Well, I think people have generally agreed that a replacement is a bad idea. Berlin is trying that, but, as you mention, hasn't had much publicity or apparent movement recently. As for extending X, well, I guess that's what XFree 4.0 is supposed to be.
I don't think reading the RFCs is very important here. All that work has been done by the OpenSSL folk already. It should simply be a matter of making a new protocol handler, based on http://, that uses a different port and wraps the network socket with SSL.
The article states "International users who have Netscape Communicator do not need to download a new version of Netscape Communicator to take advantage of the strong encryption capabilities being announced today. Negotiation of the strong encryption between international versions of Netscape Communicator and Netscape SuiteSpot servers approved for export to banks occurs through a unique mechanism based on a special-use digital certificate."
This is a capability that's beein in both IE and Netscape for a while. It's called "Server Gated Crypto", and it works like this:
An exportable browser connects to a bank's server. The bank sends the browser a special certificate that has an extension which tells the browser to do Server Gated Crypto. They both drop connection and reconnect, with the domestic-grade encryption.
This does not mean that Netscape is able to export 128bit crypto freely, nor does it mean they can stop making different versions. It means that the ability for the export browser to use domestic crypto is controlled at the CA (like VeriSign) and not in the browser. The CA gets permission to issue these special certs to a certain group of customers (banks, mostly), and THAT controls the crypto.
It was an interesting attempt to relax crypto just enough to assuage the privacy advocates cry of "but, e-commerce needs strong crypto".
They did this an interesting way. You can specify glide or OpenGL (called "gl" and "glx"). I have a Matrox G400, which is playable. The VooDoo cards are supposed to be the fastest (sinc they don't have to use X). I also have an original TNT, which is way slow. I think it's theoretically possible to get it running with Mesa in software (no 3D hardware needed), but you'd get like a frame a week or something:)
For stuff on setting up the G400/G200, try http://www.execpc.com/~tz/linglxqs.txt agp support is very important for speed.
There's a README.Linux file that explains how to use a different Mesa library than the one that comes with the distribution, if you want to try it with support for different cards or the newest-latest version. I use
./linuxquake3 +set r_glxDriver libGL.so.1
Right now, the big thing is waiting for XFree86 4.0. I don't think distributions (like RedHat) will integrate 3D support until the whole DRI thing is ready.
Now if only I could get Ultima IX, Final Fantasy VIII, anything else with cool roman numerals,
Heh. That has been a weird trend @ Loki. I wonder if they'll ever release a 1st edition game:)
I think Loki had a great idea for a company and are pulling it off beautifully. I just wonder what their revenue is like. Is this stuff selling well?
-Dave
pb Reply rather than vaguely moderate me. I don't think this'll work. Moderators aren't supposed to post. Also, when I'm moderator, I mark someone else up or down so that other people will see it or pass it by, not to inform the poster. It's the non-moderator's job to reply with comments.
Well, first off, if your encryption uses any built-in random number generator, toss it, it's crap. This isn't true at all. There have been random number chips that get much better random numbers (ie, more entropy per byte) than user-input available for a long time. Intel's method of gathering entropy from the difference in the heat of the chip is pretty good. Not the best, but better than user-input. Your method of gathering static from the sound card can be considered a built-in RNG and is probably no better than Intel's method.
SSL supports the notion of client authentication. Most SSL toolkits support this, although I don't know about the SSL embedded in web browsers. The concept is simple. A client gets issued a certificate, just like any server. When they log in, your SSL can ask them for the cert and to verify themselves.
If you have a powerful enough SSL toolkit, you can setup something fairly automatic and easy. Tell your SSL to request (not require) a client cert. If the client doesn't have the cert, make them login with username/password. Then, tell them to generate a keypair and sign a certificate for them with your own private key (this can all be done with HTML). If they have a cert, check it against your own public key to see if it was one you signed (in X509 certificate parlance, you are the CA). Finally, they everything is good, let them in.
