Slashdot Mirror


User: tomstdenis

tomstdenis's activity in the archive.

Stories
0
Comments
6,870
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,870

  1. Re:Why back Sun? Why back Solaris? on Gentoo Announces OpenSolaris Port · · Score: 2, Interesting

    ...setup....your....own...mirrors....

    e.g. you have a dozen "Comp-u-matic 1000s" in your server room. You take one and build binary packages on it, even optimized and USE flaged for your environment.

    then you...get this... this part is the kicker

    MAKE THE OTHER BOXES USE IT AS A PACKAGE SOURCE.

    Tom

  2. Re:Why back Sun? Why back Solaris? on Gentoo Announces OpenSolaris Port · · Score: 1

    ....gentoo...supports...
    binary...package...insta lls.... ...

    As for your PHB reference... well it's a matter of motivation. If your stock holders knew you spent millions on SUN when free would do... your PHB may think otherwise.

    Tom

  3. Re:Portage dependency check on Gentoo Announces OpenSolaris Port · · Score: 1

    "Read the documentation" ...

    This is slashdot.... Just because the instructions walk you through EVERY DETAIL of a gentoo install doesn't mean we should read them!!!

    Tom

  4. Re:Why back Sun? Why back Solaris? on Gentoo Announces OpenSolaris Port · · Score: 3, Interesting

    " Gentoo's not the kind of thing you run on production servers, Solaris is."

    Why not? Or is this yet another empty "marketting-statement?"

    Tom

  5. Now I have proof... on Google Moves Into Video · · Score: 1

    of why tv sucks..

    compare the # of hits for

    money, or terrorism, or god

    To the number hit by

    differential, or titration, which doesn't come up with real hits

    Tom

  6. [OT] Re:Uh-oh... bad news for Google... on Firefox Lead Now Working For Google · · Score: 1

    [long offtopic post]

    Transmeta despite their hype NEVER had a product that was significantly better than what we have today.

    A AMD XP-M [2400+] in low power mode takes a whopping 9W or so of power. Gives 4 hours of battery power [in a compaq presario 2180CA with the LCD brightness down and wifi in power saving mode] and is FASTER than a Transmeta at full power.

    Oh sure I could get 5-6 hours out of a transmeta but builds will take longer, apps will load/run slower, etc...That and you pay a premium for the laptop [at the time I bought my laptop the only retail transmetas sold for $500 more].

    I don't know exact specs for the AMD K8 but if the mobile is anything like my 3200+ NewCastle it's even better than the mobile AMD XP-M [e.g. more processing more and less actual power consumption]. And given that you can get a K8 laptop for slightly more than what my XP-M cost in 2003 there isn't much incentive to buy a transmeta...

    Transmeta would have had a place say in the late 90s and early 00s when laptops really guzzled batteries. Now that we have cpus like the Pentium M, XP-M and K8 the need for "slow but low power" cpus in laptops is really non existant.

    Another point that soured Transmeta is that the CPU is not the only power user. My laptop in low power mode consumes roughly 16.83W of power [at ~16V and 1052mAh]. The cpu consumes about 9W of that or 53%. The rest is the chipset, wifi, memory and more importantly the hard disk and backlighting.

    The LCD at full brightness adds roughly 3.2W to the consumption, the hard disk at full load consumes another 5W, the cdrom probably takes about the same. Then you have the wifi while transmitting, etc...

    So the actual load of the cpu when working which generally while editing text is a fair amount of idle time contributes just over half the power used.

    If you want to prolong the battery life you want to also reduce the consumption of the rest. For instance, by extrapolation if the rest of the laptop [minus the cpu] was halved in consumption would lead to roughly 808mAh consuption [up to 5h 12m from 4h].

    By comparison halving the cpu consumption lowers the overall consumption to 770mAh and a running time of around 5h 27m.

    So really all the cpu savings that Transmeta offers [and I'm just guestimating they have 4.5W cpus] gets you an additional 15 minutes of battery life.

    That's why Transmeta can't push their cpus.

    All of this is extrapolations based on my 2180CA presario laptop... from Q4 of 2003.

    Tom

  7. Re:Physical security is the only important securit on Just How Paranoid Are You? · · Score: 1

    "Send me your IP address and a check or moneyorder for $49.00 and I'll take care of the rest."

    Bah what a rip! I'll do it for 48 dollars and a 100 cents.

    Tom

  8. Re:Useless... on Ciphire, A Transparent, Easy PGP Alternative · · Score: 1

    SSL is overly complicated and not that it needs to be.

    Why do they use defines like RSA_1024_SHA1_AES_128? Why not just have fields in the packet header that says "cipher=aes", "cipherkeysize=128", etc...?

    Of course people like the SSL designers also write code like that, e.g. BF_cbc_encrypt() ???

    First it's blowfish not BF. Second, why is the CBC mode tied to the cipher?

