One log in is enough to create a backdoor. Agreed. But most people don't have the opportunity to do it on the first shot. If it's an inside job then the person will probably know exactly where to go, but if not he will need to explore, get familiar with the layout, poke around and look for openings, etc... I suppose if the operator is really stupid then he will continue to give key+pin combinations. I am not saying it can't be done, but a single pin+key doesn't create a hole big enough to drive a truck through... you have to know what you are doing.
Ommm... that combination would only be valid for a single session or sixty seconds... which may or may not be enough time. Knowledge of the pin does nothing... Now, if you swiped a SecurID and you knew a PIN (any pin), and you could convince the SysAdmin to resync the SecurID you swiped with the PIN you discovered you would have unfettered access. This would probably only work in a company large enough where it is unlikely that the SysAdmin would personally know everyone. Of course, any SysAdmin worth his salt would check to make sure that the serial number on the SecurID token matched the one assigned to the person whose PIN you are using, but not all SysAdmins are worth their salt...
For those that don't know, a 95th percentile measurement is the measurement that you arrive at when you throw out the top 5% of measurements for a given period of time, regardless of when they occur. So, if your 95th percentile measurement is 1.1 mbps and your next lowest measurement is 200 kbps, then you get billed for 1.1 mbps even though there is a huge difference between the two measurements. Of course, your next highest measurement could be 20 mbps and all the rest of the measurements would be even higher than 20mbps. In which case, you'd be getting a nice deal. Of course, your amount of burstable time depends on the period of time during which the 95th percentile measurement is taken. If it's per day then you may encounter more costs than if it were based on a per month period.
Although I take exception to the fact that it might be more common in the humanities... It's pretty hard to not read the sources when you have to quote from them, but I have seen cases where people quote from an author who is quoting another author and the quote doesn't make sense based on the context of the original...
Basically, this review tells us that the author expected something different from what he got. Perhaps he had the wrong expectations? Of course, this might also be due to the way the move is being marketed... It also seems like he couldn't imagine Soderbergh as a sci-fi director and went into it trying to see how Soderbergh failed. I haven't seen it yet, but this review certainly won't dissuade me.
Re:Depends on hardware ... for the most part
on
Is Mac OS X Slow?
·
· Score: 1
Possibly, but on the other hand if it doesn't run adequately on a G3 they will lose software sales. Which do you think have better profit margins?
I agree that the kind of work that they do is important, but they are not only doing research but also predicting future trends with very little grounds for doing so. They cross the line between telling us what we can do and telling us what we will do, without much justification. In fact, the accuracy of their predictions is diminished by the fact that the Media Lab is such a navel-gazing organization. They should stick to what they do best; telling us what we can do based on things they have done.
I haven't worked with Gershenfeld, but have followed the Media Lab with some interest. At first, I approached news about the Media Lab with the awe that I believed appropriate to an elite institution, but after comparing what I knew from working in the technology field (in companies that are producing real products) with what Negroponte and others were saying it became apparent that most of what the Media Lab spins about the future is pure marketing hype at best and total bullshit at worst. The Media Lab should be called the Media Playground. Mostly its a bunch of talented people who play with technology. Playing with technology is fine and valuable things can come from it especially in basic research, howevever, by the very fact that it is grounded in play (i.e. something without an end or telos), rather than work, it is not going to be a good indicator of where society will be in 10, 20, or 100 years because society, for the most part, is driven by economics, and economics has a very definite end, profit. Essentially the folks at the Media Lab are parlaying MIT's well-deserved reputation as an excellent engineering school into a claim of credibility in an unrelated field, product marketing, in order to attract funding. How many products developed in the Media Lab actually make money? I don't mean how many products that have passed through the Media Lab (they do see a lot of the cool stuff first), but how many products that are based on research that originated in the Media Lab are making money? I am willing to bet fairly few, but I haven't run the numbers myself. That's why this quote is the funniest one in the whole review: "By reorganizing education on the model of the Media Lab, where students learn things as they need them for practical projects, not all at once in a huge, abstract lump." What a joke! It looks like the Media Lab is getting a little nervous about Olin college, whose focus is exactly that which is described, or his definition of "practical projects" is a little different than mine.
Wolfram could have saved a few forests by reading Godel's second Incompleteness Theorem. Wolfram simply moves the insight out of logic into the "real" world. His suggestion of using cellular auotmata as a substitute for strict identity is interesting and would correspond more closely to the metaphysical essence of scientific knowledge than identity. Now, all he needs to do is show the logical necessity of using cellular automata rather than identity for certain types of problems and he can pick up the prize for proving the N/NP theorem.
Parloff doesn't understand the main point of the argument. Even if, Elcomsoft designed the software to circumvent copy protection it does not violate copyright law. It violates the DMCA and the DMCA infringes upon copyright law. The DMCA is actually in violation of copyright law, not Skylarov or Elcomsoft. Obviously, the only way this issue is going to get worked out is for there to be a trial. Skylarov will be convicted and then Appeal all the way to the Supreme Court. The DMCA will be deemed unconstitutional and we will all livel happily ever after. I hope.
All of this, of course, depends on what you mean by "cost". If a product kills someone doesn't it "cost" the person their life and shouldn't the company be responsible for that "cost"? Government regulation usually makes companies accountable for all the costs associated with production. From this perspective, standard practices and procedures reduce the cost of the product because paying off all of the lawsuits that would inevitably ensue from a poorly performing product is more expansive than the extra expense of following standard practices. The reason there are not more lawsuits in the software industry is that the software overall improves productivity. However, if lives depended on the software and it failed I'm sure the software maker would be sued. Don't get me wrong I'm not a fan of government regulation but it is not as simple an issue as your argument suggests.
Slashdot Mirror
This is old news, but now that it is public I can't wait for the exploits to begin... that was sarcasm in case anyone was wondering...