Not true. DSL is not as secure as any other static connection. The way DSL works is often you are assigned a single ip address out of a huge subnet on a BVI, because of this everyone on the same subnet is pretty much treated as on the same LAN. So you pretty much have to secure yourself from LAN attacks as well. Win95 users don't have that printer shared,:-)
This depends on the type of DSL. Some DSL is bridged and some is routed. Bridged generally means what you say. You are on essentially a LAN with other people, although you don't have to worry about broadcast traffic and receiving packets destined for other addresses. You get arp responses, for one thing, and probably other security-questionable effects.
Routed means that you are on the WAN. You are treated just like any other host on the internet. Just like a normal old T1. With a lot of DSL modems, if you're running routed you can turn on encryption and other niceties, but I doubt many ISPs support this.
Not for now. Because of the relative instabilities inherant in cold fusion, they've decided that it's better to limit it to 2 devices per bus. Thus, they went with IDE. In a few years, as the technology matures, they may move to SCSI or FireWire.
Blackdown has had a Java 2 release for a while now. They have put a lot of effort into this and previous releases. They have put up with being at the bottom of Sun's list and generally being ignore, and they have been able to keep within a few months of Sun's releases anyway. Sun has been promising to keep them better informed for years now, with no change of policy. Blackdown has been doing an excellent job.
I don't think this is about how Linux will compete, but how Sun will compete. So, yes, it does matter if Sun gets it or not. Because the difference is the difference between succeeding and failure. Linux will survive, even prosper, regardless.
I fully agree with petrov's assessment. I tried out dvorak a while back. I was able to type decently after only a few days, but switching back and forth was tough. I code for a living, and often have to use QA's keyboards, so it was particularly difficult. And I think QA woulda killed me if they couldn't type on my machine:)
The RSA cipher and any uses of it will open whn the patent expires. This means that US citizens will finally be able to use the RSA implementation in SSLeay/OpenSSL, or roll their own.
The RC ciphers, RC2, RC4 and RC5, are copyrighted. The names are trademarked. This means that you can not use RSA's code, or the names RC[245], without RSA's permissions. But, you can use AAILRC5EFTN, An Algorithm Incredibally Like RC5 Except For The Name. Basically, RC5 (or 2 or 4), but named different.
BSAFE, now known as Crypto-C, is a product of RSA's, just like any other software product. You will still need to buy it if you want to use it.
RSA's strategy is to move upwards in the food chain, while continuing to promote Crypto-C as the best of breed. They are making PKI toolkits now. PKI toolkits give developers the ability to handle authentication, do work with certificates, and do other, Public Key stuff that relates to Infrastructures. OpenCA would mimic one portion of RSA's Keon offering.
Crypto-C will now be sold a little differently. Instead of "you have to pay us anyway, why not just buy the toolkit", it's now "this is the absolute best crypto toolkit and you should buy it". And they have a point. Crypto-C is highly optimized for all sorts of platforms, has been continually reviewed for security by RSA Labs, has been ported to a huge number of platforms,is easy to work with, and generally an all-around righteous toolkit.
Most/. readers won't want to buy Crypto-C. It's enormously expensive. RSA can now focus on selling to huge companies and not twiddling around, suing the little guy. Frankly, I think the patent expiring will be the best thing for the company since Bidzos joined the board.
According to Linus, Transmeta "makes stuff". So, I assume, Linus was hired to help them make stuff. Linus will be bringing his expertise in stuff design and probably begin expanding into actual stuff manufacturing. With the team they have, I imagine they'll make quite good stuff. Maybe useful stuff. Definitely stuff of some sort or other.
Perhaps the stuff will use Linux, but Linus was not hired to work on Linux (although this is not precluded by his contract). I wouldn't be terribly surprised to see some of Linus' work go into Linux (like a/dev/stuff file or maybe even/proc/stuff, a new stuff driver and an expanded stuff interface). I hear O'Reilly will be partnering with Transmeta to release "Stuff in a Nutshell" and the new "Stuff Administrator's Handbook".
He's talking about actual software releases, not marketing drivel. If you take a look at the KDE pages (and download the _actual software_), you'll see that they have a number of advanced applications that GNOME is simply missing.
Railways move you fast, but you can still only bring 9 troops together. Troop carriers would allow you to ship larger numbers all at once, or make slow troops travel faster. And, of course, troop carriers would move faster on rails.
Clerics are units in Civ:CTP (perhaps also in test of time, but I've never played it). Clerics can convert a city, and can see other clerics and slavers.