    In libtomcrypt I support 4 chaining modes (CBC, CFB, OFB and CTR) and all four work out of the box on any cipher. That is, I can add a new cipher [say Camellia] and the modes AUTOMATICALLY work with it. I don't have to re-write code to support it.

    Of course this is because I'm a forking genious....

    Tom

  9. Re:Useless... on Ciphire, A Transparent, Easy PGP Alternative · · Score: 1

    SSL was not based on any established standards. IIRC it used it's own checksum routine for authentication checks.

    SSL was fairly insecure until around v3.

    People say "why re-invent crypted-socket code?" well maybe because SSL isn't a model of perfection? Maybe others can do better (e.g. simpler, smaller, etc...)

    Tom

  10. Re:Uhh...wow? on Meet The Co-Creator of Firefox · · Score: 2, Insightful

    Last I checked there is more than just him working on FF. He may have created the fork (and kudos to him) but that's a far cry from the co-author of the entire suite.

    First off, it's LARGELY based off the gecko engine [e.g. Mozilla]. Second, there are other FF active developers.

    This would be like me forking GCC then when 100 developers get a cool release out of my fork I take credit for it.

    Tom

  11. Re:choice of algos.... on Ciphire, A Transparent, Easy PGP Alternative · · Score: 1

    Well this is why you derive the MAC and cipher key from the same source [e.g. input to PKCS #5]. That way if one is wrong the other is very likely wrong too.

    Now if someone changes the ciphertext the MAC is very likely to fail.

    The trick though is your are MAC'ing public data [e.g. the ciphertext] and not data that is private [the plaintext]. By MAC'ing the plaintext you are technically leaking [if every so little] information about the plaintext.

    That and MAC'ing the ciphertext let's you detect quickly if the packet has been changed [or replayed].

    Tom

  12. Re:Took a while for the guitar to catch up, eh? on Musical Robots Invade Juilliard · · Score: 1

    Ever listen to MOD, S3M or XM music?

    They're able to reproduce music with stringed instruments and capture things like vibrato, volume bends, etc...

    I think a mechanical "player guitar" may be harder but automating guitar music isn't impossible.

    Tom

  13. Re:Took a while for the guitar to catch up, eh? on Musical Robots Invade Juilliard · · Score: 1, Troll

    What you are describing is a keyboard not a piano.

    That's like saying Violins suck because they can't play good piano solo music or something. Different techniques for different instruments.

    Besides the best part of music [not just piano] isn't just the sweet sweet notes, it's also the performers method/variation. Everyone plays slightly different and getting the performers take on something is equally cool.

    Let's just say given the chance I'd rather see live performances than hi-quality super recordings.

    Tom

  14. Re:Took a while for the guitar to catch up, eh? on Musical Robots Invade Juilliard · · Score: 2, Insightful

    ... spoken as someone who doesn't play the piano eh?

    There is more to playing than simply hitting the right keys. There is the duration, force, rythm, etc, etc, etc...

    Granted it's been a few years since I played last but from where I was [grade 7 conservatory] it was a lot more than just "hit these notes in 1/4 time".

    Tom

  15. Re:choice of algos.... on Ciphire, A Transparent, Easy PGP Alternative · · Score: 1

    CCM mode sucks. Use EAX or OCB instead ;-)

    EAX mode benefits further as you only need the encrypt mode of the cipher [and only a cipher].

    Tom

  16. Re:Useless... on Ciphire, A Transparent, Easy PGP Alternative · · Score: 1

    There is a difference between making your own system/protocol and your own cipher/hash/etc. Protocols aren't that hard to write once you have some experience. Ciphers/hashes are hard to design [at least new ones with improvements] even after years of experience.

    But who says making new protocols is bad? You use PGP v1? SSL v1? SSH v1? ... If not then I call you a hypocrit.

    Tom

  17. Re:Useless... on Ciphire, A Transparent, Easy PGP Alternative · · Score: 1

    Oh, so as I understand it RFC2440 was written and THEN PGP v1 was written?

    Thanks for history v2.0

    Tom

  18. Re:Useless... on Ciphire, A Transparent, Easy PGP Alternative · · Score: 1

    "As for the GNUPG point. As user I really don't care how the source code looks as long as it works. Further GNUPG seems more or less secure to me - there weren't that many security advisories yet."

    How many people have really audited it? I know of dozens of crypto/network/etc/hacker types [met at CodeCon] and I bet not a one of them actually has read a line of GNUPG source code.

    Anyone who has talked with Koch would probably do the same thing I did and basically say "fuck you" and walk away.

    The source code being messy [and incomplete] is just a symptom of a larger problem, that is, lazy developers.

    When you have #defines [for instance] for AES_128 mode and they use constants in the code [instead of the defines] that's just an example of poor thinking. When they lack test vectors for the hashes and they don't force the check at startup [of the program] that's just more examples of shotty thought process.

