2. Creating fake users that carry (incorrectly named or damaged files)
countermeasure: webs of trust & md5 hashes.
Hmmm. My understanding is you can't compute an MD5 hash until you've got the whole file. So if the malicious host lies about the MD5 sum, you can't know until after you've downloaded the file.
A workaround would be to publish checksums for 1/4 of the file, and 1/2 of the file, and 3/4 of the file, etc. If the MD5 sum fails to match, you abort further downloading. Perhaps the victim publishes a notification that a damaged file was found. (But then you have to worry about invalid, forged warnings.)
This doesn't even solve the problem, it only limits the time wasted. Malicious hosts can create files that are accurate for the first 50%, and get the user to waste 50% of their time. Half a song is a lot less than half as valuable as a full song. Perhaps you add a "resume" function like FTP so that the user can try to download only the remainder of the song elsewhere, again comparing intermediate checksums along the way.
I've got a Palm IIIxe and one of the folding keyboards from Think Outside. It does pretty much everything I need, though the screen size is an issue. I took a trip for a couple weeks to rural Italy earlier this year to visit family. I could get writing done with the keyboard, and still read and play some games when bored.
My dream system is a Handera 330; fits all my existing Palm III peripherals, and has CF and SD/MMC slots, plus a 240x320 screen. Actually, an Handera+keyboard gives most of the advantages of this "Dana", and it's portable and modular.
One advantage that the Palm has over its competition is battery life. I get a month of typical use out of mine, and that's two AAA batteries. This does come at a cost of processor speed, but I use my desktop for gaming; it's a lot more comfortable.
I was working for a robotics company as a programmer. I recieved an offer to be a sysadmin at another company, and told my employer I was leaving. They made a counteroffer, which I accepted. The raise was substantial. I didn't really notice any backstabbing or other problems.
Two years later, I went quietly looking - no real opportunities for advancement, the work had gotten stale. I got a nice offer, and again they made counteroffer, though not quite as tempting. I moved on to what is now my current employer, and I'm happy.
Soon after I left, the robotics company had four rounds of layoffs. I really didn't expect it (and I'm told that it happened the day after a rah-rah company meeting talking about how good things were). Somehow I doubt I would have survived, and I'm glad I didn't take the counteroffer.
I'm not sure what the moral is. I've gone both ways and been pleased with the results. Either I'm easy to please or lucky or both.
If they actually come through on LSB compliance, that'd be awesome. I added Linux support to a product I work on, but the install script had me stumped. There are too many different ways of setting up something to run at boot. I finally had to punt and just tell the user "you've got to read the docs and do it yourself."
The number of distributions needed soe pruning anyway. In theory, you could have as many dists as there are Linux users, but in practice it seems the "supportable number" is far less.
I have waited 5 years for something like this to be accomplished by the private sector...
Sounds like a great opportunity for a company to exploit. Imagine one of those Cable/DSL routers that you can buy, use webmin to set a password, and it uses whitelists for everyone who doesn't have that password. Add an option to add or subtract specific sites/domains/pages. I'd bet
they could charge $50 extra for a feature like that.
And why not a company that provides tailored whitelists? Some parents will want to disallow sex and violence, some will want to filter those as well as atheism and evolution, and others will want to filter just sex and fundamentalist religion. Make sure the contents of the whitelists are human-readable, and have public webpages for (a) submitting a candidate for the lists, (b) pending submissions, and (c) rejected submissions, perhaps with explanatory notes.
(Of course, you'd want just a blacklist option for the really liberal parents.)
Tie the router in with a subscription to such a whitelist company and it'd seem you'd have a surefire winner. No government intervention needed.
Dang... I may have to write up a business proposal and send it to Linksys...
Actually, this is entirely consistent with MS's strategy all along: it has been arguing that it and its products are so profoundly important to the American economy and security that any remedy which interferes with its ability to act as it pleases should be struck down by the court.
And there's the parallel strategy of claiming that they are just another company and don't have a monopoly so they don't deserve any special attention from antitrust laws...
I somehow doubt that Gould would want anything (even his own death) to muffle controversy, debate, and an honest search for truth (even over his own actions).
Well, I have to disagree on Alien and Terminator. They score high in two areas that most science fiction films fail miserably at - technological consistency and behavioral consistency.