"future cultural 23" was a hyperbole. My point was that there should be something useful to do with science after the race runs out.
I missed the space-bar means chill. Nice feature, would have been nice to document it.
The contest announcement doesn't put any restrictions on what can be done. The contest is "a special contest in cooperation with Activision, Inc."... It certainly sounds as if they would allow my changes, and that the changes will be applied to both versions.
I'm interested to hear why you think it's a lousy idea.
I'm not really a strong C++ coder, so I thought I'd throw out some ideas I'd like to see be put into the game.
If you take over an enemy's capital, you should gain all of his/her cities. But, the cities should have an enourmous happiness cost, spawning revolutions in many of them for an unprepared attacker. This also makes bloodlust games less tedious to win.
Perl/Python/Java/etc. scripting. I know this one is a big task for 48 hours, but it'd be nice. Maybe someone could mention it to someone when they're there. The current scripting language is lacking (particularly in documentation).
New units: Land-based troop carriers. This would make it easier to carry large amounts of troops. Differing levels, as well. Different movement, whether they can move over mountains, etc. Also, some could be invisible (like the spy and cleric), to hide the units within.
At the end of the science, going for "future cultural 23" is kinda boring and annoying that it comes up. Add a science that converts science into gold, like Capitalization turns production into gold.
Like "Fortify" and "Sleep", add a command to tellt he unit to wait out the turn. For instance, a settler wants to settle on a river. But, he only needs one move to gain the ground. The settler can't settle until the next move. "Sleep" will cause him to be forgotten the next turn. Make a command like "at ease" or something to mean "chill until the next turn".
First, I'd like to disagree that the key lengths are short. Triple-DES has a 168-bit key, which should be long enough.
Triple-DES was designed very carefully to avoid problems with multiple encryptions. Crypt-analysts found that encrypting something twice with DES and 2 different keys made it not significantly more difficult to decrypt than a single encryption (Schneier; Applied Cryptography; Section 15.1). Triple-DES does encrypt-decrypt-encrypt, defeating the meet-in-the-middle-attack.
But, if you use SSL with DES encryption (or even Triple-DES), over a physical layer that uses DES or Triple-DES, would this have an adverse affect? I'm asking, not telling, as I don't know. Does the meet-in-the-middle attack work when encrypting different data (it would seem not, but IANACryptanalyst)?
Well, the price does go down when you buy in bulk (it shows a little over $1k for up to 9 developers and "Call me" for anything above.) I would imagine you can get it for under $1k.
I agree it is a little steep. Perhaps if you call and talk to them, they'd be willing to work with you. Otherwise, vote with your pocketbook and buy a different toolkit (GTK+ is free! Motif is cheaper than Qt, I believe).
Another/. reader posted a link to the DOJ website here. I think the DOJ is handling the Linux issue nicely.
To recap; MS is arguing that Linux poses a serious threat to Windows, due to RedHat and others.
The DOJ says this doesn't hold water. They quote a number of MS witnesses that all said that Linux isn't currently a threat, but may become one in the future. The DOJ argues that future predictions never have and don't currently make any difference in a trial. The DOJ goes on to say that MS's change of heart contradicts many past sayings by MS, and that their contention is less than honest.
Furthermore, the DOJ points out that MS increased the price of Windows 95, despite the preceived competition, after Windows 98 was released. This points directly to monopoly power.
Apparently, I can't tell the difference between "does have" and "may have". My information on the web browsing/email capabilities was gleaned from a segment on NPR I heard. Apparently, the Tivo doesn't have web capabilities, but may in the future.
I think it's a good idea to add the web browsing capabilities, and it doesn't seem very tough to do.
1) Picture quality 2) The ability to go to the bathroom without waiting for a commercial 3) Large amounts of temporary storage makes it easy to tape something for only 1 viewing without eaither wasting tape or wearing out a tape from overcopying. 4) It's really not that much more expensive than a VCR
Slashdot Mirror
Well, I think people have generally agreed that a replacement is a bad idea. Berlin is trying that, but, as you mention, hasn't had much publicity or apparent movement recently. As for extending X, well, I guess that's what XFree 4.0 is supposed to be.
