Slashdot'll post on the front page news about a new beta version of Red Hat but doesn't post on the front page a new *RELEASE* version of FreeBSD. Seems like Henry Ford's comments about what color the Model T was availabe in: "any color as long as it's black." Slashdot: News for Nerds. Stuff that matters. As long as it's Linux news, E/N crap (Katz, movie/book reviews), or an OSDN promotion.
If Sony had done this "right," this kit wouldn't be horribly out of date. glibc 2.2.2? gcc 2.95.2? XFree86 3.3.6? Cripes! Can any of the maintainers comment on whether they've recieved any patches from Sony or not? It'd be interesting to see if Sony's going to actually commit to the Linux community or if they're going to leave it to the rest of us to keep the PS2 port up to date. It blows my mind that Sony didn't go w/ XFree86 4 as it's got *so* many performance improvements over 3, especially in the area of 3D graphics.
This isn't anything new. I'm a student at Virginia Tech, and the CS dept. has used a "cheating detector" for some years now. It's quite evolved and doesn't only detect obviously copied code (exact copies and copies w/ renamed variables, functions, etc.) but indications of cheating such as a section of code with a drastically different coding style than the rest of the code. It's quite good, and the CS instructors often brag that while it's rarely a case that students cheat (the Honor Code here is a point of pride), the program's garunteed convictions in the Honor Court.
I got my first real UNIX admin position through a friend who was graduating and giving up his UNIX admin position (he ended up being emergency-promoted to the UNIX engineer and not graduating). It's a part-time student position that doesn't pay well but lets me work whenever I want as long as I get my work done, and I've earned some *amazing* experience that I wouldn't have gotten admin'ing my own box(es) (NIS, NFS, LDAP, sendmail, management of over 3000 users). If it's feasible for you, I'd try to find a part-time student position at your local university which allows you to work whenever you want. I know you're not a student, but someone will hire you part-time at student rates -- full-time non-students are expensive and usually do less work than entusiastic students.:) Good luck!
I have a few friends that use @Home's cable service in the Southwestern Virginia (USA) area w/ Linux. This might only apply to Cox@Home, but their TOS state that they are not allowed to have any servers running. We think this is an effort to keep people from running insecure servers (like the exploited wu-ftpd 2.6.0 that ships w/ Red Hat 6.2) which can be cracked, and then their server can be used to start a DoS attack. In fact, @Home dropped a server in their subnet to scan all the clients for open ports. They got TOS'ed when the scanner detected their SSH servers running and were asked to shut them down w/n a week or lose their connection.
There are probably two other reasons why @Home's TOS include the "no servers" clause:
Bandwidth availability: I live in the dorms at Virginia Tech, and a large portion of the on-campus LAN bandwidth gets sucked up by users trading large files (MP3s, bootleg movies, ISOs, etc.) using the horribly bandwith-intesive Windows file sharing (the SMB protocol). While on a 10Mbps switched LAN this isn't too much of a problem, it can bring a network of cable modems to its knees.
CYA: If the RIAA goes after @Home b/c it willfully allowed the illegal distribution of copyrighted material, @Home is gonna quickly die a painful death, and a lot of people are gonna be lacking a high-bandwith connection.
The idea is worth merit and makes sense from a business standpoint when you think about it. I'd rather not go into that, though; this reply is already long enough.;)
I worked for a company called 3GI for a couple summers and winters when I was off from school. They're a large smart card-solutions firm based out of Williamsburg, VA, in the USA (my hometown). Anyway, for the first year, I was a programmer and was exposed to smart cards for the first time. They're pretty cool and aren't as big a threat to privacy as people think. Here's why:
* Smart cards are dumb. The OS on them does a half-dozen important functions: power on, dencrypt the data w/ the correct key (usually a PIN, but biometrics are becoming more popular 'cause PINs aren't very secure), read data, write data, encrypt the data given a key, and power off. Smart cards can't store applications and run them -- they aren't powerful enough for that. If you've seen a card that runs applications, it's a Java card. Even then, Java cards can't do much more than simple math.
