I wrote a piece of code in just a weekend that emulates the functionality of Carnivore. Because it was a rush job, I wouldn't call it particularly artful, but one of the "artful" things is that it compiles on Linux, Solaris/SPARC, and Windows (yes, Windows) with identical functionality but no platform-specific #ifdefs.
The reason I think this is artful is that people tend to write code that runs only in their own platform. The fast majority of Linux code I see will not compile/run on a Solaris/SPARC system. Likewise, the Solaris/SPARC code rarely runs on Linux. Throwing Windows into the mix makes things even tougher.
For example, one of the chief problems is that the old *(int*)p problem. If you are lucky, you simply get a byte-swapped value; if 'p' is unaligned, your program will actually crash (it's a RISC thing).
When deal with external data structures (network protocols, binary files), most programmers think it is "elegant" to map structures on top of pointers. In reality, it is one of the most evil/ugly things you can do to code. One of the prettier pieces of code I've seen recently actually had a comment/*struct are for weenies*/ (meaning the structure-mapping process, not internal data structures). Dealing with such data one byte at a time sure look ugly to the uninitiated, but it really is the prettiest way.
In any case, one of the reasons I'm posting this is because I don't post much open source, and therefore don't know much about what other people find ugly. I would be interested in hearing your comments about the source on www.altivore.com. Please send e-mail to altivore-comments@robertgraham.com.
One of the problems with the American education system is that nobody steps back and asks "why are we doing this?". There is this intertia that causes us to go blindly forward because this is what we've always done.
This is why so many "geeks" feel oppressed by the American education system. The ruling principle is that students won't learn information unless it is force-fed to them (the image I'm trying to get at is the geese who have corn shoved down their gullets in order to get those englarged fatty livers for patte-de-foi gras). These virtual classrooms are just an extension of the force-feeding principle.
An example of this is the American principle that we should teach students how to think rather than teach them facts. Geeks think differently, and therefore get oppressed. For example, I failed numerous math tests in high-school because I solved the math problems in ways other than was tought by the instructor. In college, I had to spend several hours proving to my instructor not only that my lab experiment calculating the Thevinen resistance was correct, by that my method produced creater accuracy. (I still only got a "C" on the experiment).
Virtual classrooms are just an extension of this. Rather than giving children a list of what to learn an resources to do it (taped presentations, books, discussion e-mail lists, etc.), people instead create virtual classrooms where people have to sit down at fixed times and watch live video feeds from the professors.
The reason I try to get back to first-principles here is that there is a lot within the education system beyond the subject matter. Schools are where children learn to interact with other people. The social interaction on the playground is every much as important as what happens in the classroom.
Therefore, this distant learning crap fails on all counts. Emulating the classroom is even more oppressive than having no classroom, and not having social interaction for children is even worse.
In Hitchhiker's Guide the the Galaxy, the computer was asked to calculate the Answer to life the universe and everything. After 10 million years, the computer came up with the answer: 42.
The problem, the computer explained, is that nobody figured out what the question was.
Wireless is the same way. You've calculate that the answer is "wireless", and you haven't figured out what the question is. I've noticed other posters have been describing AirPort/802.11, HomeRF, Bluetooth, CDMA, and 3G, though none of these services has the slightest relation to the wireless you are talking about.
The problem with maxlink is that nobody wants a wireless ISP -- they just want a normal ISP. They don't care if the ISP uses a wire or not. There are some cases (Ricochet, CDMA) where ROVING is important (and then wireless is natural). The question with maxlink is: is it a good ISP? If you are asking if it is a good wireless ISP, then you are asking the wrong question.
You may be concerned that customers might be afraid of adopting wireless technologies vs. traditional technologies. Again, that really isn't the question. Customers are afraid of unproven technologies. If you were using some weird wired scheme, then customers would still be afraid. For example, some companies are dropping fiber to the home. Most customers will stick with the proven older DSL rather than take the risk of unproven fiber. In other words, customers might be afraid of your technology, but it isn't because it is "wireless", only because it is different.
BTW, a lot of wireless technologies can easily be sniffed (eavesdropped, wiretapped), despite assurances by vendors. I wouldn't use it unless I was able to thoroughly review the technology.
The cool thing about these moons is that they are really far away from Saturn. Mercury is is only 36-million miles from the Sun, which means it is only 4 times as far from the Sun as these moons are from Saturn (9-million miles).
On the other hand, this points to the continuing problem in astronomy that the more things we discover, the harder it becomes to clearly classify them. It's the dimpled chad of the solar system. We aren't quite sure if Pluto is a Kuyper object or a planet. It probably isn't going to be clear whether these objects are true "moons" or simply temporarily captured astroids. I'm sure we'll see more exact measurements and simulations that will attempt to determine if their orbits are stable.