In Alien, the technology is handled solidly and well. There are a few things that we don't know how to do (e.g. FTL travel and "air density" motion detectors) but those items behave consistently. They don't pull any Star Trek "dechyon fields" deus ex machina BS.
Terminator is the same. Okay, you have to suspend disbelief about the way the time machine works ("field generated by a living organism"?) but it's consistently handled, and if we could build an AI cyborg, it could plausibly have roughly those physical capabilities. Even the time loop is consistent, not paradoxical. (Self-causing events are strange, but not self-contradictory like paradoxes. You expect time travel to have no strange consequences?)
And the people in both movies behave like real people. They don't just split up for no reason, they don't walk into obvious traps, they fight and argue and panic. As has been pointed out, the corporate malfeasance in Alien is entirely plausible. Bill Joy and others argue that AI might well destroy us humans - it's not so silly as to render a movie about it unworthy.
In terms of science and behavior, though, The Matrix blew chunks, as you note.
You have to have at least a seat belt, and for many children a full child-restraint seat, in order to safely have children in a moving automobile.
If you want to have your children surf the Internet safely, you need filtering software of some kind, ranging from free to commercial.
Explain in detail why this anology does not hold.
As always, how do you define what kids can see? I'm comfortable with a certain amount of cartoon violence for our two-year-old (I watched a lot of Road Runner cartoons growing up and somehow I don't feel the urge to drop anvils on people's heads. (Most people, anyway.))
Other parents may want no mention of Evolution or the Big Bang Theory to reach their children's eyeballs. That's their right, but it doesn't mean I can't put up websites about those things.
The only way for it to work is for the parents to decide what their children see. I'll have a filter up when our kid is old enough to move a mouse. It'll only allow specific sites, and if he wants a new site added to the whitelist, he can ask me for it.
...it doesn't explain the frequent security flaws in Linux and Apache.
It's my impression that those holes are, in the large majority of cases, discovered by people auditing and examining the code. The auditors then publicize the flaws. I frequently see advisories of the form, "no known current exploits, but..."
On the other hand, security flaws in Windows seem to become publicised when they are used in an attack, too late for many.
Sounds to me like Softimage didn't report the fact that they were licensing apparently key tech from Syn to MS when MS bought them out.
So then MS finds that it has an unexpected liability.
Then it appears, from the limited info available, that MS decided to play hardball, and just lawyer the opposing side to death rather than negotiate.
And it worked, too... US$400,000 is one ten-thousandth of MS's cash reserves.
Shipping a program for Windows would no longer be just a matter of shipping one or two new versions of DLLs with a software package...Unfortunately, it really would wreck havok if the majority of users suddenly had to worry about every aspect of their system configuration.
Picture this. Windows is written in a more modular way, so that separate chunks can be installed or not. (98lite does this already.) Enough components to supply the current Windows APIs are present on the OS CD (really, DVD these days) as shipped, though not all of them are necessarily installed on a given machine.
Now, someone goes to install an app on a machine, and that app requires something not installed. The installer notices that the required component isn't present and...
... prompts the user for a CD, network share or URL to get it. The required component(a) are installed, and the app installation continues where it left off.
Sounds almost like Linux now. Debian sure works that way. It's not impossible at all; you can't do it with Windows now because MS doesn't want you to.
The solution really is to make MS publish their standards.
In a useful, accessible form, with no hidden APIs. Yes, this is a practical necessity, but modularizing Windows opens new areas of competition. Yes, there would be bugs and incompatibilities. How is this worse than DLL hell now?
I have a 486 motherboard with ISA, PCI, and VESA Local Bus slots. They weren't that rare in the brief period between the introduction of PCI and the effective death of the 486.
I even have a Pentium board with a VLB slot. Now that's rare; the VLB bus was basically an extension of the 486's internal CPU bus. It required quite a bit of bridge logic to make it work with a Pentium.
One thing that is true is that mixing single ended (SE) and low voltage differential (LVD) devices on a bus will cause all devices to behave as SE...
And even that isn't true for all SCSI busses. For example, my Tekram DC390U2W card has an isolation chip so that I can hook up single-ended and LVD devices and each will run at their max speed. I get 80MB/sec from my SCSI drives and 20MB/sec from my CDRW (not that it can use that much bandwidth, except to fill the buffer).
TCQ is where SCSI gets a lot of its speed, by allowing multiple device commands to be outstanding on the bus at any given time.