* Smart cards can't hold a significant amount of data. Cost-effective smart cards hold 32 kilobytes of encrypted data. There are others that hold more, but their cost goes up exponentially as the amount of space goes up. 32K isn't a lot; it's not even enough to hold complete a person's complete demographics and a fingerprint, especially if you want each smart card to hold discrete information about a billion or more people (the population of China).
* The encryption methods smart cards use are pretty secure. Some of the older cards use DES; the new cards use 3DES and can be programmed to use other encyrption methods. I don't know much about cryptography, but I understand 3DES is pretty difficult to crack. Perhaps someone more fluent in cryptography can elaborate, but it's safe to say it's very tough to crack a smart card. A colleague at 3GI once related to me that it would take someone several months to brute-force a four-character-PIN-keyed smart card when valid characters are digits and the case-insensitive alphabet. Think about how long it would take someone to crack a smart card keyed on a fingerprint (11 or more coordinates on medium resolution coordinate system)! Even then, you've only decrypted the raw data which is a bunch of 0s and 1s unless you know the exact topology of the data stored on the card.
* Smart cards are slow to read. Reading all 32K from a smart card can take 45 seconds. Writing takes even longer. It's a big disadvantage of smart cards (probably their only disadvantage), but at least they can't be "scanned" like memory cards can.
* Their are very few standards in the smart card industry. This makes almost every smart card system different even if they use the same cards and/or even the same APIs. Some APIs encrypt data before it's sent to the card where it's encrypted even further. If you don't know the exact layout of how the data is stored on the card, you'll gonna have one hell of a time figuring it out. A lot of companies use data-mangling techniques to mangle data into values that can be stored in a smaller amount of space. A common practice is to store large intergers as two numbers:
value 1 = large interger hard-coded integer
value 2 = large integer mod hard-coded integer
To summarize, smart cards are a good thing and are not a threat to privacy. Please don't mod an otherwise informative post down b/c of this, but a good analogy is the age-old argument that guns don't kill people -- the wrong people armed w/ guns do. Technology isn't a threat to privacy -- the wrong people armed w/ technology are.
Slashdot Mirror
Slashdot'll post on the front page news about a new beta version of Red Hat but doesn't post on the front page a new *RELEASE* version of FreeBSD. Seems like Henry Ford's comments about what color the Model T was availabe in: "any color as long as it's black." Slashdot: News for Nerds. Stuff that matters. As long as it's Linux news, E/N crap (Katz, movie/book reviews), or an OSDN promotion.
If Sony had done this "right," this kit wouldn't be horribly out of date. glibc 2.2.2? gcc 2.95.2? XFree86 3.3.6? Cripes! Can any of the maintainers comment on whether they've recieved any patches from Sony or not? It'd be interesting to see if Sony's going to actually commit to the Linux community or if they're going to leave it to the rest of us to keep the PS2 port up to date. It blows my mind that Sony didn't go w/ XFree86 4 as it's got *so* many performance improvements over 3, especially in the area of 3D graphics.
This isn't anything new. I'm a student at Virginia Tech, and the CS dept. has used a "cheating detector" for some years now. It's quite evolved and doesn't only detect obviously copied code (exact copies and copies w/ renamed variables, functions, etc.) but indications of cheating such as a section of code with a drastically different coding style than the rest of the code. It's quite good, and the CS instructors often brag that while it's rarely a case that students cheat (the Honor Code here is a point of pride), the program's garunteed convictions in the Honor Court.
I got my first real UNIX admin position through a friend who was graduating and giving up his UNIX admin position (he ended up being emergency-promoted to the UNIX engineer and not graduating). It's a part-time student position that doesn't pay well but lets me work whenever I want as long as I get my work done, and I've earned some *amazing* experience that I wouldn't have gotten admin'ing my own box(es) (NIS, NFS, LDAP, sendmail, management of over 3000 users). If it's feasible for you, I'd try to find a part-time student position at your local university which allows you to work whenever you want. I know you're not a student, but someone will hire you part-time at student rates -- full-time non-students are expensive and usually do less work than entusiastic students. :) Good luck!
Hell, if Fun Com were making the game, it would have been released *months* ago w/ key features replaced w/ the ever-popular "emulate desktop mode"!!!