One of the biggest problems in the Bay Area is that riches are pretty much random: two people might sign up for the same job within a few weeks of each other, one becomes an multimillionaire while the other's options become worthless.
This has created a huge amount of discontentment among those that somehow failed to attain the riches of their neighbors. A lot of complaints are simply because of this reason. As an example, a number of people make the comment that rich people buy flashy cars. Actually, the reverse is true. I don't know of anybody with a car payment. Whereas elsewhere in the country people try to buy the most expensive cars possible as part of this dominance-games thing, people in Silicon Valley tend to buy relatively cheap cards. By that, I mean, they buy a BMW 535i for $50k rather than a Ferrari at $200k. It's just that when you are spending $2k/month on a 1-bedroom apartment, the BMW doesn't look all that expensive. It's just that other people who didn't luck into options will find that to be a "flashy" car.
Nine out of every ten startups will fail, the tenth one will make you pretty rich. You can't know ahead of time which is which. If you want to come to the Bay Area, you've got lots of startups to choose from; they'll gladly hire you. However, if you will become bitter and unhappy because after ten years you still aren't fabulously wealthy, then you probably shouldn't come.
Silicon Valley is no more different than any other high-tech area. It is a bit more concentrated, and a bit less structured, but there is no great religious experience awaiting anybody here. As they say in Star Wars: the only thing here is what you bring with you. Personally, I spend more time on the Internet than I do physically in the valley, so it makes little difference to me.
In any case, these anthropologists remind me of JohnKatz: they can hear the words spoken by the geeks, but they cannot understand the meaning. They try to repeat the words, but it seems disjointed. They think that technology is a religion/politics/etc. when it isn't. However, technology gives you a view into the human condition that other's cannot see. (I.e. the voting problems in Florida are clearly a failure of technology and have nothing to do with "the will of the people" or the electoral college). Since other's cannot see this perspective, they think it is some religious fervor; it isn't.
First of all, note that every single review has been comparing the P4 against an Athlon with the AMD760 DDR chipset -- which isn't available yet. Yes, if you compare one vendors released product to another vendors unreleased product, things won't look all that good.
Of course, in many cases the Pentium4 still doesn't look all that good compared to even the released Athlon and PentiumIII solutions, but there is another explanation. Remember that is is an entirely new architecture -- they always look bad when they first come out. Remember the PentiumPro? On one hand, it was faster than all the RISC CPUs of the time. On the other hand, it was getting beat by the vanilla Pentium in Windows 16-bit benchmarks.
The same thing applies, here. Take the RC5 benchmark where the Pentium4 is a lot slower than the PentiumIII. RC5 has been hand optimized for every single popular CPU architecture. Of course it looks bad on the Pentium4, because hand optimizations aren't available for it. Give it a few months for optimizations appear then see how well it runs. The same story goes for the SSE2 optimizations.
Also noticed what happened with RAMBUS. The i850 chipset isn't all that different from the i840 (the PentiumIII's dual-RAMBUS chipset), yet the i850 has dramatically higher memory scores. Intel decided to go with RAMBUS for the Pentium4, and designed the the new CPU around RAMBUS. In particular, the CPU is designed to have multiple outstanding requests to the memory subsystem, a feature supported by RAMBUS but not by SDRAM. This means that the PentiumIII can never take advantage of RAMBUS. It is even possible that these multiple outstanding transactions will allow the Pentium4 to show LOWER latency than a PentiumIII/SDRAM solution. (Oh, and the 400MHz bus improve absolute bandwidth as well:-).
In short: if I were buying a computer today, I'd go for an Athlon (or dual-PentiumIII). However, I bet 6 months from now, I'd probably be looking at the Pentium4.
(PS:...and of course, I think Intel DID make tradeoffs for meaningless MHz increases for marketing reasons.)
Of course not all fingerprints are identical. This fact is not in question. The problem is that not all fingerprint MEASUREMENTS are identical, either. This is a standard "signal-to-noise ratio" problem.
This is easily verified with standard scientific practices. Grab 10,000 people and give them a metal ball and have them handle it for awhile (without telling them why), then grab clear fingerprint impressions. Give the balls to examiners whose job it is to grab as many fingerprint impressions as they can. Put all this into a database, then start pulling out fingerprints and having examiners match them up.
What is the error rate whereby fingerprints were matched incorrectly?