I don't think reading the RFCs is very important here. All that work has been done by the OpenSSL folk already. It should simply be a matter of making a new protocol handler, based on http://, that uses a different port and wraps the network socket with SSL.
The article states
"International users who have Netscape Communicator do not need to download a new version of Netscape Communicator to take advantage of the strong encryption capabilities being announced today. Negotiation of the strong encryption between international versions of Netscape Communicator and Netscape SuiteSpot servers approved for export to banks occurs through a unique mechanism based on a special-use digital certificate."
This is a capability that's beein in both IE and Netscape for a while. It's called "Server Gated Crypto", and it works like this:
An exportable browser connects to a bank's server. The bank sends the browser a special certificate that has an extension which tells the browser to do Server Gated Crypto. They both drop connection and reconnect, with the domestic-grade encryption.
This does not mean that Netscape is able to export 128bit crypto freely, nor does it mean they can stop making different versions. It means that the ability for the export browser to use domestic crypto is controlled at the CA (like VeriSign) and not in the browser. The CA gets permission to issue these special certs to a certain group of customers (banks, mostly), and THAT controls the crypto.
It was an interesting attempt to relax crypto just enough to assuage the privacy advocates cry of "but, e-commerce needs strong crypto".
They did this an interesting way. You can specify glide or OpenGL (called "gl" and "glx"). I have a Matrox G400, which is playable. The VooDoo cards are supposed to be the fastest (sinc they don't have to use X). I also have an original TNT, which is way slow. I think it's theoretically possible to get it running with Mesa in software (no 3D hardware needed), but you'd get like a frame a week or something :)
For stuff on setting up the G400/G200, try
http://www.execpc.com/~tz/linglxqs.txt
agp support is very important for speed.
There's a README.Linux file that explains how to use a different Mesa library than the one that comes with the distribution, if you want to try it with support for different cards or the newest-latest version. I use
./linuxquake3 +set r_glxDriver libGL.so.1
Right now, the big thing is waiting for XFree86 4.0. I don't think distributions (like RedHat) will integrate 3D support until the whole DRI thing is ready.
-Dave
Civ II:CTP, Heroes III, Q3A... Ahh, heaven.
:)
Now if only I could get Ultima IX, Final Fantasy VIII, anything else with cool roman numerals,
Heh. That has been a weird trend @ Loki. I wonder if they'll ever release a 1st edition game
I think Loki had a great idea for a company and are pulling it off beautifully. I just wonder what their revenue is like. Is this stuff selling well?
-Dave
pb Reply rather than vaguely moderate me.
I don't think this'll work. Moderators aren't supposed to post. Also, when I'm moderator, I mark someone else up or down so that other people will see it or pass it by, not to inform the poster. It's the non-moderator's job to reply with comments.
Well, first off, if your encryption uses any built-in random number generator, toss it, it's crap.
This isn't true at all. There have been random number chips that get much better random numbers (ie, more entropy per byte) than user-input available for a long time. Intel's method of gathering entropy from the difference in the heat of the chip is pretty good. Not the best, but better than user-input. Your method of gathering static from the sound card can be considered a built-in RNG and is probably no better than Intel's method.
SSL supports the notion of client authentication. Most SSL toolkits support this, although I don't know about the SSL embedded in web browsers. The concept is simple. A client gets issued a certificate, just like any server. When they log in, your SSL can ask them for the cert and to verify themselves.
If you have a powerful enough SSL toolkit, you can setup something fairly automatic and easy. Tell your SSL to request (not require) a client cert. If the client doesn't have the cert, make them login with username/password. Then, tell them to generate a keypair and sign a certificate for them with your own private key (this can all be done with HTML). If they have a cert, check it against your own public key to see if it was one you signed (in X509 certificate parlance, you are the CA). Finally, they everything is good, let them in.
email me if you have questions: drig@noses.org
Not true. DSL is not as secure as any other static connection. The way DSL works is often you are assigned a single ip address out of a huge subnet on a BVI, because of this everyone on the same subnet is pretty much treated as on the same LAN. :-)
So you pretty much have to secure yourself from LAN attacks as well. Win95 users don't have that printer shared,
This depends on the type of DSL. Some DSL is bridged and some is routed. Bridged generally means what you say. You are on essentially a LAN with other people, although you don't have to worry about broadcast traffic and receiving packets destined for other addresses. You get arp responses, for one thing, and probably other security-questionable effects.