I have a few friends that use @Home's cable service in the Southwestern Virginia (USA) area w/ Linux. This might only apply to Cox@Home, but their TOS state that they are not allowed to have any servers running. We think this is an effort to keep people from running insecure servers (like the exploited wu-ftpd 2.6.0 that ships w/ Red Hat 6.2) which can be cracked, and then their server can be used to start a DoS attack. In fact, @Home dropped a server in their subnet to scan all the clients for open ports. They got TOS'ed when the scanner detected their SSH servers running and were asked to shut them down w/n a week or lose their connection.
There are probably two other reasons why @Home's TOS include the "no servers" clause:
Bandwidth availability: I live in the dorms at Virginia Tech, and a large portion of the on-campus LAN bandwidth gets sucked up by users trading large files (MP3s, bootleg movies, ISOs, etc.) using the horribly bandwith-intesive Windows file sharing (the SMB protocol). While on a 10Mbps switched LAN this isn't too much of a problem, it can bring a network of cable modems to its knees.
CYA: If the RIAA goes after @Home b/c it willfully allowed the illegal distribution of copyrighted material, @Home is gonna quickly die a painful death, and a lot of people are gonna be lacking a high-bandwith connection.
The idea is worth merit and makes sense from a business standpoint when you think about it. I'd rather not go into that, though; this reply is already long enough. ;)
Arg, I left formatting out.... Man that looks ugly!
I worked for a company called 3GI for a couple summers and winters when I was off from school. They're a large smart card-solutions firm based out of Williamsburg, VA, in the USA (my hometown). Anyway, for the first year, I was a programmer and was exposed to smart cards for the first time. They're pretty cool and aren't as big a threat to privacy as people think. Here's why: * Smart cards are dumb. The OS on them does a half-dozen important functions: power on, dencrypt the data w/ the correct key (usually a PIN, but biometrics are becoming more popular 'cause PINs aren't very secure), read data, write data, encrypt the data given a key, and power off. Smart cards can't store applications and run them -- they aren't powerful enough for that. If you've seen a card that runs applications, it's a Java card. Even then, Java cards can't do much more than simple math. * Smart cards can't hold a significant amount of data. Cost-effective smart cards hold 32 kilobytes of encrypted data. There are others that hold more, but their cost goes up exponentially as the amount of space goes up. 32K isn't a lot; it's not even enough to hold complete a person's complete demographics and a fingerprint, especially if you want each smart card to hold discrete information about a billion or more people (the population of China). * The encryption methods smart cards use are pretty secure. Some of the older cards use DES; the new cards use 3DES and can be programmed to use other encyrption methods. I don't know much about cryptography, but I understand 3DES is pretty difficult to crack. Perhaps someone more fluent in cryptography can elaborate, but it's safe to say it's very tough to crack a smart card. A colleague at 3GI once related to me that it would take someone several months to brute-force a four-character-PIN-keyed smart card when valid characters are digits and the case-insensitive alphabet. Think about how long it would take someone to crack a smart card keyed on a fingerprint (11 or more coordinates on medium resolution coordinate system)! Even then, you've only decrypted the raw data which is a bunch of 0s and 1s unless you know the exact topology of the data stored on the card. * Smart cards are slow to read. Reading all 32K from a smart card can take 45 seconds. Writing takes even longer. It's a big disadvantage of smart cards (probably their only disadvantage), but at least they can't be "scanned" like memory cards can. * Their are very few standards in the smart card industry. This makes almost every smart card system different even if they use the same cards and/or even the same APIs. Some APIs encrypt data before it's sent to the card where it's encrypted even further. If you don't know the exact layout of how the data is stored on the card, you'll gonna have one hell of a time figuring it out. A lot of companies use data-mangling techniques to mangle data into values that can be stored in a smaller amount of space. A common practice is to store large intergers as two numbers: value 1 = large interger hard-coded integer value 2 = large integer mod hard-coded integer To summarize, smart cards are a good thing and are not a threat to privacy. Please don't mod an otherwise informative post down b/c of this, but a good analogy is the age-old argument that guns don't kill people -- the wrong people armed w/ guns do. Technology isn't a threat to privacy -- the wrong people armed w/ technology are.