parent's trying to say more along the lines of "it'll be a lot less easy to find a collision dataset that's simultaneously a collision for md5 and sha1"
A lot of stuff I've seen floating around carries multiple verification methods (apache uses md5 and pgp sigs for example).
Even if one verification technique is rendered "broken" -- together, the two hash algorithms are still that much more complex to break (though your point is also valid: wasting 32 bits on crc32 isn't going to make it more secure than adding those 32 bits to your new nonbroken cryptographic hashing algorithm).
I'm fairly sure it doesn't do this on machines that are already on a domain.
I installed xpsp2 on three machines in my lab, and none of them presented that. After the reboot, they came right back to the normal login prompt. First login after that was a bit slow (probably doing behind-the-scenes finishing up) but that was it.
I think that the presumption that feature operates under is that either your machine will be on a domain already, or it'll be home users with less predictable priveleges who'll likely just click ok on whatever keeps them from getting back to kazaa and solitaire.
Not saying it's the "right" thing to do... but in what it detects as an enterprise environment, it DOES behave *somewhat* correctly.
If they were running the bt tracker, they could track completed downloads, they could track ip's that downloaded, they could track how long people stuck around helping out after the fact and how effective it was for them, they could track bittorrent client types.
The simple fact is, the only reason they can't track every little thing about this is the fact that the tracker is being run by a third party.
Nevertheless, given the widespread adoption of technologies like bittorrent (which the end user world has seen but the corporate world hasn't so much), this would serve as a good demonstration of how effective the idea of p2p distribution would be.
Except that it's not. As it stands, the fact that this is by a third party and not MS itself incites a community around the technology. Would you stick around on the torrent as long, seed it as long, or share as much if it was microsoft's tracker?
And for that matter, how about if you were a corporate customer, and paying by the gig for your fiber? The whole "community-driven" highway falls apart when the community members are paying the tolls.
kazaa and everything it bundles with it are my collective vote.
I used to work tech support, where half the problems people had using our pages had to do with the numerous spyware programs installed with kazaa. It was a mess.
I'm glad that in my department now my users don't have admin priveleges. If they get themselves spywared, it is easy to fix -- if all else fails, back up their roaming profiles and blow them away, recreate settings on next login! I don't know of anything that can survive a brand new shiny profile;)
I'll acknowledge that you are much more motivated to learn the WHAT if you've a notion that a WHY will follow, but I'd suggest that you CAN'T learn the why without first learning the what. For example...in 1776, the United States declared its independence from England. Why, you ask? It's impossible to explain WHY without first explaining WHAT occurred in the years leading up to 1776
This reminds me of some stuff my mom has talked about a lot (she's an elementary school teacher). Ever heard of "Bloom's Taxonomy" -- a general theory that there's different levels of knowing. There's knowledge, which you need to be able to build comprehension. Can't understand without examples to guide you there, in other words. Can't apply without understanding, at least in a _real_ sense -- in math you can use formulae as a crutch and replace comprehension with knowledge, and get by for a while. But in a situation like the one here, you're only able to analyze if you have knowledge of the events leading up to it, comprehend the subject and the pressures of those events and their causes, and can apply that understanding of the pieces to the whole.
I remember there used to be a sign in just about every classroom at my elementary school with that on it. But nobody ever explained what it meant there. Guess that was a break in the whole "knowledge" base:-p.
In my studies here (Purdue University) I've had great and terrible.
The great were in the physics and electrical engineering departments (I started in mechE and then changed to compsci/psychology). Physics 152 (calculus based mechanics, prereq differential calculus) was considered a "weedout" class -- that is, the people who can't pass it don't waste the time of the engineering programs, they change majors to something else.
The prof for the class when I took it was a guy named Sam Harris. Great guy, always spoke loudly, always enthusiastic, and explained stuff, took questions, etc. The TA's were helpful too, as a rule. If you walked in with a basic understanding of the concepts detailed in calculus, there was no reason not to pass the class (I hit 95% or better on every exam, easily). The problem is, most people seemed to walk in with no real understanding of applied calculus, or the basic concepts of differentiation. First-take failure rate for the class when I took it was about 40%, and the cutoff for passing was below 50% of the total points.