Routed means that you are on the WAN. You are treated just like any other host on the internet. Just like a normal old T1. With a lot of DSL modems, if you're running routed you can turn on encryption and other niceties, but I doubt many ISPs support this.
Not for now. Because of the relative instabilities inherant in cold fusion, they've decided that it's better to limit it to 2 devices per bus. Thus, they went with IDE. In a few years, as the technology matures, they may move to SCSI or FireWire.
-Dave
(P.S. The original post was a joke, right?)
Blackdown has had a Java 2 release for a while now. They have put a lot of effort into this and previous releases. They have put up with being at the bottom of Sun's list and generally being ignore, and they have been able to keep within a few months of Sun's releases anyway. Sun has been promising to keep them better informed for years now, with no change of policy. Blackdown has been doing an excellent job.
I'm also a JMP fan. I also like MMW, Liquid Soul, Ray's Music Exchange, and some older Phish.
I don't think this is about how Linux will compete, but how Sun will compete. So, yes, it does matter if Sun gets it or not. Because the difference is the difference between succeeding and failure. Linux will survive, even prosper, regardless.
Which has a funny coincidence with the net's most popular reason for typing one-handed :)
I fully agree with petrov's assessment. I tried out dvorak a while back. I was able to type decently after only a few days, but switching back and forth was tough. I code for a living, and often have to use QA's keyboards, so it was particularly difficult. And I think QA woulda killed me if they couldn't type on my machine :)
The RSA cipher and any uses of it will open whn the patent expires. This means that US citizens will finally be able to use the RSA implementation in SSLeay/OpenSSL, or roll their own.
/. readers won't want to buy Crypto-C. It's enormously expensive. RSA can now focus on selling to huge companies and not twiddling around, suing the little guy. Frankly, I think the patent expiring will be the best thing for the company since Bidzos joined the board.
The RC ciphers, RC2, RC4 and RC5, are copyrighted. The names are trademarked. This means that you can not use RSA's code, or the names RC[245], without RSA's permissions. But, you can use AAILRC5EFTN, An Algorithm Incredibally Like RC5 Except For The Name. Basically, RC5 (or 2 or 4), but named different.
BSAFE, now known as Crypto-C, is a product of RSA's, just like any other software product. You will still need to buy it if you want to use it.
RSA's strategy is to move upwards in the food chain, while continuing to promote Crypto-C as the best of breed. They are making PKI toolkits now. PKI toolkits give developers the ability to handle authentication, do work with certificates, and do other, Public Key stuff that relates to Infrastructures. OpenCA would mimic one portion of RSA's Keon offering.
Crypto-C will now be sold a little differently. Instead of "you have to pay us anyway, why not just buy the toolkit", it's now "this is the absolute best crypto toolkit and you should buy it". And they have a point. Crypto-C is highly optimized for all sorts of platforms, has been continually reviewed for security by RSA Labs, has been ported to a huge number of platforms,is easy to work with, and generally an all-around righteous toolkit.
Most
According to Linus, Transmeta "makes stuff". So, I assume, Linus was hired to help them make stuff. Linus will be bringing his expertise in stuff design and probably begin expanding into actual stuff manufacturing. With the team they have, I imagine they'll make quite good stuff. Maybe useful stuff. Definitely stuff of some sort or other.
/dev/stuff file or maybe even /proc/stuff, a new stuff driver and an expanded stuff interface). I hear O'Reilly will be partnering with Transmeta to release "Stuff in a Nutshell" and the new "Stuff Administrator's Handbook".
Perhaps the stuff will use Linux, but Linus was not hired to work on Linux (although this is not precluded by his contract). I wouldn't be terribly surprised to see some of Linus' work go into Linux (like a
He's talking about actual software releases, not marketing drivel. If you take a look at the KDE pages (and download the _actual software_), you'll see that they have a number of advanced applications that GNOME is simply missing.
Railways move you fast, but you can still only bring 9 troops together. Troop carriers would allow you to ship larger numbers all at once, or make slow troops travel faster. And, of course, troop carriers would move faster on rails.