As I see it, the real problem is that people can only think in black or white. The focus of this little question has been if fingerprints are unique or not. The average person isn't mentally equiped to think in terms of "How unique are they?", a vast grey area. Science can never answer black-vs-white questions, but they can certainly measure grey.
The two big problems in CGI have been clothing and hair. This is why Pixar created the animated short "Geri's Game": it showed off some impressive new clothing algorithms, though they still couldn't do the hair right. However, I've seen the preview to Pixar's next movie that includes a hairy monster: the hair is amazing.
The problem with clothing is that different fabrics "hang" differently. Apparently, this is a big issue in the clothing industry and determines why clothing designers choose different fabrics for different outfits: it isn't just how the fabric looks, but how it behaves. The computer has to emulate the performance of the cloth not just in terms of how it behaves at vertices and how it stretches, but also how it behaves along with gravity. If you look in "Geri's Game", notice how the clothing folds. The designers had to emulate not just the person's body, but the structure of clothing on top of that body (until now, clothing has always been animated along with the body). Don't even get me started on the problems of textures.
In essence, the problem is very, very difficult. It is not so much a question of computing power; we are still working on how exactly to model it in the first place.
First and foremost use encryption. I use Win2k's Encrypted Filesystem and Bestcrypt (backups are in a Bestcrypt container that I write to a CD-ROM). PGP stuff is also good, though harder to use.
Secondly, consider a desktop firewall. Consider a CEO that is on an Ethernet switch along with other employees on the same switched backbone. There is probably zero chance that remote exploits against the desktop will ever be monitored. Many companies put armor around servers but leave such desktops wide-open. An amazing number of corporate desktops have File and Print Sharing enabled or can easily be compromised by a Trojan.
Finally, I also "honeypot" my system. This is a little esoteric, but I've configured Outlook to check a number of e-mail accounts. One of those accounts I've saved the password in the registry and it goes of to check a POP account on a special system. That system is triggered to notify me when anybody but me logs in to read mail. (The password is saved in exactly a location that many Trojans will look for). This is a little esoteric for most people, though.
(Disclaimer: the company I work for makes a popular remotely-managed desktop firewall/IDS combo).
Network ICE != Black Ice Software
on
MAPS Sued Again
·
· Score: 2
Just to clear this up, these are different companies. Network ICE has nothing to do with this.
Black Ice Software != Network ICE
on
MAPS Sued Again
·
· Score: 4
Black Ice Software is in no way related to Network ICE, the maker of a technology we called "BlackICE", a network-based intrusion countermeasure system.
Moderators, please moderate this up. I've seen a couple of posts that have confused this issue. I think it is important to know the difference.
Robert Graham
CTO/Network ICE
PS: It appears that Black Ice Software isn't using our BlackICE product, which of course would warn them that their e-mail servers are forwarding spam:-)
Accounting is a funny business. As a founder of a company, I've had to deal a lot with similar tax issues. Since I'm not an accountant, I've found the best way to understand this murky business is to believe in one fundamental law: the conservation of taxes. You can shift money around, but no matter what you do, you will end up paying taxes on it.
In the case of Cisco, they have pushed the tax burden from themselves onto their employees. Moreover, as a result of this, MORE taxes are being payed. Cisco employees are taxed at the top bracket for personal income taxes whereas Cisco gets taxed at a lower corporate rate.
Remember that news organizations present you with the Blue Pill: the story you want to believe in. In this case, it is that big bad corporations aren't paying taxes. The Red Pill is that taxes are indeed being paid. Trust me: if the IRS isn't up in arms over this issue, then you have nothing to worry about.
However, there are controversial issues surrounding this debate. The important one is that Cisco is operating their business at a loss, and has been for years as their stock goes up. From a certain set of accounting principles, you can prove that Cisco has never made a profit but has instead lost billions of dollars year after year. Moreover, roughly 15% of its value is owed to employees who own stock options. As an investor, you should understand the implications of this. Most investors don't, and are just keep piling money into this pyramid/tulip scheme.
From another perspective, maybe this doesn't matter. Almost identical accusations were made about Microsoft 10 years ago with proofs of how the entire house of cards was ready to collapse. I listened to the doomsayers then, much to my chagrin.
I have no idea where Dell got its numbers. I maintain a website whose primary server runs on a Celeron 400, 128M RAM, and an IDE hard-drive using NT4/IIS4. It gets roughly 600,000 hits/day, and is only "lightly" loaded.
But of course, these are small static web-pages that are mostly cached in RAM. I'm pretty sure any web server could match its performance (it is less than 300kbps).
