I used to order flash carts from lik-sang so I could write my own GBA/GBC applications. [re: I'm a software developer].
Now that they don't exist I will have to find another supplier and go through the time to build up trust with them etc...
These time of summary judgements are really shameful. At beast MS should have formed an injunction against them selling Xbox chips. The other stuff [e.g. GBA accessories] are not illegal nor "bad".
Each HTTPS site has a public/private key pair. The public key is signed by a root. The idea "magically" is that your browser has the root public key and can verify the signature on the particular sites public key.
The thought process is that if the key of the site you are visiting is signed then the site must be reputiable, etc, etc...
In effect root CA's are just a scam and the only thing you are paying for is a key signed by a CA root already installed in your browser.
If browsers were shipped without the stupid warning then the whole PKI industry would fail.
Why? its just one of those random things bound to happen.
I bet somwhere out there there is a free standing rock weighing exactly 666.666kg. That doesn't mean its satan's rock, it means randomly its bound to happen.
Are these the same minor causing 100% of all the looting/fires?
When you look at say a G8 summit you see 1000's of peaceful people then a few 100 who are storming around causing shit.
These same people then retaliate with shit like "The brick slipped from my hand into the mcdonalds... honest, I was protesting like civilized nations getting together!"
Hey, go get a fucking job you social-elite piece of shit. Not all of us can sit in our parents basement while thinking up ways to be "special".
I think you are writing as a person who has never had to use either. Threads can really be life savers when used correctly. Sure you have to implement locking but that's what pthread_mutex is for.
On low-mem devices making full copies of the process to spawn copies is just insane.
And on windows the Thread implementation is *intentional* not accidental. The idea is that people using threads will take advantage of the speed increase.
Yeah note how you are writing code to work on one platform. Try writing a POSIX compatible web server with sockets then watch as it doesn't work on half the platforms because "non-blocking" is something they don't support.
I still can't imagine how anyone could think its a better solution. For example, consider a web server. When I submit a request with POST data I send a content-length. Now instead of just doing multiple recv()'s until you get it all your going to have some global structure which will patch the data as select() determines its available.
Its *possible* to not use threads and get the same job done its just not as conceptually simple. For example, in the threaded case you'd have on function to receive all of the POST data. In the non-threaded model you'd have two functions. One function which calls select() waiting for activity and another which delegates the handler for each active socket.
On multi-threaded apps thread-swapping amounts to saving the registers and loading new ones. Its not entirely a difficult task [so to speak, hahaha punny]. Unless you have like a couple 1000 active threads you're not going to notice.
Not as easy as you think. Most socket stuff is blocking to some degree and even still the "timed" stuff is platform dependent. At least with pthreads [which is nicely portable] you can work with trivial socket code in multiple threads.
Also things like web servers don't work nicely as single threaded applications. If you have ever written one [I have, http://tom.iahu.ca] its very simple in a threaded model.
I'm of the type that thinks both "just because" and "in theory" statements are worthless. Provide logical support [e.g. lemmas, collaries, etc..] and you shall establish a valid line of thought.
a) I do stupid things then sue the provides for my inability to control myself
b) Taking advantage of the lack of laws to exploit unwilling others.
So suing tabacco [while funny and overall product] falls under the former while sending out mass amounts of spam because its not illegal is the latter.
The problem you are falling into is what I call the "magic button" thoerem. It states (falsely) that some magic button must exist that solves all problems.
Likewise for a crypto library there is no
int magic_button(pt, ct, key)
function since each system, os, cryptosystem is unique.
My library is not designed to solve just one problem. Its a well organized set of primitives and support routines that can be used.
Quite frankly if you're not smart enough to take primitives and make your own system that is secure you're in the wrong business.
That being said I have nothing against standards complaince. I want to add PKCS #1 support for instance, but even when I have PKCS #1 merged in libtomcrypt won't provide "magic button" support.
For instance, Wayne Scott [of bitkeepers.com] has recently tested libtomcrypt on 18 different platforms/os combos. With exception to a few problems [os'es without RNG's] the library worked statically [e.g. anywhere where an RNG is not needed] flawlessly
This follows my train of thought. You take my lib, add your system specific stuff and get a cryptosystem in return.
If I narrowed the system to say support "win32 magic buttons" I would instantly lose all my portableness
Well I agree I lack protocols support but that isn't to say I lack the basic algorithms. I have chaining mode wrappers [OFB,CFB,CTR,CFB] for the ciphers, etc..
In fact unlike the CryptLib and OpenSSL design my library is fully modular which means the OFB code for instance is not tied to one cipher. If you examine CryptLib [and from what I have seen of OpenSSL] they have implemented one OFB [etc] routine per cipher....
I agree though that protocol support is a good idea but thats not a be-all either.