I partly blame our abysmal math department and partly blame the terrible math teaching in Indiana schools (I came from honors math in a school in the chicago suburbs, and had calculus before I had any idea what college I would go to--unlike any of my friends from this state who had at best precalc). There's so many people shoved through our math program, so many bad TA's and indifferent professors there that it sabotages better programs and students. I had 4 experiences in this math department (integral calculus, multivariate calc, linalg and diffeq), 3 were taught by grad students who were clearly non-native english speakers, and one was taught by a professor who seemed more preoccupied with his own research than the students who floundered in his class. The thought that these concepts are what goes into the bridges and planes and circuitry and buildings of the next generation of engineers, and that we can't teach fundamentally simple concepts to students, is somewhat scary to me.
funny... I tried something similar.... couldn't find any legitimate valid sources for an english paper I had to write in high school, so I combined a healthy dose of BS with an even healthier dose of good ole-fashioned humor.
However, unlike your teacher, mine had a sense of humor. I was pretty happy with the results, she gave me an A and said it was the most enjoyable paper that anyone in the class had turned in. Really changed my view of writing too.
Then, I spose that's also the difference between science and art, or maybe just between high school and the real world, or something.:-p
I just watched a dvd rip of it after getting a sudden flood of 15 or 20 requests for the movie in the last 24 hours. It kept me guessing right to the end on a lot of story elements. The animation style of this movie is incredible, the plot was great, and.... just wow. Definitely Alice in Wonderland meets about 10 other identifiable influences. I'm going to make sure everyone who regularly leeches from me gets a copy of this to watch, and I hope to catch it in the theaters too!
I'm not sure about the general public though. If you don't know some things about japanese culture and mythology and traditions, a lot of little things in the movie would seem too foreign and detract a bit from it.
The DBZ series moves very very slowly.... lots of powering up, lots of charging, lots of rehashing details...
The movies, though, are quick. They've gotta cram into an hour what they would do in 30-40 episodes of the series. They're a hell of a lot more action packed and a lot more entertaining, even if not a single one of them can fit comfortably into the plot line as the series depicts it.:-p
Seriously though.... give one of the movies a try without your preconceptions about the series turned on, you might like them a lot more.
Re:How to disable Passport integration with XP
on
Passport vs. Plan 9
·
· Score: 1
in our lab setup at my university, we've recently migrated to windows xp (from 98). Of course, half campus wants windows messenger, so its installed in the default image. Blah.
Anyway, I just added to a batch file I autorun on startup to remove all the files in the messenger directory, and changed the startup reg key to point to empty string instead of the path to msmsgs. msimn starts in about 1/8 of the time now too, since its spawning a null messenger that doesn't exist.
its actually ACMAINT, not ACTMAINT (most people confuse those). You'll find some helpful links about basics of it at purdue's labinfo pages (search) and off google (search key=acmaint). It is house-written, but all in all pretty dang effective. PCR-dist doesn't fit into the login scheme of things at all. Its just there so the win98 machines provide the same environment to everyone and give you the freedom to install your own software. Sadly, we're moving away from that model with winxp, replacing it with roaming profiles. In any case though, if you have the ability to pursue something custom, purdue's system is a pretty good model if your setup is large enough to justify something like it. (note that the recent hack was on a non-acmaint machine, though details haven't been too publicized about that either).
as I sit here reading through comments, one of the biggest things I see is that most people are suggesting things like "MS can't survive in an open source world" "open api's" "open source is the best way to improve code" "build an os around the freebsd kernel" and stuff like that...
Well, the way I see it, MS can and does survive pretty well in a market with open source, and not because they are a monopoly practicing unfair business practices but because they make an easy to use solution that satisfies most people's expectations.
As a regular user of all of windows 98se and 2000, debian linux, and freebsd, I have to say that the windows paradigm is damned easy to get around in. I don't see freebsd as ready to be a common-man desktop operating system, nor do I see any of the linux distros I've tried as there yet. Some of them are getting pretty close, but from an install standpoint, and configuration changes, and software installs and support, OSS OS'es demand more understanding than the tired-cliche-joe-sixpack will ever want to put into his OS or his computer. He doesn't care about monopolistic practices, he wants to turn it on and have it "just work"... not work 15% faster and use memory 20% more efficiently, and definitely not have to remember anything that they'll have to type in to update their system. Most people are point-and-click users, don't care that their kernel has been the same for the last year and like the ease of use to just download a driver and click on it, or better yet not have to download or click on anything but have the OS just recognize the hardware and just work.
Anyway, to stay on topic, I think windows should lower prices when OSS OS'es and software actually offer a threat to them in the desktop realm, and maybe should admit defeat or strive to improve and put out a decent product in the server market. Maybe MS should just pick their battles a little better, attacking OSS'es soft underbelly (the desktop) and not touching their armored shell (the server market) until they can actually compare with it, if they ever can.
I am doing double major Computer Science and Psychology (best of both worlds), and was able to pursue an Electrical engineering minor.... but I don't think that's what you meant....