Back in the 1800s, Nietsche proposed the idea of an uebermensch who had the sensitivity and intelligence to rise above the daily petty lives of normal men. This entire "who has the fast web server" is one of those petty squables. The fact is that each is fastest in its own way. If you want to prove how good your OS/httpd compared to the other OS/httpd, then you'll certainly have enough statistics to back you up. So will the other side. The only way to win the war is not to fight it.
DELL was almost certainly quoting a specific test, possibly one tha compared dynamic content generation between Apache+CGI vs. IIS+ISAPI (CGI sucks vs. almost any alternative).
I'm the author of Altivore and a long time sniffer user. The RFP was for a "technical" review to validate that Carnivore captures only the data allowed by the court order. Yet reading the resumes of the members of your team, I don't see anybody with sufficient techical experience in sniffing technologies.
Packet reassembly and state-based protocol analysis are critical to the minimization function. My believe is that Carnivore is essentially stateless, just like my own Altivore. I can create real-world scenarios where Altivore fails the minimization test. Sure, they occur less than 1% of the time; I don't know how that fits within the law. However, software can be written to meet minimization requirements 100% of the time (e.g. BlackICE does this for detecting cr/hacking).
My question is: will a sniffing expert be analyzing the packet reassembly and protocol analysis part of the source code in order to validate that Carnivore captures all the data authorized by the court order, but no additional data? Moreover, is there really somebody on your team that understands even what I'm talking about?
There are lots of solutions for sniffing. Most IDSs will allow you to do this: simply specify a "rule" in the IDS, and it will trigger when it sees the "watermark". The freeware Snort is going to be the cheapest, or you could try a commercial product like BlackICE Sentry.
Watermarking is pretty easy: create a special template that everyone should base confidential files on. Put some hidden strings within the template.
Of course, you'll need to learn a little bit more about IDSs like Snort and Word templates, but I've done things like this in the past and it does work.
You can't avoid lawsuits in America; don't pretend there is a magic pill that will solve your problems. As for monitoring e-mail, there are no good standards yet. You cannot monitor all e-mail, but if an employee comes to you with a harassment complaint, you had better be prepared to start monitoring the offender's e-mail.
You could also roll your own using the open-source "mailsnarf" program. It is also pitifully easy to build the same thing from scratch.
The beta of the next version of BlackICE Sentry (from Network ICE) has Carnivore features built in. Administrators can configure "from" or "to" patterns to capture e-mails to the disk in mbox format. It can keep up with full-duplex 100-mbps connections, so you can tap into links between switches. This version runs on Linux, Solaris, or WinNT. It costs $5000, though.
We've already started re-writing our Windows app into Java for Linux, Solaris, Windows, and MacOS X. Java is definately NOT "write-one-run-anywhere", but it should be close enough.
(Actually, it is made easier by the fact that we've been writing our code in a style ammenable to Java, so we can actually PORT much of the code rather than rewrite. A hint for those porting C/C++ to Java: don't do pointer arithmetic.).
Another alternative is HTML. A lot of database-based applications would be beta off done with HTML frontends. For example, our bug tracking database is simply an HTML frontend thrown onto a database backend.
Standards are neither enforced or monitored; they are adopted.
This concept doesn't go over well in a geek community like/. where people have pathological fear of authority, but the way the real world works is that authority doesn't really exist. The question presumes the existance of an authority capable of monitoring/enforcing standards compliance. Such authority doesn't exist (except in small domains).
Thus, you are free to implement something like TCP/IP in any way you like. The only problem is that if you want to actually communicate on the Internet, you should probably follow the spec.
In other words, ultimate you must monitor your own compliance.
This issue is important because lots of peole try to use standards bodies in order to pursue political agendas. People have the mistaken impression that if an official organization like the ISO puts their stamp of approval on something, then everyone must adopt it. You can look at the failed ISO/OSI protocol suite for an example of where this failed: they created a standard for something that nobody wanted to implement, and thus the standard failed. The authority is powerless to coerce its members to follow its guidelines.
Another example is the word "hacker" vs. "cracker". Many geeks have the mistaken impression that a dictionary has authoritative powers; it doesn't. Instead, it is a coorperative effort. The dictionary writers attempt to monitor how words are used and understood, then write that information down in a book. When people hear a word they don't understand, they read the book in the hopes of discovering what the speaker meant. Conversely, if somebody is using a word "incorrectly", the dictionary will tell them why people are misunderstanding what the speaker is saying. In other words, the dictionary doesn't tell the speaker that they are wrong; only that their audience understands something different than what they intend to convey. If the speaker doesn't care about being understood, then they can use any meaning they want.