Most protocols don't fully specify your PRNG/RNG source or how you should lock memory, store things on disk, etc...
In otherwords you can comply with say PKCS #1 and still have an insecure application.
Also unlike OpenSSL my library builds out of the box on virtually every GCC platform without configuration or patching. It even works on my Gameboy Advanced without changes!!!
In the long run I agree. I do plan on adding things like PKCS #1, P1363, etc... but in the short term I am more interested in getting mature, well documented primitives.
My crypto lib has supported [non-P1363] ECC crypto since quite sometime now. Big deal.
http://libtomcrypt.sunsite.dk or http://tom.ia hu.ca
I use ECC in the traditional ElGamal method without standard packet formats. But the idea is the same...
Tom
Re:It's a problem if Ashcroft's anywhere near it..
on
Politicizing Science
·
· Score: 1
well naturally I think everyone agrees that science has limits. e.g. mass murdering 75 people to see how brain activity changes as they die is obviously "unethical"
But playing with a non-sentient bunch of organic cells?
Anyways... I was just ranting into the wind, not really targetting the parent post.
So basically you're saying
"I'm selling a product at a loss using the assumption people will give me money later on"
Well if the X-Box is such a loss for MS maybe they should leave the console business?
Tom
I used to order flash carts from lik-sang so I could write my own GBA/GBC applications. [re: I'm a software developer].
Now that they don't exist I will have to find another supplier and go through the time to build up trust with them etc...
These time of summary judgements are really shameful. At beast MS should have formed an injunction against them selling Xbox chips. The other stuff [e.g. GBA accessories] are not illegal nor "bad".
Tom
Each HTTPS site has a public/private key pair. The public key is signed by a root. The idea "magically" is that your browser has the root public key and can verify the signature on the particular sites public key.
The thought process is that if the key of the site you are visiting is signed then the site must be reputiable, etc, etc...
In effect root CA's are just a scam and the only thing you are paying for is a key signed by a CA root already installed in your browser.
If browsers were shipped without the stupid warning then the whole PKI industry would fail.
Tom
Why? its just one of those random things bound to happen.
I bet somwhere out there there is a free standing rock weighing exactly 666.666kg. That doesn't mean its satan's rock, it means randomly its bound to happen.
Tom
Actually surprisingly your wrong. Try throwing ice in a fryer at McDonalds next time your out.
The suddent change in temp. causes the ice to explode....
Tom
There legitimate use for P2P technology, just not the "Kazaa" incarnation of it.
Tom
Its not hard to monitor packets, even if you mimic HTTP protocols over port 80 they could prioritize bandwidth based on file sizes, etc...
Tom
Freshman at Harvard who pirates music and/or videos...hmm!
That just renewed my lack of faith in a university education....
Tom
Yes, but stupid little script kiddies trying to act tough DDoS'ing something they have 0% of a clue about is not exactly a good idea either.
In the 60's when you went to a sit-in it was either
a) where the lsd was
and/or
b) You wanted to make a point
If 12yr olds could drop out of school to attend just because that's where the action was would that be a useful use of time?
Similarly anyone can now just click a button to support a "cause" whether the they are willing to invest time into it or not.
And lets not forget something else. The "master" server is the one sending the spam regardless of the relays.
That's like saying "Yeah, my computer sent 100000 emails, but my ISP relayed them so its their fault".
But oh wait thats true. ISP's do get punished for spam already. Ho hum... so much for a co-ordinated P2P spam system...
Tom
Are these the same minor causing 100% of all the looting/fires?
When you look at say a G8 summit you see 1000's of peaceful people then a few 100 who are storming around causing shit.
These same people then retaliate with shit like "The brick slipped from my hand into the mcdonalds... honest, I was protesting like civilized nations getting together!"
Hey, go get a fucking job you social-elite piece of shit. Not all of us can sit in our parents basement while thinking up ways to be "special".
Tom
It would be less subtle then that
i dia_has;
texture_mapper = hyper-23-stage-8-port-texture_mapper_that_only_nv
light_mapping = double-precision-14-source-phong-shading;
vertext_shader = GHZ_GPU|DBL_PREC|NVONLY;
if (above == fails) {
emulate_very_slowly();
}
That way they can claim the game needs some super-duper feature that only the Nv chipset has and not be guilty of actually putting a label
if (chip == Nv) { play_goodly(); } else { play_like_pirated_copy_of_tribes_2(); }
Tom
copyrights or patents?
Anyone with a bit of skill can code their own RC5 code... I know I did it. However, there are US patents on the RC5 algorithm...
Tom
mod +1, laugh my ass off funny!
mod +1, "you go girl!" [could be a new category]
Tom
hazaa a common sense poster on /.
:-)
I've now lived a full life.