But from everything I've been able to gather, the IDE implementation of TCQ is Broken As Designed compared to SCSI. In a SCSI system, the drive can process commands and then notify the SCSI controller that a command has been completed.
On an IDE system, however, the IDE controller has to poll the disk periodically to see if any commands have been completed. The drive has no way to notify the controller that data is ready and waiting.
It's the difference between a polled and interrupt-driven system. Polling can be fast, if it's very carefully done, but interrupt-driven systems are easy to make fast.
Don't get me wrong, it's a nice improvement to IDE, and it does narrow the gap somewhat, but as its always been, for high-end multitasking stuff SCSI is still the champ.
Noboby implements the standard perfectly yet. We had trouble with a product our group inherited. STL all over the place, and porting it from Solaris to HP-UX was a hassle. The port to AIX was even harder. There was always some stupid little template somwhere that didn't do quite what the other guys did.
It's kinda like C in the late 80's, before ANSI C really took hold. Too much wiggle room for the compiler vendors, and no best practices established (that would later be ratified by a spec).
Time travel is still entirely possible; you don't need a singularity for that. If nothing else, build a Tipler Cylinder.
It just has to be really really dense (neutron star material will work) and spin really really fast (to be precise, such that the surface is moving over half the speed of light) and be really really long (technically infinite, but close to the middle of a finite cylinder should work; you'd need miles of the stuff to send a human back, but sending a gamma-ray communication laser could be a million times smaller).
whatever it is would still be within the event horizon, and would act the exact same way in either case.
True, for a stationary black hole. But a rotating black hole is a lot
more complicated; if it's rotating fast enough, the singularity (if there is one) can actually be exposed.
(Yeah, yeah, how can a point rotate? Well, angular momentum is assumed to be conserved. Indeed, recently NASA discovered good evidence that at least some black holes do, in fact, spin.)
Anyway, this "gravastar" model would presumably show markedly different results in the rotating case.
If you're interested in gaining control of an airliner, the last thing you want to do is attract the attention of security personnel.
On the other hand, apparently Reid (the "shoe bomber") first attracted suspicion by 'acting weird', at least, if the reports are to be believed.
Determined, competent highjackers will, indeed, act normal. But security also has to be worried about whackos who think the Nebuloids from Planet Zeppo want them to fly a commercial airliner to Uranus.
Apparently the security guards were rude, and perhaps unnecessarily rough. But Dr. Mann had to expect some attention and concern. It also sounds like there were some bureaucratic problems that prevented the guards from being notified.
I agree, Plucker isn't that hard and the if there's a "printable" version of the web page
available, it usually looks fine on the palm.
For example, try "printer.wunderground.com",
weather information formatted just fine for a PDA.
The review devotes only a few short sentences to the plot itself, and in most generic of terms.
Hell, the commentary audio track on the DVD barely mentions the plot! It's the producers and directors chatting about how they did this or that effect, the problems they had with the film, or the management, or the locations, etc.
This is probably because the plot is barely there to begin with... the movie is a showpiece, driven by the technology (backlit animation and computer graphics), not because the story needed to be told.
Unfortunately, there is a flaw in the disc which makes it unplayable on a PS2.
The top-level menu is widescreen (16x9) formatted, but plays in 4x3 on my DVD player, so you only see part of the picture. Of course, the highlight graphics when you select items are in 4x3, so they don't line up with the images behind them. Shows up on my Samsung 7something, but plays fine on the cheapo Apex player we got my parents for Xmas.
Slashdot Mirror
countermeasure: webs of trust & md5 hashes.
Hmmm. My understanding is you can't compute an MD5 hash until you've got the whole file. So if the malicious host lies about the MD5 sum, you can't know until after you've downloaded the file.
A workaround would be to publish checksums for 1/4 of the file, and 1/2 of the file, and 3/4 of the file, etc. If the MD5 sum fails to match, you abort further downloading. Perhaps the victim publishes a notification that a damaged file was found. (But then you have to worry about invalid, forged warnings.)
This doesn't even solve the problem, it only limits the time wasted. Malicious hosts can create files that are accurate for the first 50%, and get the user to waste 50% of their time. Half a song is a lot less than half as valuable as a full song. Perhaps you add a "resume" function like FTP so that the user can try to download only the remainder of the song elsewhere, again comparing intermediate checksums along the way.