Coercion to follow standards that people ultimately don't want to follow always leads to failure. For example, trying to coerce the non-technical crowd to adopt the word "cracker" or "wormer" are doomed.
I've been working with a number of DSL providers. I can tell you from first hand exerience that Flashcom bites. They are already a month late on installing our line. The line is sorta in and the modem in our premise, but the basic problem is that nobody on their end can figure out how to get it to work.
The main e-mail server for the company I work for uses Linux on a 486-66MHz/24M RAM/250M disk, which is close to the specs of this box. I know lots of other companies that still have the odd 486 around doing file service, print service, etc.
In other words, you really can make production servers out of this class of a box.
I believe that nobody influenced me as a child (each of my parents refuses to take responsibility, claiming that I was raised by the other:-). But thinking things through, I must admit that HHGttG did fundamentally alter my thinking in a zen-like fashion. From the koan of the Answer=42, the social-engine ering hack of knowing where your towel is, to the self-awareness that my unease that something important is going on that I'm not aware of is just natural paranoia (everyone has that). I mean, the majority of readers of Slashdot have extreme paranoia about the role of government/big-business/big-religion ruling our lives, but your description of who really runs the galaxy gives me a much more laid back attitude.
It seems that you just tossed out the most outrageous things you could think of, and are amused that people read more into it than is there. But, can you cite any philosophical influences of your work? Zen? Nietsche?
Two years ago, when developing a beta version of a product, I put a feature whereby the product would encode the IP and user name in a DNS request and did a lookup on it. (The beta did have splash screen clearly stating the product would contact our website).
I still have the source code for the little DNS server I wrote that received and decoded that traffic back into its consitituent components. I'll sign an affidavit if need be.
BTW, as a hacker, I've already found several ways of breaking this scheme after a few moments of trying. (Heck, one of the flaws I already solved in my implementation mentioned above; stupid of them). Therefore, you can attack the patent. Their implementation is still rough, so simply find flaws in it and patent the solutions ($500). When they fix their implementation, sue 'em.
No, 7val.com is correct. This is a common misconception, and indeed many DNS servers follow this misconception. (i.e. if you choose a name starting with a digit, some DNS servers will not be able to resolve the name).
Goto Network Solutions and attempt to register any name starting with a digit. Indeed, the name could be completely digits (i.e. 411.com). However, try to begin a name with a dash; you'll see it doesn't work.
Slashdot Mirror
The reason I think this is artful is that people tend to write code that runs only in their own platform. The fast majority of Linux code I see will not compile/run on a Solaris/SPARC system. Likewise, the Solaris/SPARC code rarely runs on Linux. Throwing Windows into the mix makes things even tougher.
For example, one of the chief problems is that the old *(int*)p problem. If you are lucky, you simply get a byte-swapped value; if 'p' is unaligned, your program will actually crash (it's a RISC thing).
When deal with external data structures (network protocols, binary files), most programmers think it is "elegant" to map structures on top of pointers. In reality, it is one of the most evil/ugly things you can do to code. One of the prettier pieces of code I've seen recently actually had a comment /*struct are for weenies*/ (meaning the structure-mapping process, not internal data structures). Dealing with such data one byte at a time sure look ugly to the uninitiated, but it really is the prettiest way.
In any case, one of the reasons I'm posting this is because I don't post much open source, and therefore don't know much about what other people find ugly. I would be interested in hearing your comments about the source on www.altivore.com. Please send e-mail to altivore-comments@robertgraham.com.
This is why so many "geeks" feel oppressed by the American education system. The ruling principle is that students won't learn information unless it is force-fed to them (the image I'm trying to get at is the geese who have corn shoved down their gullets in order to get those englarged fatty livers for patte-de-foi gras). These virtual classrooms are just an extension of the force-feeding principle.
An example of this is the American principle that we should teach students how to think rather than teach them facts. Geeks think differently, and therefore get oppressed. For example, I failed numerous math tests in high-school because I solved the math problems in ways other than was tought by the instructor. In college, I had to spend several hours proving to my instructor not only that my lab experiment calculating the Thevinen resistance was correct, by that my method produced creater accuracy. (I still only got a "C" on the experiment).
Virtual classrooms are just an extension of this. Rather than giving children a list of what to learn an resources to do it (taped presentations, books, discussion e-mail lists, etc.), people instead create virtual classrooms where people have to sit down at fixed times and watch live video feeds from the professors.
The reason I try to get back to first-principles here is that there is a lot within the education system beyond the subject matter. Schools are where children learn to interact with other people. The social interaction on the playground is every much as important as what happens in the classroom.