Probably what you're referring to is more of a "make-your-own" degree.... we've got that here too. Interdisciplinary engineering, they call it, and my roommate is doing it. He's taken Electrical engineering, Industrial engineering, Computer Science, and Psychology classes, and basically built his own major.
The bad part he's running into now, though, is that he really hasn't gotten much deep knowledge, making up for it with breadth of knowledge. It takes a LOT of discipline in a MYOM (make your own major) curriculum to keep taking the "hard" classes where you'll learn the most. Though he's been in his curriculum 2 years more than I have (he's graduating this semester) I have a lot deeper knowledge of what I do than he does, and am probably a lot more hirable.
The big caveat to it all is that you can't count on just what the curriculum threw at you to get you a career, you have to find what you really love to do, and do it in your class time and in your downtime.
My question is, are you meaning MS-instilled FUD, or is there now a new definition of FUD, for mere FUD that has arisen on its own rather than via propaganda? Or are you just using it wrong? =P
I would say, FUD referring to the general public opinion that open source is some sort of renegade movement, unreliable, doesn't do what it needs to do, or doesn't do it as easily or as well or in a comparably user-friendly way (eg microsoft -- office and windows are remarkably easy to use: prevalent and intuitive).
When it comes right down to it, Microsoft has a really really great marketing department. The Open Source community, on the other hand, doesn't. I think largely because Microsoft is a single, for-profit entity and can afford to devote money to pay marketing, where most open-source supporters aren't so much for-profit, and aren't so much interested in "selling" the product to the public, or really improving the name of the product all that much.
I am sure though, that spokespeople from MS referring to the open source movement as "a cancer" and others referring to open-source as "communism" and "anarchy" and other negative buzz-words doesn't help the issue any. Nor the negative connotations the general public holds on the word "hacker" which so many OS geeks use to refer to themselves.
I dunno though, Maybe I am just not paying enough attention to the media, and maybe they are making a big deal over Linux developers NOT getting sued for monopolistic practices. Who knows?
>>I mean, whats the big deal, unless you have something to hide??
Well, it seems to me that if you have ANYTHING that indicates you have idle time at work, your employers could use that against you, claiming that it is evidence of your unproductivity.
In other words, innocent surfing could theoretically get you fired, in some companies...
Not to mention the possibility of temporary files from popup and popunder ads on innocuous sites.
Slashdot Mirror
parent's trying to say more along the lines of "it'll be a lot less easy to find a collision dataset that's simultaneously a collision for md5 and sha1"
A lot of stuff I've seen floating around carries multiple verification methods (apache uses md5 and pgp sigs for example).
Even if one verification technique is rendered "broken" -- together, the two hash algorithms are still that much more complex to break (though your point is also valid: wasting 32 bits on crc32 isn't going to make it more secure than adding those 32 bits to your new nonbroken cryptographic hashing algorithm).
I'm fairly sure it doesn't do this on machines that are already on a domain.
... but in what it detects as an enterprise environment, it DOES behave *somewhat* correctly.
I installed xpsp2 on three machines in my lab, and none of them presented that. After the reboot, they came right back to the normal login prompt. First login after that was a bit slow (probably doing behind-the-scenes finishing up) but that was it.
I think that the presumption that feature operates under is that either your machine will be on a domain already, or it'll be home users with less predictable priveleges who'll likely just click ok on whatever keeps them from getting back to kazaa and solitaire.
Not saying it's the "right" thing to do
mid july or so there were a bunch of random automated-looking and weak looking ssh login attempts all over the place ....
....
threads on the full disclosure mailing list archives and dslreports forums about that
wonder if this is what the topic poster was encountering?
If they were running the bt tracker, they could track completed downloads, they could track ip's that downloaded, they could track how long people stuck around helping out after the fact and how effective it was for them, they could track bittorrent client types.
The simple fact is, the only reason they can't track every little thing about this is the fact that the tracker is being run by a third party.
Nevertheless, given the widespread adoption of technologies like bittorrent (which the end user world has seen but the corporate world hasn't so much), this would serve as a good demonstration of how effective the idea of p2p distribution would be.
Except that it's not. As it stands, the fact that this is by a third party and not MS itself incites a community around the technology. Would you stick around on the torrent as long, seed it as long, or share as much if it was microsoft's tracker?
And for that matter, how about if you were a corporate customer, and paying by the gig for your fiber? The whole "community-driven" highway falls apart when the community members are paying the tolls.
kazaa and everything it bundles with it are my collective vote.
;)
I used to work tech support, where half the problems people had using our pages had to do with the numerous spyware programs installed with kazaa. It was a mess.