My dream system is a Handera 330; fits all my existing Palm III peripherals, and has CF and SD/MMC slots, plus a 240x320 screen. Actually, an Handera+keyboard gives most of the advantages of this "Dana", and it's portable and modular.
One advantage that the Palm has over its competition is battery life. I get a month of typical use out of mine, and that's two AAA batteries. This does come at a cost of processor speed, but I use my desktop for gaming; it's a lot more comfortable.
Well, they heard it repeatedly, not just once. And the frequency characteristics resemble those of other animal sounds.
Two years later, I went quietly looking - no real opportunities for advancement, the work had gotten stale. I got a nice offer, and again they made counteroffer, though not quite as tempting. I moved on to what is now my current employer, and I'm happy.
Soon after I left, the robotics company had four rounds of layoffs. I really didn't expect it (and I'm told that it happened the day after a rah-rah company meeting talking about how good things were). Somehow I doubt I would have survived, and I'm glad I didn't take the counteroffer.
I'm not sure what the moral is. I've gone both ways and been pleased with the results. Either I'm easy to please or lucky or both.
The number of distributions needed soe pruning anyway. In theory, you could have as many dists as there are Linux users, but in practice it seems the "supportable number" is far less.
Hmmm. I wonder if atheism.kids.us would have any problems getting registered?
Sounds like a great opportunity for a company to exploit. Imagine one of those Cable/DSL routers that you can buy, use webmin to set a password, and it uses whitelists for everyone who doesn't have that password. Add an option to add or subtract specific sites/domains/pages. I'd bet they could charge $50 extra for a feature like that.
And why not a company that provides tailored whitelists? Some parents will want to disallow sex and violence, some will want to filter those as well as atheism and evolution, and others will want to filter just sex and fundamentalist religion. Make sure the contents of the whitelists are human-readable, and have public webpages for (a) submitting a candidate for the lists, (b) pending submissions, and (c) rejected submissions, perhaps with explanatory notes.
(Of course, you'd want just a blacklist option for the really liberal parents.)
Tie the router in with a subscription to such a whitelist company and it'd seem you'd have a surefire winner. No government intervention needed.
Dang... I may have to write up a business proposal and send it to Linksys...
And there's the parallel strategy of claiming that they are just another company and don't have a monopoly so they don't deserve any special attention from antitrust laws...
I somehow doubt that Gould would want anything (even his own death) to muffle controversy, debate, and an honest search for truth (even over his own actions).
In Alien, the technology is handled solidly and well. There are a few things that we don't know how to do (e.g. FTL travel and "air density" motion detectors) but those items behave consistently. They don't pull any Star Trek "dechyon fields" deus ex machina BS.
Terminator is the same. Okay, you have to suspend disbelief about the way the time machine works ("field generated by a living organism"?) but it's consistently handled, and if we could build an AI cyborg, it could plausibly have roughly those physical capabilities. Even the time loop is consistent, not paradoxical. (Self-causing events are strange, but not self-contradictory like paradoxes. You expect time travel to have no strange consequences?)
And the people in both movies behave like real people. They don't just split up for no reason, they don't walk into obvious traps, they fight and argue and panic. As has been pointed out, the corporate malfeasance in Alien is entirely plausible. Bill Joy and others argue that AI might well destroy us humans - it's not so silly as to render a movie about it unworthy.
In terms of science and behavior, though, The Matrix blew chunks, as you note.
Not that it isn't perfectly true for the music business, if not more so. But we might as well try to get the quotes right.
If you want to have your children surf the Internet safely, you need filtering software of some kind, ranging from free to commercial.
Explain in detail why this anology does not hold.
Other parents may want no mention of Evolution or the Big Bang Theory to reach their children's eyeballs. That's their right, but it doesn't mean I can't put up websites about those things.
The only way for it to work is for the parents to decide what their children see. I'll have a filter up when our kid is old enough to move a mouse. It'll only allow specific sites, and if he wants a new site added to the whitelist, he can ask me for it.
It's my impression that those holes are, in the large majority of cases, discovered by people auditing and examining the code. The auditors then publicize the flaws. I frequently see advisories of the form, "no known current exploits, but..."
On the other hand, security flaws in Windows seem to become publicised when they are used in an attack, too late for many.