Therefore, this distant learning crap fails on all counts. Emulating the classroom is even more oppressive than having no classroom, and not having social interaction for children is even worse.
The problem, the computer explained, is that nobody figured out what the question was.
Wireless is the same way. You've calculate that the answer is "wireless", and you haven't figured out what the question is. I've noticed other posters have been describing AirPort/802.11, HomeRF, Bluetooth, CDMA, and 3G, though none of these services has the slightest relation to the wireless you are talking about.
The problem with maxlink is that nobody wants a wireless ISP -- they just want a normal ISP. They don't care if the ISP uses a wire or not. There are some cases (Ricochet, CDMA) where ROVING is important (and then wireless is natural). The question with maxlink is: is it a good ISP? If you are asking if it is a good wireless ISP, then you are asking the wrong question.
You may be concerned that customers might be afraid of adopting wireless technologies vs. traditional technologies. Again, that really isn't the question. Customers are afraid of unproven technologies. If you were using some weird wired scheme, then customers would still be afraid. For example, some companies are dropping fiber to the home. Most customers will stick with the proven older DSL rather than take the risk of unproven fiber. In other words, customers might be afraid of your technology, but it isn't because it is "wireless", only because it is different.
BTW, a lot of wireless technologies can easily be sniffed (eavesdropped, wiretapped), despite assurances by vendors. I wouldn't use it unless I was able to thoroughly review the technology.
On the other hand, this points to the continuing problem in astronomy that the more things we discover, the harder it becomes to clearly classify them. It's the dimpled chad of the solar system. We aren't quite sure if Pluto is a Kuyper object or a planet. It probably isn't going to be clear whether these objects are true "moons" or simply temporarily captured astroids. I'm sure we'll see more exact measurements and simulations that will attempt to determine if their orbits are stable.
This has created a huge amount of discontentment among those that somehow failed to attain the riches of their neighbors. A lot of complaints are simply because of this reason. As an example, a number of people make the comment that rich people buy flashy cars. Actually, the reverse is true. I don't know of anybody with a car payment. Whereas elsewhere in the country people try to buy the most expensive cars possible as part of this dominance-games thing, people in Silicon Valley tend to buy relatively cheap cards. By that, I mean, they buy a BMW 535i for $50k rather than a Ferrari at $200k. It's just that when you are spending $2k/month on a 1-bedroom apartment, the BMW doesn't look all that expensive. It's just that other people who didn't luck into options will find that to be a "flashy" car.
Nine out of every ten startups will fail, the tenth one will make you pretty rich. You can't know ahead of time which is which. If you want to come to the Bay Area, you've got lots of startups to choose from; they'll gladly hire you. However, if you will become bitter and unhappy because after ten years you still aren't fabulously wealthy, then you probably shouldn't come.
Silicon Valley is no more different than any other high-tech area. It is a bit more concentrated, and a bit less structured, but there is no great religious experience awaiting anybody here. As they say in Star Wars: the only thing here is what you bring with you. Personally, I spend more time on the Internet than I do physically in the valley, so it makes little difference to me.
In any case, these anthropologists remind me of JohnKatz: they can hear the words spoken by the geeks, but they cannot understand the meaning. They try to repeat the words, but it seems disjointed. They think that technology is a religion/politics/etc. when it isn't. However, technology gives you a view into the human condition that other's cannot see. (I.e. the voting problems in Florida are clearly a failure of technology and have nothing to do with "the will of the people" or the electoral college). Since other's cannot see this perspective, they think it is some religious fervor; it isn't.
Of course, in many cases the Pentium4 still doesn't look all that good compared to even the released Athlon and PentiumIII solutions, but there is another explanation. Remember that is is an entirely new architecture -- they always look bad when they first come out. Remember the PentiumPro? On one hand, it was faster than all the RISC CPUs of the time. On the other hand, it was getting beat by the vanilla Pentium in Windows 16-bit benchmarks.
The same thing applies, here. Take the RC5 benchmark where the Pentium4 is a lot slower than the PentiumIII. RC5 has been hand optimized for every single popular CPU architecture. Of course it looks bad on the Pentium4, because hand optimizations aren't available for it. Give it a few months for optimizations appear then see how well it runs. The same story goes for the SSE2 optimizations.
Also noticed what happened with RAMBUS. The i850 chipset isn't all that different from the i840 (the PentiumIII's dual-RAMBUS chipset), yet the i850 has dramatically higher memory scores. Intel decided to go with RAMBUS for the Pentium4, and designed the the new CPU around RAMBUS. In particular, the CPU is designed to have multiple outstanding requests to the memory subsystem, a feature supported by RAMBUS but not by SDRAM. This means that the PentiumIII can never take advantage of RAMBUS. It is even possible that these multiple outstanding transactions will allow the Pentium4 to show LOWER latency than a PentiumIII/SDRAM solution. (Oh, and the 400MHz bus improve absolute bandwidth as well :-).