    Sure GNUPG works and it's probably safe. So what? Fixing the code [as I did a while back in the series of patches I sent them] took three fucking hours. Whoopy. So you clean up the code and move on.

    No, instead "it works" so they just leave it at that.

    As for what Ciphire has in advantages? I don't know. I barely use the web-of-trust in PGP anyways [just to talk with my boss]. Chances are it's just another random design by someone thinking they're "smart".

    Tom

  19. Re:Useless... on Ciphire, A Transparent, Easy PGP Alternative · · Score: 2, Insightful

    PGP is a cryptosystem that implements the OpenPGP protocol. This program is taking things like AES and RSA and making a new protocol. It's not a new cipher design.

    Though I too question some of their choices (2 layer encryption for instance...) the idea of a new system isn't a bad one.

    Let's not forget that SSL, SSH, PGP were HOMEBREW!!! Who knows, someone may invent a system simpler, smaller, faster, more secure, more able, etc, in the future.

    For instance, for what SSL does the standard is very complicated. I mean it verifies a cert, does key handshaking then encrypt/mac data. That's not complicated. why does it require a 70 page [non-programer friendly] RFC to describe it?

    I do agree that making something new for the sake of making something new isn't smart. And if that's what they did shame on them. But the fact is "new things" is what drives us anyways.

    Tom

  20. choice of algos.... on Ciphire, A Transparent, Easy PGP Alternative · · Score: 2, Insightful

    First off, encryption is done in two layers. With a 2048bit RSA and ElGamal key [both of which can be solved with GNFS ... in a shitload of time]. They
    encrypt the data with AES in CBC-HMAC mode (??? HMAC is not an encryption algo) then Twofish in CCM mode. ... WTF???

    First off, you MAC the ciphertext since it's gonna be exposed anyways. Second... CCM mode? WTF? CTR mode is simpler.

    It's like they went out of their way to overly complicate the process.

    Tom

  21. Re:Useless... on Ciphire, A Transparent, Easy PGP Alternative · · Score: 2, Interesting

    Hold on there. Some valid complaints

    - no source code
    - no free

    But the others

    - not standards compliant
    - GNUPG exists

    are not really valid. First off, tell me. Which standards does PGP [or SSH and SSL for that matter] follow? They ALL started off as homebrew projects.

    Maybe this format/protocol has improvements over PGP. [probably doesn't ... but who knows].

    As for the fact that PGP/GNUPG exists... PGP is really just bloat ware and have you seen the GNUPG source code? It's really a nightmare and the maintainers [... Koch] are close minded little SOBs. They don't want to make the code more readable or maintainable. So long as it runs who cares right?

    Tom

  22. Re:What about other codecs... on Low-bandwidth Net Radio · · Score: 4, Insightful

    Um... psychoacoustic modelling IIRC isn't part of the standard. The standard mandates things like bit format and DCT precision.

    So if your MP3s sound like crap

    - up the bitrate to something reasonable
    - Get a good source to encode from
    - change the encoder [lame -q 0 is great]

    Tom

  23. Re:Better question on Printing XML: Why CSS Is Better than XSL · · Score: 1

    That's just pragmatism though.

    Springer [for instance] accepts Word format submissions just because people are far too lazy to typeset properly. Despite what people think Word is not a typesetting program. It's hardly a good editor.

    I can't recall the last time running a TeX build gave me a virus ;-)

    Also there was a time when Springer only accepted PostScript submissions that were photo ready. That means actually set to be printed and not just a stream of Word bytes that and editor has to fix up...

    Tom

  24. Re:What the hell kind of phone is THIS? on Build Your Own Rotary-Dial Cell Phone · · Score: 0, Flamebait

    The poster and you are kinda off mark. I'm 22.9 yrs old [thereabouts] and I used rotary phones when I was a kid.

    You don't have to be >35 to have seen one ya know. Stop getting all nostalgialistic over CRAPPY WAY OF DIALING.

    I'm sure the 60s fan boys miss the "back in our day we didn't have tuners, we had no remote control and only 3 fuzzy channels!"...

    Progress is good, high def boobies!

    Tom

  25. Re:Better question on Printing XML: Why CSS Is Better than XSL · · Score: 3, Informative

    I think it's safe to say that TeX and LaTeX own the typesetting domain. Some reasons why perhaps

    1. It's old, mature and stable

    2. LaTeX makes TeX really easy to work with

    3. The output is related to the input, not the machine you are working on.

    4. Gives you wicked control over positioning, size, orientation, etc.

    5. Great support for equations, figures and other oddities that things like Word manages to screw up.

    6. Most TeX distros [like tetex] are FREE and open source. No shelling out the MSFT tax to use Word ;-)

    The only big downside to LaTeX is that occasionally it automagically places things in a less than desired fashion [figures I mean] and you have to manually tweak it. But I'd say for 99% of what math/crypto people do [for instance] LaTeX handles it perfectly.

    Tom