I hardly can understand what I read, leave alone believing it.
SUSE
* If you like beer, horns, or green eggs, you'll like SUSE. The recent acquisition of SUSE by Novell is similar to Vince Lombardi's Green Bay Packers adopting the West Coast offense...
Relatively easy. You require everyone behind the firewall to install your own CA certificate and then perform man-in-the-middle on every SSL connection resigning server certificate on the fly. Eventhough this may sound idiotic, that's exactly how it's done in SSL-filtering devices.
Firstly, it doesn't need to be done on the router. It's normally done on a dedicated 'threat management' device, which already handles IDS and protocol filtering for email, http and other stuff with trojans and viruses. It may happen to route packets too, but that's optional.
Secondly, an average firewall these days is no less than a decent Pentium and normally supports VPNs, which means that it comes with crypto accelerator. Stop thinking Linksys, start thinking 2.4Ghz 4CPU box with 1GB of memory.
The next iteration of the BitTorrent protocol is already being planned, and if this sort of behavior spreads, the new protocol's handshake will be made nearly impossible to sniff out.
If the protocol spec is open, any decent stateful firewall manufacturer will be able to put together BitTorrent-NG sniffer in under a week. That's regardless of whether it uses dynamic ports, port-hopping or any other evasion techniques.
If the protocol has full-blown privacy and authentication (think IKE or TLS), it won't be possible to fully sniff it, but it can still be detected. And what can be detected - can be blocked.
The point is this - incorporating evasion and obfuscation techniques into an open protocol is a wasted effort. Please think about it for a second, and I'm sure you'll understand.
Routing is a separate issue. It's still possible to use either OSPF-style model (though a bit of an overkill) or simple broadcast-based path cost discovery. In fact any overlay network routing models would do here.
Anonymity (Mute) vs. Privacy (Waste) are mutually exclusive. You either know who you're talking to reliably, or you don't. You can't both know who you're talking to AND be anonymous.
Actually there's a variation of p2p, which gives both privacy and anonymity.
When you join in, you connect to the person you know and whom you have a mutual trust with. That person may be connected to other nodes, but those are not directly visible to you. Your peer is proxying for them instead. This way (at a cost of a proxying overhead) you still have an access to the data at every single node in a network, but you have no idea where it actually sits.
The key here is to trust your neighbours, that is to trust that they will not be disclosing you to their peers. If you choose your neighbours wisely (for instance, only connect to your real-world friends), your anonymity on the network is guaranteed. If anyone 'defects', the damage is limited to his friends only. That's pretty good resiliency if you ask me.
It's just something that we've been discussing locally with few friends of mine; haven't got time to prototype anything working yet:-/
I used to work for a company that sold and serviced ATMs of various brands and also wrote some custom (smart-card processing) software to go along with the hardware.
This was in late 90s, and at that moment Siemens used WindowsNT, Bull used DOS (!), IBM (aka Diebold) used OS/2 3.0, experimented with OS/2 4.0 and considered moving to Windows, NCR was OS/2 2.0 (!) and was actively moving onto Windows too.
I'm surprised nobody brought up VR goggles from Snow Crash yet:) Same idea, but instead of the retina, the laser was sweeping across the goggles and the eye was picking the image up from its surface the regular way. Neat and very elegant idea if you ask me.
* define bar to be a pointer to function taking type baz and returning type foo, or
* call function foo on the value you get by dereferencing pointer bar, and then call the function to which the pointer to function returned by foo points on the value baz, or maybe
* expand the macro foo (*bar), which results in a construct which followed by (baz); gives some valid C code which could do just anything?
* none of the above as it's all cleverly ifdef'd by an inclusion of custom stdio.h:-p
> If you think it's OK, you obviously haven't been involved in kernel or embedded development.
Actually, I've been doing embedded development for a living for almost six years. With proper care, C++ generates smaller binaries with smaller memory footprints than C, thanks to userland control of pooling, policies, and linking-discardable specializable libraries.
I didn't mean to sound it personal. It's an ESL thing, no need to be defensive:)
However the point I was trying to make across was that since C++ does a lot for programmer behind the scenes, it takes more seasoned developer to fully realize all effects of these freebies on the binary output. That's the 'proper care' you are referring to.
> If you say one should be careful what features of C++ he uses and not to use this and that, I say one should learn proper C skills instead.
That's a total straw man. What I said was that the costs of C++ development were misunderstood.