I'm glad that in my department now my users don't have admin priveleges. If they get themselves spywared, it is easy to fix -- if all else fails, back up their roaming profiles and blow them away, recreate settings on next login! I don't know of anything that can survive a brand new shiny profile
This reminds me of some stuff my mom has talked about a lot (she's an elementary school teacher). Ever heard of "Bloom's Taxonomy" -- a general theory that there's different levels of knowing. There's knowledge, which you need to be able to build comprehension. Can't understand without examples to guide you there, in other words. Can't apply without understanding, at least in a _real_ sense -- in math you can use formulae as a crutch and replace comprehension with knowledge, and get by for a while. But in a situation like the one here, you're only able to analyze if you have knowledge of the events leading up to it, comprehend the subject and the pressures of those events and their causes, and can apply that understanding of the pieces to the whole.
I remember there used to be a sign in just about every classroom at my elementary school with that on it. But nobody ever explained what it meant there. Guess that was a break in the whole "knowledge" base
In my studies here (Purdue University) I've had great and terrible.
The great were in the physics and electrical engineering departments (I started in mechE and then changed to compsci/psychology). Physics 152 (calculus based mechanics, prereq differential calculus) was considered a "weedout" class -- that is, the people who can't pass it don't waste the time of the engineering programs, they change majors to something else.
The prof for the class when I took it was a guy named Sam Harris. Great guy, always spoke loudly, always enthusiastic, and explained stuff, took questions, etc. The TA's were helpful too, as a rule. If you walked in with a basic understanding of the concepts detailed in calculus, there was no reason not to pass the class (I hit 95% or better on every exam, easily).
The problem is, most people seemed to walk in with no real understanding of applied calculus, or the basic concepts of differentiation. First-take failure rate for the class when I took it was about 40%, and the cutoff for passing was below 50% of the total points.
I partly blame our abysmal math department and partly blame the terrible math teaching in Indiana schools (I came from honors math in a school in the chicago suburbs, and had calculus before I had any idea what college I would go to--unlike any of my friends from this state who had at best precalc). There's so many people shoved through our math program, so many bad TA's and indifferent professors there that it sabotages better programs and students. I had 4 experiences in this math department (integral calculus, multivariate calc, linalg and diffeq), 3 were taught by grad students who were clearly non-native english speakers, and one was taught by a professor who seemed more preoccupied with his own research than the students who floundered in his class. The thought that these concepts are what goes into the bridges and planes and circuitry and buildings of the next generation of engineers, and that we can't teach fundamentally simple concepts to students, is somewhat scary to me.
funny ... I tried something similar .... couldn't find any legitimate valid sources for an english paper I had to write in high school, so I combined a healthy dose of BS with an even healthier dose of good ole-fashioned humor.
:-p
However, unlike your teacher, mine had a sense of humor. I was pretty happy with the results, she gave me an A and said it was the most enjoyable paper that anyone in the class had turned in. Really changed my view of writing too.
Then, I spose that's also the difference between science and art, or maybe just between high school and the real world, or something.
This is a dang weird anime.
.... just wow. Definitely Alice in Wonderland meets about 10 other identifiable influences. I'm going to make sure everyone who regularly leeches from me gets a copy of this to watch, and I hope to catch it in the theaters too!
I just watched a dvd rip of it after getting a sudden flood of 15 or 20 requests for the movie in the last 24 hours. It kept me guessing right to the end on a lot of story elements. The animation style of this movie is incredible, the plot was great, and
I'm not sure about the general public though. If you don't know some things about japanese culture and mythology and traditions, a lot of little things in the movie would seem too foreign and detract a bit from it.
You've apparently only watched the series.
.... lots of powering up, lots of charging, lots of rehashing details ...
:-p
.... give one of the movies a try without your preconceptions about the series turned on, you might like them a lot more.
The DBZ series moves very very slowly
The movies, though, are quick. They've gotta cram into an hour what they would do in 30-40 episodes of the series. They're a hell of a lot more action packed and a lot more entertaining, even if not a single one of them can fit comfortably into the plot line as the series depicts it.
Seriously though
in our lab setup at my university, we've recently migrated to windows xp (from 98). Of course, half campus wants windows messenger, so its installed in the default image. Blah.