Tom
I think you are writing as a person who has never had to use either. Threads can really be life savers when used correctly. Sure you have to implement locking but that's what pthread_mutex is for.
On low-mem devices making full copies of the process to spawn copies is just insane.
And on windows the Thread implementation is *intentional* not accidental. The idea is that people using threads will take advantage of the speed increase.
Tom
Yeah note how you are writing code to work on one platform. Try writing a POSIX compatible web server with sockets then watch as it doesn't work on half the platforms because "non-blocking" is something they don't support.
I still can't imagine how anyone could think its a better solution. For example, consider a web server. When I submit a request with POST data I send a content-length. Now instead of just doing multiple recv()'s until you get it all your going to have some global structure which will patch the data as select() determines its available.
Its *possible* to not use threads and get the same job done its just not as conceptually simple. For example, in the threaded case you'd have on function to receive all of the POST data. In the non-threaded model you'd have two functions. One function which calls select() waiting for activity and another which delegates the handler for each active socket.
On multi-threaded apps thread-swapping amounts to saving the registers and loading new ones. Its not entirely a difficult task [so to speak, hahaha punny]. Unless you have like a couple 1000 active threads you're not going to notice.
Tom
Not as easy as you think. Most socket stuff is blocking to some degree and even still the "timed" stuff is platform dependent. At least with pthreads [which is nicely portable] you can work with trivial socket code in multiple threads.
Also things like web servers don't work nicely as single threaded applications. If you have ever written one [I have, http://tom.iahu.ca] its very simple in a threaded model.
Tom
/me jumps over the other side of the fence....
Its also just as easy to say "in theory".
---- disclaimer
I'm of the type that thinks both "just because" and "in theory" statements are worthless. Provide logical support [e.g. lemmas, collaries, etc..] and you shall establish a valid line of thought.
Tom
Then you just charge the owners of open relays. In all technicality if you relay spam then you are also sending spam.
Its possible to setup redudant servers that are not completely open [in the sense anyone can send from it without a priori knowledge]
Tom
There are two sides to this
a) I do stupid things then sue the provides for my inability to control myself
b) Taking advantage of the lack of laws to exploit unwilling others.
So suing tabacco [while funny and overall product] falls under the former while sending out mass amounts of spam because its not illegal is the latter.
Tom
The problem you are falling into is what I call the "magic button" thoerem. It states (falsely) that some magic button must exist that solves all problems.
Likewise for a crypto library there is no
int magic_button(pt, ct, key)
function since each system, os, cryptosystem is unique.
My library is not designed to solve just one problem. Its a well organized set of primitives and support routines that can be used.
Quite frankly if you're not smart enough to take primitives and make your own system that is secure you're in the wrong business.
That being said I have nothing against standards complaince. I want to add PKCS #1 support for instance, but even when I have PKCS #1 merged in libtomcrypt won't provide "magic button" support.
For instance, Wayne Scott [of bitkeepers.com] has recently tested libtomcrypt on 18 different platforms/os combos. With exception to a few problems [os'es without RNG's] the library worked statically [e.g. anywhere where an RNG is not needed] flawlessly
This follows my train of thought. You take my lib, add your system specific stuff and get a cryptosystem in return.
If I narrowed the system to say support "win32 magic buttons" I would instantly lose all my portableness
Tom
Well I agree I lack protocols support but that isn't to say I lack the basic algorithms. I have chaining mode wrappers [OFB,CFB,CTR,CFB] for the ciphers, etc..
In fact unlike the CryptLib and OpenSSL design my library is fully modular which means the OFB code for instance is not tied to one cipher. If you examine CryptLib [and from what I have seen of OpenSSL] they have implemented one OFB [etc] routine per cipher....
I agree though that protocol support is a good idea but thats not a be-all either.
Most protocols don't fully specify your PRNG/RNG source or how you should lock memory, store things on disk, etc...
In otherwords you can comply with say PKCS #1 and still have an insecure application.
Also unlike OpenSSL my library builds out of the box on virtually every GCC platform without configuration or patching. It even works on my Gameboy Advanced without changes!!!
In the long run I agree. I do plan on adding things like PKCS #1, P1363, etc... but in the short term I am more interested in getting mature, well documented primitives.
Tom
but so what?
a hu.ca
My crypto lib has supported [non-P1363] ECC crypto since quite sometime now. Big deal.
http://libtomcrypt.sunsite.dk
or
http://tom.i
I use ECC in the traditional ElGamal method without standard packet formats. But the idea is the same...
Tom
well naturally I think everyone agrees that science has limits. e.g. mass murdering 75 people to see how brain activity changes as they die is obviously "unethical"
But playing with a non-sentient bunch of organic cells?
Anyways... I was just ranting into the wind, not really targetting the parent post.