You are forgetting one fairly major cost associated with C++ development - the cost of training and management. From my experience (doing a lot of interviewing lately) if you compare an average C++ and C developers, former would inevitably come out much more overconfident in his skills. Even cocky. And that's outweights all benefits of C++, because it's hard to make a dozen of C++ guys establish common programming principles. That was my second original point - C projects are both easier to manage and are easier to participate in.
Otherwise I'm fine with C++. I'm using it myself on a regular basis. It's just that it's not suitable for Linux kernel development for a number of reasons, that's it.
Assuming you are looking at integer_t type, is it primitive ? Made you look in header:-p
Agreed about developers though, however the number of those who have a clue is drastically lower than those who think they have a clue. Everyone's a freaking C++ senior these days.
It's not the slowliness, it's the obscuirty and the lack of control over the binary code size it introduces. Something as simple as 'a == b' may easily add few KB to the kernel.
If you think it's OK, you obviously haven't been involved in kernel or embedded development. If you say one should be careful what features of C++ he uses and not to use this and that, I say one should learn proper C skills instead.
first proof, that i'd seen at least, of the existance of negative numbers.
negative numbers exist by definition, dude. you start with natural numbers - 0,1,2,3,4.. and summation. once you want to reverse 'the plus', you define negative numbers. then when you want to invert multiplication, you get rationals. then when you want to invert exponentiation - you get irrationals. get it ?
And some people are just irreverent, insensitive dorks. That's quite normal as well, but its normalcy doesn't mean we should encourage or otherwise condone their social incompetency.
And there are also dorks of a different kind - they storm to offer public condolences because an OpenSource (ah!) developer, whom they neither know nor even heard of before, rode in a car with RMS (oh!) and lost his life to a car accident. If you are such a good hearted person, go and email relatives, don't show it off here.
Every death is tragic, but it barely makes sense to make it a discussion topic. Seems to me that/. stories like this are better be posted read-only.
Slashdot Mirror
Funny enough this seems to be an international joke.
:)
The Russian variation, which dates back to who know when, calls for a plain butter sandwich. The outcome is the same though
Dude, I'm in Canada. I couldn't care less for a football :)
Relatively easy. You require everyone behind the firewall to install your own CA certificate and then perform man-in-the-middle on every SSL connection resigning server certificate on the fly. Eventhough this may sound idiotic, that's exactly how it's done in SSL-filtering devices.
Firstly, it doesn't need to be done on the router. It's normally done on a dedicated 'threat management' device, which already handles IDS and protocol filtering for email, http and other stuff with trojans and viruses. It may happen to route packets too, but that's optional.
Secondly, an average firewall these days is no less than a decent Pentium and normally supports VPNs, which means that it comes with crypto accelerator. Stop thinking Linksys, start thinking 2.4Ghz 4CPU box with 1GB of memory.
The next iteration of the BitTorrent protocol is already being planned, and if this sort of behavior spreads, the new protocol's handshake will be made nearly impossible to sniff out.
If the protocol spec is open, any decent stateful firewall manufacturer will be able to put together BitTorrent-NG sniffer in under a week. That's regardless of whether it uses dynamic ports, port-hopping or any other evasion techniques.
If the protocol has full-blown privacy and authentication (think IKE or TLS), it won't be possible to fully sniff it, but it can still be detected. And what can be detected - can be blocked.
The point is this - incorporating evasion and obfuscation techniques into an open protocol is a wasted effort. Please think about it for a second, and I'm sure you'll understand.
Routing is a separate issue. It's still possible to use either OSPF-style model (though a bit of an overkill) or simple broadcast-based path cost discovery. In fact any overlay network routing models would do here.
Anonymity (Mute) vs. Privacy (Waste) are mutually exclusive. You either know who you're talking to reliably, or you don't. You can't both know who you're talking to AND be anonymous.
:-/
Actually there's a variation of p2p, which gives both privacy and anonymity.
When you join in, you connect to the person you know and whom you have a mutual trust with. That person may be connected to other nodes, but those are not directly visible to you. Your peer is proxying for them instead. This way (at a cost of a proxying overhead) you still have an access to the data at every single node in a network, but you have no idea where it actually sits.
The key here is to trust your neighbours, that is to trust that they will not be disclosing you to their peers. If you choose your neighbours wisely (for instance, only connect to your real-world friends), your anonymity on the network is guaranteed. If anyone 'defects', the damage is limited to his friends only. That's pretty good resiliency if you ask me.
It's just something that we've been discussing locally with few friends of mine; haven't got time to prototype anything working yet
I used to work for a company that sold and serviced ATMs of various brands and also wrote some custom (smart-card processing) software to go along with the hardware.