In short: if I were buying a computer today, I'd go for an Athlon (or dual-PentiumIII). However, I bet 6 months from now, I'd probably be looking at the Pentium4.
(PS: ...and of course, I think Intel DID make tradeoffs for meaningless MHz increases for marketing reasons.)
This is easily verified with standard scientific practices. Grab 10,000 people and give them a metal ball and have them handle it for awhile (without telling them why), then grab clear fingerprint impressions. Give the balls to examiners whose job it is to grab as many fingerprint impressions as they can. Put all this into a database, then start pulling out fingerprints and having examiners match them up.
What is the error rate whereby fingerprints were matched incorrectly?
As I see it, the real problem is that people can only think in black or white. The focus of this little question has been if fingerprints are unique or not. The average person isn't mentally equiped to think in terms of "How unique are they?", a vast grey area. Science can never answer black-vs-white questions, but they can certainly measure grey.
The problem with clothing is that different fabrics "hang" differently. Apparently, this is a big issue in the clothing industry and determines why clothing designers choose different fabrics for different outfits: it isn't just how the fabric looks, but how it behaves. The computer has to emulate the performance of the cloth not just in terms of how it behaves at vertices and how it stretches, but also how it behaves along with gravity. If you look in "Geri's Game", notice how the clothing folds. The designers had to emulate not just the person's body, but the structure of clothing on top of that body (until now, clothing has always been animated along with the body). Don't even get me started on the problems of textures.
In essence, the problem is very, very difficult. It is not so much a question of computing power; we are still working on how exactly to model it in the first place.
Secondly, consider a desktop firewall. Consider a CEO that is on an Ethernet switch along with other employees on the same switched backbone. There is probably zero chance that remote exploits against the desktop will ever be monitored. Many companies put armor around servers but leave such desktops wide-open. An amazing number of corporate desktops have File and Print Sharing enabled or can easily be compromised by a Trojan.
Finally, I also "honeypot" my system. This is a little esoteric, but I've configured Outlook to check a number of e-mail accounts. One of those accounts I've saved the password in the registry and it goes of to check a POP account on a special system. That system is triggered to notify me when anybody but me logs in to read mail. (The password is saved in exactly a location that many Trojans will look for). This is a little esoteric for most people, though.
(Disclaimer: the company I work for makes a popular remotely-managed desktop firewall/IDS combo).
Just to clear this up, these are different companies. Network ICE has nothing to do with this.
Moderators, please moderate this up. I've seen a couple of posts that have confused this issue. I think it is important to know the difference.
Robert Graham
CTO/Network ICE
PS: It appears that Black Ice Software isn't using our BlackICE product, which of course would warn them that their e-mail servers are forwarding spam :-)
In the case of Cisco, they have pushed the tax burden from themselves onto their employees. Moreover, as a result of this, MORE taxes are being payed. Cisco employees are taxed at the top bracket for personal income taxes whereas Cisco gets taxed at a lower corporate rate.
Remember that news organizations present you with the Blue Pill: the story you want to believe in. In this case, it is that big bad corporations aren't paying taxes. The Red Pill is that taxes are indeed being paid. Trust me: if the IRS isn't up in arms over this issue, then you have nothing to worry about.
However, there are controversial issues surrounding this debate. The important one is that Cisco is operating their business at a loss, and has been for years as their stock goes up. From a certain set of accounting principles, you can prove that Cisco has never made a profit but has instead lost billions of dollars year after year. Moreover, roughly 15% of its value is owed to employees who own stock options. As an investor, you should understand the implications of this. Most investors don't, and are just keep piling money into this pyramid/tulip scheme.
From another perspective, maybe this doesn't matter. Almost identical accusations were made about Microsoft 10 years ago with proofs of how the entire house of cards was ready to collapse. I listened to the doomsayers then, much to my chagrin.
Back in the 1800s, Nietsche proposed the idea of an uebermensch who had the sensitivity and intelligence to rise above the daily petty lives of normal men. This entire "who has the fast web server" is one of those petty squables. The fact is that each is fastest in its own way. If you want to prove how good your OS/httpd compared to the other OS/httpd, then you'll certainly have enough statistics to back you up. So will the other side. The only way to win the war is not to fight it.