One log in is enough to create a backdoor. Agreed. But most people don't have the opportunity to do it on the first shot. If it's an inside job then the person will probably know exactly where to go, but if not he will need to explore, get familiar with the layout, poke around and look for openings, etc... I suppose if the operator is really stupid then he will continue to give key+pin combinations. I am not saying it can't be done, but a single pin+key doesn't create a hole big enough to drive a truck through... you have to know what you are doing.
Ommm... that combination would only be valid for a single session or sixty seconds... which may or may not be enough time. Knowledge of the pin does nothing... Now, if you swiped a SecurID and you knew a PIN (any pin), and you could convince the SysAdmin to resync the SecurID you swiped with the PIN you discovered you would have unfettered access. This would probably only work in a company large enough where it is unlikely that the SysAdmin would personally know everyone. Of course, any SysAdmin worth his salt would check to make sure that the serial number on the SecurID token matched the one assigned to the person whose PIN you are using, but not all SysAdmins are worth their salt...
For those that don't know, a 95th percentile measurement is the measurement that you arrive at when you throw out the top 5% of measurements for a given period of time, regardless of when they occur. So, if your 95th percentile measurement is 1.1 mbps and your next lowest measurement is 200 kbps, then you get billed for 1.1 mbps even though there is a huge difference between the two measurements. Of course, your next highest measurement could be 20 mbps and all the rest of the measurements would be even higher than 20mbps. In which case, you'd be getting a nice deal. Of course, your amount of burstable time depends on the period of time during which the 95th percentile measurement is taken. If it's per day then you may encounter more costs than if it were based on a per month period.
Although I take exception to the fact that it might be more common in the humanities... It's pretty hard to not read the sources when you have to quote from them, but I have seen cases where people quote from an author who is quoting another author and the quote doesn't make sense based on the context of the original...
Basically, this review tells us that the author expected something different from what he got. Perhaps he had the wrong expectations? Of course, this might also be due to the way the move is being marketed... It also seems like he couldn't imagine Soderbergh as a sci-fi director and went into it trying to see how Soderbergh failed. I haven't seen it yet, but this review certainly won't dissuade me.
Possibly, but on the other hand if it doesn't run adequately on a G3 they will lose software sales. Which do you think have better profit margins?
I agree that the kind of work that they do is important, but they are not only doing research but also predicting future trends with very little grounds for doing so. They cross the line between telling us what we can do and telling us what we will do, without much justification. In fact, the accuracy of their predictions is diminished by the fact that the Media Lab is such a navel-gazing organization. They should stick to what they do best; telling us what we can do based on things they have done.
They don't cut-off the funding because the Media Lab brings in a lot of money. Think of it as the Marketing division of MIT (see my other response).
I haven't worked with Gershenfeld, but have followed the Media Lab with some interest. At first, I approached news about the Media Lab with the awe that I believed appropriate to an elite institution, but after comparing what I knew from working in the technology field (in companies that are producing real products) with what Negroponte and others were saying it became apparent that most of what the Media Lab spins about the future is pure marketing hype at best and total bullshit at worst. The Media Lab should be called the Media Playground. Mostly its a bunch of talented people who play with technology. Playing with technology is fine and valuable things can come from it especially in basic research, howevever, by the very fact that it is grounded in play (i.e. something without an end or telos), rather than work, it is not going to be a good indicator of where society will be in 10, 20, or 100 years because society, for the most part, is driven by economics, and economics has a very definite end, profit. Essentially the folks at the Media Lab are parlaying MIT's well-deserved reputation as an excellent engineering school into a claim of credibility in an unrelated field, product marketing, in order to attract funding. How many products developed in the Media Lab actually make money? I don't mean how many products that have passed through the Media Lab (they do see a lot of the cool stuff first), but how many products that are based on research that originated in the Media Lab are making money? I am willing to bet fairly few, but I haven't run the numbers myself. That's why this quote is the funniest one in the whole review:
"By reorganizing education on the model of the Media Lab, where students learn things as they need them for practical projects, not all at once in a huge, abstract lump."
What a joke! It looks like the Media Lab is getting a little nervous about Olin college, whose focus is exactly that which is described, or his definition of "practical projects" is a little different than mine.
Wolfram could have saved a few forests by reading Godel's second Incompleteness Theorem. Wolfram simply moves the insight out of logic into the "real" world. His suggestion of using cellular auotmata as a substitute for strict identity is interesting and would correspond more closely to the metaphysical essence of scientific knowledge than identity. Now, all he needs to do is show the logical necessity of using cellular automata rather than identity for certain types of problems and he can pick up the prize for proving the N/NP theorem.
Parloff doesn't understand the main point of the argument. Even if, Elcomsoft designed the software to circumvent copy protection it does not violate copyright law. It violates the DMCA and the DMCA infringes upon copyright law. The DMCA is actually in violation of copyright law, not Skylarov or Elcomsoft. Obviously, the only way this issue is going to get worked out is for there to be a trial. Skylarov will be convicted and then Appeal all the way to the Supreme Court. The DMCA will be deemed unconstitutional and we will all livel happily ever after. I hope.
All of this, of course, depends on what you mean by "cost". If a product kills someone doesn't it "cost" the person their life and shouldn't the company be responsible for that "cost"? Government regulation usually makes companies accountable for all the costs associated with production. From this perspective, standard practices and procedures reduce the cost of the product because paying off all of the lawsuits that would inevitably ensue from a poorly performing product is more expansive than the extra expense of following standard practices. The reason there are not more lawsuits in the software industry is that the software overall improves productivity. However, if lives depended on the software and it failed I'm sure the software maker would be sued. Don't get me wrong I'm not a fan of government regulation but it is not as simple an issue as your argument suggests.