This was in late 90s, and at that moment Siemens used WindowsNT, Bull used DOS (!), IBM (aka Diebold) used OS/2 3.0, experimented with OS/2 4.0 and considered moving to Windows, NCR was OS/2 2.0 (!) and was actively moving onto Windows too.
The trend was very clear, I doubt it changed. 2c
"One can watch the Sun in a telescope exactly two times in a lifetime. First - with left eye, second - with the right."
I'm surprised nobody brought up VR goggles from Snow Crash yet :) Same idea, but instead of the retina, the laser was sweeping across the goggles and the eye was picking the image up from its surface the regular way. Neat and very elegant idea if you ask me.
Example:
foo (*bar) (baz);
Now, does this line
* define bar to be a pointer to function taking type baz and returning type foo, or
* call function foo on the value you get by dereferencing pointer bar, and then call the function to which the pointer to function returned by foo points on the value baz, or maybe
* expand the macro foo (*bar), which results in a construct which followed by (baz); gives some valid C code which could do just anything?
* none of the above as it's all cleverly ifdef'd by an inclusion of custom stdio.h
> If you think it's OK, you obviously haven't been involved in kernel or embedded development.
:)
Actually, I've been doing embedded development for a living for almost six years. With proper care, C++ generates smaller binaries with smaller memory footprints than C, thanks to userland control of pooling, policies, and linking-discardable specializable libraries.
I didn't mean to sound it personal. It's an ESL thing, no need to be defensive
However the point I was trying to make across was that since C++ does a lot for programmer behind the scenes, it takes more seasoned developer to fully realize all effects of these freebies on the binary output. That's the 'proper care' you are referring to.
> If you say one should be careful what features of C++ he uses and not to use this and that, I say one should learn proper C skills instead.
That's a total straw man. What I said was that the costs of C++ development were misunderstood.
You are forgetting one fairly major cost associated with C++ development - the cost of training and management. From my experience (doing a lot of interviewing lately) if you compare an average C++ and C developers, former would inevitably come out much more overconfident in his skills. Even cocky. And that's outweights all benefits of C++, because it's hard to make a dozen of C++ guys establish common programming principles. That was my second original point - C projects are both easier to manage and are easier to participate in.
Otherwise I'm fine with C++. I'm using it myself on a regular basis. It's just that it's not suitable for Linux kernel development for a number of reasons, that's it.
Assuming you are looking at integer_t type, is it primitive ? :-p
Made you look in header
Agreed about developers though, however the number of
those who have a clue is drastically lower than those
who think they have a clue. Everyone's a freaking C++
senior these days.
It's not the slowliness, it's the obscuirty and the lack of control over the binary code size it introduces. Something as simple as 'a == b' may easily add few KB to the kernel.
If you think it's OK, you obviously haven't been involved in kernel or embedded development. If you say one should be careful what features of C++ he uses and not to use this and that, I say one should learn proper C skills instead.
Java on other hand ...
:)
Or better yet - Brainf*ck, my personal favourite
first proof, that i'd seen at least, of the existance of negative numbers.
negative numbers exist by definition, dude. you start with natural numbers - 0,1,2,3,4.. and summation. once you want to reverse 'the plus', you define negative numbers. then when you want to invert multiplication, you get rationals. then when you want to invert exponentiation - you get irrationals. get it ?
C'mon Neal...you should know slashdotters better than that. We don't hit the back button, we use mouse gestures.
C'mon, dude...you should know slashdotters better than that. We can't use mouse gestures, because we have carpal tunnel syndrom.
G-chat is nothing compared to G-spot.
As an American patriot you may wish to not use the Freedom word resume and defer to the Latin CV.
?
And some people are just irreverent, insensitive dorks. That's quite normal as well, but its normalcy doesn't mean we should encourage or otherwise condone their social incompetency.
And there are also dorks of a different kind - they storm to offer public condolences because an OpenSource (ah!) developer, whom they neither know nor even heard of before, rode in a car with RMS (oh!) and lost his life to a car accident. If you are such a good hearted person, go and email relatives, don't show it off here.
Every death is tragic, but it barely makes sense to make it a discussion topic. Seems to me that
PHP you used.
Not SQL, but still unwise.
Any chance that they can use this process to search for Beagle?
..
Any chance that they can use this process to search for Apollo Lunar Lander ? If you know what I mean
But Icons ?! They are a waaay too small ... how can one expect an average user to hit 64x64 icon and not to miss ? Duh, just think about it.
Must be Atkins or something