid to write about it. Unfortunately it is not very easy to make sense of what Katz writes and the effort is never repaid in any great or deep insight.
If you read the works of good journalists (try the London or New York Times) they are able to make coherent, well reasoned arguments.
What makes you so sure? I'd have said it takes a lot more weapons and followers. Look at the Taliban. I'm not saying they're stupid, but they got to their position of power after being trained by the US.
The Taleban are far from representative of leaders of the third world. I have met the Prime Ministers and Presidents of many countries and most of them are actually pretty sharp intellectually. The exceptions tend to have inherited the position.
I have not met any of the Taleban leaders. However they do appear to be determinedly ignorant fanatics rather than incredibly stupid fanatics. Their main problem is that they have wound up believing their own propaganda. They have been telling each other that the West is weak, soft and stupid. So they think that we don't know that the Taleban were up to their necks in the WTC plot as deep as Bin Laden. They think that after dropping a few bombs we are going to drift away. They are about to get a nasty shock.
But then your exact stance is very vague
You mean that my ideas do not follow from some pre-canned ideological position so you can file it away as pro-US or anti-US? I am an analyst, not a courtier. If fools want to surround themselves with advisers that only tell them what they want to hear, then best not ask me for advice. The small number of people who do seek my advice are highly influential.
There are two dimensions to the analysis of US policy, first is the ethical, second is the pragmatic. Has the US policy towards Afghanistan been unethical? Clearly not, we have not intervened to save the country from itself, but there was no moral obligation to do so and certainly little the US or the West could have done to make the situation better.
On the pragmatic side, has US policy in the gulf region been perfect? Clearly not, we allowed the loonies to murder 5000 civilians. There was a failure of US foreign policy.
If you have a serial killer on the loose and the police fail to catch him you can hold the police chief responsible for not catching the murderer and thus preventing further deaths.
While GWB's foreign policy was not responsible for the attack it could have crippled the possibility of an effective response had it been indulged in for much longer. As it is GWB has largely been carried by Colin Powell and Tony Blair. That does not matter at the moment, however next time round we hope that the US will expect rather more of their Presidential candidates than he did not make an absolute hash of the debates. A Roosevelt, a JFK, a Churchill in the oval office would be very usefull right now.
I was in an SDMI meeting when that is precisely what was proposed. The drop dead codes would be encoded into CDs. The first time that the MP3 player saw the drop dead code it would set a switch so that it would only accept SDMI encoded MP3 files.
That was the first and last meeting with those loonies that I attended. The basic idea that they had was that I would spend several million dollars building security technology for them and they would pay me $0.10 per player until the royalties reached a certain point when they would buy my interest out completely for about $100K.
Hey, most people tend to appreciate my input on requirements analysis. That is probably why I am cited as contributing to umpteen RFCs.
Some of us have other things to do than build MP3 players, not because we don't want to but because there is only so much time in the day.
The whole idea of open source is that someone may well have built what you need already so why not share?
Someone may well get a kick out of building a dedicated Linux based MP3 appliance and uploading the source.
Of course if (as appears likely) you don't have to spend any time with a girl friend, or working, engaging in social activities or personal hygiene then you probaly have enough time to build every geek toy yourself.