DELL was almost certainly quoting a specific test, possibly one tha compared dynamic content generation between Apache+CGI vs. IIS+ISAPI (CGI sucks vs. almost any alternative).
Packet reassembly and state-based protocol analysis are critical to the minimization function. My believe is that Carnivore is essentially stateless, just like my own Altivore. I can create real-world scenarios where Altivore fails the minimization test. Sure, they occur less than 1% of the time; I don't know how that fits within the law. However, software can be written to meet minimization requirements 100% of the time (e.g. BlackICE does this for detecting cr/hacking).
My question is: will a sniffing expert be analyzing the packet reassembly and protocol analysis part of the source code in order to validate that Carnivore captures all the data authorized by the court order, but no additional data? Moreover, is there really somebody on your team that understands even what I'm talking about?
As usuall, the mainstream press like CNN wouldn't think of linking directly to the source code. The source is at http://www.networkice.com/altivore/al tivore.c . Discussion of this is at http://www.networkice.com/altivore.
Watermarking is pretty easy: create a special template that everyone should base confidential files on. Put some hidden strings within the template.
Of course, you'll need to learn a little bit more about IDSs like Snort and Word templates, but I've done things like this in the past and it does work.
I've documented similar experiences at: http://www.robertgraham.com/pub s/firewall-pr0n.html
The beta of the next version of BlackICE Sentry (from Network ICE) has Carnivore features built in. Administrators can configure "from" or "to" patterns to capture e-mails to the disk in mbox format. It can keep up with full-duplex 100-mbps connections, so you can tap into links between switches. This version runs on Linux, Solaris, or WinNT. It costs $5000, though.
(Actually, it is made easier by the fact that we've been writing our code in a style ammenable to Java, so we can actually PORT much of the code rather than rewrite. A hint for those porting C/C++ to Java: don't do pointer arithmetic.).
Another alternative is HTML. A lot of database-based applications would be beta off done with HTML frontends. For example, our bug tracking database is simply an HTML frontend thrown onto a database backend.
This concept doesn't go over well in a geek community like /. where people have pathological fear of authority, but the way the real world works is that authority doesn't really exist. The question presumes the existance of an authority capable of monitoring/enforcing standards compliance. Such authority doesn't exist (except in small domains).
Thus, you are free to implement something like TCP/IP in any way you like. The only problem is that if you want to actually communicate on the Internet, you should probably follow the spec.
In other words, ultimate you must monitor your own compliance.
This issue is important because lots of peole try to use standards bodies in order to pursue political agendas. People have the mistaken impression that if an official organization like the ISO puts their stamp of approval on something, then everyone must adopt it. You can look at the failed ISO/OSI protocol suite for an example of where this failed: they created a standard for something that nobody wanted to implement, and thus the standard failed. The authority is powerless to coerce its members to follow its guidelines.
Another example is the word "hacker" vs. "cracker". Many geeks have the mistaken impression that a dictionary has authoritative powers; it doesn't. Instead, it is a coorperative effort. The dictionary writers attempt to monitor how words are used and understood, then write that information down in a book. When people hear a word they don't understand, they read the book in the hopes of discovering what the speaker meant. Conversely, if somebody is using a word "incorrectly", the dictionary will tell them why people are misunderstanding what the speaker is saying. In other words, the dictionary doesn't tell the speaker that they are wrong; only that their audience understands something different than what they intend to convey. If the speaker doesn't care about being understood, then they can use any meaning they want.
Coercion to follow standards that people ultimately don't want to follow always leads to failure. For example, trying to coerce the non-technical crowd to adopt the word "cracker" or "wormer" are doomed.
I've been working with a number of DSL providers. I can tell you from first hand exerience that Flashcom bites. They are already a month late on installing our line. The line is sorta in and the modem in our premise, but the basic problem is that nobody on their end can figure out how to get it to work.
In other words, you really can make production servers out of this class of a box.
It seems that you just tossed out the most outrageous things you could think of, and are amused that people read more into it than is there. But, can you cite any philosophical influences of your work? Zen? Nietsche?
I still have the source code for the little DNS server I wrote that received and decoded that traffic back into its consitituent components. I'll sign an affidavit if need be.
BTW, as a hacker, I've already found several ways of breaking this scheme after a few moments of trying. (Heck, one of the flaws I already solved in my implementation mentioned above; stupid of them). Therefore, you can attack the patent. Their implementation is still rough, so simply find flaws in it and patent the solutions ($500). When they fix their implementation, sue 'em.
Goto Network Solutions and attempt to register any name starting with a digit. Indeed, the name could be completely digits (i.e. 411.com). However, try to begin a name with a dash; you'll see it doesn't work.