Anyway, I just added to a batch file I autorun on startup to remove all the files in the messenger directory, and changed the startup reg key to point to empty string instead of the path to msmsgs. msimn starts in about 1/8 of the time now too, since its spawning a null messenger that doesn't exist.
ack! I thought I had gotten away from alpha centauri references! :-p
its actually ACMAINT, not ACTMAINT (most people confuse those). You'll find some helpful links about basics of it at purdue's labinfo pages (search) and off google (search key=acmaint). It is house-written, but all in all pretty dang effective. PCR-dist doesn't fit into the login scheme of things at all. Its just there so the win98 machines provide the same environment to everyone and give you the freedom to install your own software. Sadly, we're moving away from that model with winxp, replacing it with roaming profiles. In any case though, if you have the ability to pursue something custom, purdue's system is a pretty good model if your setup is large enough to justify something like it. (note that the recent hack was on a non-acmaint machine, though details haven't been too publicized about that either).
as I sit here reading through comments, one of the biggest things I see is that most people are suggesting things like "MS can't survive in an open source world" "open api's" "open source is the best way to improve code" "build an os around the freebsd kernel" and stuff like that...
... not work 15% faster and use memory 20% more efficiently, and definitely not have to remember anything that they'll have to type in to update their system. Most people are point-and-click users, don't care that their kernel has been the same for the last year and like the ease of use to just download a driver and click on it, or better yet not have to download or click on anything but have the OS just recognize the hardware and just work.
Well, the way I see it, MS can and does survive pretty well in a market with open source, and not because they are a monopoly practicing unfair business practices but because they make an easy to use solution that satisfies most people's expectations.
As a regular user of all of windows 98se and 2000, debian linux, and freebsd, I have to say that the windows paradigm is damned easy to get around in. I don't see freebsd as ready to be a common-man desktop operating system, nor do I see any of the linux distros I've tried as there yet. Some of them are getting pretty close, but from an install standpoint, and configuration changes, and software installs and support, OSS OS'es demand more understanding than the tired-cliche-joe-sixpack will ever want to put into his OS or his computer. He doesn't care about monopolistic practices, he wants to turn it on and have it "just work"
Anyway, to stay on topic, I think windows should lower prices when OSS OS'es and software actually offer a threat to them in the desktop realm, and maybe should admit defeat or strive to improve and put out a decent product in the server market. Maybe MS should just pick their battles a little better, attacking OSS'es soft underbelly (the desktop) and not touching their armored shell (the server market) until they can actually compare with it, if they ever can.
But what do I know?
I am doing double major Computer Science and Psychology (best of both worlds), and was able to pursue an Electrical engineering minor.... but I don't think that's what you meant....
Probably what you're referring to is more of a "make-your-own" degree.... we've got that here too. Interdisciplinary engineering, they call it, and my roommate is doing it. He's taken Electrical engineering, Industrial engineering, Computer Science, and Psychology classes, and basically built his own major.
The bad part he's running into now, though, is that he really hasn't gotten much deep knowledge, making up for it with breadth of knowledge. It takes a LOT of discipline in a MYOM (make your own major) curriculum to keep taking the "hard" classes where you'll learn the most. Though he's been in his curriculum 2 years more than I have (he's graduating this semester) I have a lot deeper knowledge of what I do than he does, and am probably a lot more hirable.
The big caveat to it all is that you can't count on just what the curriculum threw at you to get you a career, you have to find what you really love to do, and do it in your class time and in your downtime.
My question is, are you meaning MS-instilled FUD, or is there now a new definition of FUD, for mere FUD that has arisen on its own rather than via propaganda? Or are you just using it wrong? =P
I would say, FUD referring to the general public opinion that open source is some sort of renegade movement, unreliable, doesn't do what it needs to do, or doesn't do it as easily or as well or in a comparably user-friendly way (eg microsoft -- office and windows are remarkably easy to use: prevalent and intuitive).
When it comes right down to it, Microsoft has a really really great marketing department. The Open Source community, on the other hand, doesn't. I think largely because Microsoft is a single, for-profit entity and can afford to devote money to pay marketing, where most open-source supporters aren't so much for-profit, and aren't so much interested in "selling" the product to the public, or really improving the name of the product all that much.
I am sure though, that spokespeople from MS referring to the open source movement as "a cancer" and others referring to open-source as "communism" and "anarchy" and other negative buzz-words doesn't help the issue any. Nor the negative connotations the general public holds on the word "hacker" which so many OS geeks use to refer to themselves.
I dunno though, Maybe I am just not paying enough attention to the media, and maybe they are making a big deal over Linux developers NOT getting sued for monopolistic practices. Who knows?
>>I mean, whats the big deal, unless you have something to hide?? Well, it seems to me that if you have ANYTHING that indicates you have idle time at work, your employers could use that against you, claiming that it is evidence of your unproductivity. In other words, innocent surfing could theoretically get you fired, in some companies... Not to mention the possibility of temporary files from popup and popunder ads on innocuous sites.