Clerics are units in Civ:CTP (perhaps also in test of time, but I've never played it). Clerics can convert a city, and can see other clerics and slavers.
No, I have played the game quite a bit.
"future cultural 23" was a hyperbole. My point was that there should be something useful to do with science after the race runs out.
I missed the space-bar means chill. Nice feature, would have been nice to document it.
The contest announcement doesn't put any restrictions on what can be done. The contest is "a special contest in cooperation with Activision, Inc."... It certainly sounds as if they would allow my changes, and that the changes will be applied to both versions.
I'm interested to hear why you think it's a lousy idea.
I'm not really a strong C++ coder, so I thought I'd throw out some ideas I'd like to see be put into the game.
If you take over an enemy's capital, you should gain all of his/her cities. But, the cities should have an enourmous happiness cost, spawning revolutions in many of them for an unprepared attacker. This also makes bloodlust games less tedious to win.
Perl/Python/Java/etc. scripting. I know this one is a big task for 48 hours, but it'd be nice. Maybe someone could mention it to someone when they're there. The current scripting language is lacking (particularly in documentation).
New units: Land-based troop carriers. This would make it easier to carry large amounts of troops. Differing levels, as well. Different movement, whether they can move over mountains, etc. Also, some could be invisible (like the spy and cleric), to hide the units within.
At the end of the science, going for "future cultural 23" is kinda boring and annoying that it comes up. Add a science that converts science into gold, like Capitalization turns production into gold.
Like "Fortify" and "Sleep", add a command to tellt he unit to wait out the turn. For instance, a settler wants to settle on a river. But, he only needs one move to gain the ground. The settler can't settle until the next move. "Sleep" will cause him to be forgotten the next turn. Make a command like "at ease" or something to mean "chill until the next turn".
I think that's all I can think of for now.
First, I'd like to disagree that the key lengths are short. Triple-DES has a 168-bit key, which should be long enough.
Triple-DES was designed very carefully to avoid problems with multiple encryptions. Crypt-analysts found that encrypting something twice with DES and 2 different keys made it not significantly more difficult to decrypt than a single encryption (Schneier; Applied Cryptography; Section 15.1). Triple-DES does encrypt-decrypt-encrypt, defeating the meet-in-the-middle-attack.
But, if you use SSL with DES encryption (or even Triple-DES), over a physical layer that uses DES or Triple-DES, would this have an adverse affect? I'm asking, not telling, as I don't know. Does the meet-in-the-middle attack work when encrypting different data (it would seem not, but IANACryptanalyst)?
Any thought from someone who knows more than I?
-Dave
Well, the price does go down when you buy in bulk (it shows a little over $1k for up to 9 developers and "Call me" for anything above.) I would imagine you can get it for under $1k.
I agree it is a little steep. Perhaps if you call and talk to them, they'd be willing to work with you. Otherwise, vote with your pocketbook and buy a different toolkit (GTK+ is free! Motif is cheaper than Qt, I believe).
Another /. reader posted a link to the DOJ website here. I think the DOJ is handling the Linux issue nicely.
To recap; MS is arguing that Linux poses a serious threat to Windows, due to RedHat and others.
The DOJ says this doesn't hold water. They quote a number of MS witnesses that all said that Linux isn't currently a threat, but may become one in the future. The DOJ argues that future predictions never have and don't currently make any difference in a trial. The DOJ goes on to say that MS's change of heart contradicts many past sayings by MS, and that their contention is less than honest.
Furthermore, the DOJ points out that MS increased the price of Windows 95, despite the preceived competition, after Windows 98 was released. This points directly to monopoly power.
Apparently, I can't tell the difference between "does have" and "may have". My information on the web browsing/email capabilities was gleaned from a segment on NPR I heard. Apparently, the Tivo doesn't have web capabilities, but may in the future.
I think it's a good idea to add the web browsing capabilities, and it doesn't seem very tough to do.
1) Picture quality
2) The ability to go to the bathroom without waiting for a commercial
3) Large amounts of temporary storage makes it easy to tape something for only 1 viewing without eaither wasting tape or wearing out a tape from overcopying.
4) It's really not that much more expensive than a VCR