Then it appears, from the limited info available, that MS decided to play hardball, and just lawyer the opposing side to death rather than negotiate.
And it worked, too... US$400,000 is one ten-thousandth of MS's cash reserves.
Picture this. Windows is written in a more modular way, so that separate chunks can be installed or not. (98lite does this already.) Enough components to supply the current Windows APIs are present on the OS CD (really, DVD these days) as shipped, though not all of them are necessarily installed on a given machine.
Now, someone goes to install an app on a machine, and that app requires something not installed. The installer notices that the required component isn't present and...
Sounds almost like Linux now. Debian sure works that way. It's not impossible at all; you can't do it with Windows now because MS doesn't want you to.
The solution really is to make MS publish their standards.
In a useful, accessible form, with no hidden APIs. Yes, this is a practical necessity, but modularizing Windows opens new areas of competition. Yes, there would be bugs and incompatibilities. How is this worse than DLL hell now?
I even have a Pentium board with a VLB slot. Now that's rare; the VLB bus was basically an extension of the 486's internal CPU bus. It required quite a bit of bridge logic to make it work with a Pentium.
And even that isn't true for all SCSI busses. For example, my Tekram DC390U2W card has an isolation chip so that I can hook up single-ended and LVD devices and each will run at their max speed. I get 80MB/sec from my SCSI drives and 20MB/sec from my CDRW (not that it can use that much bandwidth, except to fill the buffer).
But from everything I've been able to gather, the IDE implementation of TCQ is Broken As Designed compared to SCSI. In a SCSI system, the drive can process commands and then notify the SCSI controller that a command has been completed.
On an IDE system, however, the IDE controller has to poll the disk periodically to see if any commands have been completed. The drive has no way to notify the controller that data is ready and waiting.
It's the difference between a polled and interrupt-driven system. Polling can be fast, if it's very carefully done, but interrupt-driven systems are easy to make fast.
Don't get me wrong, it's a nice improvement to IDE, and it does narrow the gap somewhat, but as its always been, for high-end multitasking stuff SCSI is still the champ.
It's kinda like C in the late 80's, before ANSI C really took hold. Too much wiggle room for the compiler vendors, and no best practices established (that would later be ratified by a spec).
Time travel is still entirely possible; you don't need a singularity for that. If nothing else, build a Tipler Cylinder. It just has to be really really dense (neutron star material will work) and spin really really fast (to be precise, such that the surface is moving over half the speed of light) and be really really long (technically infinite, but close to the middle of a finite cylinder should work; you'd need miles of the stuff to send a human back, but sending a gamma-ray communication laser could be a million times smaller).
True, for a stationary black hole. But a rotating black hole is a lot more complicated; if it's rotating fast enough, the singularity (if there is one) can actually be exposed.
(Yeah, yeah, how can a point rotate? Well, angular momentum is assumed to be conserved. Indeed, recently NASA discovered good evidence that at least some black holes do, in fact, spin.)
Anyway, this "gravastar" model would presumably show markedly different results in the rotating case.
On the other hand, apparently Reid (the "shoe bomber") first attracted suspicion by 'acting weird', at least, if the reports are to be believed.
Determined, competent highjackers will, indeed, act normal. But security also has to be worried about whackos who think the Nebuloids from Planet Zeppo want them to fly a commercial airliner to Uranus.
Apparently the security guards were rude, and perhaps unnecessarily rough. But Dr. Mann had to expect some attention and concern. It also sounds like there were some bureaucratic problems that prevented the guards from being notified.
I agree, Plucker isn't that hard and the if there's a "printable" version of the web page available, it usually looks fine on the palm. For example, try "printer.wunderground.com", weather information formatted just fine for a PDA.
Hell, the commentary audio track on the DVD barely mentions the plot! It's the producers and directors chatting about how they did this or that effect, the problems they had with the film, or the management, or the locations, etc.
This is probably because the plot is barely there to begin with... the movie is a showpiece, driven by the technology (backlit animation and computer graphics), not because the story needed to be told.
The top-level menu is widescreen (16x9) formatted, but plays in 4x3 on my DVD player, so you only see part of the picture. Of course, the highlight graphics when you select items are in 4x3, so they don't line up with the images behind them. Shows up on my Samsung 7something, but plays fine on the cheapo Apex player we got my parents for Xmas.
The second disc is fine, though...